I've set it up based on this video:
https://www.youtube.com/watch?v=LLuGby1ecVM
And adapted to our own needs. Wired employee LAN, guest wifi, wired POS printers+POS iPads.
Anyone see what is wrong?
RB2011UIAS:
Code: Select all
# 1970-01-02 01:09:38 by RouterOS 7.14.1
# software id = T1HW-1EBQ
#
# model = RB2011UiAS-2HnD
# serial number = 7A67079B60A0
/caps-man channel
add band=2ghz-g/n control-channel-width=20mhz extension-channel=disabled frequency=2412 name=Ch01_20M_24G tx-power=10
add band=2ghz-g/n control-channel-width=20mhz extension-channel=disabled frequency=2437 name=Ch06_20M_24G tx-power=10
add band=2ghz-g/n control-channel-width=20mhz extension-channel=disabled frequency=2462 name=Ch11_20M_24G tx-power=10
add band=2ghz-g/n control-channel-width=20mhz extension-channel=disabled frequency=2467 name=Ch12_20M_24G tx-power=10
add band=2ghz-g/n control-channel-width=20mhz extension-channel=disabled frequency=2472 name=Ch13_20M_24G tx-power=10
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=disabled frequency=5180 name=Ch36_20M_5G tx-power=20
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=disabled frequency=5200 name=Ch40_20M_5G tx-power=20
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=disabled frequency=5220 name=Ch44_20M_5G tx-power=20
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=disabled frequency=5240 name=Ch48_20M_5G tx-power=20
/interface bridge
add name=bridge
/interface ethernet
set [ find default-name=ether1 ] name=eth1_WAN
set [ find default-name=ether2 ] name=eth2_kontor
set [ find default-name=ether3 ] name=eth3_MikrotikAPs
set [ find default-name=ether4 ] name=eth4_gastrofix_wired
set [ find default-name=ether5 ] disabled=yes
set [ find default-name=ether6 ] disabled=yes
set [ find default-name=ether7 ] disabled=yes
set [ find default-name=ether8 ] disabled=yes
set [ find default-name=ether9 ] disabled=yes
set [ find default-name=ether10 ] disabled=yes
set [ find default-name=sfp1 ] disabled=yes
/interface wireless
set [ find default-name=wlan1 ] ssid=MikroTik
/interface vlan
add interface=bridge name=EmployeeLAN_VLAN vlan-id=10
add interface=bridge name=Gastrofix_VLAN vlan-id=30
add interface=bridge name=GuestWIFI_VLAN vlan-id=20
/caps-man datapath
add bridge=bridge local-forwarding=yes name=datapath-gastrofix vlan-id=30 vlan-mode=use-tag
add bridge=bridge local-forwarding=yes name=datapath-guest vlan-id=20 vlan-mode=use-tag
/caps-man rates
add basic=9Mbps name="GN Only - No B rates" supported=9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps vht-basic-mcs=""
/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm name=security-gastrofix
add name=security-guest
/caps-man configuration
add channel=Ch36_20M_5G country=norway datapath=datapath-guest distance=indoors installation=indoor mode=ap name=cfg-5ghz-guest-ch36 security=security-guest ssid=Guest_5GHz
add channel=Ch06_20M_24G country=norway datapath=datapath-gastrofix distance=indoors installation=indoor mode=ap name=cfg-2.4-gastrofix-ch6 security=security-gastrofix ssid=Gastrofix_2.4GHz
add channel=Ch11_20M_24G country=norway datapath=datapath-gastrofix distance=indoors installation=indoor mode=ap name=cfg-2.4-gastrofix-ch11 security=security-gastrofix ssid=Gastrofix_2.4GHz
add channel=Ch12_20M_24G country=norway datapath=datapath-gastrofix distance=indoors installation=indoor mode=ap name=cfg-2.4-gastrofix-ch12 security=security-gastrofix ssid=Gastrofix_2.4GHz
add channel=Ch13_20M_24G country=norway datapath=datapath-gastrofix distance=indoors installation=indoor mode=ap name=cfg-2.4-gastrofix-ch13 security=security-gastrofix ssid=Gastrofix_2.4GHz
add channel=Ch36_20M_5G country=norway datapath=datapath-gastrofix distance=indoors installation=indoor mode=ap name=cfg-5ghz-gastrofix-ch36 security=security-gastrofix ssid=Gastrofix_5GHz
