Community discussions

MikroTik App
 
babbelut
newbie
Topic Author
Posts: 37
Joined: Tue Nov 19, 2013 10:15 pm

First time with RouterOS, where to start, how to configure?

Wed Nov 20, 2013 10:51 am

Hi all,

I just received my Cloud Router Switch (CRS125-24G-1S-2HnD-IN), and ofcourse I want to configure this routerboard.

I was able to connect to the switch with WebFig. I can see a lot of options and a lot of factory settings but I have no idea how and what to configure.
For example, I connected port 1 with my internetrouter and port 10 with my laptop, I can access internet but it goes very very slow...

What I want to do:

- port 1: connected to my internetrouter to have internet on the other ports.
- port 2: is connected to an AP, has to be in a "public" vlan. devices connected to this AP must have an IP in the range of this public vlan.
- port 3 - 13 + wlan: devices connected to this ports are in the "private" vlan. they receive an IP in the range of the private vlan.
- port 14 - 24: devices connected to this ports are in the vlan of the internetrouter. they receive an IP from this router.

I am sure I made some mistakes on using the correct names or definitions but I hope everybody understands the configuration I want.
Of course I did not talk about firewall and other options, I also hope that I can get some advice for this also.

So what I hope for is that you can tell me where to start, how to configure, how to learn,... I am a newbie on networking and routeros, so all help is much appreciated.

So first of all, do i remove the factory settings? How do I do this? What is the next step? I already tried to read the wiki but it seems to be to difficult to understand and find exactly what I need.


Thanks a lot!
 
CTrain
Frequent Visitor
Frequent Visitor
Posts: 66
Joined: Thu Nov 07, 2013 4:41 am

Re: First time with RouterOS, where to start, how to configu

Wed Nov 20, 2013 12:31 pm

Connect to the router and download the winbox utility for the easiest configuration.

I have some questions on what you want

Do you really want VLANs or are you happy to segregate with Firewall Rules and Subnets much easier and less headache?

I will outline how to build with out VLANs here using subnets
Create the Port 3-13 switch (Assuming the ether ports are called ether#

ros code

/interface ethernet
set ether4 master-port=ether3
set ether5 master-port=ether3
set ether6 master-port=ether3
set ether7 master-port=ether3
set ether8 master-port=ether3
set ether9 master-port=ether3
set ether10 master-port=ether3
set ether11 master-port=ether3
set ether12 master-port=ether3
set ether13 master-port=ether3
The Port 14-24 & 1 Switch

ros code

set ether14 master-port=ether1
set ether15 master-port=ether1
set ether16 master-port=ether1
set ether17 master-port=ether1
set ether18 master-port=ether1
set ether19 master-port=ether1
set ether20 master-port=ether1
set ether21 master-port=ether1
set ether22 master-port=ether1
set ether23 master-port=ether1
set ether24 master-port=ether1
Create a bridge using winbox for the private network and add ether3 and wlan1 to the bridge.

Remove all firewall and nat rules From IP -> Firewall

(if the CRS is providing DHCP)
Create a DHCP server for ether2 with the required details follow the winbox wizard
Create a DHCP server for bridge1 (the private network) using the winbox wizard

Finally create the firewall rules using winbox to
Drop Traffic from bridge1 to ether2
Drop Traffic from ether2 to bridge1

That should suit your application other firewall rules can be added to further segregate your network, and you will run at full switch speed most of the time. Let me know if this doesn't work or you need more help.

Add DHCP clients on all the networks interfaces (ether1, bridge1 etc) so that they are assigned an IP adress and routes
 
babbelut
newbie
Topic Author
Posts: 37
Joined: Tue Nov 19, 2013 10:15 pm

Re: First time with RouterOS, where to start, how to configu

Wed Nov 20, 2013 12:56 pm

Connect to the router and download the winbox utility for the easiest configuration.

I have some questions on what you want

Do you really want VLANs or are you happy to segregate with Firewall Rules and Subnets much easier and less headache?

