Hello, I want to apologize for the bad English.
please how do i get to the 192.168.1.0 network on WLAN 2?
I use masquerade on network 192.168.10.0
is this possible while maintaining the network structure?
To the ISP provider router I not acess
Thank you for the suggestions
Please post your config
/export hide-sensitive file=anynameyouwish
It seems you want to have at least two subnets coming from the MT device as LAN subnets.
192.168.1.0/24 and 192.168.10.0.24
You have an access port going to the PC on vlan10
You have a trunk port going to the Access point carrying vlans 10 and lets say vlan 11 (for the 192.168.1.0/24 subnet).
You want the access point to have two WLANS
Does that describe your requirements???
If possible, I only want one network from MT.
I want the second network to go from the ISP router via crs326 to WLAN 2 .
On network 192.168.10.0/24 I only need internet access from ISP router.
Networks may not be visible to each other .
Yes I want to have access from Wlans to both networks.
Thanks
This is my config on crs326 and Wireles AP
# jan/31/2022 18:50:40 by RouterOS 6.49.2
# software id = LTZR-UK99
#
# model = CRS326-24G-2S+
/interface bridge
add name=bridge1
add name=bridge2
add name=bridgemato pvid=20 vlan-filtering=yes
/interface vlan
add interface=ether1 name=vlanmato vlan-id=20
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool2 ranges=192.168.10.2-192.168.10.254
add name=mato_pool3 ranges=192.168.2.2-192.168.2.254
/ip dhcp-server
add address-pool=dhcp_pool2 disabled=no interface=bridge1 name=dhcp1
add address-pool=mato_pool3 disabled=no interface=bridgemato lease-time=5m \
name=DHCPmato
/caps-man manager
set enabled=yes
/dude
set enabled=yes
/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=ether6
add bridge=bridge1 interface=ether7
add bridge=bridge1 interface=ether8
add bridge=bridge1 interface=ether9
add bridge=bridge1 interface=ether10
add bridge=bridge1 interface=ether11
add bridge=bridge1 interface=ether12
add bridge=bridge1 interface=ether13
add bridge=bridge1 interface=ether14
add bridge=bridge1 interface=ether15
add bridge=bridge1 interface=ether16
add bridge=bridge1 interface=ether17
add bridge=bridge1 interface=ether18
add bridge=bridge1 interface=ether19
add bridge=bridge1 interface=ether20
add bridge=bridge1 interface=ether21
add bridge=bridge1 interface=ether22
add bridge=bridge1 interface=ether23
add bridge=bridge1 interface=ether24
add bridge=bridgemato disabled=yes interface=vlanmato pvid=20
add bridge=bridgemato disabled=yes interface=*23 pvid=20
add bridge=bridgemato disabled=yes interface=*24 pvid=20
add bridge=bridge2 interface=ether1
add bridge=bridge2 interface=*23
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface list member
add interface=bridge2 list=WAN
add interface=ether2 list=LAN
add interface=ether3 list=LAN
add interface=ether4 list=LAN
add interface=ether5 list=LAN
add interface=ether6 list=LAN
add interface=ether7 list=LAN
add interface=ether8 list=LAN
add interface=ether9 list=LAN
add interface=ether10 list=LAN
add interface=ether11 list=LAN
add interface=ether12 list=LAN
add interface=ether13 list=LAN
add interface=ether14 list=LAN
add interface=ether15 list=LAN
add interface=ether16 list=LAN
add interface=ether17 list=LAN
add interface=ether18 list=LAN
add interface=ether19 list=LAN
add interface=ether20 list=LAN
add interface=ether21 list=LAN
add interface=ether22 list=LAN
add interface=ether23 list=LAN
add interface=ether24 list=LAN
add interface=sfp-sfpplus1 list=LAN
add interface=sfp-sfpplus2 list=LAN
add interface=bridge1 list=LAN
/ip address
add address=192.168.10.1/24 interface=bridge1 network=192.168.10.0
