Captive Portal (Hotspot) in Large Networks Issue

Good day everyone, let’s get to the point.

I having a problem with some issue with my current Wi-Fi Project for University.

Below is the network diagram.

If you cannot view, please download it from cloud.

http://www.mediafire.com/view/e7t6nlez762jpek/VLANs%20Hotspot.jpg


Here is what the Mikrotik CCR Do’s :-

Mikrotik Roles

1. DHCP Server VLAN 1340 – 1363 (Exclude 1361)
2. Captive Portal for interface VLAN 1340 – 1363 (Exclude 1361)
3. Load-Balancing 7 WANs Link for VLAN 1340 – 1363 (Exclude 1361) - Wi-Fi users only
4. Firewall for VLAN 1340 – 1363 (Exclude 1361)
5. Static DNS for local traffic redirection.
6. Layer-7 Filtering, drop BitTorrents

Ubiquiti UniFi UAP-AC setting :-

1. Open Wi-Fi (No encryption or what so ever)
2. DHCP mode (AP get IP from Mikrotik)
3. Excluded in Hotspot setup (IP Binding Exception by APs MAC Addresses

Issues :-

1. Current issue is that some users cannot make a connection to the APs, but some others can.

2. Even when connected, they were disconnected after associated with the APs.

3. http page redirects not working properly

4. After I disabled the hotspot for each VLANs, all users were able to associated with the APs. And browse internet normally.
   