I will outline how to build with out VLANs here using subnets
Create the Port 3-13 switch (Assuming the ether ports are called ether#

ros code

/interface ethernet
set ether4 master-port=ether3
set ether5 master-port=ether3
set ether6 master-port=ether3
set ether7 master-port=ether3
set ether8 master-port=ether3
set ether9 master-port=ether3
set ether10 master-port=ether3
set ether11 master-port=ether3
set ether12 master-port=ether3
set ether13 master-port=ether3
The Port 14-24 & 1 Switch

ros code

set ether14 master-port=ether1
set ether15 master-port=ether1
set ether16 master-port=ether1
set ether17 master-port=ether1
set ether18 master-port=ether1
set ether19 master-port=ether1
set ether20 master-port=ether1
set ether21 master-port=ether1
set ether22 master-port=ether1
set ether23 master-port=ether1
set ether24 master-port=ether1
Create a bridge using winbox for the private network and add ether3 and wlan1 to the bridge.

Remove all firewall and nat rules From IP -> Firewall

(if the CRS is providing DHCP)
Create a DHCP server for ether2 with the required details follow the winbox wizard
Create a DHCP server for bridge1 (the private network) using the winbox wizard

Finally create the firewall rules using winbox to
Drop Traffic from bridge1 to ether2
Drop Traffic from ether2 to bridge1

That should suit your application other firewall rules can be added to further segregate your network, and you will run at full switch speed most of the time. Let me know if this doesn't work or you need more help.
Thank you very much for the explanation.
Some additional questions:

- How is the internet trafic of port1 configured? Do I need to do something for this or just connect with the internetrouter?
- In your setup, does a device on port 14-24 receive an IP from the internetrouter?
- Is it possible that you forgot to mention the "public network" (this is just a network for visitors so they cannot access my nas, printer, ...)
 
CTrain
Frequent Visitor
Frequent Visitor
Posts: 66
Joined: Thu Nov 07, 2013 4:41 am

Re: First time with RouterOS, where to start, how to configu

Wed Nov 20, 2013 2:39 pm

Ports 1& 14-24 are switched together at wire speed, the DHCP settings are from the internetrouter.

I assume that the public network is on ether2 with the drop firewall rule is to stop communication between the public ether3-12&wlan1 (Bridge1) and ether2.
So any data on the private network is inaccessible on the public, whilst the internet-router is still fully accessible.
 
babbelut
newbie
Topic Author
Posts: 37
Joined: Tue Nov 19, 2013 10:15 pm

Re: First time with RouterOS, where to start, how to configu

Wed Nov 20, 2013 3:02 pm

Ports 1& 14-24 are switched together at wire speed, the DHCP settings are from the internetrouter.

I assume that the public network is on ether2 with the drop firewall rule is to stop communication between the public ether3-12&wlan1 (Bridge1) and ether2.
So any data on the private network is inaccessible on the public, whilst the internet-router is still fully accessible.
Thank you for your answers.
I will test this on my routerboard before asking new questions :)

Just one more question. With this setup, don't you create a bottleneck on port3?
 
CTrain
Frequent Visitor
Frequent Visitor
Posts: 66
Joined: Thu Nov 07, 2013 4:41 am

Re: First time with RouterOS, where to start, how to configu

Thu Nov 21, 2013 12:48 am

In RouterOS to perform hardware (No CPU Utilization) based packet switching you create a master/slave switch, if any packets are routed to a different subnet or utilize cpu feature it will go out of ether3 to the CPU which is limited to 1Gb/s on the NIC and 1Gb/s on the backbone from the hardware switch chip to the CPU. Thus for normal traffic between computers on the private Subnet there is no bottle neck, but traffic moving between the private and internetrouter subnet will be limited by the CPU (Generally around 200Mb/s) which also has the same effect if VLANS are used.
 