add channel=Ch40_20M_5G country=norway datapath=datapath-gastrofix distance=indoors installation=indoor mode=ap name=cfg-5ghz-gastrofix-ch40 security=security-gastrofix ssid=Gastrofix_5GHz
add channel=Ch48_20M_5G country=norway datapath=datapath-gastrofix distance=indoors installation=indoor mode=ap name=cfg-5ghz-gastrofix-ch48 security=security-gastrofix ssid=Gastrofix_5GHz
add channel=Ch44_20M_5G country=norway datapath=datapath-gastrofix distance=indoors installation=indoor mode=ap name=cfg-5ghz-gastrofix-ch44 security=security-gastrofix ssid=Gastrofix_5GHz
add channel=Ch06_20M_24G country=norway datapath=datapath-guest distance=indoors installation=indoor mode=ap name=cfg-2.4-guest-ch6 security=security-guest ssid=Guest_2.4GHz
add channel=Ch11_20M_24G country=norway datapath=datapath-guest distance=indoors installation=indoor mode=ap name=cfg-2.4-guest-ch11 security=security-guest ssid=Guest_2.4GHz
add channel=Ch12_20M_24G country=norway datapath=datapath-guest distance=indoors installation=indoor mode=ap name=cfg-2.4-guest-ch12 security=security-guest ssid=Guest_2.4GHz
add channel=Ch13_20M_24G country=norway datapath=datapath-guest distance=indoors installation=indoor mode=ap name=cfg-2.4-guest-ch13 security=security-guest ssid=Guest_2.4GHz
add channel=Ch40_20M_5G country=norway datapath=datapath-guest distance=indoors installation=indoor mode=ap name=cfg-5ghz-guest-ch40 security=security-guest ssid=Guest_5GHz
add channel=Ch48_20M_5G country=norway datapath=datapath-guest distance=indoors installation=indoor mode=ap name=cfg-5ghz-guest-ch48 security=security-guest ssid=Guest_5GHz
add channel=Ch44_20M_5G country=norway datapath=datapath-guest distance=indoors installation=indoor mode=ap name=cfg-5ghz-guest-ch44 security=security-guest ssid=Guest_5GHz
/interface ethernet switch port
set 2 default-vlan-id=10 vlan-mode=secure
set 3 vlan-mode=secure
set 4 default-vlan-id=30 vlan-mode=secure
set 11 vlan-mode=secure
/interface list
add name=WAN
add name=LAN
add name=WinboxAccess
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=gastrofix_dhcp_pool ranges=192.168.7.120-192.168.7.254
add name=guest_dhcp_pool ranges=192.168.88.20-192.168.88.250
add name=dhcp_bridge ranges=192.168.99.2-192.168.99.254
/ip dhcp-server
add address-pool=gastrofix_dhcp_pool interface=Gastrofix_VLAN lease-time=23h59m59s name=gastrofix_dhcp_server
add address-pool=guest_dhcp_pool interface=GuestWIFI_VLAN lease-time=2h59m name=guest_dhcp_server
add address-pool=dhcp_bridge interface=bridge name=dhcp1
/port
set 0 name=serial0
/system logging action
set 0 memory-lines=3000
set 1 disk-file-count=10 disk-lines-per-file=3000
/caps-man access-list
add action=accept allow-signal-out-of-range=10s comment="-85..120 accept" disabled=no signal-range=-85..120 ssid-regexp=""
add action=reject allow-signal-out-of-range=10s comment="-120..-86 reject" disabled=no signal-range=-120..-86 ssid-regexp=""
/caps-man manager
set ca-certificate=auto certificate=auto enabled=yes
/caps-man manager interface
set [ find default=yes ] forbid=yes
add disabled=no interface=eth3_MikrotikAPs
/caps-man provisioning
add action=create-enabled comment=CAP_Bar hw-supported-modes=gn master-configuration=cfg-2.4-gastrofix-ch6 name-format=prefix-identity name-prefix=2.4GHz- slave-configurations=cfg-2.4-guest-ch6
add action=create-enabled comment=CAP_Kontor hw-supported-modes=ac master-configuration=cfg-5ghz-gastrofix-ch36 name-format=prefix-identity name-prefix=5GHz- slave-configurations=cfg-5ghz-guest-ch36
add action=create-enabled comment=CAP_BAR hw-supported-modes=ac master-configuration=cfg-5ghz-gastrofix-ch40 name-format=prefix-identity name-prefix=5GHz- slave-configurations=cfg-5ghz-guest-ch40