   
   Others setup :-

5. FreeRADIUS as a external RADIUS DB (see diagram)

6. UniFi Controller for controlling APs.
   
   
   Below is the Export Codes :-

# nov/18/2014 12:49:31 by RouterOS 6.22
# software id = KVBB-FKWU
#
/interface bridge
add mtu=1500 name=VLAN_Trunk
/interface ethernet
set [ find default-name=ether1 ] l2mtu=1590
set [ find default-name=ether2 ] l2mtu=1590
set [ find default-name=ether3 ] l2mtu=1590
set [ find default-name=ether4 ] l2mtu=1590
set [ find default-name=ether5 ] l2mtu=1590
set [ find default-name=ether6 ] l2mtu=1590
set [ find default-name=ether7 ] l2mtu=1590
set [ find default-name=ether8 ] l2mtu=1590
set [ find default-name=ether9 ] l2mtu=1590
set [ find default-name=ether10 ] l2mtu=1590
set [ find default-name=ether11 ] l2mtu=1590
set [ find default-name=ether12 ] l2mtu=1590
set [ find default-name=sfp1 ] auto-negotiation=no l2mtu=1590
set [ find default-name=sfp2 ] auto-negotiation=no l2mtu=1590
set [ find default-name=sfp3 ] auto-negotiation=no l2mtu=1590
set [ find default-name=sfp4 ] auto-negotiation=no l2mtu=1590
/interface vlan
add interface=VLAN_Trunk l2mtu=1586 name=vlan1340 vlan-id=1340
add interface=VLAN_Trunk l2mtu=1586 name=vlan1341 vlan-id=1341
add interface=VLAN_Trunk l2mtu=1586 name=vlan1342 vlan-id=1342
add interface=VLAN_Trunk l2mtu=1586 name=vlan1343 vlan-id=1343
add interface=VLAN_Trunk l2mtu=1586 name=vlan1344 vlan-id=1344
add interface=VLAN_Trunk l2mtu=1586 name=vlan1345 vlan-id=1345
add interface=VLAN_Trunk l2mtu=1586 name=vlan1346 vlan-id=1346
add interface=VLAN_Trunk l2mtu=1586 name=vlan1347 vlan-id=1347
add interface=VLAN_Trunk l2mtu=1586 name=vlan1348 vlan-id=1348
add interface=VLAN_Trunk l2mtu=1586 name=vlan1349 vlan-id=1349
add interface=VLAN_Trunk l2mtu=1586 name=vlan1350 vlan-id=1350
add interface=VLAN_Trunk l2mtu=1586 name=vlan1351 vlan-id=1351
add interface=VLAN_Trunk l2mtu=1586 name=vlan1352 vlan-id=1352
add interface=VLAN_Trunk l2mtu=1586 name=vlan1353 vlan-id=1353
add interface=VLAN_Trunk l2mtu=1586 name=vlan1354 vlan-id=1354
add interface=VLAN_Trunk l2mtu=1586 name=vlan1355 vlan-id=1355
add interface=VLAN_Trunk l2mtu=1586 name=vlan1356 vlan-id=1356
add interface=VLAN_Trunk l2mtu=1586 name=vlan1357 vlan-id=1357
add interface=VLAN_Trunk l2mtu=1586 name=vlan1358 vlan-id=1358
add interface=VLAN_Trunk l2mtu=1586 name=vlan1359 vlan-id=1359
add interface=VLAN_Trunk l2mtu=1586 name=vlan1360 vlan-id=1360
add interface=VLAN_Trunk l2mtu=1586 name=vlan1362 vlan-id=1362
add interface=VLAN_Trunk l2mtu=1586 name=vlan1363 vlan-id=1363
/ip dhcp-server option
add code=43 name=unifi value=0x01040A4D07FA
/ip firewall layer7-protocol
add name=p2pblock regexp="^.*(get|GET).+(torrent|thepiratebay|isohunt|entertan\
    e|demonoid|btjunkie|mininova|flixflux|torrentz|vertor|h33t|btscene|bitunit\
    y|bittoxic|thunderbytes|entertane|zoozle|vcdq|bitnova|bitsoup|meganova|ful\
    ldls|btbot|flixflux|seedpeer|fenopy|gpirate|commonbits).*\\\$"
/ip hotspot profile
add dns-name=hotspotmiit.unikl.edu.my hotspot-address=10.34.0.1 login-by=\
    http-chap name=hsprof1 use-radius=yes
add dns-name=hotspotmiit.unikl.edu.my hotspot-address=10.34.1.1 login-by=\
    http-chap name=hsprof2 use-radius=yes
add dns-name=hotspotmiit.unikl.edu.my hotspot-address=10.34.2.1 login-by=\
    http-chap name=hsprof3 use-radius=yes
add dns-name=hotspotmiit.unikl.edu.my hotspot-address=10.34.3.1 login-by=\
    http-chap name=hsprof4 use-radius=yes
add dns-name=hotspotmiit.unikl.edu.my hotspot-address=10.34.4.1 login-by=\
    http-chap name=hsprof5 use-radius=yes
add dns-name=hotspotmiit.unikl.edu.my hotspot-address=10.34.5.1 login-by=\
    http-chap name=hsprof6 use-radius=yes
add dns-name=hotspotmiit.unikl.edu.my hotspot-address=10.34.6.1 login-by=\
    http-chap name=hsprof7 use-radius=yes
add dns-name=hotspotmiit.unikl.edu.my hotspot-address=10.34.7.1 login-by=\
    http-chap name=hsprof8 use-radius=yes
add dns-name=hotspotmiit.unikl.edu.my hotspot-address=10.34.8.1 login-by=\
    http-chap name=hsprof9 use-radius=yes
add dns-name=hotspotmiit.unikl.edu.my hotspot-address=10.34.9.1 login-by=\
    http-chap name=hsprof10 use-radius=yes
add dns-name=hotspotmiit.unikl.edu.my hotspot-address=10.34.10.1 login-by=\
    http-chap name=hsprof11 use-radius=yes
add dns-name=hotspotmiit.unikl.edu.my hotspot-address=10.34.11.1 login-by=\
    http-chap name=hsprof12 use-radius=yes
add dns-name=hotspotmiit.unikl.edu.my hotspot-address=10.34.12.1 login-by=\
    http-chap name=hsprof13 use-radius=yes
add dns-name=hotspotmiit.unikl.edu.my hotspot-address=10.34.13.1 login-by=\
    http-chap name=hsprof14 use-radius=yes
add dns-name=hotspotmiit.unikl.edu.my hotspot-address=10.34.14.1 login-by=\
    http-chap name=hsprof15 use-radius=yes
add dns-name=hotspotmiit.unikl.edu.my hotspot-address=10.34.15.1 login-by=\
    http-chap name=hsprof16 use-radius=yes
add dns-name=hotspotmiit.unikl.edu.my hotspot-address=10.34.16.1 login-by=\
    http-chap name=hsprof17 use-radius=yes
add dns-name=hotspotmiit.unikl.edu.my hotspot-address=10.34.17.1 login-by=\
    http-chap name=hsprof18 use-radius=yes
add dns-name=hotspotmiit.unikl.edu.my hotspot-address=10.34.18.1 login-by=\
    http-chap name=hsprof19 use-radius=yes
add dns-name=hotspotmiit.unikl.edu.my hotspot-address=10.34.19.1 login-by=\
    http-chap name=hsprof20 use-radius=yes
add dns-name=hotspotmiit.unikl.edu.my hotspot-address=10.34.20.1 login-by=\
    http-chap name=hsprof21 use-radius=yes
/ip hotspot user profile
set [ find default=yes ] shared-users=3
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des
/ip pool
add name=dhcp_pool1340 ranges=10.34.0.2-10.34.0.254
add name=dhcp_pool1341 ranges=10.34.1.2-10.34.1.254
add name=dhcp_pool1342 ranges=10.34.2.2-10.34.2.254
add name=dhcp_pool1343 ranges=10.34.3.2-10.34.3.254
add name=dhcp_pool1344 ranges=10.34.4.2-10.34.4.254
add name=dhcp_pool1345 ranges=10.34.5.2-10.34.5.254
add name=dhcp_pool1346 ranges=10.34.6.2-10.34.6.254
add name=dhcp_pool1347 ranges=10.34.7.2-10.34.7.254
add name=dhcp_pool1348 ranges=10.34.8.2-10.34.8.254
add name=dhcp_pool1349 ranges=10.34.9.2-10.34.9.254
add name=dhcp_pool1350 ranges=10.34.10.2-10.34.10.254
add name=dhcp_pool1351 ranges=10.34.11.2-10.34.11.254
add name=dhcp_pool1352 ranges=10.34.12.2-10.34.12.254
add name=dhcp_pool1353 ranges=10.34.13.2-10.34.13.254
add name=dhcp_pool1354 ranges=10.34.14.2-10.34.14.254
add name=dhcp_pool1355 ranges=10.34.15.2-10.34.15.254
add name=dhcp_pool1356 ranges=10.34.16.2-10.34.16.254
add name=dhcp_pool1357 ranges=10.34.17.2-10.34.17.254
add name=dhcp_pool1358 ranges=10.34.18.2-10.34.18.254
add name=dhcp_pool1359 ranges=10.34.19.2-10.34.19.254
add name=dhcp_pool1360 ranges=10.34.20.2-10.34.20.254
add name=dhcp_pool1362 ranges=10.34.21.2-10.34.21.254
add name=dhcp_pool1363 ranges=10.34.22.2-10.34.22.254
/ip dhcp-server
add address-pool=dhcp_pool1340 authoritative=yes disabled=no interface=\
    vlan1340 lease-time=4h name=dhcp1340
add address-pool=dhcp_pool1341 authoritative=yes disabled=no interface=\
    vlan1341 lease-time=4h name=dhcp1341
add address-pool=dhcp_pool1342 authoritative=yes disabled=no interface=\
    vlan1342 lease-time=4h name=dhcp1342
add address-pool=dhcp_pool1343 authoritative=yes disabled=no interface=\
    vlan1343 lease-time=4h name=dhcp1343
add address-pool=dhcp_pool1344 authoritative=yes disabled=no interface=\
    vlan1344 lease-time=4h name=dhcp1344
add address-pool=dhcp_pool1345 authoritative=yes disabled=no interface=\
    vlan1345 lease-time=4h name=dhcp1345
add address-pool=dhcp_pool1346 authoritative=yes disabled=no interface=\
    vlan1346 lease-time=4h name=dhcp1346
add address-pool=dhcp_pool1347 authoritative=yes disabled=no interface=\
    vlan1347 lease-time=4h name=dhcp1347
add address-pool=dhcp_pool1348 authoritative=yes disabled=no interface=\
    vlan1348 lease-time=4h name=dhcp1348
add address-pool=dhcp_pool1349 authoritative=yes disabled=no interface=\
    vlan1349 lease-time=4h name=dhcp1349
add address-pool=dhcp_pool1350 authoritative=yes disabled=no interface=\
    vlan1350 lease-time=4h name=dhcp1350
add address-pool=dhcp_pool1351 authoritative=yes disabled=no interface=\
    vlan1351 lease-time=4h name=dhcp1351
add address-pool=dhcp_pool1352 authoritative=yes disabled=no interface=\
    vlan1352 lease-time=4h name=dhcp1352
add address-pool=dhcp_pool1353 authoritative=yes disabled=no interface=\
    vlan1353 lease-time=4h name=dhcp1353
add address-pool=dhcp_pool1354 authoritative=yes disabled=no interface=\
    vlan1354 lease-time=4h name=dhcp1354
add address-pool=dhcp_pool1355 authoritative=yes disabled=no interface=\
    vlan1355 lease-time=4h name=dhcp1355
add address-pool=dhcp_pool1356 authoritative=yes disabled=no interface=\
    vlan1356 lease-time=4h name=dhcp1356
add address-pool=dhcp_pool1357 authoritative=yes disabled=no interface=\
    vlan1357 lease-time=4h name=dhcp1357
add address-pool=dhcp_pool1358 authoritative=yes disabled=no interface=\
    vlan1358 lease-time=4h name=dhcp1358
add address-pool=dhcp_pool1359 authoritative=yes disabled=no interface=\
    vlan1359 lease-time=4h name=dhcp1359
add address-pool=dhcp_pool1360 authoritative=yes disabled=no interface=\
    vlan1360 lease-time=4h name=dhcp1360
add address-pool=dhcp_pool1362 authoritative=yes disabled=no interface=\
    vlan1362 lease-time=4h name=dhcp1362
add address-pool=dhcp_pool1363 disabled=no interface=vlan1363 lease-time=4h \
    name=dhcp1363
/ip hotspot
add address-pool=dhcp_pool1340 idle-timeout=2h interface=vlan1340 name=\
    hotspot1340 profile=hsprof1
add address-pool=dhcp_pool1341 idle-timeout=2h interface=vlan1341 name=\
    hs-vlan1341 profile=hsprof2
add address-pool=dhcp_pool1342 idle-timeout=2h interface=vlan1342 name=\
    hs-vlan1342 profile=hsprof3
add address-pool=dhcp_pool1343 idle-timeout=2h interface=vlan1343 name=\
    hs-vlan1343 profile=hsprof4
add address-pool=dhcp_pool1344 idle-timeout=2h interface=vlan1344 name=\
    hs-vlan1344 profile=hsprof5
add address-pool=dhcp_pool1345 idle-timeout=2h interface=vlan1345 name=\
    hs-vlan1345 profile=hsprof6
add address-pool=dhcp_pool1346 idle-timeout=2h interface=vlan1346 name=\
    hs-vlan1346 profile=hsprof7
add address-pool=dhcp_pool1347 idle-timeout=2h interface=vlan1347 name=\
    hs-vlan1347 profile=hsprof8
add address-pool=dhcp_pool1348 idle-timeout=2h interface=vlan1348 name=\
    hs-vlan1348 profile=hsprof9
add address-pool=dhcp_pool1349 idle-timeout=2h interface=vlan1349 name=\
    hs-vlan1349 profile=hsprof10
add address-pool=dhcp_pool1350 idle-timeout=2h interface=vlan1350 name=\
    hs-vlan1350 profile=hsprof11
add address-pool=dhcp_pool1351 idle-timeout=2h interface=vlan1351 name=\
    hs-vlan1351 profile=hsprof12
add address-pool=dhcp_pool1352 idle-timeout=2h interface=vlan1352 name=\
    hs-vlan1352 profile=hsprof13
add address-pool=dhcp_pool1353 idle-timeout=2h interface=vlan1353 name=\
    hs-vlan1353 profile=hsprof14
add address-pool=dhcp_pool1354 idle-timeout=2h interface=vlan1354 name=\
    hs-vlan1354 profile=hsprof15
add address-pool=dhcp_pool1355 idle-timeout=2h interface=vlan1355 name=\
    hs-vlan1355 profile=hsprof16
add address-pool=dhcp_pool1356 idle-timeout=2h interface=vlan1356 name=\
    hs-vlan1356 profile=hsprof17
add address-pool=dhcp_pool1357 idle-timeout=2h interface=vlan1357 name=\
    hs-vlan1357 profile=hsprof18
add address-pool=dhcp_pool1358 idle-timeout=2h interface=vlan1358 name=\
    hs-vlan1358 profile=hsprof19
add address-pool=dhcp_pool1359 idle-timeout=2h interface=vlan1359 name=\
    hs-vlan1359 profile=hsprof20
add address-pool=dhcp_pool1360 idle-timeout=2h interface=vlan1360 name=\
    hs-vlan1360 profile=hsprof21
/port
set 0 name=serial0
set 1 name=serial1
/system logging action
set 2 remember=yes
set 3 src-address=0.0.0.0
/interface bridge port
add bridge=VLAN_Trunk interface=ether9
add bridge=VLAN_Trunk interface=ether10
add bridge=VLAN_Trunk interface=ether11
add bridge=VLAN_Trunk interface=ether12
/ip address
add address=10.55.3.2/24 interface=ether8 network=10.55.3.0
add address=10.34.1.1/24 interface=vlan1341 network=10.34.1.0
add address=192.168.1.2/24 interface=ether1 network=192.168.1.0
add address=192.168.2.2/24 interface=ether2 network=192.168.2.0
add address=192.168.3.2/24 interface=ether3 network=192.168.3.0
add address=192.168.4.2/24 interface=ether4 network=192.168.4.0
