i put extra not i thing mybe can not acces the device later i have 2 vlans after this my home network and my server vlan this i can put only later if all worksThere is no NAT rule the default typically is......
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
# jan/02/1970 14:23:49 by RouterOS 6.48.3
# software id =
#
# model = CCR2004-1G-12S+2XS
# serial number =
/interface bridge
add name=Trunk_bridge vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] comment=WAN
/interface vlan
add interface=Trunk_bridge name=vlan5 vlan-id=5
add interface=Trunk_bridge name=vlan10 vlan-id=10
add interface=Trunk_bridge name=vlan30 vlan-id=30
add interface=Trunk_bridge name=vlan40 vlan-id=40
add interface=Trunk_bridge name=vlan50 vlan-id=50
add interface=Trunk_bridge name=vlan60 vlan-id=60
add interface=Trunk_bridge name=vlan70 vlan-id=70
add interface=Trunk_bridge name=vlan80 vlan-id=80
add interface=Trunk_bridge name=vlan90 vlan-id=90
/interface list
add name=WAN
add name=LAN
add name=Gast
add name=Server
add name=WLAN
add name=IOT
add name=SECURITY
add name=IPMI
add name=MGMT
add name=DMZ
add name=Cluster
add name=HA
/interface lte apn
set [ find default=yes ] ip-type=ipv4-ipv6
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_vlan1 ranges=172.16.1.100-172.16.1.254
add name=dhcp_IPMI ranges=172.16.5.100-172.16.5.254
add name=dhcp_security ranges=172.16.30.100-172.16.30.254
add name=dhcp_IoT ranges=172.16.40.100-172.16.40.254
add name=dhcp_10 ranges=172.16.10.100-172.16.10.254
add name=dhcp_50 ranges=172.16.50.2-172.16.50.254
add name=dhcp_60 ranges=172.16.60.100-172.16.60.254
add name=dhcp_70 ranges=172.16.70.100-172.16.70.254
add name=dhcp_80 ranges=172.16.80.100-172.16.80.254
add name=dhcp_90 ranges=172.16.90.50-172.16.90.254
/ip dhcp-server
add address-pool=dhcp_IPMI disabled=no interface=vlan5 lease-time=2h name=\
dhcp_5
add address-pool=dhcp_security disabled=no interface=vlan30 lease-time=2h \
name=dhcp_30
add address-pool=dhcp_IoT disabled=no interface=vlan40 lease-time=2h name=\
dhcp_40
add address-pool=dhcp_10 disabled=no interface=vlan10 lease-time=2h name=\
dhcp_10
add address-pool=dhcp_50 disabled=no interface=vlan50 lease-time=2h name=\
dhcp_50
add address-pool=dhcp_60 disabled=no interface=vlan60 lease-time=2h name=\
dhcp60
add address-pool=dhcp_70 disabled=no interface=vlan70 lease-time=2h name=\
dhcp70
add address-pool=dhcp_80 disabled=no interface=vlan80 lease-time=2h name=\
dhcp80
add address-pool=dhcp_90 disabled=no interface=vlan90 lease-time=2h name=\
dhcp90
/interface bridge port
add bridge=Trunk_bridge interface=sfp-sfpplus1
add bridge=Trunk_bridge interface=sfp-sfpplus2
add bridge=Trunk_bridge interface=sfp-sfpplus3
add bridge=Trunk_bridge interface=sfp-sfpplus4
add bridge=Trunk_bridge interface=sfp-sfpplus5
add bridge=Trunk_bridge interface=sfp-sfpplus6
add bridge=Trunk_bridge interface=sfp-sfpplus7
add bridge=Trunk_bridge interface=sfp-sfpplus8
add bridge=Trunk_bridge interface=sfp-sfpplus9
add bridge=Trunk_bridge interface=sfp-sfpplus10
add bridge=Trunk_bridge interface=sfp-sfpplus11
