Goodevening everybody
Firstly I want to apologize for my English and secondly for my low experience in RouterOS. If this question / post isn’t in the right place please advice / point me to the right direction.
I live in a specific area in my town where all major landline ISP’s cannot provide more than ADSL2+ option and the usual bandwidth is 6~7,5 Mbit. So my next logical move was to ask from a local wireless ISP to set up a pair of wireless antennas and pay for an extra 30~40 Mbit per month. The configuration in that pair has been done by them and I don’t have any access.
My house is a two floor building and except for my lan we need at least two APs for the wireless coverage.
My main router is a RB5009UG+S+ and as APs I have bought 2 x hAP ax2.
So far every configuration attempt was done by myself spending hours reading in forums and watching videos.
My landline is in my ether8 with pppoe
My wireless provider is in ether7 with DHCP_client
My main LAN range IP is in 192.168.88.0/24 with a DHCP server sharing IPs in the range of 192.168.88.194~240
I have “split” my lan in two main tables. Clients with static IP in the range 192.168.88.0/25 accessing internet primarily via landline. And Client with static or dynamic IP in the range 192.168.88.128/25 accessing internet primarily via Wireless Provider.
I have try to set up a simple failover on both Providers to use the other one in case of disconnection.
Last but not least is my effort to set up a roaming / mesh via caps man on RB5009 and adding ques for bandwidth limit on every wireless client because my children often share my wireless SSIP password with the neighbors children. The utter goal or best practice would be to make two separate SSID, one for me and my wife with no restrictions and one other for all the other devices / clients such as children or guests with bandwidth limit.
I am about to share existing configuration and I would appreciate any thoughts or corrections so as to make the best use out of my hardware. If / when everything is working fine I have in mind to change my wireless provider with a Starlink. So please bear in mind that thought.
/interface bridge
add admin-mac=****** auto-mac=no name=bridge_LAN
/interface wifiwave2
add name=cap-wifi1
add name=cap-wifi3
/interface ethernet
set [ find default-name=ether1 ] name=ether1_LAN
set [ find default-name=ether2 ] name=ether2_LAN
set [ find default-name=ether3 ] name=ether3_LAN
set [ find default-name=ether4 ] name=ether4_LAN
set [ find default-name=ether5 ] disabled=yes
set [ find default-name=ether6 ] disabled=yes
set [ find default-name=ether7 ] name=ether7_ISP1
set [ find default-name=ether8 ] name=ether8_ISP2
set [ find default-name=sfp-sfpplus1 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full,10000M-full,2500M-full,5000M-full disabled=yes
/interface pppoe-client
add disabled=no interface=ether8_ISP2 name=pppoe_ISP2 user=***@**.gr
/interface vlan
add comment=Main disabled=yes interface=bridge_LAN name=vlan20 vlan-id=20
add comment=Guest disabled=yes interface=bridge_LAN name=vlan30 vlan-id=30
/interface wifiwave2 channel
add band=5ghz-ax disabled=no frequency=5240 name=ch_5-0 skip-dfs-channels=disabled width=20/40/80mhz
add band=2ghz-ax disabled=no name=ch_2-4 skip-dfs-channels=disabled width=20/40mhz-eC
/interface wifiwave2 datapath
add bridge=bridge_LAN disabled=no name=datapath_88_5-0
add bridge=bridge_LAN disabled=no name=datapath_88_2-4
/interface wifiwave2 security
add authentication-types=wpa2-psk,wpa3-psk disabled=no name=sec_88
add authentication-types=wpa2-psk,wpa3-psk disabled=no name=sec_88_2-4
add authentication-types=wpa2-psk,wpa3-psk disabled=no name=sec_88_5-0
/interface wifiwave2 configuration
