(1) Okay I should have referenced this article for reading.
viewtopic.php?f=23&t=143620
(2) Basically one does not use VLAN1 for anything but uses VLAN99 or any number you choose!
Do not worry, vlan1 is carried in the background and works with all other vendors equipment as all expect a management vlan.
(3) So simply change your VLAN numbering from 1 to 99, done!! WHOOPs you are using a vlan with nothing defined, OKAY,
(4) Creating the mgmt VLAN
(a) VLAN setup
/interface vlan
add interface="Line Out" name="VLAN 25 - CCTV" vlan-id=25
add interface="Line Out" name="VLAN 30 - Production" vlan-id=30
add interface="Line Out" name="VLAN 60 - Guests" vlan-id=60
add interface="Line Out" name="VLAN 99 - Mgmt" vlan-ids=99
b. IP POOL CLEANUP and missing vlan 30
ip pool
add name=dhcp_pool_default_equipment ranges=10.10.8.
200-10.10.
11.200 {
should be 2, and 8}
add name=dhcp_pool_guests ranges=10.20.0.100-10.20
.3.200 {
should be 0}
add name=dhcp_pool_breeze ranges=192.168.0.100-192.168.0.200
add name=dhcp_pool_cctv ranges=10.10.5.50-10.10.
7.200 {
should be 5}
add name=dhcp_pool_VPN ranges=172.16.10.100-172.16.10.200
add name=dhcp_pool_conferinte_brasovia ranges=192.168.1.20-192.168.1.220
add name=dhcp_pool_production ranges=10.10.0.20-10.10.0.200
c. IP dhcp MISSING VLAN30
/ip dhcp-server
add address-pool=dhcp_pool_default_equipment disabled=no interface="Line Out" \
name=dhcp_server_default
add address-pool=dhcp_pool_cctv disabled=no interface="VLAN 25 - CCTV" name=\
dhcp_server_cctv
add address-pool=dhcp_pool_guests disabled=no interface="VLAN 60 - Guests" \
name=dhcp_server_guests
add address-pool=dhcp_pool_breeze disabled=no interface="ether3 - Breeze" \
name=dhcp_server_breeze
add address-pool=dhcp_pool_production disabled=no interface="VLAN 30 - Production" name=\
dhcp_server_production
d. CLEAN UP ADDRESS
/ip address
add address=85.x.x.x interface="ether2 - UPC WAN" network=85.x.x.35
add address=192.168.0.2/24 interface="ether3 - Breeze" network=192.168.0.0
add address=10.10.8.1/2
2? interface=
"Line Out" network=10.10.8.0 {Should be interface=
"VLAN 99 - Mgmt}
add address=10.10.0.1/2
2? interface="VLAN 30 - Production" network=10.10.0.0
add address=10.10.
4.1/2
2? interface="VLAN 25 - CCTV" network=10.10.
4.0 {should be
5 }
add address=10.20.0.1/2
2? interface="VLAN 60 - Guests" network=10.20.0.0
add address=62.x.x.x interface="ether1 - RCS WAN" network=62.x.x.1
add address=172.16.10.0/24 interface="ether4 - VPN" network=172.16.10.0
add address=192.168.1.2/24 interface="ether8 - Brasovia" network=192.168.1.0
e. Clean up IP Server Network Missing vlan30
/ip dhcp-server network
add address=10.10.
4.0/22 dns-server=8.8.8.8 gateway=10.10.1 netmask=22 {Should be
5 }
add address=10.10.8.0/22 dns-server=8.8.8.8 gateway=10.10.8.1 netmask=22
add address=10.20.0.0/22 dns-server=8.8.8.8 gateway=10.20.0.1 netmask=22
add address=10.10.0.0/22 dns-server=8.8.8.8 gateway=10.10.0.1 netmask=22
(5) Remove this unless you have a specific purpose, not communcated.
/interface bridge settings
set use-ip-firewall=yes
(6) I do not understand your SOURCE NAT RULES HERE>
Basically need a Source NAT rule applied TO ALL
OR per WAN INTERFACE.
I clearly do not understand the purpose of the source nat config in this setup ????