add bridge=Trunk_bridge interface=sfp28-1
add bridge=Trunk_bridge interface=sfp28-2
add bridge=Trunk_bridge interface=sfp-sfpplus12
/interface list member
add interface=ether1 list=WAN
add list=LAN
add interface=vlan50 list=Gast
add interface=vlan30 list=SECURITY
add interface=vlan90 list=WLAN
add interface=vlan40 list=IOT
add interface=vlan5 list=IPMI
add interface=vlan60 list=DMZ
add interface=vlan80 list=Cluster
add interface=vlan70 list=HA
/ip address
add address=172.16.1.1/24 interface=Trunk_bridge network=172.16.1.0
add address=172.16.5.1/24 interface=vlan5 network=172.16.5.0
add address=172.16.30.1/24 interface=vlan30 network=172.16.30.0
add address=172.16.40.1/24 interface=vlan40 network=172.16.40.0
add address=172.16.10.1/24 interface=vlan10 network=172.16.10.0
add address=172.16.50.1/24 interface=vlan50 network=172.16.50.0
add address=172.16.60.1/24 interface=vlan60 network=172.16.60.0
add address=172.16.70.1/24 interface=vlan70 network=172.16.70.0
add address=172.16.80.1/24 interface=vlan80 network=172.16.80.0
add address=172.16.90.1/24 interface=vlan90 network=172.16.90.0
/ip dhcp-client
add disabled=no interface=ether1
/ip dhcp-server network
add address=172.16.1.0/24 gateway=172.16.1.1
add address=172.16.5.0/24 gateway=172.16.5.1
add address=172.16.10.0/24 gateway=172.16.10.1
add address=172.16.30.0/24 gateway=172.16.30.1
add address=172.16.40.0/24 gateway=172.16.40.1
add address=172.16.50.0/24 gateway=172.16.50.1
add address=172.16.60.0/24 gateway=172.16.60.1
add address=172.16.70.0/24 gateway=172.16.70.1
add address=172.16.80.0/24 gateway=172.16.80.1
add address=172.16.90.0/24 gateway=172.16.90.1
/ip dns
set allow-remote-requests=yes
/ip firewall filter
add action=accept chain=input connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input protocol=icmp
add action=drop chain=input disabled=yes in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
/ip firewall nat
add action=accept chain=srcnat out-interface-list=WAN
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set sip disabled=yes
set pptp disabled=yes
set dccp disabled=yes
/ip service
set telnet disabled=yes
set ftp disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/system clock
set time-zone-name=Europe/Vienna
/system identity
set name=cr1
/system ntp client
set enabled=yes
/system resource irq rps
set ether1 disabled=yes
# aug/16/2021 19:50:11 by RouterOS 6.48.3
# software id = KIHW-0X4S
#
# model = CCR2004-1G-12S+2XS
# serial number =
/interface bridge
add name=Trunk_bridge vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] comment=WAN
/interface vlan
add interface=Trunk_bridge name=vlan5 vlan-id=5
add interface=Trunk_bridge name=vlan10 vlan-id=10
add interface=Trunk_bridge name=vlan20 vlan-id=20
add interface=Trunk_bridge name=vlan30 vlan-id=30
add interface=Trunk_bridge name=vlan40 vlan-id=40
add interface=Trunk_bridge name=vlan50 vlan-id=50
add interface=Trunk_bridge name=vlan60 vlan-id=60
add interface=Trunk_bridge name=vlan70 vlan-id=70
add interface=Trunk_bridge name=vlan80 vlan-id=80
add interface=Trunk_bridge name=vlan90 vlan-id=90