add channel=ch_2-4 country=Greece datapath=datapath_88_2-4 disabled=no name=cfg_88_2-4 security=sec_88 ssid=Pnrm_2-4
add channel=ch_5-0 country=Greece datapath=datapath_88_5-0 disabled=no name=cfg_88_5-0 security=sec_88 ssid=Pnrm_5-0
/ip kid-control
add disabled=yes fri=8h-23h mon=8h-23h name=kidPC rate-limit=5M sat=8h-23h sun=8h-23h thu=8h-23h tue=8h-23h wed=8h-23h
add disabled=yes fri=9h-23h mon=9h-23h name=LGwebOSTV rate-limit=128K sat=9h-23h sun=9h-23h thu=9h-23h tue=9h-23h wed=9h-23h
/ip pool
add name=dhcp_pool_88 ranges=192.168.88.194-192.168.88.240
/ip dhcp-server
add address-pool=dhcp_pool_88 interface=bridge_LAN lease-time=2h name=dhcp_srv_88
/queue type
add kind=pcq name=pcq-DHCP-UP pcq-burst-time=5s pcq-classifier=src-address pcq-rate=2M
add kind=pcq name=pcq-DHCP-DOWN pcq-burst-time=5s pcq-classifier=dst-address pcq-rate=20M
/routing table
add comment=PCC&Split disabled=no fib name=ISP1
add comment=PCC&Split disabled=no fib name=ISP2
/interface bridge port
add bridge=bridge_LAN interface=ether1_LAN
add bridge=bridge_LAN interface=ether2_LAN
add bridge=bridge_LAN interface=ether3_LAN
add bridge=bridge_LAN interface=ether4_LAN
/interface wifiwave2 cap
set enabled=yes
/interface wifiwave2 capsman
set ca-certificate=CAPsMAN-CA-48A98A79A95B certificate=auto enabled=yes interfaces=bridge_LAN package-path="" require-peer-certificate=no upgrade-policy=suggest-same-version
/interface wifiwave2 provisioning
add action=create-dynamic-enabled disabled=yes master-configuration=cfg_88_2-4 supported-bands=2ghz-ax
add action=create-dynamic-enabled disabled=no master-configuration=cfg_88_5-0 supported-bands=5ghz-ax
/ip address
add address=192.168.88.1/24 interface=bridge_LAN network=192.168.88.0
/ip dhcp-client
add add-default-route=no interface=ether7_ISP1 use-peer-dns=no use-peer-ntp=no
/ip dhcp-server network
add address=192.168.88.0/24 dns-server=1.1.1.3,8.8.8.8,8.8.4.4 gateway=192.168.88.1
/ip dns
set servers=8.8.8.8,8.8.4.4
/ip firewall filter
add action=jump chain=forward comment="jump to kid-control rules" jump-target=kid-control
add action=drop chain=input dst-port=53 in-interface=pppoe_ISP2 protocol=udp
add action=drop chain=input dst-port=53 in-interface=pppoe_ISP2 protocol=tcp
/ip firewall mangle
add action=mark-connection chain=prerouting comment=PCC_Confiuration connection-mark=no-mark connection-state=new disabled=yes in-interface=ether7_ISP1 new-connection-mark=ISP1_conn passthrough=yes
add action=mark-connection chain=prerouting comment=PCC_Confiuration connection-mark=no-mark connection-state=new disabled=yes in-interface=pppoe_ISP2 new-connection-mark=ISP2_conn passthrough=yes
add action=mark-routing chain=output comment=PCC_Confiuration connection-mark=ISP1_conn disabled=yes new-routing-mark=ISP1 passthrough=yes
add action=mark-routing chain=output comment=PCC_Confiuration connection-mark=ISP2_conn disabled=yes new-routing-mark=ISP2 passthrough=yes
add action=mark-connection chain=prerouting comment=PCC_Confiuration connection-mark=no-mark connection-state=new disabled=yes dst-address-type=!local in-interface=bridge_LAN new-connection-mark=ISP1_conn passthrough=yes per-connection-classifier=src-address-and-port:5/0
add action=mark-connection chain=prerouting comment=PCC_Confiuration connection-mark=no-mark connection-state=new disabled=yes dst-address-type=!local in-interface=bridge_LAN new-connection-mark=ISP1_conn passthrough=yes per-connection-classifier=src-address-and-port:5/1
add action=mark-connection chain=prerouting comment=PCC_Confiuration connection-mark=no-mark connection-state=new disabled=yes dst-address-type=!local in-interface=bridge_LAN new-connection-mark=ISP1_conn passthrough=yes per-connection-classifier=src-address-and-port:5/2
