[admin@MikroTik] >> export hide-sensitive
# oct/04/2019 18:58:42 by RouterOS 6.45.1
# software id = JJDI-22UL
#
# model = RouterBOARD 3011UiAS
# serial number = 8EEA09C227E2
/interface bridge
add admin-mac=B8:69:F4:2F:73:7E auto-mac=no comment=defconf name=bridge-lan vlan-filtering=yes
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 name=pppoe-out1 use-peer-dns=yes user=xxx
/interface vlan
add interface=bridge-lan name=vlan10 use-service-tag=yes vlan-id=10
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
add name=dhcp_pool2 ranges=192.168.10.2-192.168.10.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge-lan lease-time=1d name=defconf
add address-pool=dhcp_pool2 disabled=no interface=vlan10 lease-time=20m name=dhcp1
/interface bridge port
add bridge=bridge-lan comment=defconf interface=ether2
add bridge=bridge-lan comment=defconf interface=ether3
add bridge=bridge-lan comment=defconf interface=ether4
add bridge=bridge-lan comment=defconf interface=ether5
add bridge=bridge-lan comment=defconf interface=ether6
add bridge=bridge-lan comment=defconf interface=ether7
add bridge=bridge-lan comment=defconf interface=ether8
add bridge=bridge-lan comment=defconf interface=ether9
add bridge=bridge-lan comment=defconf interface=sfp1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface bridge vlan
add bridge=bridge-lan tagged=ether1 untagged=bridge-lan vlan-ids=1
add bridge=bridge-lan tagged=bridge-lan,ether2 vlan-ids=10
/interface ethernet switch vlan
add independent-learning=no ports=ether2 switch=switch1 vlan-id=1
add independent-learning=no ports=ether2 switch=switch1 vlan-id=10
/interface list member
add comment=defconf interface=bridge-lan list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=pppoe-out1 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether2 network=192.168.88.0
add address=192.168.10.1/24 interface=vlan10 network=192.168.10.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid interface=ether1
/ip dhcp-server lease
add address=192.168.88.23 comment="Satel ETHM-1" mac-address=00:1B:9C:09:50:B8 server=defconf
add address=192.168.88.22 client-id=1:0:25:22:af:f0:53 comment="Desktop w gabinecie" mac-address=00:25:22:AF:F0:53 server=defconf
/ip dhcp-server network
add address=192.168.10.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.10.1
add address=192.168.88.0/24 comment=defconf dns-server=8.8.8.8,8.8.4.4 gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
/system clock
set time-zone-name=Europe/London
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
[admin@MikroTik] > export hide-sensitive
# oct/04/2019 22:47:26 by RouterOS 6.45.1
# software id = JJDI-22UL
#
# model = RouterBOARD 3011UiAS
# serial number = 8EEA09C227E2
/interface bridge
add admin-mac=B8:69:F4:2F:73:7E auto-mac=no comment=defconf name=bridge-lan vlan-filtering=yes
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 name=pppoe-out1 use-peer-dns=yes user=rzeczna81f@dg-net.pl
/interface vlan
add interface=bridge-lan name=vlan10 vlan-id=10
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
add name=dhcp_pool2 ranges=192.168.10.2-192.168.10.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge-lan lease-time=1d name=defconf
add address-pool=dhcp_pool2 disabled=no interface=vlan10 lease-time=20m name=dhcp1
/interface bridge port
add bridge=bridge-lan comment=defconf interface=ether2
add bridge=bridge-lan comment=defconf interface=ether3
add bridge=bridge-lan comment=defconf interface=ether4
add bridge=bridge-lan comment=defconf interface=ether5
add bridge=bridge-lan comment=defconf interface=ether6
add bridge=bridge-lan comment=defconf interface=ether7
add bridge=bridge-lan comment=defconf interface=ether8
add bridge=bridge-lan comment=defconf interface=ether9
add bridge=bridge-lan comment=defconf interface=sfp1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface bridge vlan
add bridge=bridge-lan tagged=ether1 untagged=bridge-lan vlan-ids=1
add bridge=bridge-lan tagged=bridge-lan,ether2 vlan-ids=10
/interface list member
add comment=defconf interface=bridge-lan list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=pppoe-out1 list=WAN
add interface=vlan10 list=LAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether2 network=192.168.88.0
add address=192.168.10.1/24 interface=vlan10 network=192.168.10.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid interface=ether1
/ip dhcp-server lease
add address=192.168.88.23 comment="Satel ETHM-1" mac-address=00:1B:9C:09:50:B8 server=defconf
add address=192.168.88.22 client-id=1:0:25:22:af:f0:53 comment="Desktop w gabinecie" mac-address=00:25:22:AF:F0:53 server=defconf
/ip dhcp-server network
add address=192.168.10.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.10.1
add address=192.168.88.0/24 comment=defconf dns-server=8.8.8.8,8.8.4.4 gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