add address=192.168.5.2/24 interface=ether5 network=192.168.5.0
add address=192.168.6.2/24 interface=ether6 network=192.168.6.0
add address=192.168.7.2/24 interface=ether7 network=192.168.7.0
add address=10.34.2.1/24 interface=vlan1342 network=10.34.2.0
add address=10.34.0.1/24 interface=vlan1340 network=10.34.0.0
add address=10.34.3.1/24 interface=vlan1343 network=10.34.3.0
add address=10.34.4.1/24 interface=vlan1344 network=10.34.4.0
add address=10.34.5.1/24 interface=vlan1345 network=10.34.5.0
add address=10.34.6.1/24 interface=vlan1346 network=10.34.6.0
add address=10.34.7.1/24 interface=vlan1347 network=10.34.7.0
add address=10.34.8.1/24 interface=vlan1348 network=10.34.8.0
add address=10.34.9.1/24 interface=vlan1349 network=10.34.9.0
add address=10.34.10.1/24 interface=vlan1350 network=10.34.10.0
add address=10.34.11.1/24 interface=vlan1351 network=10.34.11.0
add address=10.34.12.1/24 interface=vlan1352 network=10.34.12.0
add address=10.34.13.1/24 interface=vlan1353 network=10.34.13.0
add address=10.34.14.1/24 interface=vlan1354 network=10.34.14.0
add address=10.34.15.1/24 interface=vlan1355 network=10.34.15.0
add address=10.34.16.1/24 interface=vlan1356 network=10.34.16.0
add address=10.34.17.1/24 interface=vlan1357 network=10.34.17.0
add address=10.34.18.1/24 interface=vlan1358 network=10.34.18.0
add address=10.34.19.1/24 interface=vlan1359 network=10.34.19.0
add address=10.34.20.1/24 interface=vlan1360 network=10.34.20.0
add address=10.34.21.1/24 interface=vlan1362 network=10.34.21.0
add address=10.77.7.1/24 interface=VLAN_Trunk network=10.77.7.0
add address=10.34.22.1/24 interface=vlan1363 network=10.34.22.0
/ip dhcp-server network
add address=10.34.0.0/24 dns-server=10.34.0.1 gateway=10.34.0.1
add address=10.34.1.0/24 dns-server=10.34.1.1 gateway=10.34.1.1
add address=10.34.2.0/24 dns-server=10.34.2.1 gateway=10.34.2.1
add address=10.34.3.0/24 dns-server=10.34.3.1 gateway=10.34.3.1
add address=10.34.4.0/24 dns-server=10.34.4.1 gateway=10.34.4.1
add address=10.34.5.0/24 dns-server=10.34.5.1 gateway=10.34.5.1
add address=10.34.6.0/24 dns-server=10.34.6.1 gateway=10.34.6.1
add address=10.34.7.0/24 dns-server=10.34.7.1 gateway=10.34.7.1
add address=10.34.8.0/24 dns-server=10.34.8.1 gateway=10.34.8.1
add address=10.34.9.0/24 dns-server=10.34.9.1 gateway=10.34.9.1
add address=10.34.10.0/24 dns-server=10.34.10.1 gateway=10.34.10.1
add address=10.34.11.0/24 dns-server=10.34.11.1 gateway=10.34.11.1
add address=10.34.12.0/24 dns-server=10.34.12.1 gateway=10.34.12.1
add address=10.34.13.0/24 dns-server=10.34.13.1 gateway=10.34.13.1
add address=10.34.14.0/24 dns-server=10.34.14.1 gateway=10.34.14.1
add address=10.34.15.0/24 dns-server=10.34.15.1 gateway=10.34.15.1
add address=10.34.16.0/24 dns-server=10.34.16.1 gateway=10.34.16.1
add address=10.34.17.0/24 dns-server=10.34.17.1 gateway=10.34.17.1
add address=10.34.18.0/24 dns-server=10.34.18.1 gateway=10.34.18.1
add address=10.34.19.0/24 dns-server=10.34.19.1 gateway=10.34.19.1
add address=10.34.20.0/24 dns-server=10.34.20.1 gateway=10.34.20.1
add address=10.34.21.0/24 dns-server=10.34.21.1 gateway=10.34.21.1
add address=10.34.22.0/24 dns-server=10.34.22.1 gateway=10.34.22.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip dns static
add address=10.42.1.84 name=elearn.unikl.edu.my ttl=50w6d
add address=10.42.1.23 name=www.unikl.edu.my ttl=50w6d
add address=10.42.1.84 name=clms.unikl.edu.my ttl=50w6d
add address=10.42.1.53 name=online.unikl.edu.my ttl=50w6d
add address=10.42.1.59 name=online1.unikl.edu.my ttl=50w6d
add address=10.42.1.52 name=online2.unikl.edu.my ttl=50w6d
add address=10.42.1.54 name=cas.unikl.edu.my ttl=50w6d
add address=10.42.1.37 name=portal.unikl.edu.my ttl=52w1d
add address=10.34.1.249 name=userhotspot.unikl.edu.my
add address=10.34.1.250 name=unifi ttl=50w6d
/ip firewall address-list
add address=10.34.0.0/19 list=local-networks
add address=10.55.3.0/24 list=local-networks
add address=10.42.1.0/24 list=local-networks
add address=192.168.1.0/24 disabled=yes list=local-networks
add address=192.168.2.0/24 disabled=yes list=local-networks
add address=192.168.3.0/24 disabled=yes list=local-networks
add address=192.168.4.0/24 disabled=yes list=local-networks
add address=192.168.5.0/24 disabled=yes list=local-networks
add address=192.168.6.0/24 disabled=yes list=local-networks
add address=192.168.7.0/24 disabled=yes list=local-networks
add address=10.34.32.0/19 list=local-networks
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=yes
add action=drop chain=forward comment=p2pblock layer7-protocol=p2pblock \
    src-address=10.34.0.0/19
add action=drop chain=forward comment=dropDNS dst-port=53 layer7-protocol=\
    p2pblock protocol=udp src-address=10.34.0.0/19
add action=drop chain=forward comment=keyword_drop content=torrent \
    src-address=10.34.0.0/19
add action=drop chain=forward comment=trackers_drop content=tracker \
    src-address=10.34.0.0/19
add action=drop chain=forward comment=get_peers_drop content=getpeers \
    src-address=10.34.0.0/19
add action=drop chain=forward comment=info_hash_drop content=info_hash \
    src-address=10.34.0.0/19
add action=drop chain=forward comment=announce_peers_drop content=\
    announce_peers src-address=10.34.0.0/19
add action=drop chain=forward comment=p2p_drop p2p=all-p2p src-address=\
    10.34.0.0/19
add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=yes
add action=drop chain=forward comment=p2pblock layer7-protocol=p2pblock \
    src-address=10.34.32.0/19
add action=drop chain=forward comment=dropDNS dst-port=53 layer7-protocol=\
    p2pblock protocol=udp src-address=10.34.32.0/19
add action=drop chain=forward comment=keyword_drop content=torrent \
    src-address=10.34.32.0/19
add action=drop chain=forward comment=trackers_drop content=tracker \
    src-address=10.34.32.0/19
add action=drop chain=forward comment=get_peers_drop content=getpeers \
    src-address=10.34.32.0/19
add action=drop chain=forward comment=info_hash_drop content=info_hash \
    src-address=10.34.32.0/19
add action=drop chain=forward comment=announce_peers_drop content=\
    announce_peers src-address=10.34.32.0/19
add action=drop chain=forward comment=p2p_drop p2p=all-p2p src-address=\
    10.34.32.0/19
add action=drop chain=input comment="drop ftp brute forcers" dst-port=21 \
    protocol=tcp src-address-list=ftp_blacklist
add chain=output content="530 Login incorrect" dst-limit=\
    1/1m,9,dst-address/1m protocol=tcp
add action=add-dst-to-address-list address-list=ftp_blacklist \
    address-list-timeout=3h chain=output content="530 Login incorrect" \
    protocol=tcp
add action=drop chain=input comment="drop ssh brute forcers" dst-port=22 \
    protocol=tcp src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist \
    address-list-timeout=1w3d chain=input connection-state=new dst-port=22 \
    protocol=tcp src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3 \
    address-list-timeout=1m chain=input connection-state=new dst-port=22 \
    protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 \
    address-list-timeout=1m chain=input connection-state=new dst-port=22 \
    protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 \
    address-list-timeout=1m chain=input connection-state=new dst-port=22 \
    protocol=tcp
/ip firewall mangle
add chain=prerouting comment=Excluded_Internal_DMZ dst-address-list=\
    local-networks src-address-list=local-networks
add action=mark-connection chain=input comment=\
    Load-Balancing_Setup_7-TM-Unifi in-interface=ether1 new-connection-mark=\
    WAN1_conn
add action=mark-connection chain=input in-interface=ether2 \
    new-connection-mark=WAN2_conn
add action=mark-connection chain=input in-interface=ether3 \
    new-connection-mark=WAN3_conn
add action=mark-connection chain=input in-interface=ether4 \
    new-connection-mark=WAN4_conn
add action=mark-connection chain=input in-interface=ether5 \
    new-connection-mark=WAN5_conn
add action=mark-connection chain=input in-interface=ether6 \
    new-connection-mark=WAN6_conn
add action=mark-connection chain=input in-interface=ether7 \
    new-connection-mark=WAN7_conn
add action=mark-routing chain=output connection-mark=WAN1_conn \
    new-routing-mark=to_WAN1
add action=mark-routing chain=output connection-mark=WAN2_conn \
    new-routing-mark=to_WAN2
add action=mark-routing chain=output connection-mark=WAN3_conn \
    new-routing-mark=to_WAN3
add action=mark-routing chain=output connection-mark=WAN4_conn \
    new-routing-mark=to_WAN4
add action=mark-routing chain=output connection-mark=WAN5_conn \
    new-routing-mark=to_WAN5
add action=mark-routing chain=output connection-mark=WAN6_conn \
    new-routing-mark=to_WAN6
add action=mark-routing chain=output connection-mark=WAN7_conn \
    new-routing-mark=to_WAN7
add chain=prerouting comment="load balancing for VLAN1340" dst-address=\
    192.168.1.0/24 in-interface=vlan1340
add chain=prerouting dst-address=192.168.2.0/24 in-interface=vlan1340
add chain=prerouting dst-address=192.168.3.0/24 in-interface=vlan1340
add chain=prerouting dst-address=192.168.4.0/24 in-interface=vlan1340
add chain=prerouting dst-address=192.168.5.0/24 in-interface=vlan1340
add chain=prerouting dst-address=192.168.6.0/24 in-interface=vlan1340
add chain=prerouting dst-address=192.168.7.0/24 in-interface=vlan1340
add action=mark-connection chain=prerouting comment=\
    "auth - redirect load balance" dst-address-type=!local in-interface=\
    vlan1340 new-connection-mark=WAN1_conn per-connection-classifier=\
    both-addresses-and-ports:7/0
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1340 new-connection-mark=WAN2_conn \
    per-connection-classifier=both-addresses-and-ports:7/1
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1340 new-connection-mark=WAN3_conn \
    per-connection-classifier=both-addresses-and-ports:7/2
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1340 new-connection-mark=WAN4_conn \
    per-connection-classifier=both-addresses-and-ports:7/3
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1340 new-connection-mark=WAN5_conn \
    per-connection-classifier=both-addresses-and-ports:7/4
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1340 new-connection-mark=WAN6_conn \
    per-connection-classifier=both-addresses-and-ports:7/5
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1340 new-connection-mark=WAN7_conn \
    per-connection-classifier=both-addresses-and-ports:7/6
add action=mark-routing chain=prerouting connection-mark=WAN1_conn \
    in-interface=vlan1340 new-routing-mark=to_WAN1
add action=mark-routing chain=prerouting connection-mark=WAN2_conn \
    in-interface=vlan1340 new-routing-mark=to_WAN2
add action=mark-routing chain=prerouting connection-mark=WAN3_conn \
    in-interface=vlan1340 new-routing-mark=to_WAN3
add action=mark-routing chain=prerouting connection-mark=WAN4_conn \
    in-interface=vlan1340 new-routing-mark=to_WAN4
add action=mark-routing chain=prerouting connection-mark=WAN5_conn \
    in-interface=vlan1340 new-routing-mark=to_WAN5
add action=mark-routing chain=prerouting connection-mark=WAN6_conn \
    in-interface=vlan1340 new-routing-mark=to_WAN6
add action=mark-routing chain=prerouting connection-mark=WAN7_conn \
    in-interface=vlan1340 new-routing-mark=to_WAN7
add chain=prerouting comment="load balancing for VLAN1341" dst-address=\
    192.168.1.0/24 in-interface=vlan1341
add chain=prerouting dst-address=192.168.2.0/24 in-interface=vlan1341
add chain=prerouting dst-address=192.168.3.0/24 in-interface=vlan1341
add chain=prerouting dst-address=192.168.4.0/24 in-interface=vlan1341
add chain=prerouting dst-address=192.168.5.0/24 in-interface=vlan1341
add chain=prerouting dst-address=192.168.6.0/24 in-interface=vlan1341
add chain=prerouting dst-address=192.168.7.0/24 in-interface=vlan1341
add action=mark-connection chain=prerouting comment=\
    "auth - redirect load balance" dst-address-type=!local in-interface=\
    vlan1341 new-connection-mark=WAN1_conn per-connection-classifier=\
    both-addresses-and-ports:7/0
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1341 new-connection-mark=WAN2_conn \
    per-connection-classifier=both-addresses-and-ports:7/1
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1341 new-connection-mark=WAN3_conn \
    per-connection-classifier=both-addresses-and-ports:7/2
