I have set VLAN 50 on port ether11 and defined an address range (192.168.50.1/24) however I cannot access the router by navigating to address 192.168.50.1, what am I doing wrong (Of course, I have configured the vlan tag on my PC and all other traffic to the Internet works properly)? I have disabled all the firewall rules but nothing. If instead I go to define an address range directly on a port without using VLANs everything seems to work correctly
Is there anyone who can help me? Thank you
Code: Select all
/interface ethernet
set [ find default-name=ether1 ] comment=WAN
/interface vlan
add interface=ether11 name=vlan-client vlan-id=50
add interface=sfp-sfpplus2 name=vlan-guest vlan-id=200
add interface=sfp-sfpplus2 name=vlan-iot vlan-id=107
add interface=sfp-sfpplus2 name=vlan-management vlan-id=2
/interface list
add name=WAN
add name=LAN
/ip dhcp-server
add interface=vlan-management lease-time=1d name=dhcp_server-management
/ip pool
add name=dhcp_pool-client ranges=192.168.50.2-192.168.50.200
add name=dhcp_pool-guest ranges=192.168.200.2-192.168.200.254
add name=dhcp_pool-iot ranges=192.168.107.125-192.168.107.254
add name=dhcp_pool-management ranges=192.168.2.250-192.168.2.254
/ip dhcp-server
add address-pool=dhcp_pool-client interface=vlan-client lease-time=1d name=dhcp_server-client
add address-pool=dhcp_pool-guest interface=vlan-guest lease-time=1d name=dhcp_server-guest
add address-pool=dhcp_pool-iot interface=vlan-iot lease-time=1d name=dhcp_server-iot
/port
set 0 name=serial0
set 1 name=serial1
/interface detect-internet
set detect-interface-list=WAN
/interface list member
add interface=ether1 list=WAN
add interface=ether2 list=LAN
add interface=ether3 list=LAN
add interface=ether4 list=LAN
add interface=ether5 list=LAN
add interface=ether6 list=LAN
add interface=ether7 list=LAN
add interface=ether8 list=LAN
add interface=ether9 list=LAN
add interface=ether10 list=LAN
add interface=ether11 list=LAN
add interface=ether12 list=LAN
add interface=ether13 list=LAN
add interface=ether14 list=LAN
add interface=ether15 list=LAN
add interface=ether16 list=LAN
add interface=sfp-sfpplus2 list=LAN
add interface=sfp-sfpplus1 list=LAN
/ip address
add address=192.168.2.1/24 interface=vlan-management network=192.168.2.0
add address=192.168.50.1/24 interface=vlan-client network=192.168.50.0
add address=192.168.107.1/24 interface=vlan-iot network=192.168.107.0
add address=192.168.200.1/24 interface=vlan-guest network=192.168.200.0
add address=192.168.88.1/24 interface=ether2 network=192.168.88.0
/ip dhcp-client
add interface=ether1
/ip dhcp-server network
add address=192.168.2.0/24 dns-server=1.1.1.1 gateway=192.168.2.1
add address=192.168.50.0/24 dns-server=1.1.1.1 gateway=192.168.50.1
add address=192.168.107.0/24 dns-server=1.1.1.1 gateway=192.168.107.1
add address=192.168.200.0/24 dns-server=1.1.1.1 gateway=192.168.200.1
/ip firewall address-list
add address=10.0.0.0/8 list=PRIVATE
add address=172.16.0.0/12 list=PRIVATE
add address=192.168.0.0/16 list=PRIVATE
/ip firewall filter
add action=accept chain=forward comment=er connection-state=established,related disabled=yes out-interface=all-vlan
add action=accept chain=input comment=tbr disabled=yes dst-port=80 in-interface-list=all protocol=tcp
add action=drop chain=input disabled=yes in-interface-list=WAN
add action=drop chain=forward disabled=yes dst-address-list=PRIVATE in-interface=vlan-iot
add action=drop chain=forward disabled=yes dst-address-list=PRIVATE in-interface=vlan-guest
add action=accept chain=forward disabled=yes dst-port=80 out-interface=vlan-iot protocol=tcp
add action=accept chain=forward disabled=yes dst-port=443 out-interface=vlan-iot protocol=tcp
add action=accept chain=forward disabled=yes dst-address=192.168.107.3 dst-port=1883 out-interface=vlan-iot protocol=tcp
add action=drop chain=forward disabled=yes out-interface=all-vlan
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
/ip service
set telnet disabled=yes
set ftp disabled=yes
/system health settings
set fan-control-interval=15s fan-target-temp=62C
/system identity
set name=CCR
/system note
set show-at-login=no
/system routerboard settings
set enter-setup-on=delete-key