Good evening, I’m installing queues to give priority to traffic. the guest mark doesn’t work. Where do you think I’m going wrong?
/ip firewall mangle
add action=mark-routing chain=prerouting comment=mark-routing-LAN1--->LAN2 dst-address-list=!all-LAN new-routing-mark=vlan10/30/99-table passthrough=yes src-address-list=LAN-group1/2
add action=mark-routing chain=prerouting comment=mark-routing-LAN2--->LAN1 dst-address-list=!all-LAN new-routing-mark=vlan40/50-table passthrough=yes src-address-list=LAN-group2/1
add action=mark-routing chain=prerouting comment=mark-routing-VOIP dst-address-list=!all-LAN new-routing-mark=vlan20-table passthrough=yes src-address-list=VOIP
add action=mark-connection chain=forward comment=mark-DOWNLOAD in-interface-list=WAN new-connection-mark=download passthrough=yes
add action=mark-packet chain=forward connection-mark=download new-packet-mark=DOWNLOAD passthrough=yes
add action=mark-connection chain=forward comment=mark-UPLOAD new-connection-mark=upload out-interface-list=WAN passthrough=yes
add action=mark-packet chain=forward connection-mark=upload new-packet-mark=UPLOAD passthrough=yes
add action=mark-connection chain=forward comment=mark-VOIP dst-port=5060-5070 new-connection-mark="SIP_signaling conn" passthrough=yes protocol=udp
add action=mark-packet chain=forward connection-mark="SIP_signaling conn" new-packet-mark=SIP_packet passthrough=no
add action=mark-connection chain=forward dst-port=5004-5020 new-connection-mark=RTP_conn passthrough=yes protocol=udp
add action=mark-packet chain=forward connection-mark=RTP_conn new-packet-mark=RTP_packet passthrough=no
add action=mark-packet chain=forward comment=mark-packet-INTERVLAN-DW dst-address-list=LAN_OFFICE in-interface=bridge-trunk new-packet-mark=INTERVLAN-packet-DW passthrough=no
add action=mark-packet chain=forward comment=mark-packet-INTERVLAN-UP new-packet-mark=INTERVLAN-packet-UP out-interface=bridge-trunk passthrough=no src-address-list=LAN_OFFICE
add action=mark-connection chain=forward comment=mark-DOWNLOAD-GUEST in-interface="vlan40 - Guest" new-connection-mark=guest-down-conn out-interface-list=WAN passthrough=yes
add action=mark-packet chain=forward connection-mark=guest-down-conn connection-state="" new-packet-mark=guest-down-packet passthrough=no
add action=mark-connection chain=forward comment=mark-UPLOAD-GUEST in-interface-list=WAN new-connection-mark=guest-up-conn out-interface="vlan40 - Guest" passthrough=yes
add action=mark-packet chain=forward connection-mark=guest-up-conn connection-state="" new-packet-mark=guest-up-packet passthrough=no
/queue tree
add name="1. total-download" parent=bridge-trunk priority=1
add name="1. total-upload" packet-mark=UPLOAD parent=pppoe-out1 priority=1
add limit-at=1M max-limit=1M name="2. VOIP-DW" packet-mark=SIP_packet,RTP_packet parent="1. total-download" priority=2
add limit-at=1M max-limit=1M name="2. VOIP-UP" packet-mark=SIP_packet,RTP_packet parent="1. total-upload" priority=2
add limit-at=2M max-limit=10M name="7. TOTALE-GUEST-DW" packet-mark=guest_dw_packet parent="1. total-download" priority=7
add limit-at=500k max-limit=2M name="7. GUEST-UP" packet-mark=guest-up-packet parent="1. total-upload" priority=7
add name="6. Other_trafic-dw" packet-mark=DOWNLOAD parent="1. total-download" priority=6
add name="6. Other-trafic-UP" packet-mark=UPLOAD parent="1. total-upload" priority=6
add name="4. INTERVLAN-DW" packet-mark=INTERVLAN-packet-DW parent="1. total-download" priority=4
add name="4. INTERVLAN-UP" packet-mark=INTERVLAN-packet-UP parent="1. total-upload" priority=4