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1341 new-connection-mark=WAN4_conn \
    per-connection-classifier=both-addresses-and-ports:7/3
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1341 new-connection-mark=WAN5_conn \
    per-connection-classifier=both-addresses-and-ports:7/4
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1341 new-connection-mark=WAN6_conn \
    per-connection-classifier=both-addresses-and-ports:7/5
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1341 new-connection-mark=WAN7_conn \
    per-connection-classifier=both-addresses-and-ports:7/6
add action=mark-routing chain=prerouting connection-mark=WAN1_conn \
    in-interface=vlan1341 new-routing-mark=to_WAN1
add action=mark-routing chain=prerouting connection-mark=WAN2_conn \
    in-interface=vlan1341 new-routing-mark=to_WAN2
add action=mark-routing chain=prerouting connection-mark=WAN3_conn \
    in-interface=vlan1341 new-routing-mark=to_WAN3
add action=mark-routing chain=prerouting connection-mark=WAN4_conn \
    in-interface=vlan1341 new-routing-mark=to_WAN4
add action=mark-routing chain=prerouting connection-mark=WAN5_conn \
    in-interface=vlan1341 new-routing-mark=to_WAN5
add action=mark-routing chain=prerouting connection-mark=WAN6_conn \
    in-interface=vlan1341 new-routing-mark=to_WAN6
add action=mark-routing chain=prerouting connection-mark=WAN7_conn \
    in-interface=vlan1341 new-routing-mark=to_WAN7
add chain=prerouting comment="load balancing for VLAN1342" dst-address=\
    192.168.1.0/24 in-interface=vlan1342
add chain=prerouting dst-address=192.168.2.0/24 in-interface=vlan1342
add chain=prerouting dst-address=192.168.3.0/24 in-interface=vlan1342
add chain=prerouting dst-address=192.168.4.0/24 in-interface=vlan1342
add chain=prerouting dst-address=192.168.5.0/24 in-interface=vlan1342
add chain=prerouting dst-address=192.168.6.0/24 in-interface=vlan1342
add chain=prerouting dst-address=192.168.7.0/24 in-interface=vlan1342
add action=mark-connection chain=prerouting comment=\
    "auth - redirect load balance" dst-address-type=!local in-interface=\
    vlan1342 new-connection-mark=WAN1_conn per-connection-classifier=\
    both-addresses-and-ports:7/0
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1342 new-connection-mark=WAN2_conn \
    per-connection-classifier=both-addresses-and-ports:7/1
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1342 new-connection-mark=WAN3_conn \
    per-connection-classifier=both-addresses-and-ports:7/2
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1342 new-connection-mark=WAN4_conn \
    per-connection-classifier=both-addresses-and-ports:7/3
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1342 new-connection-mark=WAN5_conn \
    per-connection-classifier=both-addresses-and-ports:7/4
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1342 new-connection-mark=WAN6_conn \
    per-connection-classifier=both-addresses-and-ports:7/5
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1342 new-connection-mark=WAN7_conn \
    per-connection-classifier=both-addresses-and-ports:7/6
add action=mark-routing chain=prerouting connection-mark=WAN1_conn \
    in-interface=vlan1342 new-routing-mark=to_WAN1
add action=mark-routing chain=prerouting connection-mark=WAN2_conn \
    in-interface=vlan1342 new-routing-mark=to_WAN2
add action=mark-routing chain=prerouting connection-mark=WAN3_conn \
    in-interface=vlan1342 new-routing-mark=to_WAN3
add action=mark-routing chain=prerouting connection-mark=WAN4_conn \
    in-interface=vlan1342 new-routing-mark=to_WAN4
add action=mark-routing chain=prerouting connection-mark=WAN5_conn \
    in-interface=vlan1342 new-routing-mark=to_WAN5
add action=mark-routing chain=prerouting connection-mark=WAN6_conn \
    in-interface=vlan1342 new-routing-mark=to_WAN6
add action=mark-routing chain=prerouting connection-mark=WAN7_conn \
    in-interface=vlan1342 new-routing-mark=to_WAN7
add chain=prerouting comment="load balancing for VLAN1343" dst-address=\
    192.168.1.0/24 in-interface=vlan1343
add chain=prerouting dst-address=192.168.2.0/24 in-interface=vlan1343
add chain=prerouting dst-address=192.168.3.0/24 in-interface=vlan1343
add chain=prerouting dst-address=192.168.4.0/24 in-interface=vlan1343
add chain=prerouting dst-address=192.168.5.0/24 in-interface=vlan1343
add chain=prerouting dst-address=192.168.6.0/24 in-interface=vlan1343
add chain=prerouting dst-address=192.168.7.0/24 in-interface=vlan1343
add action=mark-connection chain=prerouting comment=\
    "auth - redirect load balance" dst-address-type=!local in-interface=\
    vlan1343 new-connection-mark=WAN1_conn per-connection-classifier=\
    both-addresses-and-ports:7/0
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1343 new-connection-mark=WAN2_conn \
    per-connection-classifier=both-addresses-and-ports:7/1
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1343 new-connection-mark=WAN3_conn \
    per-connection-classifier=both-addresses-and-ports:7/2
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1343 new-connection-mark=WAN4_conn \
    per-connection-classifier=both-addresses-and-ports:7/3
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1343 new-connection-mark=WAN5_conn \
    per-connection-classifier=both-addresses-and-ports:7/4
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1343 new-connection-mark=WAN6_conn \
    per-connection-classifier=both-addresses-and-ports:7/5
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1343 new-connection-mark=WAN7_conn \
    per-connection-classifier=both-addresses-and-ports:7/6
add action=mark-routing chain=prerouting connection-mark=WAN1_conn \
    in-interface=vlan1343 new-routing-mark=to_WAN1
add action=mark-routing chain=prerouting connection-mark=WAN2_conn \
    in-interface=vlan1343 new-routing-mark=to_WAN2
add action=mark-routing chain=prerouting connection-mark=WAN3_conn \
    in-interface=vlan1343 new-routing-mark=to_WAN3
add action=mark-routing chain=prerouting connection-mark=WAN4_conn \
    in-interface=vlan1343 new-routing-mark=to_WAN4
add action=mark-routing chain=prerouting connection-mark=WAN5_conn \
    in-interface=vlan1343 new-routing-mark=to_WAN5
add action=mark-routing chain=prerouting connection-mark=WAN6_conn \
    in-interface=vlan1343 new-routing-mark=to_WAN6
add action=mark-routing chain=prerouting connection-mark=WAN7_conn \
    in-interface=vlan1343 new-routing-mark=to_WAN7
add chain=prerouting comment="load balancing for VLAN1344" dst-address=\
    192.168.1.0/24 in-interface=vlan1344
add chain=prerouting dst-address=192.168.2.0/24 in-interface=vlan1344
add chain=prerouting dst-address=192.168.3.0/24 in-interface=vlan1344
add chain=prerouting dst-address=192.168.4.0/24 in-interface=vlan1344
add chain=prerouting dst-address=192.168.5.0/24 in-interface=vlan1344
add chain=prerouting dst-address=192.168.6.0/24 in-interface=vlan1344
add chain=prerouting dst-address=192.168.7.0/24 in-interface=vlan1344
add action=mark-connection chain=prerouting comment=\
    "auth - redirect load balance" dst-address-type=!local in-interface=\
    vlan1344 new-connection-mark=WAN1_conn per-connection-classifier=\
    both-addresses-and-ports:7/0
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1344 new-connection-mark=WAN2_conn \
    per-connection-classifier=both-addresses-and-ports:7/1
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1344 new-connection-mark=WAN3_conn \
    per-connection-classifier=both-addresses-and-ports:7/2
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1344 new-connection-mark=WAN4_conn \
    per-connection-classifier=both-addresses-and-ports:7/3
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1344 new-connection-mark=WAN5_conn \
    per-connection-classifier=both-addresses-and-ports:7/4
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1344 new-connection-mark=WAN6_conn \
    per-connection-classifier=both-addresses-and-ports:7/5
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1344 new-connection-mark=WAN7_conn \
    per-connection-classifier=both-addresses-and-ports:7/6
add action=mark-routing chain=prerouting connection-mark=WAN1_conn \
    in-interface=vlan1344 new-routing-mark=to_WAN1
add action=mark-routing chain=prerouting connection-mark=WAN2_conn \
    in-interface=vlan1344 new-routing-mark=to_WAN2
add action=mark-routing chain=prerouting connection-mark=WAN3_conn \
    in-interface=vlan1344 new-routing-mark=to_WAN3
add action=mark-routing chain=prerouting connection-mark=WAN4_conn \
    in-interface=vlan1344 new-routing-mark=to_WAN4
add action=mark-routing chain=prerouting connection-mark=WAN5_conn \
    in-interface=vlan1344 new-routing-mark=to_WAN5
add action=mark-routing chain=prerouting connection-mark=WAN6_conn \
    in-interface=vlan1344 new-routing-mark=to_WAN6
add action=mark-routing chain=prerouting connection-mark=WAN7_conn \
    in-interface=vlan1344 new-routing-mark=to_WAN7
add chain=prerouting comment="load balancing for VLAN1345" dst-address=\
    192.168.1.0/24 in-interface=vlan1345
add chain=prerouting dst-address=192.168.2.0/24 in-interface=vlan1345
add chain=prerouting dst-address=192.168.3.0/24 in-interface=vlan1345
add chain=prerouting dst-address=192.168.4.0/24 in-interface=vlan1345
add chain=prerouting dst-address=192.168.5.0/24 in-interface=vlan1345
add chain=prerouting dst-address=192.168.6.0/24 in-interface=vlan1345
add chain=prerouting dst-address=192.168.7.0/24 in-interface=vlan1345
add action=mark-connection chain=prerouting comment=\
    "auth - redirect load balance" dst-address-type=!local in-interface=\
    vlan1345 new-connection-mark=WAN1_conn per-connection-classifier=\
    both-addresses-and-ports:7/0
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1345 new-connection-mark=WAN2_conn \
    per-connection-classifier=both-addresses-and-ports:7/1
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1345 new-connection-mark=WAN3_conn \
    per-connection-classifier=both-addresses-and-ports:7/2
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1345 new-connection-mark=WAN4_conn \
    per-connection-classifier=both-addresses-and-ports:7/3
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1345 new-connection-mark=WAN5_conn \
    per-connection-classifier=both-addresses-and-ports:7/4
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1345 new-connection-mark=WAN6_conn \
    per-connection-classifier=both-addresses-and-ports:7/5
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1345 new-connection-mark=WAN7_conn \
    per-connection-classifier=both-addresses-and-ports:7/6
add action=mark-routing chain=prerouting connection-mark=WAN1_conn \
    in-interface=vlan1345 new-routing-mark=to_WAN1
add action=mark-routing chain=prerouting connection-mark=WAN2_conn \
    in-interface=vlan1345 new-routing-mark=to_WAN2
add action=mark-routing chain=prerouting connection-mark=WAN3_conn \
    in-interface=vlan1345 new-routing-mark=to_WAN3
add action=mark-routing chain=prerouting connection-mark=WAN4_conn \
    in-interface=vlan1345 new-routing-mark=to_WAN4
add action=mark-routing chain=prerouting connection-mark=WAN5_conn \
    in-interface=vlan1345 new-routing-mark=to_WAN5
add action=mark-routing chain=prerouting connection-mark=WAN6_conn \
    in-interface=vlan1345 new-routing-mark=to_WAN6
add action=mark-routing chain=prerouting connection-mark=WAN7_conn \
    in-interface=vlan1345 new-routing-mark=to_WAN7
add chain=prerouting comment="load balancing for VLAN1346" dst-address=\
    192.168.1.0/24 in-interface=vlan1346
add chain=prerouting dst-address=192.168.2.0/24 in-interface=vlan1346
add chain=prerouting dst-address=192.168.3.0/24 in-interface=vlan1346
add chain=prerouting dst-address=192.168.4.0/24 in-interface=vlan1346
add chain=prerouting dst-address=192.168.5.0/24 in-interface=vlan1346
add chain=prerouting dst-address=192.168.6.0/24 in-interface=vlan1346
add chain=prerouting dst-address=192.168.7.0/24 in-interface=vlan1346
add action=mark-connection chain=prerouting comment=\
    "auth - redirect load balance" dst-address-type=!local in-interface=\
    vlan1346 new-connection-mark=WAN1_conn per-connection-classifier=\
    both-addresses-and-ports:7/0
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1346 new-connection-mark=WAN2_conn \