babbelut
newbie
Topic Author
Posts: 37
Joined: Tue Nov 19, 2013 10:15 pm

Re: First time with RouterOS, where to start, how to configu

Thu Nov 21, 2013 10:05 am

In RouterOS to perform hardware (No CPU Utilization) based packet switching you create a master/slave switch, if any packets are routed to a different subnet or utilize cpu feature it will go out of ether3 to the CPU which is limited to 1Gb/s on the NIC and 1Gb/s on the backbone from the hardware switch chip to the CPU. Thus for normal traffic between computers on the private Subnet there is no bottle neck, but traffic moving between the private and internetrouter subnet will be limited by the CPU (Generally around 200Mb/s) which also has the same effect if VLANS are used.
Is this an issue or is 200 Mb/s enough to have a decent internet connection on the workstations?


Another question: I logged in to the router yesterday with Winbox. I removed the factory settings but after that I was unable to login (IP 0.0.0.0). I have restored the router to factory settings now, and are able again to login, but ofcourse now all the settings are back again and I thought I needed to start from the scratch to be sure everything is installed as you said... What's the most ideal way to install my own configuration?
 
Neilson
Member Candidate
Member Candidate
Posts: 174
Joined: Tue Nov 06, 2012 10:42 pm
Location: Auckland, New Zealand

Re: First time with RouterOS, where to start, how to configu

Thu Nov 21, 2013 11:24 am

If you reset with no defaults

Then run winbox and it says 0.0.0.0 for the IP Address, click on the MAC address instead and use the "admin" / "" default config to login

Then you can create an IP Address on one interface if you want to use it that way or start your config and add a DHCP client to an interface if you want a management IP to work with in future.

We set up management IP's at work but we love love love mac address management and it has saved us from many an error

Regards
Alexander
 
babbelut
newbie
Topic Author
Posts: 37
Joined: Tue Nov 19, 2013 10:15 pm

Re: First time with RouterOS, where to start, how to configu

Thu Nov 21, 2013 11:31 am

If you reset with no defaults

Then run winbox and it says 0.0.0.0 for the IP Address, click on the MAC address instead and use the "admin" / "" default config to login

Then you can create an IP Address on one interface if you want to use it that way or start your config and add a DHCP client to an interface if you want a management IP to work with in future.

We set up management IP's at work but we love love love mac address management and it has saved us from many an error

Regards
Alexander
Thank you for your reply! I didn't know that clicking on the MAC address was possible. I will try this and come back if I have more questions. :)
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26322
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: First time with RouterOS, where to start, how to configu

Thu Nov 21, 2013 11:33 am

Reconfiguring the router from scratch several times in a row is the best way to learn your way around the console :)
 
babbelut
newbie
Topic Author
Posts: 37
Joined: Tue Nov 19, 2013 10:15 pm

Re: First time with RouterOS, where to start, how to configu

Thu Nov 21, 2013 7:58 pm

I was able to configure the switch, but now I am stuck in the DHCP server configuration...

I want a private network in the 192.168.14.1-192.168.14.254 range...

What do I have to enter in the wizard? DNS? gateway? ...

thank you
 
User avatar
pcunite
Forum Guru
Forum Guru
Posts: 1345
Joined: Sat May 25, 2013 5:13 am
Location: USA

Re: First time with RouterOS, where to start, how to configu

Thu Nov 21, 2013 8:53 pm

I want a private network in the 192.168.14.1-192.168.14.254 range...
Go to the IP / Pool menu then go back to IP / DHCP Server and add that pool under the Address Pool option. Under IP / DHCP there is a DHCP Setup wizard.
 
babbelut
newbie
Topic Author
Posts: 37
Joined: Tue Nov 19, 2013 10:15 pm

Re: First time with RouterOS, where to start, how to configu

Thu Nov 21, 2013 9:23 pm

I want a private network in the 192.168.14.1-192.168.14.254 range...
Go to the IP / Pool menu then go back to IP / DHCP Server and add that pool under the Address Pool option. Under IP / DHCP there is a DHCP Setup wizard.
there is no IP under the pool...
The switch is not yet connected with the internetrouter, but it must be possible to configure a dhcp server without internet?
 