/queue type
add kind=pcq name=down-pcq pcq-classifier=dst-address pcq-rate=2M
add kind=pcq name=up-pcq pcq-rate=1M
/queue tree
add name="8. GUEST-PCQ-DOWN" parent="7. TOTALE-GUEST-DW" queue=down-pcq
add name="8. GUEST-PCQ-UP" parent="7. GUEST-UP" queue=up-pcq
maybe you don’t disable fasttrack or adapt rule for mangling… but who knows, everybody so humble to show a full config, and not sometime useless copy-paste
I apologize, here is the complete configuration
/interface bridge
add name=bridge-trunk vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] comment="ISP1 - TIM FWA"
set [ find default-name=ether2 ] comment="ISP2 - SKY DSL"
set [ find default-name=ether3 ] comment="VLAN_10 - Office"
set [ find default-name=ether4 ] comment="VLAN_10 - Office"
set [ find default-name=ether5 ] comment="VLAN_20 - VoIP"
set [ find default-name=ether6 ] comment="VLAN_30 - Security"
set [ find default-name=ether7 ] comment="VLAN_40 - Guest"
set [ find default-name=ether8 ] comment="VLAN_50 - IoT"
set [ find default-name=ether9 ] comment="VLAN_99 - Management"
set [ find default-name=ether10 ] comment=TRUNK
set [ find default-name=sfp-sfpplus1 ] disabled=yes
/interface vlan
add interface=bridge-trunk name="vlan10 - Office" vlan-id=10
add interface=bridge-trunk name="vlan20 - VoIP" vlan-id=20
add interface=bridge-trunk name="vlan30 - IoT" vlan-id=30
add interface=bridge-trunk name="vlan40 - Guest" vlan-id=40
add interface=bridge-trunk name="vlan50 - Security" vlan-id=50
add interface=bridge-trunk name="vlan83 - WAN DATA TIM FWA" vlan-id=83
add interface=bridge-trunk name="vlan84 - WAN VoIP TIM FWA" vlan-id=84
add interface=bridge-trunk name="vlan99 - Management" vlan-id=99
/interface pppoe-client
add disabled=no interface=ether2 name=pppoe-out1 user=aliceadsl
/interface list
add name=WAN
add name=LAN
/ip dhcp-client option
add code=26 name="option 26 - MTU"
/ip pool
add name=dhcp_pool1 ranges=192.168.1.100-192.168.1.199
add name=dhcp_pool2 ranges=192.168.2.100-192.168.2.199
add name=dhcp_pool3 ranges=192.168.3.100-192.168.3.199
add name=dhcp_pool4 ranges=192.168.4.100-192.168.4.199
add name=dhcp_pool5 ranges=192.168.5.100-192.168.5.199
add name=dhcp_pool6 ranges=192.168.99.100-192.168.99.199
/ip dhcp-server
add address-pool=dhcp_pool1 interface="vlan10 - Office" lease-time=1h name=dhcp1
add address-pool=dhcp_pool2 interface="vlan20 - VoIP" lease-time=10m name=dhcp2
add address-pool=dhcp_pool3 interface="vlan30 - IoT" lease-time=1h name=dhcp3
add address-pool=dhcp_pool4 interface="vlan40 - Guest" lease-time=1h name=dhcp4
add address-pool=dhcp_pool5 interface="vlan50 - Security" lease-time=1h name=dhcp5
add address-pool=dhcp_pool6 interface="vlan99 - Management" lease-time=1h name=dhcp6
/queue tree
add name="1. total-download" parent=bridge-trunk priority=1
add name="1. total-upload" packet-mark=UPLOAD parent=pppoe-out1 priority=1
add limit-at=1M max-limit=1M name="2. VOIP-DW" packet-mark=SIP_packet,RTP_packet parent="1. total-download" priority=2
add limit-at=1M max-limit=1M name="2. VOIP-UP" packet-mark=SIP_packet,RTP_packet parent="1. total-upload" priority=2
add limit-at=2M max-limit=10M name="7. TOTALE-GUEST-DW" packet-mark=guest_dw_packet parent="1. total-download" priority=7
add limit-at=500k max-limit=2M name="7. GUEST-UP" packet-mark=guest-up-packet parent="1. total-upload" priority=7
add name="6. Other_trafic-dw" packet-mark=DOWNLOAD parent="1. total-download" priority=6
add name="6. Other-trafic-UP" packet-mark=UPLOAD parent="1. total-upload" priority=6