add interface=Trunk_bridge name=vlan100 vlan-id=100
/interface list
add name=WAN
add name=LAN
add name=Gast
add name=Server
add name=WLAN
add name=IOT
add name=SECURITY
add name=IPMI
add name=MGMT
add name=DMZ
add name=Cluster
add name=HA
/interface lte apn
set [ find default=yes ] ip-type=ipv4-ipv6
/ip pool
add name=dhcp_pool_ipmi ranges=172.16.5.100-172.16.5.254
add name=dhcp_pool_security ranges=172.16.30.100-172.16.30.254
add name=dhcp_pool_IoT ranges=172.16.40.100-172.16.40.254
add name=dhcp_pool_mgmt ranges=172.16.10.100-172.16.10.254
add name=dhcp_pool_guest ranges=172.16.50.2-172.16.50.254
add name=dhcp_pool_dmz ranges=172.16.60.100-172.16.60.254
add name=dhcp_pool_ha ranges=172.16.70.100-172.16.70.254
add name=dhcp_pool_cluster ranges=172.16.80.100-172.16.80.254
add name=dhcp_pool_wlan ranges=172.16.90.50-172.16.90.254
add name=dhcp_pool_LAN ranges=172.16.100.2-172.16.100.254
add name=dhcp_pool_server ranges=172.16.20.11-172.16.20.20
/ip dhcp-server
add address-pool=dhcp_pool_ipmi disabled=no interface=vlan5 lease-time=2h \
name=dhcp_ipmi
add address-pool=dhcp_pool_security disabled=no interface=vlan30 lease-time=\
2h name=dhcp_security
add address-pool=dhcp_pool_IoT disabled=no interface=vlan40 lease-time=2h \
name=dhcp_IoT
add address-pool=dhcp_pool_mgmt disabled=no interface=vlan10 lease-time=2h \
name=dhcp_mgmt
add address-pool=dhcp_pool_guest disabled=no interface=vlan50 lease-time=2h \
name=dhcp_guest
add address-pool=dhcp_pool_dmz disabled=no interface=vlan60 lease-time=2h \
name=dhcp_dmz
add address-pool=dhcp_pool_ha disabled=no interface=vlan70 lease-time=2h \
name=dhcp_ha
add address-pool=dhcp_pool_cluster disabled=no interface=vlan80 lease-time=2h \
name=dhcp_cluster
add address-pool=dhcp_pool_wlan disabled=no interface=vlan90 lease-time=8h \
name=dhcp_wlan
add address-pool=dhcp_pool_LAN disabled=no interface=vlan100 lease-time=8h \
name=dhcp_LAN
add address-pool=dhcp_pool_server disabled=no interface=vlan20 lease-time=8h \
name=dhcp_server
/interface bridge port
add bridge=Trunk_bridge interface=sfp-sfpplus1
add bridge=Trunk_bridge interface=sfp-sfpplus2
add bridge=Trunk_bridge interface=sfp-sfpplus3
add bridge=Trunk_bridge interface=sfp-sfpplus4
add bridge=Trunk_bridge interface=sfp-sfpplus5
add bridge=Trunk_bridge interface=sfp-sfpplus6
add bridge=Trunk_bridge interface=sfp-sfpplus7
add bridge=Trunk_bridge interface=sfp-sfpplus8
add bridge=Trunk_bridge interface=sfp-sfpplus9
add bridge=Trunk_bridge interface=sfp-sfpplus10
add bridge=Trunk_bridge interface=sfp-sfpplus11
add bridge=Trunk_bridge interface=sfp28-1
add bridge=Trunk_bridge interface=sfp28-2
add bridge=Trunk_bridge interface=sfp-sfpplus12
/interface bridge vlan
add bridge=Trunk_bridge tagged="Trunk_bridge,sfp-sfpplus1,sfp-sfpplus2,sfp-sfp\
plus3,sfp-sfpplus4,sfp-sfpplus5,sfp-sfpplus6,sfp-sfpplus7,sfp-sfpplus8,sfp\
-sfpplus9,sfp-sfpplus10,sfp-sfpplus11,sfp-sfpplus12,sfp28-1,sfp28-2" \
vlan-ids=10
add bridge=Trunk_bridge tagged="Trunk_bridge,sfp-sfpplus1,sfp-sfpplus2,sfp-sfp\
plus3,sfp-sfpplus4,sfp-sfpplus5,sfp-sfpplus6,sfp-sfpplus7,sfp-sfpplus8,sfp\