    per-connection-classifier=both-addresses-and-ports:7/1
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1346 new-connection-mark=WAN3_conn \
    per-connection-classifier=both-addresses-and-ports:7/2
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1346 new-connection-mark=WAN4_conn \
    per-connection-classifier=both-addresses-and-ports:7/3
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1346 new-connection-mark=WAN5_conn \
    per-connection-classifier=both-addresses-and-ports:7/4
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1346 new-connection-mark=WAN6_conn \
    per-connection-classifier=both-addresses-and-ports:7/5
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1346 new-connection-mark=WAN7_conn \
    per-connection-classifier=both-addresses-and-ports:7/6
add action=mark-routing chain=prerouting connection-mark=WAN1_conn \
    in-interface=vlan1346 new-routing-mark=to_WAN1
add action=mark-routing chain=prerouting connection-mark=WAN2_conn \
    in-interface=vlan1346 new-routing-mark=to_WAN2
add action=mark-routing chain=prerouting connection-mark=WAN3_conn \
    in-interface=vlan1346 new-routing-mark=to_WAN3
add action=mark-routing chain=prerouting connection-mark=WAN4_conn \
    in-interface=vlan1346 new-routing-mark=to_WAN4
add action=mark-routing chain=prerouting connection-mark=WAN5_conn \
    in-interface=vlan1346 new-routing-mark=to_WAN5
add action=mark-routing chain=prerouting connection-mark=WAN6_conn \
    in-interface=vlan1346 new-routing-mark=to_WAN6
add action=mark-routing chain=prerouting connection-mark=WAN7_conn \
    in-interface=vlan1346 new-routing-mark=to_WAN7
add chain=prerouting comment="load balancing for VLAN1347" dst-address=\
    192.168.1.0/24 in-interface=vlan1347
add chain=prerouting dst-address=192.168.2.0/24 in-interface=vlan1347
add chain=prerouting dst-address=192.168.3.0/24 in-interface=vlan1347
add chain=prerouting dst-address=192.168.4.0/24 in-interface=vlan1347
add chain=prerouting dst-address=192.168.5.0/24 in-interface=vlan1347
add chain=prerouting dst-address=192.168.6.0/24 in-interface=vlan1347
add chain=prerouting dst-address=192.168.7.0/24 in-interface=vlan1347
add action=mark-connection chain=prerouting comment=\
    "auth - redirect load balance" dst-address-type=!local in-interface=\
    vlan1347 new-connection-mark=WAN1_conn per-connection-classifier=\
    both-addresses-and-ports:7/0
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1347 new-connection-mark=WAN2_conn \
    per-connection-classifier=both-addresses-and-ports:7/1
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1347 new-connection-mark=WAN3_conn \
    per-connection-classifier=both-addresses-and-ports:7/2
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1347 new-connection-mark=WAN4_conn \
    per-connection-classifier=both-addresses-and-ports:7/3
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1347 new-connection-mark=WAN5_conn \
    per-connection-classifier=both-addresses-and-ports:7/4
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1347 new-connection-mark=WAN6_conn \
    per-connection-classifier=both-addresses-and-ports:7/5
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1347 new-connection-mark=WAN7_conn \
    per-connection-classifier=both-addresses-and-ports:7/6
add action=mark-routing chain=prerouting connection-mark=WAN1_conn \
    in-interface=vlan1347 new-routing-mark=to_WAN1
add action=mark-routing chain=prerouting connection-mark=WAN2_conn \
    in-interface=vlan1347 new-routing-mark=to_WAN2
add action=mark-routing chain=prerouting connection-mark=WAN3_conn \
    in-interface=vlan1347 new-routing-mark=to_WAN3
add action=mark-routing chain=prerouting connection-mark=WAN4_conn \
    in-interface=vlan1347 new-routing-mark=to_WAN4
add action=mark-routing chain=prerouting connection-mark=WAN5_conn \
    in-interface=vlan1347 new-routing-mark=to_WAN5
add action=mark-routing chain=prerouting connection-mark=WAN6_conn \
    in-interface=vlan1347 new-routing-mark=to_WAN6
add action=mark-routing chain=prerouting connection-mark=WAN7_conn \
    in-interface=vlan1347 new-routing-mark=to_WAN7
add chain=prerouting comment="load balancing for VLAN1348" dst-address=\
    192.168.1.0/24 in-interface=vlan1348
add chain=prerouting dst-address=192.168.2.0/24 in-interface=vlan1348
add chain=prerouting dst-address=192.168.3.0/24 in-interface=vlan1348
add chain=prerouting dst-address=192.168.4.0/24 in-interface=vlan1348
add chain=prerouting dst-address=192.168.5.0/24 in-interface=vlan1348
add chain=prerouting dst-address=192.168.6.0/24 in-interface=vlan1348
add chain=prerouting dst-address=192.168.7.0/24 in-interface=vlan1348
add action=mark-connection chain=prerouting comment=\
    "auth - redirect load balance" dst-address-type=!local in-interface=\
    vlan1348 new-connection-mark=WAN1_conn per-connection-classifier=\
    both-addresses-and-ports:7/0
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1348 new-connection-mark=WAN2_conn \
    per-connection-classifier=both-addresses-and-ports:7/1
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1348 new-connection-mark=WAN3_conn \
    per-connection-classifier=both-addresses-and-ports:7/2
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1348 new-connection-mark=WAN4_conn \
    per-connection-classifier=both-addresses-and-ports:7/3
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1348 new-connection-mark=WAN5_conn \
    per-connection-classifier=both-addresses-and-ports:7/4
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1348 new-connection-mark=WAN6_conn \
    per-connection-classifier=both-addresses-and-ports:7/5
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1348 new-connection-mark=WAN7_conn \
    per-connection-classifier=both-addresses-and-ports:7/6
add action=mark-routing chain=prerouting connection-mark=WAN1_conn \
    in-interface=vlan1348 new-routing-mark=to_WAN1
add action=mark-routing chain=prerouting connection-mark=WAN2_conn \
    in-interface=vlan1348 new-routing-mark=to_WAN2
add action=mark-routing chain=prerouting connection-mark=WAN3_conn \
    in-interface=vlan1348 new-routing-mark=to_WAN3
add action=mark-routing chain=prerouting connection-mark=WAN4_conn \
    in-interface=vlan1348 new-routing-mark=to_WAN4
add action=mark-routing chain=prerouting connection-mark=WAN5_conn \
    in-interface=vlan1348 new-routing-mark=to_WAN5
add action=mark-routing chain=prerouting connection-mark=WAN6_conn \
    in-interface=vlan1348 new-routing-mark=to_WAN6
add action=mark-routing chain=prerouting connection-mark=WAN7_conn \
    in-interface=vlan1348 new-routing-mark=to_WAN7
add chain=prerouting comment="load balancing for VLAN1349" dst-address=\
    192.168.1.0/24 in-interface=vlan1349
add chain=prerouting dst-address=192.168.2.0/24 in-interface=vlan1349
add chain=prerouting dst-address=192.168.3.0/24 in-interface=vlan1349
add chain=prerouting dst-address=192.168.4.0/24 in-interface=vlan1349
add chain=prerouting dst-address=192.168.5.0/24 in-interface=vlan1349
add chain=prerouting dst-address=192.168.6.0/24 in-interface=vlan1349
add chain=prerouting dst-address=192.168.7.0/24 in-interface=vlan1349
add action=mark-connection chain=prerouting comment=\
    "auth - redirect load balance" dst-address-type=!local in-interface=\
    vlan1349 new-connection-mark=WAN1_conn per-connection-classifier=\
    both-addresses-and-ports:7/0
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1349 new-connection-mark=WAN2_conn \
    per-connection-classifier=both-addresses-and-ports:7/1
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1349 new-connection-mark=WAN3_conn \
    per-connection-classifier=both-addresses-and-ports:7/2
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1349 new-connection-mark=WAN4_conn \
    per-connection-classifier=both-addresses-and-ports:7/3
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1349 new-connection-mark=WAN5_conn \
    per-connection-classifier=both-addresses-and-ports:7/4
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1349 new-connection-mark=WAN6_conn \
    per-connection-classifier=both-addresses-and-ports:7/5
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1349 new-connection-mark=WAN7_conn \
    per-connection-classifier=both-addresses-and-ports:7/6
add action=mark-routing chain=prerouting connection-mark=WAN1_conn \
    in-interface=vlan1349 new-routing-mark=to_WAN1
add action=mark-routing chain=prerouting connection-mark=WAN2_conn \
    in-interface=vlan1349 new-routing-mark=to_WAN2
add action=mark-routing chain=prerouting connection-mark=WAN3_conn \
    in-interface=vlan1349 new-routing-mark=to_WAN3
add action=mark-routing chain=prerouting connection-mark=WAN4_conn \
    in-interface=vlan1349 new-routing-mark=to_WAN4
add action=mark-routing chain=prerouting connection-mark=WAN5_conn \
    in-interface=vlan1349 new-routing-mark=to_WAN5
add action=mark-routing chain=prerouting connection-mark=WAN6_conn \
    in-interface=vlan1349 new-routing-mark=to_WAN6
add action=mark-routing chain=prerouting connection-mark=WAN7_conn \
    in-interface=vlan1349 new-routing-mark=to_WAN7
add chain=prerouting comment="load balancing for VLAN1350" dst-address=\
    192.168.1.0/24 in-interface=vlan1350
add chain=prerouting dst-address=192.168.2.0/24 in-interface=vlan1350
add chain=prerouting dst-address=192.168.3.0/24 in-interface=vlan1350
add chain=prerouting dst-address=192.168.4.0/24 in-interface=vlan1350
add chain=prerouting dst-address=192.168.5.0/24 in-interface=vlan1350
add chain=prerouting dst-address=192.168.6.0/24 in-interface=vlan1350
add chain=prerouting dst-address=192.168.7.0/24 in-interface=vlan1350
add action=mark-connection chain=prerouting comment=\
    "auth - redirect load balance" dst-address-type=!local in-interface=\
    vlan1350 new-connection-mark=WAN1_conn per-connection-classifier=\
    both-addresses-and-ports:7/0
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1350 new-connection-mark=WAN2_conn \
    per-connection-classifier=both-addresses-and-ports:7/1
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1350 new-connection-mark=WAN3_conn \
    per-connection-classifier=both-addresses-and-ports:7/2
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1350 new-connection-mark=WAN4_conn \
    per-connection-classifier=both-addresses-and-ports:7/3
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1350 new-connection-mark=WAN5_conn \
    per-connection-classifier=both-addresses-and-ports:7/4
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1350 new-connection-mark=WAN6_conn \
    per-connection-classifier=both-addresses-and-ports:7/5
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1350 new-connection-mark=WAN7_conn \
    per-connection-classifier=both-addresses-and-ports:7/6
add action=mark-routing chain=prerouting connection-mark=WAN1_conn \
    in-interface=vlan1350 new-routing-mark=to_WAN1
add action=mark-routing chain=prerouting connection-mark=WAN2_conn \
    in-interface=vlan1350 new-routing-mark=to_WAN2
add action=mark-routing chain=prerouting connection-mark=WAN3_conn \
    in-interface=vlan1350 new-routing-mark=to_WAN3
add action=mark-routing chain=prerouting connection-mark=WAN4_conn \
    in-interface=vlan1350 new-routing-mark=to_WAN4
add action=mark-routing chain=prerouting connection-mark=WAN5_conn \
    in-interface=vlan1350 new-routing-mark=to_WAN5
add action=mark-routing chain=prerouting connection-mark=WAN6_conn \
    in-interface=vlan1350 new-routing-mark=to_WAN6
add action=mark-routing chain=prerouting connection-mark=WAN7_conn \
    in-interface=vlan1350 new-routing-mark=to_WAN7
add chain=prerouting comment="load balancing for VLAN1351" dst-address=\
    192.168.1.0/24 in-interface=vlan1351
add chain=prerouting dst-address=192.168.2.0/24 in-interface=vlan1351
add chain=prerouting dst-address=192.168.3.0/24 in-interface=vlan1351
add chain=prerouting dst-address=192.168.4.0/24 in-interface=vlan1351
add chain=prerouting dst-address=192.168.5.0/24 in-interface=vlan1351
add chain=prerouting dst-address=192.168.6.0/24 in-interface=vlan1351
add chain=prerouting dst-address=192.168.7.0/24 in-interface=vlan1351
add action=mark-connection chain=prerouting comment=\
    "auth - redirect load balance" dst-address-type=!local in-interface=\
    vlan1351 new-connection-mark=WAN1_conn per-connection-classifier=\
