Thanks in advance for any help and apologies for forgetting what to include.
I have an RB3011 I have used the default configuration.
I then tried to add 2 additional IP networks by following the commands in the default script.
The three networks are (I also changed the first IP network address) 192.168.16.0, 192.168.96.0, 192.168.98.0
The first thing I did was to remove ether ports 6-10 from the default bridge.
Made 2 new bridges, one with ether 6 and 7 and one with ether 8 and 9.
I then created 2 new dhcp pools and dhcp servers.
I added the .1 address for each network to the appropriate bridge and most things seem to work.
The main problem is that when I run an Internet speedtest the .16 network is fine with about 80 meg download, but the .96 and .98 won't run the speedtest and a 100 meg download took 5 minutes.
Another strange problem is that I cannot run a mikrotik terminal from the browser on any of the networks. But I can run it in winbox.
I am also worried about my firewall settings, since they use the LAN and WAN lists and the bridges I created are not included. I was actually surprised that I had an Internet connection on those bridges.
My set up is in the attached file and is below.
Thx, core
Code: Select all
# sep/20/2018 17:34:30 by RouterOS 6.43
# software id = E5UB-48Z4
#
# model = RouterBOARD 3011UiAS
# serial number = #####
/interface bridge
add admin-mac=###### auto-mac=no comment=garage name=bridge2
add comment=main name=bridge6
add comment=upstairs name=bridge8
/interface ethernet
set [ find default-name=sfp1 ] disabled=yes
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.16.101-192.168.16.150
add name=dhcpPool2 ranges=192.168.96.100-192.168.96.150
add name=dhcpPool3 ranges=192.168.97.100-192.168.97.150
add name=vpn ranges=192.168.89.2-192.168.89.255
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge2 name=DHCPsrvr1
add address-pool=dhcpPool2 disabled=no interface=bridge6 lease-time=2h
name=\
DHCPsrvr2
add address-pool=dhcpPool3 disabled=no interface=bridge8 lease-time=2h
name=\
DHCPsrvr3
/ppp profile
set *FFFFFFFE local-address=192.168.89.1 remote-address=vpn
/interface bridge port
add bridge=bridge2 comment=defconf interface=ether2
add bridge=bridge2 comment=defconf interface=ether3
add bridge=bridge2 comment=defconf interface=ether4
add bridge=bridge2 comment=defconf interface=ether5
add bridge=bridge6 comment=main interface=ether6 trusted=yes
add bridge=bridge6 interface=ether7
add bridge=bridge8 comment=upstairs interface=ether8
add bridge=bridge8 interface=ether9
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface l2tp-server server
set enabled=yes ipsec-secret=???????? use-ipsec=yes
/interface list member
add comment=defconf interface=bridge2 list=LAN
add comment=defconf interface=ether1 list=WAN
/interface pptp-server server
set enabled=yes
/interface sstp-server server
set default-profile=default-encryption enabled=yes
/ip address
add address=192.168.16.1/24 comment=garage interface=ether2 network=\
192.168.16.0
add address=#########/29 interface=ether1 network=##########
add address=192.168.96.1/24 comment=main interface=bridge6 network=\
192.168.96.0
add address=192.168.97.1/24 comment=upstairs interface=bridge8 network=\
192.168.97.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid interface=ether1
/ip dhcp-server network
add address=192.168.16.0/24 comment=garage gateway=192.168.16.1 netmask=24
add address=192.168.96.0/24 comment=main gateway=192.168.96.1
add address=192.168.97.0/24 comment=upstairs gateway=192.168.97.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip dns static
add address=192.168.16.1 name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=accept chain=input comment="allow IPsec NAT" dst-port=4500 \
protocol=udp
add action=accept chain=input comment="allow IKE" dst-port=500 protocol=udp
add action=accept chain=input comment="allow l2tp" dst-port=1701
protocol=udp
add action=accept chain=input comment="allow pptp" dst-port=1723
protocol=tcp
add action=accept chain=input comment="allow sstp" dst-port=443 protocol=tcp
add action=drop chain=input comment="defconf: drop invalid"
connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from
LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed"
connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat comment="masq. vpn traffic" src-address=\
192.168.89.0/24
/ip route
add distance=1 gateway=########
/ppp secret
add name=vpn password=????????
/system clock
set time-zone-name=America/New_York
/system routerboard settings
set silent-boot=no
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN