6 VLAN 1 WAN

Jimmy · August 27, 2019, 4:23pm

Hello everyone
I am facing a huge challenge that has really locked me in and I really hope there are some who know how to get on with all the vlan on the web?
I need to make an excited network more simple.
Today, all sw cisco runs and each vlan has an independent linksys router that goes into a dmz zone and from there another router out on the net.
To save all these routers away would keg try to run an RB2011 and run all these vlan via 1 ether1 out on the net?
the network consists of 6 VLANs with a very large gap between IP Addresses.
I’m posting my config in high hopes for help so I can successfully replace tomorrow?
I have tried what my knowledge is but it is far from enough

/interface bridge
add name=bridge-vlan1
add name=bridge-vlan2
add name=bridge-vlan3
add name=bridge-vlan4
add name=bridge-vlan5
add name=bridge-vlan10
add name=bridge-vlan999

/interface vlan
add interface=ether2 name=vlan1-ether2 vlan-id=1
add interface=ether3 name=vlan3-ether3 vlan-id=3
add interface=ether4 name=vlan1-ether4 vlan-id=1
add interface=ether4 name=vlan2-ether4 vlan-id=2
add interface=ether4 name=vlan3-ether4 vlan-id=3
add interface=ether4 name=vlan4-ether4 vlan-id=4
add interface=ether4 name=vlan5-ether4 vlan-id=5
add interface=ether4 name=vlan10-ether4 vlan-id=10
add interface=ether5 name=vlan1-ether5 vlan-id=1
add interface=ether5 name=vlan2-ether5 vlan-id=2
add interface=ether5 name=vlan3-ether5 vlan-id=3
add interface=ether5 name=vlan4-ether5 vlan-id=4
add interface=ether5 name=vlan5-ether5 vlan-id=5
add interface=ether5 name=vlan10-ether5 vlan-id=10

/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk eap-methods="" management-protection=\
    allowed mode=dynamic-keys name=test1 supplicant-identity="" \
    wpa2-pre-shared-key=xxxxxxxxxx
add authentication-types=wpa2-psk eap-methods="" management-protection=\
    allowed mode=dynamic-keys name=test2 supplicant-identity="" \
    wpa2-pre-shared-key=xxxxxxxxxx
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n disabled=no mode=ap-bridge \
    security-profile=test1 ssid=test1 wireless-protocol=802.11
add disabled=no keepalive-frames=disabled mac-address=D6:CA:6D:0A:55:AB \
    master-interface=wlan1 multicast-buffering=disabled name=wlan2 \
    security-profile=test2 ssid=test2 vlan-id=3 wds-cost-range=0 \
    wds-default-cost=0 wps-mode=disabled
/interface vlan
add interface=wlan1 name=vlan1-wlan1 vlan-id=1
add interface=wlan2 name=vlan3-wlan2 vlan-id=3

/ip dhcp-server
add disabled=no interface=bridge-vlan10 name="DHCP VLAN10 Mangement"

/ip pool
add name="VLAN3 test3" ranges=192.168.0.2-192.168.0.254
add name="VLAN1 test1" ranges=192.168.1.2-192.168.1.254
add name="VLAN2 test2" ranges=172.16.0.2-172.16.0.254
add name="VLAN4 test4" ranges=10.10.0.2-10.10.0.254
add name="VLAN5 HOTSPOT" ranges=10.20.7.2-10.20.7.254
add name="VLAN10 Mangement" ranges=10.5.0.2-10.5.0.254

/ip dhcp-server
add address-pool="VLAN2 test2" disabled=no interface=bridge-vlan2 name=\
    "DHCP VLAN2 test2"
add address-pool="VLAN4 test4" disabled=no interface=bridge-vlan4 name=\
    "DHCP VLAN4 test4"
add address-pool="VLAN5 HOTSPOT" disabled=no interface=bridge-vlan5 name=\
    "DHCP VLAN5 HOTSPOT"
add address-pool="VLAN1 test1" disabled=no interface=bridge-vlan1 name=\
    "DHCP VLAN1 test1"
add address-pool="VLAN3 test3" disabled=no interface=bridge-vlan3 name=\
    "DHCP VLAN3 test3"