-sfpplus9,sfp-sfpplus10,sfp-sfpplus11,sfp-sfpplus12,sfp28-1,sfp28-2" \
vlan-ids=5
add bridge=Trunk_bridge tagged="Trunk_bridge,sfp-sfpplus1,sfp-sfpplus2,sfp-sfp\
plus3,sfp-sfpplus4,sfp-sfpplus5,sfp-sfpplus6,sfp-sfpplus7,sfp-sfpplus8,sfp\
-sfpplus9,sfp-sfpplus10,sfp-sfpplus11,sfp-sfpplus12,sfp28-1,sfp28-2" \
vlan-ids=20
add bridge=Trunk_bridge tagged="Trunk_bridge,sfp-sfpplus1,sfp-sfpplus2,sfp-sfp\
plus3,sfp-sfpplus4,sfp-sfpplus5,sfp-sfpplus6,sfp-sfpplus7,sfp-sfpplus8,sfp\
-sfpplus9,sfp-sfpplus10,sfp-sfpplus11,sfp-sfpplus12,sfp28-1,sfp28-2" \
vlan-ids=30
add bridge=Trunk_bridge tagged="Trunk_bridge,sfp-sfpplus1,sfp-sfpplus2,sfp-sfp\
plus3,sfp-sfpplus4,sfp-sfpplus5,sfp-sfpplus6,sfp-sfpplus7,sfp-sfpplus8,sfp\
-sfpplus9,sfp-sfpplus10,sfp-sfpplus11,sfp-sfpplus12,sfp28-1,sfp28-2" \
vlan-ids=40
add bridge=Trunk_bridge tagged="Trunk_bridge,sfp-sfpplus1,sfp-sfpplus2,sfp-sfp\
plus3,sfp-sfpplus4,sfp-sfpplus5,sfp-sfpplus6,sfp-sfpplus7,sfp-sfpplus8,sfp\
-sfpplus9,sfp-sfpplus10,sfp-sfpplus11,sfp-sfpplus12,sfp28-1,sfp28-2" \
vlan-ids=50
add bridge=Trunk_bridge tagged="Trunk_bridge,sfp-sfpplus1,sfp-sfpplus2,sfp-sfp\
plus3,sfp-sfpplus4,sfp-sfpplus5,sfp-sfpplus6,sfp-sfpplus7,sfp-sfpplus8,sfp\
-sfpplus9,sfp-sfpplus10,sfp-sfpplus11,sfp-sfpplus12,sfp28-1,sfp28-2" \
vlan-ids=60
add bridge=Trunk_bridge tagged="Trunk_bridge,sfp-sfpplus1,sfp-sfpplus2,sfp-sfp\
plus3,sfp-sfpplus4,sfp-sfpplus5,sfp-sfpplus6,sfp-sfpplus7,sfp-sfpplus8,sfp\
-sfpplus9,sfp-sfpplus10,sfp-sfpplus11,sfp-sfpplus12,sfp28-1,sfp28-2" \
vlan-ids=70
add bridge=Trunk_bridge tagged="Trunk_bridge,sfp-sfpplus1,sfp-sfpplus2,sfp-sfp\
plus3,sfp-sfpplus4,sfp-sfpplus5,sfp-sfpplus6,sfp-sfpplus7,sfp-sfpplus8,sfp\
-sfpplus9,sfp-sfpplus10,sfp-sfpplus11,sfp-sfpplus12,sfp28-1,sfp28-2" \
vlan-ids=80
add bridge=Trunk_bridge tagged="Trunk_bridge,sfp-sfpplus1,sfp-sfpplus2,sfp-sfp\
plus3,sfp-sfpplus4,sfp-sfpplus5,sfp-sfpplus6,sfp-sfpplus7,sfp-sfpplus8,sfp\
-sfpplus9,sfp-sfpplus10,sfp-sfpplus11,sfp-sfpplus12,sfp28-1,sfp28-2" \
vlan-ids=90
add bridge=Trunk_bridge tagged="Trunk_bridge,sfp-sfpplus1,sfp-sfpplus2,sfp-sfp\
plus3,sfp-sfpplus4,sfp-sfpplus5,sfp-sfpplus6,sfp-sfpplus7,sfp-sfpplus8,sfp\
-sfpplus9,sfp-sfpplus10,sfp-sfpplus11,sfp-sfpplus12,sfp28-1,sfp28-2" \
vlan-ids=100
/interface list member
add interface=ether1 list=WAN
add interface=vlan100 list=LAN
add interface=vlan50 list=Gast
add interface=vlan30 list=SECURITY
add interface=vlan90 list=WLAN
add interface=vlan40 list=IOT
add interface=vlan5 list=IPMI
add interface=vlan60 list=DMZ
add interface=vlan80 list=Cluster
add interface=vlan70 list=HA
/ip address
add address=172.16.1.1/24 interface=Trunk_bridge network=172.16.1.0
add address=172.16.5.1/24 interface=vlan5 network=172.16.5.0
add address=172.16.30.1/24 interface=vlan30 network=172.16.30.0
add address=172.16.40.1/24 interface=vlan40 network=172.16.40.0
add address=172.16.10.1/24 interface=vlan10 network=172.16.10.0
add address=172.16.50.1/24 interface=vlan50 network=172.16.50.0
add address=172.16.60.1/24 interface=vlan60 network=172.16.60.0
