A little while ago i bought myself a routerboard. My home is full of smart devices (lightbulbs etc) that i want on a separate network so i can block internet access.
In my home i now have 3 networks:
192.168.2.0/24 - network from ISP router
192.168.100.0/24 - network behind Mikrotik for open internet
192.168.101.0/24 - network behind Mikrotik with limited/no internet access.
I notice that sometimes the routing between all of the networks is slow or it's like the connections are blocked.
For example: i have a device in the 192.168.100.0 network that controls the lightbulbs (that are in the 101 network), but they don't respond.
Also when i have my laptop connected via wireless in the 101 network, sometimes my connection is dead for a few seconds.
Below is my config, i hope anyone can help me and can tell me what i have done wrong.
Code: Select all
# software id = NAGW-J6E6
#
# model = RB2011UiAS-2HnD
# serial number = xxxx
/interface bridge
add name=IOT-Devices
add name=PortBridge
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk eap-methods="" group-ciphers=tkip group-key-update=1h mode=dynamic-keys name=WLAN0 supplicant-identity="" unicast-ciphers=tkip wpa-pre-shared-key=xxxx wpa2-pre-shared-key=xxx
/interface wireless
set [ find default-name=wlan1 ] amsdu-limit=2048 band=2ghz-b/g/n disabled=no frequency=auto installation=indoor mode=ap-bridge security-profile=WLAN0 ssid=WLAN-IOT wireless-protocol=802.11 wps-mode=disabled
/ip pool
add name=dhcp_pool0 ranges=192.168.100.50-192.168.100.200
add name=dhcp_SmartDevices ranges=192.168.101.50-192.168.101.150
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=IOT-Devices lease-time=1h name=dhcp1
/interface bridge port
add bridge=IOT-Devices interface=ether2
add bridge=IOT-Devices interface=wlan1
add bridge=PortBridge interface=ether3
add bridge=PortBridge interface=ether4
add bridge=PortBridge interface=ether5
add bridge=PortBridge interface=ether6
add bridge=PortBridge interface=ether7
add bridge=PortBridge interface=ether8
add bridge=PortBridge interface=ether9
add bridge=PortBridge interface=ether10
add bridge=PortBridge interface=ether1
/interface detect-internet
set detect-interface-list=all
/ip address
add address=192.168.100.254/24 interface=IOT-Devices network=192.168.100.0
add address=192.168.2.201/24 interface=PortBridge network=192.168.2.0
add address=192.168.101.254/24 interface=IOT-Devices network=192.168.101.0
/ip dhcp-server config
set store-leases-disk=1h
/ip dhcp-server lease
add address=192.168.100.199 comment=xxx mac-address=xx:xx:xx:xx:xx:xx server=dhcp1
/ip dhcp-server network
add address=192.168.100.0/24 dns-server=192.168.2.254,8.8.8.8 gateway=192.168.100.254
/ip firewall filter
add action=accept chain=forward comment="Home Assistant" disabled=yes dst-address=192.168.100.0/24 src-mac-address=DC:A6:32:FB:D2:9C
add action=drop chain=forward comment="Block Internet Access Hal01" disabled=yes src-mac-address=xx:xx:xx:xx:xx
add action=accept chain=forward dst-address=192.168.101.0/24 src-address=192.168.100.100
add action=accept chain=forward dst-address=192.168.101.0/24 src-address=192.168.100.200
add action=drop chain=forward dst-address=0.0.0.0 src-address=192.168.101.50-192.168.101.150
add action=drop chain=forward dst-address=192.168.101.50-192.168.101.150
/ip firewall nat
add action=masquerade chain=srcnat
/ip route
add check-gateway=ping distance=1 gateway=192.168.2.254 pref-src=192.168.2.201
add distance=1 dst-address=192.168.2.0/24 gateway=PortBridge pref-src=192.168.2.201
/lcd interface pages
set 0 interfaces=sfp1,ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10