Hello everyone, this will be my first post on this forum and hope you can assist me.
I’m not particularly good with network setup, consider myself a beginner at best! But I think its exiting and fun!
I have taken an assignment to make a office/guest network for my mom with two RB962UIGS-5HACT2HNT on Saturday.
both office and guest should have access to internet, but should not be able to communicate with each other.
office iprange: 192.168.10.1/24
guest iprange: 192.168.20.1/24
The first router in first floor.
eth 1 connected to the internet
will distribute office network over 5Ghz only.
will distribute guest network over 5Ghz (virtual wifi), and eth2,3,4
eth 5 will connect to the second router.
Second router in second floor (office )
eth 1 is connected to router 1
will distribute office network over 5Ghz eth2,3,4.
will distrobute guest network on 5Ghz (virtual wifi), and eth5.
I will attach a drawing of the setup:
I have been working on this all day, but I’m stuck!
I will post my code below for both routers even tough they are not complete, but I hope someone can make something better than me, and explain whats wrong with my approach so far.
I tried to make separate bridges for the networks with DHCP, and use VLAN between the routers.
My main problem seems to be on router nr.2 i’m not able to get IP address either for guest or office on the lan ports.
I have not yet tested wifi on this router.
Also I don’t understand everything in my configuration, just read a lot of examples I could find, and tried a learn by doing/fake it to you make it approach xD!
I know I will need to upgrade router 1, and I will need a good firewall.
I have not have the joy of playing around with the firewall yet, so if someone have a god setup they would like to share for this application that would also make me happy =D
Would gladly read more myself to figure it out, but time is unfortunately running out for me =S
router1
# sep/20/2018 23:06:08 by RouterOS 6.40.4
# software id = IVLV-8RKI
#
# model = RouterBOARD 962UiGS-5HacT2HnT
# serial number = 8A7A08D1F9F5
/interface bridge
add name="Guest bridge"
add name="Office bridge"
/interface ethernet
set [ find default-name=ether1 ] comment=WAN
set [ find default-name=ether2 ] comment=LAN
set [ find default-name=ether3 ] comment=LAN
set [ find default-name=ether4 ] comment=LAN
set [ find default-name=ether5 ] comment="To Router 2"
set [ find default-name=sfp1 ] disabled=yes
/interface vlan
add interface=ether5 name=vlan10-office vlan-id=10
add interface=ether5 name=vlan20-guest vlan-id=20
/interface list
add name=WAN
add name=Guest
add name=Office
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk eap-methods="" \
management-protection=allowed mode=dynamic-keys name="office securety" \
supplicant-identity="" wpa-pre-shared-key=Test1972 \
wpa2-pre-shared-key=Test1972
add authentication-types=wpa-psk,wpa2-psk eap-methods="" \
management-protection=allowed mode=dynamic-keys name="Guest security" \
supplicant-identity="" wpa-pre-shared-key=Test1972 wpa2-pre-shared-key=\
Test1972
/interface wireless
set [ find default-name=wlan1 ] disabled=no mode=ap-bridge radio-name=\
AC-Guest security-profile="Guest security" ssid=AC-Guest \
wireless-protocol=802.11
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40mhz-Ce \
disabled=no mode=ap-bridge radio-name=AC-office security-profile=\
"office securety" ssid=AC-office wireless-protocol=802.11
add keepalive-frames=disabled mac-address=CE:2D:E0:95:08:9C master-interface=\
wlan2 multicast-buffering=disabled name=wlan3 security-profile=\
"Guest security" ssid=AC-Guest wds-cost-range=0 wds-default-cost=0 \
wps-mode=disabled
/ip pool
add name=office_pool ranges=192.168.10.10-192.168.10.200
add name=Guest_pool1 ranges=192.168.20.10-192.168.20.254
/ip dhcp-server
add address-pool=office_pool disabled=no interface="Office bridge" name=\
office-dhcp
add address-pool=Guest_pool1 disabled=no interface="Guest bridge" name=\
guest-dhcp
/interface bridge port
add bridge="Office bridge" interface=vlan10-office
add bridge="Guest bridge" interface=vlan20-guest
add bridge="Office bridge" interface=wlan2
add bridge="Guest bridge" interface=wlan3
add bridge="Guest bridge" interface=ether2
add bridge="Guest bridge" interface=ether4
add bridge="Guest bridge" interface=wlan1
add bridge="Guest bridge" interface=ether3
/interface list member
add interface=ether1 list=WAN
add interface="Guest bridge" list=Guest
add interface="Office bridge" list=Office
/ip address
add address=192.168.10.1/24 interface="Office bridge" network=192.168.10.0
add address=192.168.20.1/24 interface="Guest bridge" network=192.168.20.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.10.0/24 gateway=192.168.10.1
add address=192.168.20.0/24 gateway=192.168.20.1
/ip firewall filter
add action=drop chain=forward dst-address=192.168.20.0/24 src-address=\
192.168.10.0/24
add action=drop chain=forward dst-address=192.168.10.0/24 src-address=\
192.168.20.0/24
/ip firewall nat
add action=masquerade chain=srcnat comment="Internett for Guest" \
out-interface-list=WAN src-address=192.168.20.0/24
add action=masquerade chain=srcnat comment="Internett for Office" \
out-interface-list=WAN src-address=192.168.10.0/24
/system clock
set time-zone-name=Europe/Oslo
/system identity
set name="Router 1 - Livingroom"
router 2
# sep/20/2018 23:06:25 by RouterOS 6.43.2
# software id = R3MW-T7IK
#
# model = RouterBOARD 962UiGS-5HacT2HnT
# serial number = 8A7A0817663D
/interface bridge
add fast-forward=no name="Guest Bridge"
add fast-forward=no name="Office Bridge"
/interface ethernet
set [ find default-name=ether5 ] poe-out=off
/interface wireless
set [ find default-name=wlan1 ] ssid=MikroTik
set [ find default-name=wlan2 ] ssid=MikroTik
/interface vlan
add interface=ether1 name=vlan10-office vlan-id=10
add interface=ether1 name=vlan20-guest vlan-id=20
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/interface bridge port
add bridge="Office Bridge" interface=vlan10-office
add bridge="Office Bridge" interface=ether2
add bridge="Guest Bridge" interface=ether5
add bridge="Guest Bridge" interface=vlan20-guest
add bridge="Office Bridge" interface=ether3
add bridge="Office Bridge" interface=ether4
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface="Guest Bridge"
add dhcp-options=hostname,clientid disabled=no interface="Office Bridge"
/ip firewall nat
add action=masquerade chain=srcnat disabled=yes dst-address=192.168.20.1 \
out-interface="Guest Bridge" src-address=192.168.20.0/24
/system clock
set time-zone-name=Europe/Oslo
/system identity
set name="Router 2 - Office"
/system routerboard settings
set silent-boot=no