add address=172.16.70.1/24 interface=vlan70 network=172.16.70.0
add address=172.16.80.1/24 interface=vlan80 network=172.16.80.0
add address=172.16.90.1/24 interface=vlan90 network=172.16.90.0
add address=172.16.20.1/24 interface=vlan20 network=172.16.20.0
add address=172.16.100.1/24 interface=vlan100 network=172.16.100.0
/ip dhcp-client
add disabled=no interface=ether1
/ip dhcp-server network
add address=172.16.1.0/24 gateway=172.16.1.1
add address=172.16.5.0/24 gateway=172.16.5.1
add address=172.16.10.0/24 gateway=172.16.10.1
add address=172.16.20.0/24 gateway=172.16.20.1
add address=172.16.30.0/24 gateway=172.16.30.1
add address=172.16.40.0/24 gateway=172.16.40.1
add address=172.16.50.0/24 gateway=172.16.50.1
add address=172.16.60.0/24 gateway=172.16.60.1
add address=172.16.70.0/24 gateway=172.16.70.1
add address=172.16.80.0/24 gateway=172.16.80.1
add address=172.16.90.0/24 gateway=172.16.90.1
add address=172.16.100.0/24 dns-server=172.16.20.5,172.16.100.1 domain=\
xxx.xxx gateway=172.16.100.1
/ip dns
set allow-remote-requests=yes servers=1.1.1.1
/ip firewall filter
add action=accept chain=input connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input protocol=icmp
add action=drop chain=input disabled=yes in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
/ip firewall nat
add action=accept chain=srcnat out-interface-list=WAN
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set sip disabled=yes
set pptp disabled=yes
set dccp disabled=yes
/ip service
set telnet disabled=yes
set ftp disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/system clock
set time-zone-name=xxxx
/system identity
set name=xxx
/system ntp client
set enabled=yes primary-ntp=xx.xx.xx.xx secondary-ntp=xx.xx.xx.xx
/system ntp server
set broadcast=yes enabled=yes
/system resource irq rps
set ether1 disabled=yes
/ip route
add dst-address=172.16.1.1/24 gateway=172.16.16.2
add dst-address=172.16.5.1/24 gateway=172.16.16.2
add dst-address=172.16.30.1/24 gateway=172.16.16.2
add dst-address=172.16.40.1/24 gateway=172.16.16.2
add dst-address=172.16.10.1/24 gateway=172.16.16.2
add dst-address=172.16.50.1/24 gateway=172.16.16.2
add dst-address=172.16.60.1/24 gateway=172.16.16.2
add dst-address=172.16.70.1/24 gateway=172.16.16.2
add dst-address=172.16.80.1/24 gateway=172.16.16.2
add dst-address=172.16.90.1/24 gateway=172.16.16.2
add dst-address=172.16.20.1/24 gateway=172.16.16.2
add dst-address=172.16.100.1/24 gateway=172.16.16.2
# sep/09/2021 15:43:47 by RouterOS 6.48.4
# software id = xxxx
#
# model = CCR2004-1G-12S+2XS
# serial number = xxxxx
/interface bridge
add name=Trunk_bridge vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] comment=WAN
set [ find default-name=sfp-sfpplus1 ] l2mtu=9578 mtu=9000
set [ find default-name=sfp-sfpplus2 ] l2mtu=9578 mtu=9000
set [ find default-name=sfp-sfpplus3 ] l2mtu=9578 mtu=9000
set [ find default-name=sfp-sfpplus4 ] l2mtu=9578 mtu=9000
set [ find default-name=sfp-sfpplus5 ] l2mtu=9578 mtu=9000
set [ find default-name=sfp-sfpplus6 ] l2mtu=9578 mtu=9000
set [ find default-name=sfp-sfpplus7 ] l2mtu=9578 mtu=9000