CTrain
Frequent Visitor
Frequent Visitor
Posts: 66
Joined: Thu Nov 07, 2013 4:41 am

Re: First time with RouterOS, where to start, how to configu

Fri Nov 22, 2013 6:47 am

You must create a pool under ip ->pool once that is completed create a dhcp server with the wizard under ip-> dhcp
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26322
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: First time with RouterOS, where to start, how to configu

Fri Nov 22, 2013 8:49 am

The wizard actually will create the pool for you, if you have a static IP on that interface.
 
babbelut
newbie
Topic Author
Posts: 37
Joined: Tue Nov 19, 2013 10:15 pm

Re: First time with RouterOS, where to start, how to configu

Fri Nov 22, 2013 9:34 am

So If i configure a pool, f.e. 192.168.14.2-192.168.14.254 (I can not include 192.168.14.1 and 192.168.14.255?), the DHCP server will be able to work?

The answer to my question how to setup the DHCP server(s) is still not clear.

What if I want a DHCP server that gives my own configured IP's. Do I use the pool for this?
What if I want the internetrouter to give the IP's?

thank you very much for all the answers.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26322
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: First time with RouterOS, where to start, how to configu

Fri Nov 22, 2013 9:37 am

DHCP server will be the one to give the IP addresses. If you want your ISP to give the IP addresses, you don't need a DHCP server in your router, but you will need your ISP to cooperate. Usually ISPs don't give out more than one or two IP addresses, that's why you create a local area network with the help of your router, and give the local users "internal" IP addresses with the DHCP server.

To make a DHCP server, do these two things:

1. Add a local IP address to the local interface, for example 192.168.88.1/24
2. Run "/ip dhcp-server setup" and leave all pre-filled values as they are (basically agree to all that is offered)

that's all.
 
babbelut
newbie
Topic Author
Posts: 37
Joined: Tue Nov 19, 2013 10:15 pm

Re: First time with RouterOS, where to start, how to configu

Fri Nov 22, 2013 9:48 am

DHCP server will be the one to give the IP addresses. If you want your ISP to give the IP addresses, you don't need a DHCP server in your router, but you will need your ISP to cooperate. Usually ISPs don't give out more than one or two IP addresses, that's why you create a local area network with the help of your router, and give the local users "internal" IP addresses with the DHCP server.

To make a DHCP server, do these two things:

1. Add a local IP address to the local interface, for example 192.168.88.1/24
2. Run "/ip dhcp-server setup" and leave all pre-filled values as they are (basically agree to all that is offered)

that's all.
Thank you for your explanation about DHCP servers.
In my configuration, port 3-13 need an "internal" IP address. port 14-24 need an IP from the ISP (which is able to give more than a few IP addresses)

So for port 3-13 I setup a pool? And after this a DHCP server?
And what for port 14-24? How do I configure that these ports are getting an IP from the ISP.

And finally, I suppose when port 14-24 are getting an IP from the ISP they are able to connect with the internet? But what about port 3-13? How do I do this?
 
babbelut
newbie
Topic Author
Posts: 37
Joined: Tue Nov 19, 2013 10:15 pm

Re: First time with RouterOS, where to start, how to configu

Sat Nov 23, 2013 9:48 am

can somebody help me with my questions?
I tried to setup a pool, and a dhcp, but failed again.

Maybe a step by step explanation? Screenshots?

Thank you
 
babbelut
newbie
Topic Author
Posts: 37
Joined: Tue Nov 19, 2013 10:15 pm

Re: First time with RouterOS, where to start, how to configu

Sun Nov 24, 2013 12:48 pm

nobody?
I tried but failed again to configure the dhcp server/client
 
babbelut
newbie
Topic Author
Posts: 37
Joined: Tue Nov 19, 2013 10:15 pm

Re: First time with RouterOS, where to start, how to configu

Sun Nov 24, 2013 6:02 pm

I was able to configure the dhcp server.
But still I don't understand how to configure the ISP router...