add name="4. INTERVLAN-DW" packet-mark=INTERVLAN-packet-DW parent="1. total-download" priority=4
add name="4. INTERVLAN-UP" packet-mark=INTERVLAN-packet-UP parent="1. total-upload" priority=4
/queue type
add kind=pcq name=down-pcq pcq-classifier=dst-address pcq-rate=2M
add kind=pcq name=up-pcq pcq-rate=1M
/queue tree
add name="8. GUEST-PCQ-DOWN" parent="7. TOTALE-GUEST-DW" queue=down-pcq
add name="8. GUEST-PCQ-UP" parent="7. GUEST-UP" queue=up-pcq
/routing table
add disabled=no fib name=vlan10/30/99-table
add disabled=no fib name=vlan20-table
add disabled=no fib name=vlan40/50-table
/interface bridge port
add bridge=bridge-trunk interface=ether3 pvid=10
add bridge=bridge-trunk interface=ether4 pvid=10
add bridge=bridge-trunk interface=ether5 pvid=20
add bridge=bridge-trunk interface=ether6 pvid=30
add bridge=bridge-trunk interface=ether7 pvid=40
add bridge=bridge-trunk interface=ether8 pvid=50
add bridge=bridge-trunk interface=ether9 pvid=99
add bridge=bridge-trunk interface=ether10 pvid=10
add bridge=bridge-trunk interface=ether1 pvid=83
add bridge=bridge-trunk interface=vxlan1 pvid=40
/interface bridge vlan
add bridge=bridge-trunk tagged=bridge-trunk,ether10 untagged=ether3,ether4 vlan-ids=10
add bridge=bridge-trunk tagged=bridge-trunk,ether10 untagged=ether5 vlan-ids=20
add bridge=bridge-trunk tagged=bridge-trunk,ether10 untagged=ether6 vlan-ids=30
add bridge=bridge-trunk tagged=bridge-trunk,ether10 untagged=ether7, vlan-ids=40
add bridge=bridge-trunk tagged=bridge-trunk,ether10 untagged=ether8 vlan-ids=50
add bridge=bridge-trunk tagged=bridge-trunk,ether10 untagged=ether9 vlan-ids=99
add bridge=bridge-trunk tagged=bridge-trunk,ether1 vlan-ids=83
add bridge=bridge-trunk tagged=bridge-trunk,ether1 vlan-ids=84
add bridge=bridge-trunk comment="AGGIUNGERE ETHER2 COME UNTAGGED E ANCHE NEL BRIDGE PORT CON PVID 1" tagged=bridge-trunk vlan-ids=1
/interface list member
add interface=pppoe-out1 list=WAN
add interface="vlan10 - Office" list=LAN
add interface="vlan20 - VoIP" list=LAN
add interface="vlan30 - IoT" list=LAN
add interface="vlan40 - Guest" list=LAN
add interface="vlan50 - Security" list=LAN
add interface="vlan99 - Management" list=LAN
add interface="vlan83 - WAN DATA TIM FWA" list=WAN
add interface="vlan84 - WAN VoIP TIM FWA" list=WAN
add interface=ether2 list=WAN
/ip address
add address=192.168.1.1/24 interface="vlan10 - Office" network=192.168.1.0
add address=192.168.2.1/24 interface="vlan20 - VoIP" network=192.168.2.0
add address=192.168.3.1/24 interface="vlan30 - IoT" network=192.168.3.0
add address=192.168.4.1/24 interface="vlan40 - Guest" network=192.168.4.0
add address=192.168.5.1/24 interface="vlan50 - Security" network=192.168.5.0
add address=192.168.99.1/24 interface="vlan99 - Management" network=192.168.99.0
add address=192.168.10.10/24 interface=ether2 network=192.168.10.0
/ip dhcp-client
add dhcp-options="hostname,clientid,option 26 - MTU" interface="vlan83 - WAN DATA TIM FWA" script="#-----------------------------------------\
----------\r\
\n# UPDATE-RECURSIVE-ROUTE-FROM-DHCP-CLIENT BY foisfabio.it\r\
\n# \r\
\n# Script: Dhcp-client-update-recursive-route\r\
\n#\r\
\n# Description: This simple script arises from the need to update a recursive route at each renewal of the DHCP-client lease.\r\
\n# ------------>This is a Vodafone FWA connection that releases public IP in DHCP.\r\
\n#------------->It was not possible to simply flag \"add default route\" as the customer uses recursive routes and Load balance pcc.\r\