set [ find default-name=sfp-sfpplus8 ] l2mtu=9578 mtu=9000
set [ find default-name=sfp-sfpplus9 ] l2mtu=9578 mtu=9000
set [ find default-name=sfp-sfpplus10 ] l2mtu=9578 mtu=9000
set [ find default-name=sfp-sfpplus11 ] l2mtu=9578 mtu=9000
set [ find default-name=sfp-sfpplus12 ] l2mtu=9578 mtu=9000
set [ find default-name=sfp28-1 ] l2mtu=9578 mtu=9000
set [ find default-name=sfp28-2 ] l2mtu=9578 mtu=9000
/interface vlan
add interface=Trunk_bridge mtu=9000 name=vlan5 vlan-id=5
add interface=Trunk_bridge mtu=9000 name=vlan10 vlan-id=10
add interface=Trunk_bridge mtu=9000 name=vlan20 vlan-id=20
add interface=Trunk_bridge mtu=9000 name=vlan30 vlan-id=30
add interface=Trunk_bridge mtu=9000 name=vlan40 vlan-id=40
add interface=Trunk_bridge mtu=9000 name=vlan50 vlan-id=50
add interface=Trunk_bridge mtu=9000 name=vlan60 vlan-id=60
add interface=Trunk_bridge mtu=9000 name=vlan70 vlan-id=70
add interface=Trunk_bridge mtu=9000 name=vlan80 vlan-id=80
add interface=Trunk_bridge mtu=9000 name=vlan90 vlan-id=90
add interface=Trunk_bridge mtu=9000 name=vlan100 vlan-id=100
/interface bonding
add comment="T6202 bond" mtu=9000 name=bonding1 slaves=\
sfp-sfpplus9,sfp-sfpplus10
add comment="t620 bond" mtu=9000 name=bonding2 slaves=\
sfp-sfpplus7,sfp-sfpplus8
add comment="t320 bond" mtu=9000 name=bonding3 slaves=\
sfp-sfpplus5,sfp-sfpplus6
/interface list
add name=WAN
add name=LAN
add name=Gast
add name=Server
add name=WLAN
add name=IOT
add name=SECURITY
add name=IPMI
add name=MGMT
add name=DMZ
add name=Cluster
add name=HA
/interface lte apn
set [ find default=yes ] ip-type=ipv4-ipv6
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool_ipmi ranges=172.16.5.100-172.16.5.254
add name=dhcp_pool_security ranges=172.16.30.100-172.16.30.254
add name=dhcp_pool_IoT ranges=172.16.40.100-172.16.40.254
add name=dhcp_pool_mgmt ranges=172.16.10.100-172.16.10.254
add name=dhcp_pool_guest ranges=172.16.50.2-172.16.50.254
add name=dhcp_pool_dmz ranges=172.16.60.100-172.16.60.254
add name=dhcp_pool_ha ranges=172.16.70.100-172.16.70.254
add name=dhcp_pool_cluster ranges=172.16.80.100-172.16.80.254
add name=dhcp_pool_wlan ranges=172.16.90.50-172.16.90.254
add name=dhcp_pool_LAN ranges=172.16.100.2-172.16.100.254
add name=dhcp_pool_server ranges=172.16.20.11-172.16.20.20
/ip dhcp-server
add address-pool=dhcp_pool_ipmi disabled=no interface=vlan5 lease-time=2h \
name=dhcp_ipmi
add address-pool=dhcp_pool_security disabled=no interface=vlan30 lease-time=\
2h name=dhcp_security
add address-pool=dhcp_pool_IoT disabled=no interface=vlan40 lease-time=2h \
name=dhcp_IoT
add address-pool=dhcp_pool_mgmt disabled=no interface=vlan10 lease-time=2h \
name=dhcp_mgmt
add address-pool=dhcp_pool_guest disabled=no interface=vlan50 lease-time=2h \
name=dhcp_guest
add address-pool=dhcp_pool_dmz disabled=no interface=vlan60 lease-time=2h \
name=dhcp_dmz
add address-pool=dhcp_pool_ha disabled=no interface=vlan70 lease-time=2h \
name=dhcp_ha
add address-pool=dhcp_pool_cluster disabled=no interface=vlan80 lease-time=2h \
name=dhcp_cluster