/interface bridge port
add bridge=bridge-vlan1 interface=vlan1-ether5
add bridge=bridge-vlan2 interface=vlan2-ether5
add bridge=bridge-vlan3 interface=vlan3-ether5
add bridge=bridge-vlan4 interface=vlan4-ether5
add bridge=bridge-vlan5 interface=vlan5-ether5
add bridge=bridge-vlan10 interface=vlan10-ether5
add bridge=bridge-vlan1 interface=vlan1-ether4
add bridge=bridge-vlan2 interface=vlan2-ether4
add bridge=bridge-vlan3 interface=vlan3-ether4
add bridge=bridge-vlan4 interface=vlan4-ether4
add bridge=bridge-vlan5 interface=vlan5-ether4
add bridge=bridge-vlan10 interface=vlan10-ether4
add bridge=bridge-vlan3 interface=ether3
add bridge=bridge-vlan1 interface=ether2
add bridge=bridge-vlan3 interface=wlan2
add bridge=bridge-vlan1 interface=wlan1
add bridge=bridge-vlan5 interface=wlan3


/ip address
add address=10.5.0.1/24 interface=bridge-vlan10 network=10.5.0.0
add address=10.10.0.1/24 interface=bridge-vlan4 network=10.10.0.0
add address=192.168.1.1/24 interface=bridge-vlan1 network=192.168.1.0
add address=172.16.0.1/24 interface=bridge-vlan2 network=172.16.0.0
add address=192.168.0.1/24 interface=bridge-vlan3 network=192.168.0.0
add address=10.20.7.1/24 interface=bridge-vlan5 network=10.20.7.0

/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether1

/ip dhcp-server network
add address=10.5.0.0/24 dns-server=10.5.0.1 gateway=10.5.0.1
add address=10.10.0.0/24 dns-server=10.10.0.1 gateway=10.10.0.1
add address=10.20.7.0/24 dns-server=10.20.7.1 gateway=10.20.7.1
add address=172.16.0.0/24 dns-server=172.16.0.1 gateway=172.16.0.1
add address=192.168.0.0/24 dns-server=192.168.0.1 gateway=192.168.0.1
add address=192.168.1.0/24 dns-server=192.168.1.1 gateway=192.168.1.1

/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1

/ip route
add distance=1 gateway=ether1

/system identity
set name="Router"

Jimmy · August 27, 2019, 7:01pm

Hmm my DMZ was worng so the only thing to add to the code is one more route = 0.0.0.0/0 with gateway ether1
All wlan, dhcp hotspot and trunk on port 4 and 5 to cisco are working and all vlan have only ether1 as wan.

Cheers
Jimmy

Jimmy · August 27, 2019, 8:20pm

hmm i do not understand this?
I have work on the internet with these settings with no problems but now i have no internet on any vlan anymore ??

i have go back and back and forward again but i can’t get it to work, so i rely search for help to get this to work..

Hope someone network people who will take up this challenge..

Cheers
Jimmy

anav · August 28, 2019, 3:45pm

Denmark? Copenhagen?
Hi Jimmy, what mikrotik product are you using?
Can you provide a diagram of your network (always helpful to clear up requirements).
Also post a complete config (just need to change public IP facing addresses)

/export hide-sensitive file=yourconfigaug28

Jimmy · August 28, 2019, 7:49pm

Hi Anav
Of cause I will post a pic and configure file.
I wars working on last night and find one small error on a vlan in the config so I have sad it up in the company and it is working
I will still post config and pic to share with other.
I no there is many guid with multi subnet and one wan but I cut ten find any with multi vlan and dhcp on all vlan and one wan and of cause working with cisco.
I am out of town the next 2 dates and after that I will post the pic and config.

Cheers
Jimmy

Send from iPhone