/system clock
set time-zone-name=Europe/London
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
[admin@MikroTik] > export hide-sensitive
# oct/07/2019 20:57:12 by RouterOS 6.45.1
# software id = JJDI-22UL
#
# model = RouterBOARD 3011UiAS
# serial number = 8EEA09C227E2
/interface bridge
add admin-mac=B8:69:F4:2F:73:7E auto-mac=no comment=defconf name=bridge-lan vlan-filtering=yes
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 name=pppoe-out1 use-peer-dns=yes user=rzeczna81f@dg-net.pl
/interface vlan
add interface=bridge-lan name=vlan10 vlan-id=10
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
add name=dhcp_pool2 ranges=192.168.10.2-192.168.10.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge-lan lease-time=1d name=defconf
add address-pool=dhcp_pool2 disabled=no interface=vlan10 lease-time=20m name=dhcp1
/interface bridge port
add bridge=bridge-lan comment=defconf interface=ether2
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface bridge vlan
add bridge=bridge-lan tagged=bridge-lan,ether2 vlan-ids=10
/interface list member
add comment=defconf interface=bridge-lan list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=pppoe-out1 list=WAN
add interface=vlan10 list=LAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge-lan network=192.168.88.0
add address=192.168.10.1/24 interface=vlan10 network=192.168.10.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid interface=ether1
/ip dhcp-server lease
add address=192.168.88.23 comment="Satel ETHM-1" mac-address=00:1B:9C:09:50:B8 server=defconf
add address=192.168.88.22 client-id=1:0:25:22:af:f0:53 comment="Desktop w gabinecie" mac-address=00:25:22:AF:F0:53 server=defconf
/ip dhcp-server network
add address=192.168.10.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.10.1
add address=192.168.88.0/24 comment=defconf dns-server=8.8.8.8,8.8.4.4 gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
/system clock
set time-zone-name=Europe/London
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
Hi complex, the reason I didnt untag ether 2 is due to two reasons, first because its acting as a trunk port for vlan10 and the default vlan1.Please untag ether2 and try again....
/interface bridge vlan
add bridge=bridge-lan tagged=bridge-lan untagged=ether2 vlan-ids=10
This is correct.VLAN1 is the default, it is assumed by the router.
My Ubiquiti UniFi AP, AC PRO should have a capabilities to assign vlan10 to attached devices, but is there a way to test if it works correctly?I am assuming his ubiquiti devices are able to assign vlan10 to attached devices.
Tried that and it didn't work - same effect - cannot get IP from dhcp. All devices connected to any other wifi networks gets IP correctly, only the ones connected to the guest wifi - vlan10 cannot get ip. Is there a way to test vlan connection?If you untag ether2 then all devices should get an IP address.
/interface bridge port
add bridge=bridge-lan interface=ether2
/interface bridge vlan
add bridge=bridge-lan tagged=bridge-lan,ether2 untagged=ether4 vlan-ids=10
/interface bridge port
set bridge=bridge-lan ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged pvid=10 [find interface=ether4]
[admin@MikroTik] > export hide-sensitive
# nov/03/2019 21:22:17 by RouterOS 6.45.1
# software id = JJDI-22UL
#
# model = RouterBOARD 3011UiAS
# serial number = 8EEA09C227E2
/interface bridge
add admin-mac=B8:69:F4:2F:73:7E auto-mac=no comment=defconf name=bridge vlan-filtering=yes
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 name=pppoe-out1 use-peer-dns=yes user=rzeczna81f@dg-net.pl
/interface vlan
add interface=bridge name=vlan10 vlan-id=10
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
add name=dhcp_pool2 ranges=192.168.10.2-192.168.10.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
add address-pool=dhcp_pool2 disabled=no interface=vlan10 lease-time=20m name=dhcp1
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=ether9
add bridge=bridge comment=defconf interface=ether10
add bridge=bridge comment=defconf interface=sfp1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface bridge vlan
add bridge=bridge tagged=bridge,ether2 vlan-ids=10
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=pppoe-out1 list=WAN
add interface=vlan10 list=LAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether2 network=192.168.88.0
add address=192.168.10.1/24 interface=vlan10 network=192.168.10.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid interface=ether1
/ip dhcp-server network
add address=192.168.10.0/24 gateway=192.168.10.1
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
/system clock
set time-zone-name=Europe/Warsaw
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
New config:One more thing what you can try is to connect a PC to port 4 by wire.
