Hey,
I have new mikrotik router with set pppoe, and I want to setup second wifi separated from the other devices (guest wifi)
but I cant seem to get it working
the AP is not pinging any website
also pinging main gateway/dns server isnt doing anything I mean the
nat rule is not even pinging (checked the log)
/interface bridge
add admin-mac=E4:8D:8C:16:02:42 auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=ether1 ] speed=100Mbps
set [ find default-name=ether2 ] speed=100Mbps
set [ find default-name=ether3 ] speed=100Mbps
set [ find default-name=ether4 ] speed=100Mbps
set [ find default-name=ether5 ] speed=100Mbps
set [ find default-name=ether6 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether7 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether8 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether9 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether10 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 max-mtu=1492 name=\
"T Mobile VDSL" password=internetConnectionIguess service-name="T Mobile VDSL" user=giveMeThoseInterwebs
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n bridge-mode=disabled channel-width=\
20/40mhz-Ce country="czech republic" disabled=no distance=indoors frequency=auto \
frequency-mode=regulatory-domain mode=ap-bridge ssid=DeusEx wireless-protocol=\
802.11
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys \
supplicant-identity=MikroTik wpa-pre-shared-key="there actually is different password" \
wpa2-pre-shared-key="there is actually also different password"
add authentication-types=wpa2-psk management-protection=allowed mode=dynamic-keys name=\
guest supplicant-identity=DeusExTik wpa2-pre-shared-key="is this also password?"
/interface wireless
add default-forwarding=no disabled=no mac-address=MacOS master-interface=\
wlan1 name=wlan2 security-profile=guest ssid=DeusExHospites wds-default-bridge=\
bridge wps-mode=disabled
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
add name=vpn ranges=192.168.89.2-192.168.89.255
add name=dhcp-guest ranges=10.10.10.10-10.10.10.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
add address-pool=dhcp-guest authoritative=after-2sec-delay disabled=no interface=wlan2 \
lease-time=1d name=wlan-guest
/ppp profile
set *FFFFFFFE local-address=192.168.89.1 remote-address=vpn
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=ether9
add bridge=bridge comment=defconf interface=sfp1
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge interface=ether10
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface l2tp-server server
set enabled=yes ipsec-secret=kana use-ipsec=yes
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add interface="T Mobile VDSL" list=WAN
/interface pptp-server server
set enabled=yes
/interface sstp-server server
set default-profile=default-encryption enabled=yes
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether2 network=192.168.88.0
add address=10.10.10.1/24 interface=wlan2 network=10.10.10.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid interface=ether1
/ip dhcp-server lease
add address=192.168.88.2 client-id=WeHaveAndIdHere mac-address=WeCanAlsoIphones \
server=defconf
/ip dhcp-server network
add address=10.10.10.0/24 dns-server=192.168.88.1,10.10.10.1 gateway=10.10.10.1 \
netmask=24
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes servers=192.168.88.1,8.8.8.8,8.8.4.4
/ip dns static
add address=192.168.88.1 name=router.lan
/ip firewall address-list
add address=10.10.10.0-10.10.10.254 list=guests
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" \
connection-state=established,related,untracked
add action=accept chain=input comment="allow IPsec NAT" dst-port=4500 protocol=udp
add action=accept chain=input comment="allow IKE" dst-port=500 protocol=udp
add action=accept chain=input comment="allow l2tp" dst-port=1701 protocol=udp
add action=accept chain=input comment="allow pptp" dst-port=1723 protocol=tcp
add action=accept chain=input comment="allow sstp" dst-port=443 protocol=tcp
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=\
in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" \
connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none \
out-interface-list=WAN
add action=masquerade chain=srcnat comment="masq. vpn traffic" src-address=\
192.168.89.0/24
# T Mobile VDSL not ready
add action=masquerade chain=srcnat log=yes out-interface="T Mobile VDSL" \
src-address-list=guests
/ip route
add disabled=yes distance=1 gateway=10.0.0.138 <--- ip of the bridging Zyxel
/lcd
set default-screen=stats
/lcd interface pages
set 0 interfaces=wlan1
/ppp secret
add name=vpn password=kana
/system clock
set time-zone-name=Europe/Prague
/system identity
set name=DeusExTik
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
just PS. does anyone know why my Zyxel router keeps switching off
bridge mode
?