I was able to give the private network an IP with the dhcp server. But how does the private network use the ISP 'internet'?

And how to configure the other network to receive an IP form the ISP router?

Thank you
 
babbelut
newbie
Topic Author
Posts: 37
Joined: Tue Nov 19, 2013 10:15 pm

Re: First time with RouterOS, where to start, how to configu

Mon Nov 25, 2013 10:48 am

Ok I searched a bit further...

Now I was able to give one port an IP of the ISP router... by setting the masterport of to the port where the ISP router is connected...
But off course I can not set a masterport on a bridge... How do i configure this?

Thanks
 
babbelut
newbie
Topic Author
Posts: 37
Joined: Tue Nov 19, 2013 10:15 pm

Re: First time with RouterOS, where to start, how to configu

Tue Nov 26, 2013 10:07 pm

still waiting for feedback...
 
babbelut
newbie
Topic Author
Posts: 37
Joined: Tue Nov 19, 2013 10:15 pm

Re: First time with RouterOS, where to start, how to configu

Thu Nov 28, 2013 7:59 pm

Are my reply's invisible :D
Can someone help please?
 
efaden
Forum Guru
Forum Guru
Posts: 1708
Joined: Sat Mar 30, 2013 1:55 am
Location: New York, USA

Re: First time with RouterOS, where to start, how to configu

Thu Nov 28, 2013 8:02 pm

Are my reply's invisible :D
Can someone help please?
Post your export and exactly what is wrong. I can look at it later today.
 
babbelut
newbie
Topic Author
Posts: 37
Joined: Tue Nov 19, 2013 10:15 pm

Re: First time with RouterOS, where to start, how to configu

Thu Nov 28, 2013 8:27 pm

Are my reply's invisible :D
Can someone help please?
Post your export and exactly what is wrong. I can look at it later today.
what do you mean by output?

I want in one subnet that all devices receive an IP from the ISP dhcpserver,
in the other subnets I want that the devices receive an IP from my own dhcp server on the microtik switch.

I could figure most things out, but I am still unable to find how to give one subnet ip's from my isp dhcpserver... How can I configure the bridge that all devices under it receive an ip from ISP....
 
efaden
Forum Guru
Forum Guru
Posts: 1708
Joined: Sat Mar 30, 2013 1:55 am
Location: New York, USA

Re: First time with RouterOS, where to start, how to configu

Thu Nov 28, 2013 8:38 pm

Are my reply's invisible :D
Can someone help please?
Post your export and exactly what is wrong. I can look at it later today.
what do you mean by output?

I want in one subnet that all devices receive an IP from the ISP dhcpserver,
in the other subnets I want that the devices receive an IP from my own dhcp server on the microtik switch.

I could figure most things out, but I am still unable to find how to give one subnet ip's from my isp dhcpserver... How can I configure the bridge that all devices under it receive an ip from ISP....
I'm not sure what you mean? Post a diagram of your network... and what exactly you want to accomplish.... as for the export...

Copy and paste the output of /export into ROS2 tags on this site (click on select syntax at the top of the post and click router os)...

-Eric
 
babbelut
newbie
Topic Author
Posts: 37
Joined: Tue Nov 19, 2013 10:15 pm

Re: First time with RouterOS, where to start, how to configu

Thu Nov 28, 2013 8:52 pm


I'm not sure what you mean? Post a diagram of your network... and what exactly you want to accomplish.... as for the export...

Copy and paste the output of /export into ROS2 tags on this site (click on select syntax at the top of the post and click router os)...

-Eric
I deleted all settings again to start from scratch, so there is no output, because i don't know what to do...

I don't have a diagram... how do I make this?