Then change/set and check if the PC gets a DHCP address.Code: Select all/interface bridge port add bridge=bridge-lan interface=ether2 /interface bridge vlan add bridge=bridge-lan tagged=bridge-lan,ether2 untagged=ether4 vlan-ids=10 /interface bridge port set bridge=bridge-lan ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged pvid=10 [find interface=ether4]
[admin@MikroTik] > export hide-sensitive
# nov/03/2019 21:38:16 by RouterOS 6.45.1
# software id = JJDI-22UL
#
# model = RouterBOARD 3011UiAS
# serial number = 8EEA09C227E2
/interface bridge
add admin-mac=B8:69:F4:2F:73:7E auto-mac=no comment=defconf name=bridge vlan-filtering=yes
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 name=pppoe-out1 use-peer-dns=yes user=rzeczna81f@dg-net.pl
/interface vlan
add interface=bridge name=vlan10 vlan-id=10
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
add name=dhcp_pool2 ranges=192.168.10.2-192.168.10.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
add address-pool=dhcp_pool2 disabled=no interface=vlan10 lease-time=20m name=dhcp1
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether4 pvid=10
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=ether9
add bridge=bridge comment=defconf interface=ether10
add bridge=bridge comment=defconf interface=sfp1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface bridge vlan
add bridge=bridge tagged=bridge,ether2 untagged=ether4 vlan-ids=10
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=pppoe-out1 list=WAN
add interface=vlan10 list=LAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether2 network=192.168.88.0
add address=192.168.10.1/24 interface=vlan10 network=192.168.10.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid interface=ether1
/ip dhcp-server network
add address=192.168.10.0/24 gateway=192.168.10.1
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
/system clock
set time-zone-name=Europe/Warsaw
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
Even if it works somehow, it is still a typical misconfiguration, that can lead to potential problems, that are hard to track.Thanks @anav fir answer but assigning address to ether2 works fine and I have no problems with it. On my eth2 I have connected switch (Cisco SRW2048) where all devices (including APs) are connected and all of them works fine - gets an IP, etc. Problem I have is that no devices connected to ether2 with vlanID = 10 can get and IP address from dhcp_pool2 (192.168.10.x)
[admin@MikroTik] /ip address> export hide-sensitive
# nov/04/2019 12:34:18 by RouterOS 6.45.1
# software id = JJDI-22UL
#
# model = RouterBOARD 3011UiAS
# serial number = 8EEA09C227E2
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=192.168.88.0
add address=192.168.10.1/24 interface=vlan10 network=192.168.10.0
/interface bridge vlan print
[admin@MikroTik] > export hide-sensitive
# nov/04/2019 21:27:58 by RouterOS 6.45.1
# software id = JJDI-22UL
#
# model = RouterBOARD 3011UiAS
# serial number = 8EEA09C227E2
/interface bridge
add admin-mac=B8:69:F4:2F:73:7E auto-mac=no comment=defconf name=bridge vlan-filtering=yes
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 name=pppoe-out1 use-peer-dns=yes user=rzeczna81f@dg-net.pl
/interface vlan
add interface=bridge name=vlan10 vlan-id=10
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
add name=dhcp_pool2 ranges=192.168.10.2-192.168.10.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
add address-pool=dhcp_pool2 disabled=no interface=vlan10 lease-time=20m name=dhcp1
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=ether9
add bridge=bridge comment=defconf interface=ether10
add bridge=bridge comment=defconf interface=sfp1
add bridge=bridge interface=ether4
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface bridge vlan
add bridge=bridge tagged=bridge,ether2 vlan-ids=10
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=pppoe-out1 list=WAN
add interface=vlan10 list=LAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=192.168.88.0
add address=192.168.10.1/24 interface=vlan10 network=192.168.10.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid interface=ether1
/ip dhcp-server network
add address=192.168.10.0/24 gateway=192.168.10.1
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
/system clock
set time-zone-name=Europe/Warsaw
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
add bridge=bridge tagged=bridge,ether2 vlan-ids=10
[admin@MikroTik] >> /interface bridge vlan print
Flags: X - disabled, D - dynamic
# BRIDGE VLAN-IDS CURRENT-TAGGED CURRENT-UNTAGGED
0 D bridge 1 bridge
ether2
1 bridge 10 bridge
ether2
What are these?!a razor and shaving cream.
A plot to make you uglier ...What are these?!a razor and shaving cream.
A plot to make you uglier ...What are these?!a razor and shaving cream.
Glad for that kernel of truth Sob.A plot to make you uglier ...What are these?!a razor and shaving cream.