i need help with some configuration, I have strange problem with mine. Please tell me what is wrong
below is my setup, but strangely the network is very very slow, e.g. when loading webpages, it time out the first time, many sites fail to connect and so on and when i remove all my config everything is fine again.
here is my config
Code: Select all
# 2024-02-29 23:02:16 by RouterOS 7.13.5
# software id = U3ZI-3UB1
#
# model = RB750Gr3
# serial number = CC220EBE14C3
/interface bridge
add igmp-snooping=yes ingress-filtering=no name=bridge1 port-cost-mode=short \
vlan-filtering=yes
/interface vlan
add interface=bridge1 name=Guest_VLAN vlan-id=30
add interface=bridge1 name=Mgmt_VLAN vlan-id=99
add interface=bridge1 name=Office_VLAN vlan-id=10
add interface=bridge1 name=Training_VLAN vlan-id=20
/interface list
add name=WAN
add name=Internal
add name=Guest
add name=Mgmt
add name=Training
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/ip pool
add name=Office_POOL ranges=192.168.2.121-192.168.2.250
add name=Training_POOL ranges=192.168.1.151-192.168.1.254
add name=Guest_POOL ranges=10.0.30.30-10.0.30.250
add name=Mgmt_POOL ranges=192.168.99.5-192.168.99.254
/ip dhcp-server
add address-pool=Office_POOL interface=Office_VLAN lease-time=10m name=\
Office_DHCP
add address-pool=Training_POOL interface=Training_VLAN lease-time=10m name=\
Training_DHCP
add address-pool=Guest_POOL interface=Guest_VLAN lease-time=10m name=\
Guest_DHCP
add address-pool=Mgmt_POOL interface=Mgmt_VLAN lease-time=10m name=Mgmt_DHCP
/port
set 0 name=serial0
/interface bridge port
add bridge=bridge1 ingress-filtering=no interface=ether2 internal-path-cost=\
10 path-cost=10 pvid=10
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \
interface=ether3 internal-path-cost=10 path-cost=10 pvid=10
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \
interface=ether4 internal-path-cost=10 path-cost=10 pvid=99
add bridge=bridge1 frame-types=admit-only-vlan-tagged interface=ether5 \
internal-path-cost=10 path-cost=10
/interface bridge vlan
add bridge=bridge1 tagged=bridge1,ether5 untagged=ether3 vlan-ids=10
add bridge=bridge1 tagged=bridge1,ether5 vlan-ids=20
add bridge=bridge1 tagged=bridge1,ether5 vlan-ids=30
add bridge=bridge1 tagged=bridge1,ether5 untagged=ether4 vlan-ids=99
/interface detect-internet
set wan-interface-list=WAN
/interface list member
add interface=ether1 list=WAN
add interface=Office_VLAN list=Internal
add interface=Guest_VLAN list=Guest
add interface=Mgmt_VLAN list=Mgmt
add interface=Training_VLAN list=Training
add interface=Mgmt_VLAN list=Internal
/ip address
add address=192.168.99.1/24 interface=Mgmt_VLAN network=192.168.99.0
add address=192.168.2.1/24 interface=Office_VLAN network=192.168.2.0
add address=192.168.1.1/24 interface=Training_VLAN network=192.168.1.0
add address=10.0.30.1/24 interface=Guest_VLAN network=10.0.30.0
/ip cloud
set update-time=no
/ip dhcp-client
add interface=ether1
/ip dhcp-server network
add address=10.0.30.0/24 dns-server=10.0.30.1 gateway=10.0.30.1
add address=192.168.1.0/24 dns-server=192.168.1.1 gateway=192.168.1.1
add address=192.168.2.0/24 dns-server=192.168.2.1 gateway=192.168.2.1
add address=192.168.3.0/24 dns-server=192.168.3.1 gateway=192.168.3.1
add address=192.168.99.0/24 dns-server=192.168.99.1 gateway=192.168.99.1
/ip dns
set allow-remote-requests=yes servers=1.1.1.1,1.0.0.1
/ip firewall filter
add action=accept chain=input comment=\
"ATikconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="ATikconf: drop invalid" \
connection-state=invalid
add action=accept chain=input comment="ATikconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="Allow Internal" in-interface-list=\
Internal
add action=accept chain=input comment="Allow Training" in-interface-list=\
Training
add action=accept chain=input comment="Allow Guest" in-interface-list=Guest
add action=accept chain=input comment="Allow Mgmt_Vlan Full Access" \
in-interface-list=Mgmt
add action=fasttrack-connection chain=forward comment="ATikconf: fasttrack" \
connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
"ATikconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=accept chain=forward comment="Training_VLAN to Office_VLAN" \
connection-state=new in-interface-list=Training out-interface-list=\
Internal
add action=accept chain=forward comment="Office_VLAN to Training_VLAN" \
connection-state=new in-interface-list=Internal out-interface-list=\
Training
add action=accept chain=forward comment="Internal Internet Access only" \
connection-state=new in-interface-list=Internal out-interface-list=WAN
add action=accept chain=forward comment="Guest Internet Access only" \
connection-state=new in-interface-list=Guest out-interface-list=WAN
add action=accept chain=forward comment="mgmt to mgmt" in-interface-list=Mgmt \
out-interface-list=Mgmt
add action=drop chain=forward comment="ATikconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"ATikconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="Default masquerade" \
out-interface-list=WAN
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh address=192.168.99.0/24
set api disabled=yes
set winbox address=192.168.99.0/24
set api-ssl disabled=yes
/ip socks
set auth-method=password enabled=yes port=20907 version=5
/ip socks users
add name=es9999
/ip ssh
set strong-crypto=yes
/system clock
set time-zone-name=Asia/Singapore
/system identity
set name=Router
/system logging
set 1 action=disk
/system note
set show-at-login=no
/system ntp client
set enabled=yes
/system ntp server
set broadcast=yes broadcast-addresses=192.168.99.1 enabled=yes
/system ntp client servers
add address=sg.pool.ntp.org
/tool bandwidth-server
set enabled=no
/tool mac-server
set allowed-interface-list=none
/tool mac-server mac-winbox
set allowed-interface-list=none
/tool mac-server ping
set enabled=no