\n#------------->The dhcp is running on the \"vlan83 - WAN DATA TIM FWA\" interface and the route is commented like this: \"static-FWA\"\
\r\
\n\r\
\n# Version: 1.1\r\
\n# RouterOS v.7.12\r\
\n# Created: 02/01/2024\r\
\n# Updated: 11/01/2024\r\
\n# Author: Fois Fabio\r\
\n# Editor: Fois Fabio\r\
\n# Website: https://foisfabio.it\r\
\n# Email: consulenza@foisfabio.it\r\
\n\r\
\n\r\
\n{\r\
\n:local interface \"vlan83 - WAN DATA TIM FWA\" \r\
\n:local GWtim [/ip dhcp-client/ get [find where interface=\$interface] value-name=gateway]\r\
\n:put \$GWtim\r\
\n/ip route set [find comment=\"static-FWA\"] gateway=\$GWtim\r\
\n}\r\
\n"
add add-default-route=no dhcp-options="hostname,clientid,option 26 - MTU" interface="vlan84 - WAN VoIP TIM FWA" script="#--------------------\
-------------------------------\r\
\n# UPDATE-RECURSIVE-ROUTE-FROM-DHCP-CLIENT BY foisfabio.it\r\
\n# \r\
\n# Script: Dhcp-client-update-recursive-route\r\
\n#\r\
\n# Description: This simple script arises from the need to update a recursive route at each renewal of the DHCP-client lease.\r\
\n# ------------>This is a Vodafone FWA connection that releases public IP in DHCP.\r\
\n#------------->It was not possible to simply flag \"add default route\" as the customer uses recursive routes and Load balance pcc.\r\
\n#------------->The dhcp is running on the \"vlan83 - WAN DATA TIM FWA\" interface and the route is commented like this: \"static-FWA\"\
\r\
\n\r\
\n# Version: 1.1\r\
\n# RouterOS v.7.12\r\
\n# Created: 02/01/2024\r\
\n# Updated: 11/01/2024\r\
\n# Author: Fois Fabio\r\
\n# Editor: Fois Fabio\r\
\n# Website: https://foisfabio.it\r\
\n# Email: consulenza@foisfabio.it\r\
\n\r\
\n\r\
\n{\r\
\n:local interface \"vlan84 - WAN VoIP TIM FWA\" \r\
\n:local GWtim [/ip dhcp-client/ get [find where interface=\$interface] value-name=gateway]\r\
\n:put \$GWtim\r\
\n/ip route set [find comment=\"default-route-VOIP\"] gateway=\$GWtim\r\
\n}\r\
\n" use-peer-ntp=no
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=208.67.222.222 domain=WORKGROUP gateway=192.168.1.1 netmask=24
add address=192.168.2.0/24 dns-server=208.67.222.222 domain=VOIPGROUP gateway=192.168.2.1 netmask=24
add address=192.168.3.0/24 dns-server=208.67.222.222 domain=iOT.group gateway=192.168.3.1 netmask=24
add address=192.168.4.0/24 dns-server=208.67.222.222 domain=GUESTGROUP gateway=192.168.4.1 netmask=24
add address=192.168.5.0/24 gateway=192.168.5.1
add address=192.168.99.0/24 dns-server=208.67.222.222 gateway=192.168.99.1
/ip dns
set allow-remote-requests=yes servers=208.67.222.222,208.67.220.220
/ip firewall address-list
add address=10.166.32.0/23 list=WHITE-LIST
add address=172.25.1.0/24 list=WHITE-LIST
add address=192.168.99.0/24 list=WHITE-LIST
add address=inserire.ip list=BLACK-LIST
add address=192.168.1.0/24 list=all-LAN
add address=192.168.2.0/24 list=all-LAN
add address=192.168.3.0/24 list=all-LAN
add address=192.168.4.0/24 list=all-LAN
add address=192.168.5.0/24 list=all-LAN
add address=192.168.99.0/24 list=all-LAN
add address=172.25.1.0/24 list=VPN
add address=1.2.3.4 list=all-Public-IP
add address=192.168.4.0/24 list=GUEST
add address=192.168.10.10 comment="DMZ SKYDSL" list=all-Public-IP
add address=192.168.1.0/24 list=LAN-group1/2
add address=192.168.3.0/24 list=LAN-group1/2
add address=192.168.99.0/24 list=LAN-group1/2
add address=192.168.4.0/24 list=LAN-group2/1
add address=192.168.5.0/24 list=LAN-group2/1
add address=192.168.2.0/24 list=VOIP
add address=1.1.1.1 list=DNS-RECURSIVE
add address=8.8.4.4 list=DNS-RECURSIVE
add address=192.168.0.0/22 list=LAN_OFFICE