add address=192.168.10.1/24 interface=ether2 network=192.168.10.0
add address=192.168.2.1/24 interface=bridgemato network=192.168.2.0
add address=192.168.1.106/24 interface=ether1 network=192.168.1.0
/ip dhcp-client
add disabled=no interface=bridge2
/ip dhcp-server network
add address=192.168.10.0/24 caps-manager=192.168.10.1 dns-server=\
8.8.8.8,8.8.4.4 gateway=192.168.10.1
/ip dns
set servers=8.8.8.8,8.8.4.4
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
add action=dst-nat chain=dstnat dst-address=192.168.2.0/24 in-interface=\
bridge2 to-addresses=192.168.2.0/24
add action=dst-nat chain=dstnat disabled=yes dst-address=192.168.1.0/24 \
in-interface=ether1 to-addresses=192.168.2.0/24
add action=dst-nat chain=dstnat dst-address=192.168.1.106 in-interface=\
bridge2 to-addresses=192.168.10.224
add action=dst-nat chain=dstnat disabled=yes dst-port=443 protocol=tcp \
to-addresses=192.168.10.89 to-ports=8123
add action=dst-nat chain=dstnat disabled=yes dst-port=80 protocol=tcp \
to-addresses=192.168.10.89 to-ports=80
/ip route
add distance=1 gateway=192.168.10.1
# jan/31/2022 19:21:00 by RouterOS 6.49.2
# software id = L8RJ-UR7J
#
# model = RBcAPGi-5acD2nD
/interface bridge
add admin-mac=C4:AD:34:F5:21:01 auto-mac=no name=bridge1 protocol-mode=none
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk eap-methods="" mode=dynamic-keys \
name=wlan1 supplicant-identity=""
add authentication-types=wpa-psk,wpa2-psk eap-methods="" mode=dynamic-keys \
name=wlan2 supplicant-identity=""
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-g/n channel-width=20/40mhz-XX \
disabled=no frequency=auto installation=outdoor mode=ap-bridge \
security-profile=wlan1 ssid=wlan1 wireless-protocol=802.11 wps-mode=\
disabled
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
20/40/80mhz-XXXX disabled=no frequency=auto installation=outdoor mode=\
ap-bridge security-profile=wlan1 ssid=wlan1_5 wireless-protocol=802.11 \
wps-mode=disabled
add disabled=no keepalive-frames=disabled mac-address=C6:AD:34:F5:21:08 \
master-interface=wlan1 multicast-buffering=disabled name=wlan3 \
security-profile=wlan2 ssid=wlan2 wds-cost-range=0 wds-default-cost=0 \
wps-mode=disabled
add disabled=no keepalive-frames=disabled mac-address=C6:AD:34:F5:21:09 \
master-interface=wlan2 multicast-buffering=disabled name=wlan4 \
security-profile=wlan2 ssid=wlan2_5 wds-cost-range=0 wds-default-cost=0 \
wps-mode=disabled
/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=wlan1
add bridge=bridge1 interface=wlan2
/interface wireless cap
set bridge=bridge1 interfaces=wlan1,wlan2
/ip address
add address=192.168.1.110 disabled=yes interface=bridge1 network=\
192.168.1.110
/ip dhcp-client
add disabled=no interface=bridge1
add interface=wlan1
/ip route
add distance=1 dst-address=192.168.10.0/24 gateway=192.168.10.1
So the ISP device has several ports on it all giving out DHCP on 192.168.1.0/24 network.
You want the Wireless device to have WLAN1 on the subnet of the MT router and you want WAN2 to come directly from the ISP. but via the MT router connection.
You do realize that the WLAN2 and PC connected directly to the ISP device are not going through your routers firewall protections !!
WHY…
Why not run everything through the MT Router first ???
yes.
it doesn’t matter that wan 2 doesn’t go through the firewall
I can’t run everything via mt router because it’s far apart and I need mt router as a switch for other devices
If the configuration as I write is not possible.
the wan2 network can also be a ew subnet e.g. 192.168.2.0/24 which will pass through the MT router.
Wan2 subnet 192.168.2.0/24 will be visible on the 192.168.1.0/24 network