Well why do you want to be able to ping them?
That is not any function that provides any value.
Do you get points or cookies for pinging subnets?
In other words what are the requirements of your setup.
How many groups of users and what are the user requirements.
Then one can decide if design is optimal for requirements and the connectivity piece between users and internet etc will fall out nicely from the design like butta!!
The quick answer is this error
/ip address
add address=192.168.9.1/24 interface=ether2 network=192.168.9.0
Should be
/ip address
add address=192.168.9.1/24 interface=bridge_lan=192.168.9.0
It is the same principle as the previous suggestion: interfaces added as ports to a bridge are “slave” interfaces only. Property setting should be on the bridge, not the interface.
(ether2 en 3 is not on the bridge_wifi, I know. But the bridge_lan was included already, the bridge_wifi is missing , this ois needed … depending on what your requirements are)
hi bpwl
Concur its not clear.
But one could infer from these two settings… that the OP purposely did not want to add bridge_wifi to the INTERFACE LAN. and that connections from WLAN1 and eth4 are not part of the LAN list.
I think that there is also duplication in that eth2 and eth3 being part of the bridge_lan, indicates to me that the need to identify them in the list member group is redundant.
/interface list member
add interface=ether1 list=WAN
add interface=ether2 list=LAN
add interface=ether3 list=LAN
add interface=bridge_lan list=LAN
It’s not clear for sure … in the list below 1 is clearly WAN (also NAT rule etc) , 3 is clearly LAN, 2 is almost identical to 3 another LAN probably
=> suggestion set bridge_wifi in LAN list instead of unused ether2 and ether3 list definitions, tthen 2 and 3 below are 2 separated LAN’s.
Firewall rules are missing if ether1 is supposed to be a protected connection, but there are SOME references to the “LAN” interface-list name anyway.in the config. (These references may be unintented left overs from a default config)
1
ether1: is in WAN list, has DHCP client, =WAN
2
wlan1 is in no list, is port of bridge bridge_wifi, and is in “AP_bridge” mode
ether4 is in no list, is port of bridge bridge_wifi
bridge_wifi has DHCP server and is in no list
3
ether2 and ether3 in LAN list (not used by RouterOS), and are port of bridge bridge_lan
bridge_lan has DHCP server and is in LAN list
From LAN2 (10.0) i can ping device in LAN1 (9.0),
but from LAN1 (9.0) can’t ping in LAN2 (10.0)
Current configurations target is just to plug two DHCP devices in two ports (LAN1 and LAN2) and get ping both ways.
I reader some posts and wiki and there is said that bridge interfaces will communicate without firewall rules between each other.
If understand correctly
LAN ether2,3 in interface list and bridge_lan in interface list are just duplicating each other and there is no need for both.
This is a routed connection between the 2 bridges.
Firewall should not block (is OK I assume)
Routes must be added (accually the add route is not needed as the two subnets are directly connected, and then an IP route with distance 0 is added automatically)
clients must have the router as gateway. Not sure if that is OK. 192.168.9.0/24 clients should have 192.168.9.1 as gateway and 192.168.10.0/24 have 192.168.10.1 (information sent by DHCP server)
IP addresses 192.168.x.1 should be on the bridge (not the interface)