Maybe you can assist me a bit with msn/skype/...?

thank you very much
 
efaden
Forum Guru
Forum Guru
Posts: 1708
Joined: Sat Mar 30, 2013 1:55 am
Location: New York, USA

Re: First time with RouterOS, where to start, how to configu

Thu Nov 28, 2013 9:34 pm


I'm not sure what you mean? Post a diagram of your network... and what exactly you want to accomplish.... as for the export...

Copy and paste the output of /export into ROS2 tags on this site (click on select syntax at the top of the post and click router os)...

-Eric
I deleted all settings again to start from scratch, so there is no output, because i don't know what to do...

I don't have a diagram... how do I make this?

Maybe you can assist me a bit with msn/skype/...?

thank you very much
Maybe. This weekend is pretty busy for me. If I get a chance I can setup a basic config and post it here.... should basically do what you want from what I can tell.... I'll just assume your CRS has no config.

Diagram software... look around on the forum... there are tons (visio, dia, omnigraffle, etc).... personally I'm on OSX and use Omnigraffle.

At some point maybe we can chat and I can help you set it up remotely if you give me access.

-Eric
 
babbelut
newbie
Topic Author
Posts: 37
Joined: Tue Nov 19, 2013 10:15 pm

Re: First time with RouterOS, where to start, how to configu

Thu Nov 28, 2013 9:42 pm


I'm not sure what you mean? Post a diagram of your network... and what exactly you want to accomplish.... as for the export...

Copy and paste the output of /export into ROS2 tags on this site (click on select syntax at the top of the post and click router os)...

-Eric
I deleted all settings again to start from scratch, so there is no output, because i don't know what to do...

I don't have a diagram... how do I make this?

Maybe you can assist me a bit with msn/skype/...?

thank you very much
Maybe. This weekend is pretty busy for me. If I get a chance I can setup a basic config and post it here.... should basically do what you want from what I can tell.... I'll just assume your CRS has no config.

Diagram software... look around on the forum... there are tons (visio, dia, omnigraffle, etc).... personally I'm on OSX and use Omnigraffle.

At some point maybe we can chat and I can help you set it up remotely if you give me access.

-Eric
can you already help me how I can configure the subnet to receive ip's from my isp dhcprouter?
 
efaden
Forum Guru
Forum Guru
Posts: 1708
Joined: Sat Mar 30, 2013 1:55 am
Location: New York, USA

Re: First time with RouterOS, where to start, how to configu

Thu Nov 28, 2013 9:54 pm

ros code

/ip dhcp-client
add interface=ether1-gateway
Or something like that depending on the interface. That sets up a dhcp client on the specific interface.
 
babbelut
newbie
Topic Author
Posts: 37
Joined: Tue Nov 19, 2013 10:15 pm

Re: First time with RouterOS, where to start, how to configu

Thu Nov 28, 2013 10:05 pm

ros code

/ip dhcp-client
add interface=ether1-gateway
Or something like that depending on the interface. That sets up a dhcp client on the specific interface.
I will try to setup everything, i will make a diagram if necessary. If I need additional help I will let you know, thanks a lot already!
 
babbelut
newbie
Topic Author
Posts: 37
Joined: Tue Nov 19, 2013 10:15 pm

Re: First time with RouterOS, where to start, how to configu

Thu Nov 28, 2013 11:03 pm

Ok i tried to setup the switch, hereunder is my output.
It seems that my device on port10 is getting an IP but it cannot access internet...