    both-addresses-and-ports:7/0
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1351 new-connection-mark=WAN2_conn \
    per-connection-classifier=both-addresses-and-ports:7/1
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1351 new-connection-mark=WAN3_conn \
    per-connection-classifier=both-addresses-and-ports:7/2
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1351 new-connection-mark=WAN4_conn \
    per-connection-classifier=both-addresses-and-ports:7/3
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1351 new-connection-mark=WAN5_conn \
    per-connection-classifier=both-addresses-and-ports:7/4
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1351 new-connection-mark=WAN6_conn \
    per-connection-classifier=both-addresses-and-ports:7/5
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1351 new-connection-mark=WAN7_conn \
    per-connection-classifier=both-addresses-and-ports:7/6
add action=mark-routing chain=prerouting connection-mark=WAN1_conn \
    in-interface=vlan1351 new-routing-mark=to_WAN1
add action=mark-routing chain=prerouting connection-mark=WAN2_conn \
    in-interface=vlan1351 new-routing-mark=to_WAN2
add action=mark-routing chain=prerouting connection-mark=WAN3_conn \
    in-interface=vlan1351 new-routing-mark=to_WAN3
add action=mark-routing chain=prerouting connection-mark=WAN4_conn \
    in-interface=vlan1351 new-routing-mark=to_WAN4
add action=mark-routing chain=prerouting connection-mark=WAN5_conn \
    in-interface=vlan1351 new-routing-mark=to_WAN5
add action=mark-routing chain=prerouting connection-mark=WAN6_conn \
    in-interface=vlan1351 new-routing-mark=to_WAN6
add action=mark-routing chain=prerouting connection-mark=WAN7_conn \
    in-interface=vlan1351 new-routing-mark=to_WAN7
add chain=prerouting comment="load balancing for VLAN1352" dst-address=\
    192.168.1.0/24 in-interface=vlan1352
add chain=prerouting dst-address=192.168.2.0/24 in-interface=vlan1352
add chain=prerouting dst-address=192.168.3.0/24 in-interface=vlan1352
add chain=prerouting dst-address=192.168.4.0/24 in-interface=vlan1352
add chain=prerouting dst-address=192.168.5.0/24 in-interface=vlan1352
add chain=prerouting dst-address=192.168.6.0/24 in-interface=vlan1352
add chain=prerouting dst-address=192.168.7.0/24 in-interface=vlan1352
add action=mark-connection chain=prerouting comment=\
    "auth - redirect load balance" dst-address-type=!local in-interface=\
    vlan1352 new-connection-mark=WAN1_conn per-connection-classifier=\
    both-addresses-and-ports:7/0
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1352 new-connection-mark=WAN2_conn \
    per-connection-classifier=both-addresses-and-ports:7/1
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1352 new-connection-mark=WAN3_conn \
    per-connection-classifier=both-addresses-and-ports:7/2
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1352 new-connection-mark=WAN4_conn \
    per-connection-classifier=both-addresses-and-ports:7/3
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1352 new-connection-mark=WAN5_conn \
    per-connection-classifier=both-addresses-and-ports:7/4
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1352 new-connection-mark=WAN6_conn \
    per-connection-classifier=both-addresses-and-ports:7/5
add action=mark-connection chain=prerouting dst-address-type=!local fragment=\
    no in-interface=vlan1352 new-connection-mark=WAN7_conn \
    per-connection-classifier=both-addresses-and-ports:7/6
add action=mark-routing chain=prerouting connection-mark=WAN1_conn \
    in-interface=vlan1352 new-routing-mark=to_WAN1
add action=mark-routing chain=prerouting connection-mark=WAN2_conn \
    in-interface=vlan1352 new-routing-mark=to_WAN2
add action=mark-routing chain=prerouting connection-mark=WAN3_conn \
    in-interface=vlan1352 new-routing-mark=to_WAN3
add action=mark-routing chain=prerouting connection-mark=WAN4_conn \
    in-interface=vlan1352 new-routing-mark=to_WAN4
add action=mark-routing chain=prerouting connection-mark=WAN5_conn \
    in-interface=vlan1352 new-routing-mark=to_WAN5
add action=mark-routing chain=prerouting connection-mark=WAN6_conn \
    in-interface=vlan1352 new-routing-mark=to_WAN6
add action=mark-routing chain=prerouting connection-mark=WAN7_conn \
    in-interface=vlan1352 new-routing-mark=to_WAN7
add chain=prerouting comment="load balancing for VLAN1353" dst-address=\
    192.168.1.0/24 in-interface=vlan1353
add chain=prerouting dst-address=192.168.2.0/24 in-interface=vlan1353
add chain=prerouting dst-address=192.168.3.0/24 in-interface=vlan1353
add chain=prerouting dst-address=192.168.4.0/24 in-interface=vlan1353
add chain=prerouting dst-address=192.168.5.0/24 in-interface=vlan1353
add chain=prerouting dst-address=192.168.6.0/24 in-interface=vlan1353
add chain=prerouting dst-address=192.168.7.0/24 in-interface=vlan1353
add action=mark-connection chain=prerouting comment=\
    "auth - redirect load balance" dst-address-type=!local in-interface=\
    vlan1353 new-connection-mark=WAN1_conn per-connection-classifier=\
    both-addresses-and-ports:7/0
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1353 new-connection-mark=WAN2_conn \
    per-connection-classifier=both-addresses-and-ports:7/1
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1353 new-connection-mark=WAN3_conn \
    per-connection-classifier=both-addresses-and-ports:7/2
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1353 new-connection-mark=WAN4_conn \
    per-connection-classifier=both-addresses-and-ports:7/3
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1353 new-connection-mark=WAN5_conn \
    per-connection-classifier=both-addresses-and-ports:7/4
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1353 new-connection-mark=WAN6_conn \
    per-connection-classifier=both-addresses-and-ports:7/5
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1353 new-connection-mark=WAN7_conn \
    per-connection-classifier=both-addresses-and-ports:7/6
add action=mark-routing chain=prerouting connection-mark=WAN1_conn \
    in-interface=vlan1353 new-routing-mark=to_WAN1
add action=mark-routing chain=prerouting connection-mark=WAN2_conn \
    in-interface=vlan1353 new-routing-mark=to_WAN2
add action=mark-routing chain=prerouting connection-mark=WAN3_conn \
    in-interface=vlan1353 new-routing-mark=to_WAN3
add action=mark-routing chain=prerouting connection-mark=WAN4_conn \
    in-interface=vlan1353 new-routing-mark=to_WAN4
add action=mark-routing chain=prerouting connection-mark=WAN5_conn \
    in-interface=vlan1353 new-routing-mark=to_WAN5
add action=mark-routing chain=prerouting connection-mark=WAN6_conn \
    in-interface=vlan1353 new-routing-mark=to_WAN6
add action=mark-routing chain=prerouting connection-mark=WAN7_conn \
    in-interface=vlan1353 new-routing-mark=to_WAN7
add chain=prerouting comment="load balancing for VLAN1354" dst-address=\
    192.168.1.0/24 in-interface=vlan1354
add chain=prerouting dst-address=192.168.2.0/24 in-interface=vlan1354
add chain=prerouting dst-address=192.168.3.0/24 in-interface=vlan1354
add chain=prerouting dst-address=192.168.4.0/24 in-interface=vlan1354
add chain=prerouting dst-address=192.168.5.0/24 in-interface=vlan1354
add chain=prerouting dst-address=192.168.6.0/24 in-interface=vlan1354
add chain=prerouting dst-address=192.168.7.0/24 in-interface=vlan1354
add action=mark-connection chain=prerouting comment=\
    "auth - redirect load balance" dst-address-type=!local in-interface=\
    vlan1354 new-connection-mark=WAN1_conn per-connection-classifier=\
    both-addresses-and-ports:7/0
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1354 new-connection-mark=WAN2_conn \
    per-connection-classifier=both-addresses-and-ports:7/1
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1354 new-connection-mark=WAN3_conn \
    per-connection-classifier=both-addresses-and-ports:7/2
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1354 new-connection-mark=WAN4_conn \
    per-connection-classifier=both-addresses-and-ports:7/3
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1354 new-connection-mark=WAN5_conn \
    per-connection-classifier=both-addresses-and-ports:7/4
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1354 new-connection-mark=WAN6_conn \
    per-connection-classifier=both-addresses-and-ports:7/5
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1354 new-connection-mark=WAN7_conn \
    per-connection-classifier=both-addresses-and-ports:7/6
add action=mark-routing chain=prerouting connection-mark=WAN1_conn \
    in-interface=vlan1354 new-routing-mark=to_WAN1
add action=mark-routing chain=prerouting connection-mark=WAN2_conn \
    in-interface=vlan1354 new-routing-mark=to_WAN2
add action=mark-routing chain=prerouting connection-mark=WAN3_conn \
    in-interface=vlan1354 new-routing-mark=to_WAN3
add action=mark-routing chain=prerouting connection-mark=WAN4_conn \
    in-interface=vlan1354 new-routing-mark=to_WAN4
add action=mark-routing chain=prerouting connection-mark=WAN5_conn \
    in-interface=vlan1354 new-routing-mark=to_WAN5
add action=mark-routing chain=prerouting connection-mark=WAN6_conn \
    in-interface=vlan1354 new-routing-mark=to_WAN6
add action=mark-routing chain=prerouting connection-mark=WAN7_conn \
    in-interface=vlan1354 new-routing-mark=to_WAN7
add chain=prerouting comment="load balancing for VLAN1355" dst-address=\
    192.168.1.0/24 in-interface=vlan1355
add chain=prerouting dst-address=192.168.2.0/24 in-interface=vlan1355
add chain=prerouting dst-address=192.168.3.0/24 in-interface=vlan1355
add chain=prerouting dst-address=192.168.4.0/24 in-interface=vlan1355
add chain=prerouting dst-address=192.168.5.0/24 in-interface=vlan1355
add chain=prerouting dst-address=192.168.6.0/24 in-interface=vlan1355
add chain=prerouting dst-address=192.168.7.0/24 in-interface=vlan1355
add action=mark-connection chain=prerouting comment=\
    "auth - redirect load balance" dst-address-type=!local in-interface=\
    vlan1355 new-connection-mark=WAN1_conn per-connection-classifier=\
    both-addresses-and-ports:7/0
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1355 new-connection-mark=WAN2_conn \
    per-connection-classifier=both-addresses-and-ports:7/1
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1355 new-connection-mark=WAN3_conn \
    per-connection-classifier=both-addresses-and-ports:7/2
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1355 new-connection-mark=WAN4_conn \
    per-connection-classifier=both-addresses-and-ports:7/3
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1355 new-connection-mark=WAN5_conn \
    per-connection-classifier=both-addresses-and-ports:7/4
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1355 new-connection-mark=WAN6_conn \
    per-connection-classifier=both-addresses-and-ports:7/5
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1355 new-connection-mark=WAN7_conn \
    per-connection-classifier=both-addresses-and-ports:7/6
add action=mark-routing chain=prerouting connection-mark=WAN1_conn \
    in-interface=vlan1355 new-routing-mark=to_WAN1
add action=mark-routing chain=prerouting connection-mark=WAN2_conn \
    in-interface=vlan1355 new-routing-mark=to_WAN2
add action=mark-routing chain=prerouting connection-mark=WAN3_conn \
    in-interface=vlan1355 new-routing-mark=to_WAN3
add action=mark-routing chain=prerouting connection-mark=WAN4_conn \
    in-interface=vlan1355 new-routing-mark=to_WAN4
add action=mark-routing chain=prerouting connection-mark=WAN5_conn \
    in-interface=vlan1355 new-routing-mark=to_WAN5
add action=mark-routing chain=prerouting connection-mark=WAN6_conn \
    in-interface=vlan1355 new-routing-mark=to_WAN6
add action=mark-routing chain=prerouting connection-mark=WAN7_conn \
    in-interface=vlan1355 new-routing-mark=to_WAN7
add chain=prerouting comment="load balancing for VLAN1356" dst-address=\
    192.168.1.0/24 in-interface=vlan1356
add chain=prerouting dst-address=192.168.2.0/24 in-interface=vlan1356
add chain=prerouting dst-address=192.168.3.0/24 in-interface=vlan1356
add chain=prerouting dst-address=192.168.4.0/24 in-interface=vlan1356
add chain=prerouting dst-address=192.168.5.0/24 in-interface=vlan1356
add chain=prerouting dst-address=192.168.6.0/24 in-interface=vlan1356