add address=192.168.5.0/24 list=LAN_OFFICE
/ip firewall filter
add action=accept chain=input comment="Accept established, related" connection-state=established,related
add action=drop chain=input comment="Drop invalid, untracked" connection-state=invalid,untracked connection-type=""
add action=accept chain=input comment="Accept icmp" protocol=icmp
add action=accept chain=input comment="Accept Winbox" dst-port=8291,80,22 protocol=tcp src-address-list=WHITE-LIST
add action=drop chain=input dst-port=8291,80,22 protocol=tcp src-address-list=!WHITE-LIST
add action=accept chain=input comment="Allow IPsec NAT" dst-port=4500 in-interface-list=WAN protocol=udp
add action=accept chain=input comment="Allow IKE" dst-port=500 in-interface-list=WAN protocol=udp
add action=accept chain=input comment="Allow L2TP" dst-port=1701 in-interface-list=WAN protocol=udp
add action=drop chain=input comment="Drop all not coming from LAN" disabled=yes in-interface-list=!LAN
add action=drop chain=forward comment="VPN only to router" connection-nat-state="" dst-address=!192.168.99.1 src-address=172.25.1.0/24
add action=drop chain=forward comment="Drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new disabled=yes \
in-interface-list=WAN
add action=drop chain=forward comment=drop_GUEST dst-address-list=LAN_OFFICE src-address-list=GUEST
add action=drop chain=forward dst-address-list=GUEST src-address-list=LAN_OFFICE
add action=accept chain=input dst-port=443 protocol=tcp src-address-list=GUEST
add action=tarpit chain=input protocol=tcp src-address-list=GUEST
add action=accept chain=input dst-port=53 protocol=udp src-address-list=GUEST
add action=drop chain=input protocol=udp src-address-list=GUEST
/ip firewall mangle
add action=mark-routing chain=prerouting comment=mark-routing-LAN1--->LAN2 dst-address-list=!all-LAN new-routing-mark=vlan10/30/99-table \
passthrough=yes src-address-list=LAN-group1/2
add action=mark-routing chain=prerouting comment=mark-routing-LAN2--->LAN1 dst-address-list=!all-LAN new-routing-mark=vlan40/50-table \
passthrough=yes src-address-list=LAN-group2/1
add action=mark-routing chain=prerouting comment=mark-routing-VOIP dst-address-list=!all-LAN new-routing-mark=vlan20-table passthrough=yes \
src-address-list=VOIP
add action=mark-connection chain=forward comment=mark-DOWNLOAD in-interface-list=WAN new-connection-mark=download passthrough=yes
add action=mark-packet chain=forward connection-mark=download new-packet-mark=DOWNLOAD passthrough=yes
add action=mark-connection chain=forward comment=mark-UPLOAD new-connection-mark=upload out-interface-list=WAN passthrough=yes
add action=mark-packet chain=forward connection-mark=upload new-packet-mark=UPLOAD passthrough=yes
add action=mark-connection chain=forward comment=mark-VOIP dst-port=5060-5070 new-connection-mark="SIP_signaling conn" passthrough=yes \
protocol=udp
add action=mark-packet chain=forward connection-mark="SIP_signaling conn" new-packet-mark=SIP_packet passthrough=no
add action=mark-connection chain=forward dst-port=5004-5020 new-connection-mark=RTP_conn passthrough=yes protocol=udp
add action=mark-packet chain=forward connection-mark=RTP_conn new-packet-mark=RTP_packet passthrough=no
add action=mark-packet chain=forward comment=mark-packet-INTERVLAN-DW dst-address-list=LAN_OFFICE in-interface=bridge-trunk new-packet-mark=\
INTERVLAN-packet-DW passthrough=no
add action=mark-packet chain=forward comment=mark-packet-INTERVLAN-UP new-packet-mark=INTERVLAN-packet-UP out-interface=bridge-trunk \
passthrough=no src-address-list=LAN_OFFICE