add action=create-enabled comment=CAP_Messanin hw-supported-modes=ac master-configuration=cfg-5ghz-gastrofix-ch44 name-format=prefix-identity name-prefix=5GHz- radio-mac=C4:AD:34:9E:DA:B2 slave-configurations=cfg-5ghz-guest-ch44
add action=create-enabled comment=CAP_Chambre hw-supported-modes=ac master-configuration=cfg-5ghz-gastrofix-ch48 name-format=prefix-identity name-prefix=5GHz- slave-configurations=cfg-5ghz-guest-ch48
add action=create-enabled comment=CAP_Kontor hw-supported-modes=gn master-configuration=cfg-2.4-gastrofix-ch11 name-format=prefix-identity name-prefix=2.4GHz- slave-configurations=cfg-2.4-guest-ch11
add action=create-enabled comment=CAP_Chambre hw-supported-modes=gn master-configuration=cfg-2.4-gastrofix-ch12 name-format=prefix-identity name-prefix=2.4GHz- slave-configurations=cfg-2.4-guest-ch12
add action=create-enabled comment=CAP_Messanin hw-supported-modes=gn master-configuration=cfg-2.4-gastrofix-ch13 name-format=prefix-identity name-prefix=2.4GHz- radio-mac=C4:AD:34:9E:DA:B1 slave-configurations=cfg-2.4-guest-ch13
/interface bridge port
add bridge=bridge interface=eth2_kontor
add bridge=bridge interface=eth3_MikrotikAPs
add bridge=bridge interface=eth4_gastrofix_wired
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface ethernet switch rule
add dst-address=192.168.1.0/24 new-dst-ports="" ports=eth2_kontor switch=switch1
add dst-address=192.168.7.0/24 new-dst-ports="" ports=eth3_MikrotikAPs,eth4_gastrofix_wired switch=switch1
add dst-address=192.168.88.0/24 new-dst-ports="" ports=eth3_MikrotikAPs switch=switch1
/interface ethernet switch vlan
add independent-learning=yes ports=switch1-cpu,eth2_kontor switch=switch1 vlan-id=10
add independent-learning=yes ports=switch1-cpu,eth3_MikrotikAPs switch=switch1 vlan-id=20
add independent-learning=yes ports=switch1-cpu,eth3_MikrotikAPs,eth4_gastrofix_wired switch=switch1 vlan-id=30
/interface list member
add interface=eth1_WAN list=WAN
add interface=eth2_kontor list=LAN
add interface=eth3_MikrotikAPs list=LAN
add interface=Gastrofix_VLAN list=LAN
/ip address
#hidden IP for forum:
add address=xxxxx/24 interface=eth1_WAN network=xxxx
add address=192.168.1.1/24 interface=EmployeeLAN_VLAN network=192.168.1.0
add address=192.168.7.1/24 interface=Gastrofix_VLAN network=192.168.7.0
add address=192.168.88.1/24 interface=GuestWIFI_VLAN network=192.168.88.0
add address=192.168.99.1/24 interface=bridge network=192.168.99.0
/ip arp
add address=192.168.7.41 interface=Gastrofix_VLAN mac-address=FE:67:3A:11:0F:D0
/ip cloud
set update-time=no
/ip dhcp-server lease
add address=192.168.7.247 client-id=1:78:8a:20:4b:4:a6 mac-address=78:8A:20:4B:04:A6 server=gastrofix_dhcp_server
/ip dhcp-server network
add address=192.168.7.0/24 comment="DHCP for Gastrofix" dns-server=193.75.75.75,192.168.7.1 gateway=192.168.7.1 netmask=24
add address=192.168.88.0/24 comment="DHCP for Guests" dns-server=193.75.75.75,193.75.75.193 gateway=192.168.88.1
add address=192.168.99.0/24 gateway=192.168.99.1
/ip dns
set allow-remote-requests=yes servers=193.75.75.75,193.75.75.193
/ip firewall address-list
add address=192.168.1.0/24 list=AdminAccess
add address=0.0.0.0/8 list=bogons
add address=172.16.0.0/12 list=bogons
add address=10.0.0.0/8 list=bogons
add address=169.254.0.0/16 list=bogons
add address=127.0.0.0/8 list=bogons
add address=224.0.0.0/4 list=bogons
add address=198.18.0.0/15 list=bogons
add address=192.0.0.0/24 list=bogons
add address=192.0.2.0/24 list=bogons
add address=198.51.100.0/24 list=bogons
add address=203.0.113.0/24 list=bogons
add address=100.64.0.0/10 list=bogons
add address=240.0.0.0/4 list=bogons
add address=192.88.99.0/24 list=bogons
/ip firewall filter
add action=accept chain=input comment="accept established,related" connection-state=established,related
add action=drop chain=input comment="drop invalid" connection-state=invalid