add address-pool=dhcp_pool_wlan disabled=no interface=vlan90 lease-time=8h \
name=dhcp_wlan
add address-pool=dhcp_pool_LAN disabled=no interface=vlan100 lease-time=8h \
name=dhcp_LAN
add address-pool=dhcp_pool_server disabled=no interface=vlan20 lease-time=8h \
name=dhcp_server
/interface bridge port
add bridge=Trunk_bridge interface=sfp-sfpplus1
add bridge=Trunk_bridge interface=sfp-sfpplus2
add bridge=Trunk_bridge interface=sfp-sfpplus3
add bridge=Trunk_bridge interface=sfp-sfpplus4
add bridge=Trunk_bridge interface=sfp-sfpplus11
add bridge=Trunk_bridge interface=sfp28-1
add bridge=Trunk_bridge interface=sfp28-2
add bridge=Trunk_bridge interface=sfp-sfpplus12
add bridge=Trunk_bridge interface=bonding1
add bridge=Trunk_bridge interface=bonding2
add bridge=Trunk_bridge interface=bonding3
/interface bridge vlan
add bridge=Trunk_bridge tagged="Trunk_bridge,sfp-sfpplus1,sfp-sfpplus2,sfp-sfp\
plus3,sfp-sfpplus4,sfp-sfpplus12,bonding1,bonding2,bonding3,sfp28-1,sfp28-\
2,sfp-sfpplus11" vlan-ids=10
add bridge=Trunk_bridge tagged="Trunk_bridge,sfp-sfpplus1,sfp-sfpplus2,sfp-sfp\
plus3,sfp-sfpplus4,bonding3,sfp-sfpplus11,sfp-sfpplus12,bonding1,bonding2,\
sfp28-1,sfp28-2" vlan-ids=5
add bridge=Trunk_bridge tagged="Trunk_bridge,sfp-sfpplus1,sfp-sfpplus2,sfp-sfp\
plus3,sfp-sfpplus4,bonding3,sfp-sfpplus9,sfp-sfpplus10,sfp-sfpplus11,sfp-s\
fpplus12,sfp28-1,sfp28-2,bonding1,bonding2" vlan-ids=20
add bridge=Trunk_bridge tagged="Trunk_bridge,sfp-sfpplus1,sfp-sfpplus2,sfp-sfp\
plus3,sfp-sfpplus4,bonding3,sfp-sfpplus11,sfp-sfpplus12,bonding1,bonding2,\
sfp28-1,sfp28-2" vlan-ids=30
add bridge=Trunk_bridge tagged="Trunk_bridge,sfp-sfpplus1,sfp-sfpplus2,sfp-sfp\
plus3,sfp-sfpplus4,bonding3,sfp-sfpplus11,sfp-sfpplus12,bonding1,bonding2,\
sfp28-1,sfp28-2" vlan-ids=40
add bridge=Trunk_bridge tagged="Trunk_bridge,sfp-sfpplus1,sfp-sfpplus2,sfp-sfp\
plus3,sfp-sfpplus4,bonding3,sfp-sfpplus11,sfp-sfpplus12,bonding1,bonding2,\
sfp28-1,sfp28-2" vlan-ids=50
add bridge=Trunk_bridge tagged="Trunk_bridge,sfp-sfpplus1,sfp-sfpplus2,sfp-sfp\
plus3,sfp-sfpplus4,bonding3,sfp-sfpplus11,sfp-sfpplus12,bonding1,bonding2,\
sfp28-1,sfp28-2" vlan-ids=60
add bridge=Trunk_bridge tagged="Trunk_bridge,sfp-sfpplus1,sfp-sfpplus2,sfp-sfp\
plus3,sfp-sfpplus4,bonding3,sfp-sfpplus11,sfp-sfpplus12,bonding1,bonding2,\
sfp28-1,sfp28-2" vlan-ids=70
add bridge=Trunk_bridge tagged="Trunk_bridge,sfp-sfpplus1,sfp-sfpplus2,sfp-sfp\
plus3,sfp-sfpplus4,bonding3,sfp-sfpplus11,sfp-sfpplus12,bonding1,bonding2,\
sfp28-1,sfp28-2" vlan-ids=80
add bridge=Trunk_bridge tagged="Trunk_bridge,sfp-sfpplus1,sfp-sfpplus2,sfp-sfp\
plus3,sfp-sfpplus4,bonding3,sfp-sfpplus11,sfp-sfpplus12,bonding1,bonding2,\
sfp28-1,sfp28-2" vlan-ids=90
add bridge=Trunk_bridge tagged="Trunk_bridge,sfp-sfpplus1,sfp-sfpplus2,sfp-sfp\
plus3,sfp-sfpplus4,bonding3,sfp-sfpplus11,sfp-sfpplus12,sfp28-1,sfp28-2,bo\
nding1,bonding2" vlan-ids=100
/interface list member
add interface=ether1 list=WAN
add interface=vlan100 list=LAN
add interface=vlan50 list=Gast
add interface=vlan30 list=SECURITY
add interface=vlan90 list=WLAN
add interface=vlan40 list=IOT
