I just install a new high speed Mikrotik for a client. I have them at home but now I guess I actually have to do stuff with it and I’m lost.
I need three things
- “regular” data traffic on it’s own vlan (192.168.50.0/24) Voice traffic on another vlan (192.168.51.0/24)
- Each vlan has it’s own DHCP server
- The Computers AND Cisco SPA504g’s are both receiving outside DHCP, so it would be nice to block DHCP and have them go to the mikrotik for DHCP
Basically, my ether1 port needs to not allow dhcp to pass or send dhcp out…
Any help would be greatly appreciated!
Rather than tell you what I’ve tried here’s my /export
# software id = GJ48-LCK8
#
/interface bridge
add admin-mac=00:0C:42:F8:B2:D4 auto-mac=no l2mtu=1598 name=bridge-local \
protocol-mode=rstp
/interface wireless
set 0 band=2ghz-b/g/n channel-width=20/40mhz-ht-above disabled=no distance=\
indoors ht-rxchains=0,1 ht-txchains=0,1 l2mtu=2290 mode=ap-bridge ssid=\
"Power Gen Wifi" wireless-protocol=802.11
/interface ethernet
set 0 name=ether1-gateway
set 5 name=ether6-master-local
set 6 master-port=ether6-master-local name=ether7-slave-local
set 7 master-port=ether6-master-local name=ether8-slave-local
set 8 master-port=ether6-master-local name=ether9-slave-local
set 9 master-port=ether6-master-local name=ether10-slave-local
set 10 name=sfp1-gateway
/ip neighbor discovery
set ether1-gateway discover=no
set sfp1-gateway discover=no
/interface vlan
add interface=bridge-local l2mtu=1594 name=Data use-service-tag=yes vlan-id=1
add interface=bridge-local l2mtu=1594 name=Voice use-service-tag=yes vlan-id=\
100
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=\
dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=america12 \
wpa2-pre-shared-key=america12
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \
mac-cookie-timeout=3d
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
add name=dhcp_pool1 ranges=192.168.50.100-192.168.50.254
add name=dhcp_pool2 ranges=192.168.51.100-192.168.51.254
/ip dhcp-server
add address-pool=default-dhcp interface=bridge-local name=default
add address-pool=dhcp_pool1 disabled=no interface=Data name=Data
add address-pool=dhcp_pool2 disabled=no interface=Voice name=Voice
/port
set 0 name=serial0
/interface bridge port
add bridge=bridge-local interface=ether2
add bridge=bridge-local interface=ether3
add bridge=bridge-local interface=ether4
add bridge=bridge-local interface=ether5
add bridge=bridge-local interface=ether6-master-local
add bridge=bridge-local interface=wlan1
/ip address
add address=192.168.88.1/24 comment="default configuration" interface=wlan1 \
network=192.168.88.0
add address=192.168.50.1/24 interface=Data network=192.168.50.0
add address=192.168.51.1/24 interface=Voice network=192.168.51.0
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid disabled=no \
interface=sfp1-gateway
add comment="default configuration" dhcp-options=hostname,clientid disabled=no \
interface=ether1-gateway
/ip dhcp-server network
add address=192.168.50.0/24 dns-server=192.168.50.15,192.168.50.1 gateway=\
192.168.50.1
add address=192.168.51.0/24 dns-server=192.168.50.15,192.168.50.1 gateway=\
192.168.51.1
add address=192.168.88.0/24 comment="default configuration" dns-server=\
192.168.88.1 gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router
/ip firewall filter
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=established
add chain=input comment="default configuration" connection-state=related
add action=drop chain=input comment="default configuration" in-interface=\
sfp1-gateway
add action=drop chain=input comment="default configuration" in-interface=\
ether1-gateway
add chain=forward comment="default configuration" connection-state=established
add chain=forward comment="default configuration" connection-state=related
add action=drop chain=forward comment="default configuration" connection-state=\
invalid
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" \
out-interface=sfp1-gateway
add action=masquerade chain=srcnat comment="default configuration" \
out-interface=ether1-gateway to-addresses=0.0.0.0
/lcd interface
set sfp1-gateway interface=sfp1-gateway
set ether1-gateway interface=ether1-gateway
set ether2 interface=ether2
set ether3 interface=ether3
set ether4 interface=ether4
set ether5 interface=ether5
set ether6-master-local interface=ether6-master-local
set ether7-slave-local interface=ether7-slave-local
set ether8-slave-local interface=ether8-slave-local
set ether9-slave-local interface=ether9-slave-local
set ether10-slave-local interface=ether10-slave-local
set wlan1 interface=wlan1
/lcd interface pages
set 0 interfaces="sfp1-gateway,ether1-gateway,ether2,ether3,ether4,ether5,ether6\
-master-local,ether7-slave-local,ether8-slave-local,ether9-slave-local,ether\
10-slave-local"
/system identity
set name=PGC-Core
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether2
add interface=ether3
add interface=ether4
add interface=ether5
add interface=ether6-master-local
add interface=ether7-slave-local
add interface=ether8-slave-local
add interface=ether9-slave-local
add interface=wlan1
add interface=bridge-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2
add interface=ether3
add interface=ether4
add interface=ether5
add interface=ether6-master-local
add interface=ether7-slave-local
add interface=ether8-slave-local
add interface=ether9-slave-local
add interface=wlan1
add interface=bridge-local