add chain=prerouting dst-address=192.168.7.0/24 in-interface=vlan1356
add action=mark-connection chain=prerouting comment=\
    "auth - redirect load balance" dst-address-type=!local in-interface=\
    vlan1356 new-connection-mark=WAN1_conn per-connection-classifier=\
    both-addresses-and-ports:7/0
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1356 new-connection-mark=WAN2_conn \
    per-connection-classifier=both-addresses-and-ports:7/1
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1356 new-connection-mark=WAN3_conn \
    per-connection-classifier=both-addresses-and-ports:7/2
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1356 new-connection-mark=WAN4_conn \
    per-connection-classifier=both-addresses-and-ports:7/3
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1356 new-connection-mark=WAN5_conn \
    per-connection-classifier=both-addresses-and-ports:7/4
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1356 new-connection-mark=WAN6_conn \
    per-connection-classifier=both-addresses-and-ports:7/5
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1356 new-connection-mark=WAN7_conn \
    per-connection-classifier=both-addresses-and-ports:7/6
add action=mark-routing chain=prerouting connection-mark=WAN1_conn \
    in-interface=vlan1356 new-routing-mark=to_WAN1
add action=mark-routing chain=prerouting connection-mark=WAN2_conn \
    in-interface=vlan1356 new-routing-mark=to_WAN2
add action=mark-routing chain=prerouting connection-mark=WAN3_conn \
    in-interface=vlan1356 new-routing-mark=to_WAN3
add action=mark-routing chain=prerouting connection-mark=WAN4_conn \
    in-interface=vlan1356 new-routing-mark=to_WAN4
add action=mark-routing chain=prerouting connection-mark=WAN5_conn \
    in-interface=vlan1356 new-routing-mark=to_WAN5
add action=mark-routing chain=prerouting connection-mark=WAN6_conn \
    in-interface=vlan1356 new-routing-mark=to_WAN6
add action=mark-routing chain=prerouting connection-mark=WAN7_conn \
    in-interface=vlan1356 new-routing-mark=to_WAN7
add chain=prerouting comment="load balancing for VLAN1357" dst-address=\
    192.168.1.0/24 in-interface=vlan1357
add chain=prerouting dst-address=192.168.2.0/24 in-interface=vlan1357
add chain=prerouting dst-address=192.168.3.0/24 in-interface=vlan1357
add chain=prerouting dst-address=192.168.4.0/24 in-interface=vlan1357
add chain=prerouting dst-address=192.168.5.0/24 in-interface=vlan1357
add chain=prerouting dst-address=192.168.6.0/24 in-interface=vlan1357
add chain=prerouting dst-address=192.168.7.0/24 in-interface=vlan1357
add action=mark-connection chain=prerouting comment=\
    "auth - redirect load balance" dst-address-type=!local in-interface=\
    vlan1357 new-connection-mark=WAN1_conn per-connection-classifier=\
    both-addresses-and-ports:7/0
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1357 new-connection-mark=WAN2_conn \
    per-connection-classifier=both-addresses-and-ports:7/1
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1357 new-connection-mark=WAN3_conn \
    per-connection-classifier=both-addresses-and-ports:7/2
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1357 new-connection-mark=WAN4_conn \
    per-connection-classifier=both-addresses-and-ports:7/3
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1357 new-connection-mark=WAN5_conn \
    per-connection-classifier=both-addresses-and-ports:7/4
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1357 new-connection-mark=WAN6_conn \
    per-connection-classifier=both-addresses-and-ports:7/5
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1357 new-connection-mark=WAN7_conn \
    per-connection-classifier=both-addresses-and-ports:7/6
add action=mark-routing chain=prerouting connection-mark=WAN1_conn \
    in-interface=vlan1357 new-routing-mark=to_WAN1
add action=mark-routing chain=prerouting connection-mark=WAN2_conn \
    in-interface=vlan1357 new-routing-mark=to_WAN2
add action=mark-routing chain=prerouting connection-mark=WAN3_conn \
    in-interface=vlan1357 new-routing-mark=to_WAN3
add action=mark-routing chain=prerouting connection-mark=WAN4_conn \
    in-interface=vlan1357 new-routing-mark=to_WAN4
add action=mark-routing chain=prerouting connection-mark=WAN5_conn \
    in-interface=vlan1357 new-routing-mark=to_WAN5
add action=mark-routing chain=prerouting connection-mark=WAN6_conn \
    in-interface=vlan1357 new-routing-mark=to_WAN6
add action=mark-routing chain=prerouting connection-mark=WAN7_conn \
    in-interface=vlan1357 new-routing-mark=to_WAN7
add chain=prerouting comment="load balancing for VLAN1358" dst-address=\
    192.168.1.0/24 in-interface=vlan1358
add chain=prerouting dst-address=192.168.2.0/24 in-interface=vlan1358
add chain=prerouting dst-address=192.168.3.0/24 in-interface=vlan1358
add chain=prerouting dst-address=192.168.4.0/24 in-interface=vlan1358
add chain=prerouting dst-address=192.168.5.0/24 in-interface=vlan1358
add chain=prerouting dst-address=192.168.6.0/24 in-interface=vlan1358
add chain=prerouting dst-address=192.168.7.0/24 in-interface=vlan1358
add action=mark-connection chain=prerouting comment=\
    "auth - redirect load balance" dst-address-type=!local in-interface=\
    vlan1358 new-connection-mark=WAN1_conn per-connection-classifier=\
    both-addresses-and-ports:7/0
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1358 new-connection-mark=WAN2_conn \
    per-connection-classifier=both-addresses-and-ports:7/1
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1358 new-connection-mark=WAN3_conn \
    per-connection-classifier=both-addresses-and-ports:7/2
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1358 new-connection-mark=WAN4_conn \
    per-connection-classifier=both-addresses-and-ports:7/3
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1358 new-connection-mark=WAN5_conn \
    per-connection-classifier=both-addresses-and-ports:7/4
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1358 new-connection-mark=WAN6_conn \
    per-connection-classifier=both-addresses-and-ports:7/5
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1358 new-connection-mark=WAN7_conn \
    per-connection-classifier=both-addresses-and-ports:7/6
add action=mark-routing chain=prerouting connection-mark=WAN1_conn \
    in-interface=vlan1358 new-routing-mark=to_WAN1
add action=mark-routing chain=prerouting connection-mark=WAN2_conn \
    in-interface=vlan1358 new-routing-mark=to_WAN2
add action=mark-routing chain=prerouting connection-mark=WAN3_conn \
    in-interface=vlan1358 new-routing-mark=to_WAN3
add action=mark-routing chain=prerouting connection-mark=WAN4_conn \
    in-interface=vlan1358 new-routing-mark=to_WAN4
add action=mark-routing chain=prerouting connection-mark=WAN5_conn \
    in-interface=vlan1358 new-routing-mark=to_WAN5
add action=mark-routing chain=prerouting connection-mark=WAN6_conn \
    in-interface=vlan1358 new-routing-mark=to_WAN6
add action=mark-routing chain=prerouting connection-mark=WAN7_conn \
    in-interface=vlan1358 new-routing-mark=to_WAN7
add chain=prerouting comment="load balancing for VLAN1359" dst-address=\
    192.168.1.0/24 in-interface=vlan1359
add chain=prerouting dst-address=192.168.2.0/24 in-interface=vlan1359
add chain=prerouting dst-address=192.168.3.0/24 in-interface=vlan1359
add chain=prerouting dst-address=192.168.4.0/24 in-interface=vlan1359
add chain=prerouting dst-address=192.168.5.0/24 in-interface=vlan1359
add chain=prerouting dst-address=192.168.6.0/24 in-interface=vlan1359
add chain=prerouting dst-address=192.168.7.0/24 in-interface=vlan1359
add action=mark-connection chain=prerouting comment=\
    "auth - redirect load balance" dst-address-type=!local in-interface=\
    vlan1359 new-connection-mark=WAN1_conn per-connection-classifier=\
    both-addresses-and-ports:7/0
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1359 new-connection-mark=WAN2_conn \
    per-connection-classifier=both-addresses-and-ports:7/1
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1359 new-connection-mark=WAN3_conn \
    per-connection-classifier=both-addresses-and-ports:7/2
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1359 new-connection-mark=WAN4_conn \
    per-connection-classifier=both-addresses-and-ports:7/3
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1359 new-connection-mark=WAN5_conn \
    per-connection-classifier=both-addresses-and-ports:7/4
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1359 new-connection-mark=WAN6_conn \
    per-connection-classifier=both-addresses-and-ports:7/5
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1359 new-connection-mark=WAN7_conn \
    per-connection-classifier=both-addresses-and-ports:7/6
add action=mark-routing chain=prerouting connection-mark=WAN1_conn \
    in-interface=vlan1359 new-routing-mark=to_WAN1
add action=mark-routing chain=prerouting connection-mark=WAN2_conn \
    in-interface=vlan1359 new-routing-mark=to_WAN2
add action=mark-routing chain=prerouting connection-mark=WAN3_conn \
    in-interface=vlan1359 new-routing-mark=to_WAN3
add action=mark-routing chain=prerouting connection-mark=WAN4_conn \
    in-interface=vlan1359 new-routing-mark=to_WAN4
add action=mark-routing chain=prerouting connection-mark=WAN5_conn \
    in-interface=vlan1359 new-routing-mark=to_WAN5
add action=mark-routing chain=prerouting connection-mark=WAN6_conn \
    in-interface=vlan1359 new-routing-mark=to_WAN6
add action=mark-routing chain=prerouting connection-mark=WAN7_conn \
    in-interface=vlan1359 new-routing-mark=to_WAN7
add chain=prerouting comment="load balancing for VLAN1360" dst-address=\
    192.168.1.0/24 in-interface=vlan1360
add chain=prerouting dst-address=192.168.2.0/24 in-interface=vlan1360
add chain=prerouting dst-address=192.168.3.0/24 in-interface=vlan1360
add chain=prerouting dst-address=192.168.4.0/24 in-interface=vlan1360
add chain=prerouting dst-address=192.168.5.0/24 in-interface=vlan1360
add chain=prerouting dst-address=192.168.6.0/24 in-interface=vlan1360
add chain=prerouting dst-address=192.168.7.0/24 in-interface=vlan1360
add action=mark-connection chain=prerouting comment=\
    "auth - redirect load balance" dst-address-type=!local in-interface=\
    vlan1360 new-connection-mark=WAN1_conn per-connection-classifier=\
    both-addresses-and-ports:7/0
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1360 new-connection-mark=WAN2_conn \
    per-connection-classifier=both-addresses-and-ports:7/1
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1360 new-connection-mark=WAN3_conn \
    per-connection-classifier=both-addresses-and-ports:7/2
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1360 new-connection-mark=WAN4_conn \
    per-connection-classifier=both-addresses-and-ports:7/3
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1360 new-connection-mark=WAN5_conn \
    per-connection-classifier=both-addresses-and-ports:7/4
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1360 new-connection-mark=WAN6_conn \
    per-connection-classifier=both-addresses-and-ports:7/5
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1360 new-connection-mark=WAN7_conn \
    per-connection-classifier=both-addresses-and-ports:7/6
add action=mark-routing chain=prerouting connection-mark=WAN1_conn \
    in-interface=vlan1360 new-routing-mark=to_WAN1
add action=mark-routing chain=prerouting connection-mark=WAN2_conn \
    in-interface=vlan1360 new-routing-mark=to_WAN2
add action=mark-routing chain=prerouting connection-mark=WAN3_conn \
    in-interface=vlan1360 new-routing-mark=to_WAN3
add action=mark-routing chain=prerouting connection-mark=WAN4_conn \
    in-interface=vlan1360 new-routing-mark=to_WAN4
add action=mark-routing chain=prerouting connection-mark=WAN5_conn \
    in-interface=vlan1360 new-routing-mark=to_WAN5
add action=mark-routing chain=prerouting connection-mark=WAN6_conn \
    in-interface=vlan1360 new-routing-mark=to_WAN6
add action=mark-routing chain=prerouting connection-mark=WAN7_conn \
    in-interface=vlan1360 new-routing-mark=to_WAN7
add chain=prerouting comment="load balancing for VLAN1362" dst-address=\
    192.168.1.0/24 in-interface=vlan1362
add chain=prerouting dst-address=192.168.2.0/24 in-interface=vlan1362
add chain=prerouting dst-address=192.168.3.0/24 in-interface=vlan1362
add chain=prerouting dst-address=192.168.4.0/24 in-interface=vlan1362
