Config Mikrotik:
/interface bridge
add name=bridge1
add name=bridge2
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n disabled=no frequency=auto hide-ssid=yes l2mtu=2290 mode=ap-bridge ssid=MikroTikTest wireless-protocol=802.11
add disabled=no l2mtu=2290 mac-address=4E:5E:0C:B8:91:5F master-interface=wlan1 name=wlan2 ssid=INBITest wds-cost-range=0 wds-default-bridge=bridge1 wds-default-cost=0 \
wds-mode=dynamic
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=dynamic-keys wpa2-pre-shared-key=12345
add authentication-types=wpa2-psk eap-methods="" management-protection=allowed mode=dynamic-keys name=Guests supplicant-identity="" wpa2-pre-shared-key=12345
/interface wireless
add disabled=no l2mtu=2290 mac-address=4E:5E:0C:B8:91:60 master-interface=wlan1 name=wlan3 security-profile=Guests ssid=INBI_Guest wds-cost-range=0 wds-default-bridge=\
bridge2 wds-default-cost=0 wds-mode=dynamic
/ip pool
add name=dhcp_pool1 ranges=192.168.50.2-192.168.50.254
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=bridge2 lease-time=3d name=dhcp1
/port
set 0 name=serial0
/interface bridge port
add bridge=bridge1 interface=sfp1
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=ether6
add bridge=bridge1 interface=ether7
add bridge=bridge1 interface=ether8
add bridge=bridge1 interface=ether9
add bridge=bridge1 interface=ether10
add bridge=bridge1 interface=wlan2
add bridge=bridge2 interface=wlan3
/ip address
add address=192.168.0.19/24 interface=bridge1 network=192.168.0.0
add address=192.168.50.1/24 interface=bridge2 network=192.168.50.0
/ip dhcp-server network
add address=192.168.50.0/24 dns-server=192.168.50.1 gateway=192.168.50.1
/ip dns
set allow-remote-requests=yes servers=192.168.0.250
/ip firewall filter
add chain=forward
/ip firewall nat
add action=masquerade chain=srcnat out-interface=bridge1 src-address=192.168.50.0/24
/ip route
add distance=1 gateway=192.168.0.1
------------------------------------------------------
1) Mikrotik connected with Eth1 port(IP > Adresses -> 192.168.0.19/24) to main LAN (192.168.0.0/24, gateway - 192.168.0.1, DNS - 192.168.0.250).
2) IP > DNS - 192.168.0.250. Allow remote requests is true.
3) Created Virtual AP(wlan2) - it's main WiFi - and bridge1(wlan2, Eth1-Eth10 ports).
It's work, if clients connected to Eth1-Eth10 ports and wlan2(receive configs IP from main LAN DHCP server - 192.168.0.251)!
But:
4) Created Virtual AP(wlan3) - it's Guest WiFi + bridge2(for wlan3 only). Created DHCP server(192.168.50.1, pool 192.168.50.2-192.168.0.254, network 192.168.50.0/24) for bridge2.
5) Created rules:
/ip firewall nat
add action=masquerade chain=srcnat out-interface=bridge1 src-address=192.168.50.0/24
/ip route
add distance=1 gateway=192.168.0.1
Clients connect to guest WiFi and receive IP 192.168.50.x, DNS and Gateway - 192.168.50.1. - It's work.
Try ping to ya.ru -> success!
C:\Users\etc>ping ya.ru -l 1472 -t -f
ping ya.ru [213.180.204.3] with 1472 bytes data:
Answer from 213.180.204.3: bytes=1472 time=5ms TTL=54
Answer from 213.180.204.3: bytes=1472 time=17ms TTL=54
Answer from 213.180.204.3: bytes=1472 time=5ms TTL=54
Answer from 213.180.204.3: bytes=1472 time=5ms TTL=54
Try traceroute to ya.ru - success!
Traceroute ya.ru [93.158.134.3]:
1 1 ms <1 ms <1 ms 192.168.50.1
2 1 ms <1 ms <1 ms 192.168.0.1
3 1 ms 1 ms 2 ms m9-1-vl10.rasnet.ru [83.149.192.35]
4 2 ms 2 ms 2 ms msk-ix-std.yandex.net [193.232.244.116]
5 3 ms 4 ms 7 ms ugr-p3-be11.yndx.net [87.250.239.76]
6 2 ms 2 ms 6 ms www.yandex.ru [93.158.134.3]
But when I try open any internet page - it's not work! why?
P.S. > sorry for my bad English