Please have a look at it :)

ros code

/interface bridge
add l2mtu=1588 name=private_bridge
/interface wireless
set [ find default-name=wlan1 ] l2mtu=2290
/interface ethernet
set [ find default-name=ether4 ] master-port=ether3
set [ find default-name=ether5 ] master-port=ether3
set [ find default-name=ether6 ] master-port=ether3
set [ find default-name=ether7 ] master-port=ether3
set [ find default-name=ether8 ] master-port=ether3
set [ find default-name=ether9 ] master-port=ether3
set [ find default-name=ether10 ] master-port=ether3
set [ find default-name=ether11 ] master-port=ether3
set [ find default-name=ether12 ] master-port=ether3
set [ find default-name=ether13 ] master-port=ether3
set [ find default-name=ether14 ] master-port=ether1
set [ find default-name=ether15 ] master-port=ether1
set [ find default-name=ether16 ] master-port=ether1
set [ find default-name=ether17 ] master-port=ether1
set [ find default-name=ether18 ] master-port=ether1
set [ find default-name=ether19 ] master-port=ether1
set [ find default-name=ether20 ] master-port=ether1
set [ find default-name=ether21 ] master-port=ether1
set [ find default-name=ether22 ] master-port=ether1
set [ find default-name=ether23 ] master-port=ether1
set [ find default-name=ether24 ] master-port=ether1
/interface ethernet switch
set 0 bridge-type=service-vlan-bridge bypass-l2-security-check-filter-for="" \
    bypass-vlan-ingress-filter-for="" drop-if-invalid-vlan-on-ports="" \
    drop-if-no-vlan-assignment-on-ports="" drop-invalid-vlan=no \
    egress-mirror-ratio=1/1 egress-mirror0-enable=yes egress-mirror0-format=\
    modified egress-mirror0-port=cpu egress-mirror1-enable=yes \
    egress-mirror1-format=modified egress-mirror1-port=cpu \
    egress-sampling-ratio=1/1 fdb-uses=mirror0 igress-mirror0-port=cpu \
    igress-mirror1-port=cpu ingress-mirror-ratio=1/1 ingress-mirror0-enable=yes \
    ingress-mirror0-format=modified ingress-mirror1-enable=yes \
    ingress-mirror1-format=modified invalid-vlan-lookup-mode=ivl \
    ipv4-multicast-lookup-mode=dst-mac-and-vid-always mac-level-isolation=no \
    mirror-egress-if-ingress-mirrored=no mirror-tx-on-mirror-port=no \
    mirrored-packet-drop-precedence=0 mirrored-packet-qos-priority=0 \
    override-existing-when-ufdb-full=no unicast-fdb-age=5m \
    use-cvid-in-one2one-vlan-lookup=yes use-svid-in-one2one-vlan-lookup=no \
    vlan-level-isolation=no vlan-uses=mirror0
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \
    mac-cookie-timeout=3d
/ip pool
add name=dhcp_pool1 ranges=192.168.14.2-192.168.14.254
add name=dhcp_pool2 ranges=192.168.15.2-192.168.15.254
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=ether2 name="AP DHCP"
add address-pool=dhcp_pool2 disabled=no interface=private_bridge name=\
    "PRIVATE DHCP"
/port
set 0 name=serial0
/interface bridge port
add bridge=private_bridge interface=wlan1
add bridge=private_bridge interface=ether3
/interface ethernet switch port
set 0 egress-vlan-mode=unmodified isolation-profile=1 \
    qos-pcp-dei-map-drop-precedence=0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1 \
    qos-pcp-dei-map-priority=0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3 qos-resolution="(un\
    known),vlan-based,(unknown),da-based,sa-based,pcp-based,ingress-policy-based\
    ,(unknown)"
set 1 egress-vlan-mode=unmodified isolation-profile=1 \
    qos-pcp-dei-map-drop-precedence=0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1 \
    qos-pcp-dei-map-priority=0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3 qos-resolution="(un\
    known),vlan-based,(unknown),da-based,sa-based,pcp-based,ingress-policy-based\
    ,(unknown)"
set 2 egress-vlan-mode=unmodified isolation-profile=1 \
    qos-pcp-dei-map-drop-precedence=0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1 \
    qos-pcp-dei-map-priority=0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3 qos-resolution="(un\
    known),vlan-based,(unknown),da-based,sa-based,pcp-based,ingress-policy-based\
    ,(unknown)"
set 3 egress-vlan-mode=unmodified isolation-profile=1 \