add interface=vlan5 list=IPMI
add interface=vlan60 list=DMZ
add interface=vlan80 list=Cluster
add interface=vlan70 list=HA
/ip address
add address=172.16.5.1/24 interface=vlan5 network=172.16.5.0
add address=172.16.30.1/24 interface=vlan30 network=172.16.30.0
add address=172.16.40.1/24 interface=vlan40 network=172.16.40.0
add address=172.16.10.1/24 interface=vlan10 network=172.16.10.0
add address=172.16.50.1/24 interface=vlan50 network=172.16.50.0
add address=172.16.60.1/24 interface=vlan60 network=172.16.60.0
add address=172.16.70.1/24 interface=vlan70 network=172.16.70.0
add address=172.16.80.1/24 interface=vlan80 network=172.16.80.0
add address=172.16.90.1/24 interface=vlan90 network=172.16.90.0
add address=172.16.20.1/24 interface=vlan20 network=172.16.20.0
add address=172.16.100.1/24 interface=vlan100 network=172.16.100.0
add address=172.16.16.2/30 interface=ether1 network=172.16.16.0
/ip dhcp-server network
add address=172.16.1.0/24 gateway=172.16.1.1
add address=172.16.5.0/24 gateway=172.16.5.1
add address=172.16.10.0/24 gateway=172.16.10.1
add address=172.16.20.0/24 gateway=172.16.20.1
add address=172.16.30.0/24 gateway=172.16.30.1
add address=172.16.40.0/24 gateway=172.16.40.1
add address=172.16.50.0/24 gateway=172.16.50.1
add address=172.16.60.0/24 gateway=172.16.60.1
add address=172.16.70.0/24 gateway=172.16.70.1
add address=172.16.80.0/24 gateway=172.16.80.1
add address=172.16.90.0/24 dns-server=172.16.90.1,172.16.16.1 gateway=\
172.16.90.1
add address=172.16.100.0/24 dns-server=172.16.20.5,172.16.100.1 domain=\
xxx.local gateway=172.16.100.1
/ip dns
set allow-remote-requests=yes servers=172.16.16.1,1.1.1.1
/ip firewall filter
add action=accept chain=input connection-state=established,related,untracked
add action=drop chain=input comment=" defconf: drop invalid" \
connection-state=invalid disabled=yes
add action=accept chain=input protocol=icmp
add action=drop chain=input disabled=yes in-interface-list=!LAN
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid disabled=yes
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set sip disabled=yes
set pptp disabled=yes
set dccp disabled=yes
/ip route
add distance=1 gateway=172.16.16.1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/system clock
set time-zone-name=Europe/Vienna
/system identity
set name=cr1
/system leds
set 18 disabled=yes
set 19 disabled=yes
set 20 disabled=yes
set 21 disabled=yes
set 22 disabled=yes
set 23 disabled=yes
set 24 disabled=yes
set 25 disabled=yes
/system ntp client
set enabled=yes primary-ntp=xxxxxxxx secondary-ntp=xxxxxxxx
/system ntp server
set broadcast=yes enabled=yes
/system resource irq rps
set ether1 disabled=yes
/tool mac-server
set allowed-interface-list=MGMT
/tool mac-server mac-winbox
set allowed-interface-list=MGMT
/tool mac-server ping
set enabled=no
/interface list
add name=WAN
/interface list member
add interface=ether1 list=WAN
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
/tool traceroute 172.16.16.1
/tool traceroute 172.16.16.1 src-address=172.16.50.1
ok, any reference on that?I stand corrected.