add action=drop chain=forward dst-address=77.66.21.133 in-interface=GuestWIFI_VLAN
add action=accept chain=input comment="Admin Access to Router" src-address-list=AdminAccess
add action=accept chain=input comment="allow LAN to DNS-TCP" dst-port=53 in-interface-list=LAN protocol=tcp
add action=accept chain=input comment="allow LAN to DNS-UDP" dst-port=53 in-interface-list=LAN protocol=udp
add action=accept chain=input comment="accept ICMP" protocol=icmp
add action=accept chain=input comment="CAPsMAN accept all local traffic" dst-port=5246,5247 protocol=udp src-address=127.0.0.1
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1 log=yes log-prefix="acceot local loopback CAPsMAN"
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address-type=local src-address-type=local
add action=drop chain=input comment="Drop All Else" log-prefix=DROP-FIREWALL
add action=drop chain=forward dst-address=77.66.21.133 in-interface=GuestWIFI_VLAN
add action=fasttrack-connection chain=forward comment=fasttrack connection-state=established,related hw-offload=yes
add action=accept chain=forward comment="accept established,related" connection-state=established,related
add action=drop chain=forward comment="drop invalid" connection-state=invalid
add action=accept chain=forward comment="Allow all LAN (Office, Guest and POS) Traffic to Internet" in-interface-list=LAN out-interface-list=WAN
add action=accept chain=forward comment="accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="accept out ipsec policy" ipsec-policy=out,ipsec
add action=drop chain=forward comment="DROP ALL Else"
add action=accept chain=forward comment="Allow Port Fowarding if required" connection-nat-state=dstnat
add action=accept chain=forward comment="accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="accept out ipsec policy" ipsec-policy=out,ipsec
add action=drop chain=forward comment="DROP All Else"
/ip firewall nat
add action=redirect chain=dstnat comment="Force Users to Router DNS -TCP" dst-port=53 protocol=tcp
add action=redirect chain=dstnat comment="Force Users to Router DNS -UDP" dst-port=53 protocol=udp
add action=accept chain=srcnat disabled=yes ipsec-policy=out,none out-interface=eth1_WAN
/ip firewall raw
add action=drop chain=prerouting comment="Drop all non-internet networks" src-address-list=bogons
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes port=2200
set www-ssl disabled=no
set api disabled=yes
set api-ssl disabled=yes
/ip ssh
set strong-crypto=yes
/lcd
set default-screen=stat-slideshow
/system clock
set time-zone-name=Europe/Oslo
/system identity
set name=Router-Kontor
/system logging
add action=disk topics=info,critical,error,info
/system note
set show-at-login=no
/system ntp client
set enabled=yes
/system ntp client servers
add address=79.160.13.250
add address=162.159.200.1
/tool bandwidth-server
set enabled=no
/tool mac-server
set allowed-interface-list=none
/tool mac-server ping
set enabled=no
/tool romon
set enabled=yes secrets=mysecret
Code: Select all
# jan/02/1970 00:02:06 by RouterOS 6.49.10
# software id = JMR2-YE58
#
# model = RBcAPGi-5acD2nD
# serial number = BECD0BC7D2E7
/interface bridge
add admin-mac=C4:AD:34:9E:DA:AF auto-mac=no comment=defconf name=bridgeLocal
/interface wireless
# managed by CAPsMAN
set [ find default-name=wlan1 ] ssid=MikroTik
# managed by CAPsMAN
set [ find default-name=wlan2 ] ssid=MikroTik
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/interface bridge port
add bridge=bridgeLocal comment=defconf interface=ether1
add bridge=bridgeLocal comment=defconf interface=ether2
/interface wireless cap
#
set bridge=bridgeLocal discovery-interfaces=bridgeLocal enabled=yes interfaces=wlan1,wlan2
/ip dhcp-client
add comment=defconf disabled=no interface=bridgeLocal
/tool romon
set enabled=yes secrets=mysecret