add action=mark-connection chain=prerouting comment=PCC_Confiuration connection-mark=no-mark connection-state=new disabled=yes dst-address-type=!local in-interface=bridge_LAN new-connection-mark=ISP1_conn passthrough=yes per-connection-classifier=src-address-and-port:5/3
add action=mark-connection chain=prerouting comment=PCC_Confiuration connection-mark=no-mark connection-state=new disabled=yes dst-address-type=!local in-interface=bridge_LAN new-connection-mark=ISP2_conn passthrough=yes per-connection-classifier=src-address-and-port:5/4
add action=mark-routing chain=prerouting comment=PCC_Confiuration connection-mark=ISP1_conn disabled=yes in-interface=bridge_LAN new-routing-mark=ISP1 passthrough=yes
add action=mark-routing chain=prerouting comment=PCC_Confiuration connection-mark=ISP2_conn disabled=yes in-interface=bridge_LAN new-routing-mark=ISP2 passthrough=yes
add action=mark-routing chain=prerouting comment=Split_Configuration new-routing-mark=ISP2 passthrough=yes src-address=192.168.88.0/25
add action=mark-routing chain=prerouting comment=Split_Configuration new-routing-mark=ISP1 passthrough=yes src-address=192.168.88.128/25
/ip firewall nat
add action=masquerade chain=srcnat src-address=192.168.88.0/24
/ip kid-control device
add mac-address=*** name=KidsPC user=kidPC
add mac-address=*** name=LGwebOSTV user=LGwebOSTV
add mac-address=*** name=KidsNewPC user=kidPC
/ip route
add check-gateway=ping comment=PCC_Confiuration_ISP1 disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=192.168.2.1 pref-src="" routing-table=ISP1 scope=30 suppress-hw-offload=no target-scope=10
add check-gateway=ping comment=PCC_Confiuration_ISP2 disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=213.xxx.xxx.12 pref-src="" routing-table=ISP2 scope=30 suppress-hw-offload=no target-scope=10
add comment=Split_Configuration_ISP2 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=213.xxx.xxx.12 pref-src="" routing-table=ISP2 scope=30 suppress-hw-offload=no target-scope=10
add comment=Split_Configuration_ISP2 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=213.xxx.xxx.13 pref-src="" routing-table=ISP2 scope=30 suppress-hw-offload=no target-scope=10
add check-gateway=ping comment=PCC_Confiuration_ISP3 disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=213.16.246.13 pref-src="" routing-table=ISP2 scope=30 suppress-hw-offload=no target-scope=10
add check-gateway=ping comment=Split_Confiuration_ISP1 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.2.1 pref-src="" routing-table=ISP1 scope=30 suppress-hw-offload=no target-scope=10
add check-gateway=ping comment=PCC_Confiuration_main disabled=yes distance=2 dst-address=0.0.0.0/0 gateway=213.xxx.xxx.12 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add check-gateway=ping comment=PCC_Confiuration_main disabled=yes distance=3 dst-address=0.0.0.0/0 gateway=213.xxx.xxx.13 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add check-gateway=ping comment=PCC_Confiuration_ISP1 disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=192.168.2.1 pref-src="" routing-table=ISP1 scope=30 suppress-hw-offload=no target-scope=10
add check-gateway=ping comment=Split_Confiuration_ISP1 disabled=no distance=2 dst-address=0.0.0.0/0 gateway=192.168.2.1 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add comment=Split_Configuration_ISP2 disabled=no distance=3 dst-address=0.0.0.0/0 gateway=213.xxx.xxx.12 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add comment=Split_Configuration_ISP2 disabled=no distance=2 dst-address=0.0.0.0/0 gateway=213.xxx.xxx.13 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/system clock
set time-zone-name=Europe/Athens
/system identity
set name=MT_Primary
/system note
set show-at-login=no