add chain=prerouting dst-address=192.168.5.0/24 in-interface=vlan1362
add chain=prerouting dst-address=192.168.6.0/24 in-interface=vlan1362
add chain=prerouting dst-address=192.168.7.0/24 in-interface=vlan1362
add action=mark-connection chain=prerouting comment=\
    "auth - redirect load balance" dst-address-type=!local in-interface=\
    vlan1362 new-connection-mark=WAN1_conn per-connection-classifier=\
    both-addresses-and-ports:7/0
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1362 new-connection-mark=WAN2_conn \
    per-connection-classifier=both-addresses-and-ports:7/1
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1362 new-connection-mark=WAN3_conn \
    per-connection-classifier=both-addresses-and-ports:7/2
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1362 new-connection-mark=WAN4_conn \
    per-connection-classifier=both-addresses-and-ports:7/3
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1362 new-connection-mark=WAN5_conn \
    per-connection-classifier=both-addresses-and-ports:7/4
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1362 new-connection-mark=WAN6_conn \
    per-connection-classifier=both-addresses-and-ports:7/5
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1362 new-connection-mark=WAN7_conn \
    per-connection-classifier=both-addresses-and-ports:7/6
add action=mark-routing chain=prerouting connection-mark=WAN1_conn \
    in-interface=vlan1362 new-routing-mark=to_WAN1
add action=mark-routing chain=prerouting connection-mark=WAN2_conn \
    in-interface=vlan1362 new-routing-mark=to_WAN2
add action=mark-routing chain=prerouting connection-mark=WAN3_conn \
    in-interface=vlan1362 new-routing-mark=to_WAN3
add action=mark-routing chain=prerouting connection-mark=WAN4_conn \
    in-interface=vlan1362 new-routing-mark=to_WAN4
add action=mark-routing chain=prerouting connection-mark=WAN5_conn \
    in-interface=vlan1362 new-routing-mark=to_WAN5
add action=mark-routing chain=prerouting connection-mark=WAN6_conn \
    in-interface=vlan1362 new-routing-mark=to_WAN6
add action=mark-routing chain=prerouting connection-mark=WAN7_conn \
    in-interface=vlan1362 new-routing-mark=to_WAN7
add chain=prerouting comment="load balancing for VLAN1363" dst-address=\
    192.168.1.0/24 in-interface=vlan1363
add chain=prerouting dst-address=192.168.2.0/24 in-interface=vlan1363
add chain=prerouting dst-address=192.168.3.0/24 in-interface=vlan1363
add chain=prerouting dst-address=192.168.4.0/24 in-interface=vlan1363
add chain=prerouting dst-address=192.168.5.0/24 in-interface=vlan1363
add chain=prerouting dst-address=192.168.6.0/24 in-interface=vlan1363
add chain=prerouting dst-address=192.168.7.0/24 in-interface=vlan1363
add action=mark-connection chain=prerouting comment=\
    "auth - redirect load balance" dst-address-type=!local in-interface=\
    vlan1363 new-connection-mark=WAN1_conn per-connection-classifier=\
    both-addresses-and-ports:7/0
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1363 new-connection-mark=WAN2_conn \
    per-connection-classifier=both-addresses-and-ports:7/1
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1363 new-connection-mark=WAN3_conn \
    per-connection-classifier=both-addresses-and-ports:7/2
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1363 new-connection-mark=WAN4_conn \
    per-connection-classifier=both-addresses-and-ports:7/3
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1363 new-connection-mark=WAN5_conn \
    per-connection-classifier=both-addresses-and-ports:7/4
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1363 new-connection-mark=WAN6_conn \
    per-connection-classifier=both-addresses-and-ports:7/5
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=vlan1363 new-connection-mark=WAN7_conn \
    per-connection-classifier=both-addresses-and-ports:7/6
add action=mark-routing chain=prerouting connection-mark=WAN1_conn \
    in-interface=vlan1363 new-routing-mark=to_WAN1
add action=mark-routing chain=prerouting connection-mark=WAN2_conn \
    in-interface=vlan1363 new-routing-mark=to_WAN2
add action=mark-routing chain=prerouting connection-mark=WAN3_conn \
    in-interface=vlan1363 new-routing-mark=to_WAN3
add action=mark-routing chain=prerouting connection-mark=WAN4_conn \
    in-interface=vlan1363 new-routing-mark=to_WAN4
add action=mark-routing chain=prerouting connection-mark=WAN5_conn \
    in-interface=vlan1363 new-routing-mark=to_WAN5
add action=mark-routing chain=prerouting connection-mark=WAN6_conn \
    in-interface=vlan1363 new-routing-mark=to_WAN6
add action=mark-routing chain=prerouting connection-mark=WAN7_conn \
    in-interface=vlan1363 new-routing-mark=to_WAN7
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=yes to-addresses=0.0.0.0
add action=masquerade chain=srcnat disabled=yes src-address=10.34.0.0/24
add action=masquerade chain=srcnat disabled=yes src-address=10.34.1.0/24
add action=masquerade chain=srcnat disabled=yes src-address=10.34.2.0/24
add action=masquerade chain=srcnat disabled=yes src-address=10.34.3.0/24
add action=masquerade chain=srcnat disabled=yes src-address=10.34.4.0/24
add action=masquerade chain=srcnat disabled=yes src-address=10.34.5.0/24
add action=masquerade chain=srcnat disabled=yes src-address=10.34.6.0/24
add action=masquerade chain=srcnat disabled=yes src-address=10.34.7.0/24
add action=masquerade chain=srcnat disabled=yes src-address=10.34.8.0/24
add action=masquerade chain=srcnat disabled=yes src-address=10.34.9.0/24
add action=masquerade chain=srcnat disabled=yes src-address=10.34.10.0/24
add action=masquerade chain=srcnat disabled=yes src-address=10.34.11.0/24
add action=masquerade chain=srcnat disabled=yes src-address=10.34.12.0/24
add action=masquerade chain=srcnat disabled=yes src-address=10.34.13.0/24
add action=masquerade chain=srcnat disabled=yes src-address=10.34.14.0/24
add action=masquerade chain=srcnat disabled=yes src-address=10.34.15.0/24
add action=masquerade chain=srcnat disabled=yes src-address=10.34.16.0/24
add action=masquerade chain=srcnat disabled=yes src-address=10.34.17.0/24
add action=masquerade chain=srcnat disabled=yes src-address=10.34.18.0/24
add action=masquerade chain=srcnat disabled=yes src-address=10.34.19.0/24
add action=masquerade chain=srcnat disabled=yes src-address=10.34.20.0/24
add action=masquerade chain=srcnat src-address=10.34.21.0/24
add action=masquerade chain=srcnat src-address=10.34.22.0/24
add action=masquerade chain=srcnat src-address=10.77.7.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    src-address=10.34.0.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    src-address=10.34.1.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    src-address=10.34.2.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    src-address=10.34.3.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    src-address=10.34.4.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    src-address=10.34.5.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    src-address=10.34.6.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    src-address=10.34.7.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    src-address=10.34.8.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    src-address=10.34.9.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    src-address=10.34.10.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    src-address=10.34.11.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    src-address=10.34.12.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    src-address=10.34.13.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    src-address=10.34.14.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    src-address=10.34.15.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    src-address=10.34.16.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    src-address=10.34.17.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    src-address=10.34.18.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    src-address=10.34.19.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    src-address=10.34.20.0/24 to-addresses=0.0.0.0
/ip hotspot ip-binding
add address=10.34.1.249 type=bypassed
add address=10.34.1.250 type=bypassed
add mac-address=24:A4:3C:C0:08:79 type=bypassed
add mac-address=24:A4:3C:C0:08:6F type=bypassed
add mac-address=24:A4:3C:C0:08:81 type=bypassed
add mac-address=24:A4:3C:C0:08:6E type=bypassed
add mac-address=24:A4:3C:C0:08:94 type=bypassed
add mac-address=24:A4:3C:C0:08:BE type=bypassed
add mac-address=24:A4:3C:C0:08:29 type=bypassed
add mac-address=24:A4:3C:C0:08:ED type=bypassed
add mac-address=24:A4:3C:C0:09:3C type=bypassed
add mac-address=24:A4:3C:C0:08:B6 type=bypassed
add mac-address=24:A4:3C:C0:09:06 type=bypassed
add mac-address=24:A4:3C:C0:08:58 type=bypassed
add mac-address=24:A4:3C:50:64:C4 type=bypassed
add mac-address=24:A4:3C:C0:08:77 type=bypassed
add mac-address=24:A4:3C:C0:08:96 type=bypassed
add mac-address=24:A4:3C:50:54:4B type=bypassed
add mac-address=24:A4:3C:50:54:31 type=bypassed
add mac-address=24:A4:3C:50:54:4E type=bypassed
add mac-address=24:A4:3C:50:54:7C type=bypassed
add mac-address=24:A4:3C:50:54:57 type=bypassed
add mac-address=24:A4:3C:50:54:4A type=bypassed
add mac-address=24:A4:3C:50:54:49 type=bypassed
add mac-address=24:A4:3C:50:54:92 type=bypassed
add mac-address=24:A4:3C:C0:36:D4 type=bypassed
add mac-address=24:A4:3C:C0:36:D5 type=bypassed
add mac-address=24:A4:3C:C0:36:6D type=bypassed
add mac-address=24:A4:3C:C0:36:7E type=bypassed
add mac-address=24:A4:3C:C0:36:57 type=bypassed
add mac-address=24:A4:3C:C0:36:15 type=bypassed
add mac-address=24:A4:3C:C0:36:B8 type=bypassed
add mac-address=24:A4:3C:C0:36:D2 type=bypassed
add mac-address=24:A4:3C:C0:36:CD type=bypassed
add mac-address=24:A4:3C:C0:36:7F type=bypassed
add mac-address=24:A4:3C:C0:36:56 type=bypassed
add mac-address=24:A4:3C:C0:36:80 type=bypassed
add mac-address=24:A4:3C:C0:36:CE type=bypassed
add mac-address=24:A4:3C:C0:36:E6 type=bypassed
add mac-address=24:A4:3C:10:07:12 type=bypassed
add mac-address=24:A4:3C:10:07:13 type=bypassed
add mac-address=24:A4:3C:50:54:56 type=bypassed
add mac-address=24:A4:3C:50:54:4C type=bypassed
add mac-address=24:A4:3C:4E:0D:13 type=bypassed
add mac-address=24:A4:3C:4E:0D:16 type=bypassed
add mac-address=24:A4:3C:C0:36:6B type=bypassed
add mac-address=24:A4:3C:C0:36:55 type=bypassed
add mac-address=00:16:35:02:3E:5B type=bypassed
add mac-address=00:16:35:B0:B9:E1 type=bypassed
add mac-address=48:D2:24:C0:AC:96 type=bypassed
add mac-address=08:00:27:6A:88:D3 type=bypassed
add mac-address=E0:B9:A5:2D:A8:6A type=bypassed
add address=10.34.40.248 type=bypassed
/ip hotspot user
add name=admin password=msd383
add name=msd password=msd383
/ip proxy
set cache-path=web-proxy1
/ip route
add check-gateway=ping comment=Marked_Interface_WAN1 distance=1 gateway=\
    192.168.1.1 routing-mark=to_WAN1
add check-gateway=ping comment=Marked_Interface_WAN2 distance=2 gateway=\
    192.168.2.1 routing-mark=to_WAN2
add check-gateway=ping comment=Marked_Interface_WAN3 distance=3 gateway=\
    192.168.3.1 routing-mark=to_WAN3
add check-gateway=ping comment=Marked_Interface_WAN4 distance=4 gateway=\
    192.168.4.1 routing-mark=to_WAN4
add check-gateway=ping comment=Marked_Interface_WAN5 distance=5 gateway=\
    192.168.5.1 routing-mark=to_WAN5
add check-gateway=ping comment=Marked_Interface_WAN6 distance=6 gateway=\
    192.168.6.1 routing-mark=to_WAN6
add check-gateway=ping comment=Marked_Interface_WAN7 distance=7 gateway=\
    192.168.7.1 routing-mark=to_WAN7
add comment="Default Route For Unmarked Traffic" distance=8 gateway=10.55.3.1
/ip upnp
set allow-disable-external-interface=no
/lcd
set time-interval=hour
/radius
add address=10.77.7.249 secret=!QAZuniklxdr5 service=hotspot timeout=600ms
/snmp
set trap-community=public
/system clock
set time-zone-name=Asia/Kuala_Lumpur
/system identity
set name=UniKL_MIIT_v2
/system leds
set 0 leds=""
set 1 interface=sfp1 leds=""
set 2 interface=sfp1 leds=""
set 3 interface=sfp1 leds=""
/system logging
set 3 action=disk
/system ntp client
set enabled=yes primary-ntp=82.200.209.236 secondary-ntp=202.71.136.67
/system routerboard settings
set cpu-frequency=1200MHz memory-frequency=1066DDR

Any comments or suggestions is highly appreciated. Thanks…