add action=mark-connection chain=forward comment=mark-DOWNLOAD-GUEST in-interface="vlan40 - Guest" new-connection-mark=guest-down-conn \
out-interface-list=WAN passthrough=yes
add action=mark-packet chain=forward connection-mark=guest-down-conn connection-state="" new-packet-mark=guest-down-packet passthrough=no
add action=mark-connection chain=forward comment=mark-UPLOAD-GUEST in-interface-list=WAN new-connection-mark=guest-up-conn out-interface=\
"vlan40 - Guest" passthrough=yes
add action=mark-packet chain=forward connection-mark=guest-up-conn connection-state="" new-packet-mark=guest-up-packet passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat comment="Masquerade WAN1" out-interface="vlan83 - WAN DATA TIM FWA" src-address-list=all-LAN
add action=masquerade chain=srcnat comment="Masquerade WAN2" out-interface=pppoe-out1 src-address-list=all-LAN
add action=masquerade chain=srcnat comment="Masquerade VPN" src-address-list=VPN
add action=dst-nat chain=dstnat comment="Forzatura DNS" dst-address-list=DNS-RECURSIVE dst-port=53 protocol=udp to-addresses=208.67.222.222
add action=dst-nat chain=dstnat comment="Port forwarding DVR" dst-address-list=all-Public-IP dst-port=8000 protocol=tcp to-addresses=\
192.168.1.242
/ip firewall raw
add action=drop chain=prerouting comment=Drop_BLACK-LIST in-interface-list=WAN src-address-list=BLACK-LIST
add action=drop chain=prerouting comment=DROP_DNS dst-port=53 in-interface-list=WAN protocol=udp
/ip route
add disabled=no dst-address=0.0.0.0/0 gateway=pppoe-out1 routing-table=main suppress-hw-offload=no
add comment=static-SKYDSL disabled=no distance=1 dst-address=1.1.1.1/32 gateway=192.168.10.1 pref-src="" routing-table=main scope=30 \
suppress-hw-offload=no target-scope=10
add comment=static-FWA disabled=no distance=1 dst-address=8.8.4.4/32 gateway=192.168.44.1 pref-src="" routing-table=main scope=30 \
suppress-hw-offload=no target-scope=10
add check-gateway=ping comment=DEFAULT-ROUTE-BACKUP-MAIN disabled=no distance=22 dst-address=0.0.0.0/0 gateway=1.1.1.1 pref-src="" \
routing-table=main scope=30 suppress-hw-offload=no target-scope=31
add check-gateway=ping comment=DEFAULT-ROUTE-PRIMARY-MAIN disabled=no distance=21 dst-address=0.0.0.0/0 gateway=8.8.4.4 pref-src="" \
routing-table=main scope=30 suppress-hw-offload=no target-scope=31
add check-gateway=ping comment=default-route-MAIN-vlan10/30/99 disabled=no distance=21 dst-address=0.0.0.0/0 gateway=8.8.4.4 pref-src="" \
routing-table=vlan10/30/99-table scope=30 suppress-hw-offload=no target-scope=31
add check-gateway=ping comment=default-route-BACKUP-vlan10/30/99 disabled=no distance=22 dst-address=0.0.0.0/0 gateway=1.1.1.1 pref-src="" \
routing-table=vlan10/30/99-table scope=30 suppress-hw-offload=no target-scope=31
add comment=default-route-VOIP disabled=no distance=20 dst-address=0.0.0.0/0 gateway=1.2.3.4 pref-src="" routing-table=vlan20-table scope=30 \
suppress-hw-offload=no target-scope=31
add check-gateway=ping comment=default-route-MAIN-vlan40/50 disabled=no distance=21 dst-address=0.0.0.0/0 gateway=1.1.1.1 pref-src="" \
routing-table=vlan40/50-table scope=30 suppress-hw-offload=no target-scope=31
add check-gateway=ping comment=default-route-BACKUP-vlan40/50 disabled=no distance=22 dst-address=0.0.0.0/0 gateway=8.8.4.4 pref-src="" \
routing-table=vlan40/50-table scope=30 suppress-hw-offload=no target-scope=31
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh disabled=yes
set api disabled=yes
set winbox address=192.168.99.0/24,172.25.1.0/24,10.166.32.0/23
set api-ssl disabled=yes