    qos-pcp-dei-map-drop-precedence=0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1 \
    qos-pcp-dei-map-priority=0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3 qos-resolution="(un\
    known),vlan-based,(unknown),da-based,sa-based,pcp-based,ingress-policy-based\
    ,(unknown)"
set 4 egress-vlan-mode=unmodified isolation-profile=1 \
    qos-pcp-dei-map-drop-precedence=0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1 \
    qos-pcp-dei-map-priority=0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3 qos-resolution="(un\
    known),vlan-based,(unknown),da-based,sa-based,pcp-based,ingress-policy-based\
    ,(unknown)"
set 5 egress-vlan-mode=unmodified isolation-profile=1 \
    qos-pcp-dei-map-drop-precedence=0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1 \
    qos-pcp-dei-map-priority=0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3 qos-resolution="(un\
    known),vlan-based,(unknown),da-based,sa-based,pcp-based,ingress-policy-based\
    ,(unknown)"
set 6 egress-vlan-mode=unmodified isolation-profile=1 \
    qos-pcp-dei-map-drop-precedence=0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1 \
    qos-pcp-dei-map-priority=0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3 qos-resolution="(un\
    known),vlan-based,(unknown),da-based,sa-based,pcp-based,ingress-policy-based\
    ,(unknown)"
set 7 egress-vlan-mode=unmodified isolation-profile=1 \
    qos-pcp-dei-map-drop-precedence=0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1 \
    qos-pcp-dei-map-priority=0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3 qos-resolution="(un\
    known),vlan-based,(unknown),da-based,sa-based,pcp-based,ingress-policy-based\
    ,(unknown)"
set 8 egress-vlan-mode=unmodified isolation-profile=1 \
    qos-pcp-dei-map-drop-precedence=0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1 \
    qos-pcp-dei-map-priority=0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3 qos-resolution="(un\
    known),vlan-based,(unknown),da-based,sa-based,pcp-based,ingress-policy-based\
    ,(unknown)"
set 9 egress-vlan-mode=unmodified isolation-profile=1 \
    qos-pcp-dei-map-drop-precedence=0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1 \
    qos-pcp-dei-map-priority=0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3 qos-resolution="(un\
    known),vlan-based,(unknown),da-based,sa-based,pcp-based,ingress-policy-based\
    ,(unknown)"
set 10 egress-vlan-mode=unmodified isolation-profile=1 \
    qos-pcp-dei-map-drop-precedence=0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1 \
    qos-pcp-dei-map-priority=0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3 qos-resolution="(un\
    known),vlan-based,(unknown),da-based,sa-based,pcp-based,ingress-policy-based\
    ,(unknown)"
set 11 egress-vlan-mode=unmodified isolation-profile=1 \
    qos-pcp-dei-map-drop-precedence=0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1 \
    qos-pcp-dei-map-priority=0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3 qos-resolution="(un\
    known),vlan-based,(unknown),da-based,sa-based,pcp-based,ingress-policy-based\
    ,(unknown)"
set 12 egress-vlan-mode=unmodified isolation-profile=1 \
    qos-pcp-dei-map-drop-precedence=0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1 \
    qos-pcp-dei-map-priority=0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3 qos-resolution="(un\
    known),vlan-based,(unknown),da-based,sa-based,pcp-based,ingress-policy-based\
    ,(unknown)"
set 13 egress-vlan-mode=unmodified isolation-profile=1 \
    qos-pcp-dei-map-drop-precedence=0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1 \
    qos-pcp-dei-map-priority=0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3 qos-resolution="(un\
    known),vlan-based,(unknown),da-based,sa-based,pcp-based,ingress-policy-based\
    ,(unknown)"
set 14 egress-vlan-mode=unmodified isolation-profile=1 \
    qos-pcp-dei-map-drop-precedence=0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1 \
    qos-pcp-dei-map-priority=0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3 qos-resolution="(un\
    known),vlan-based,(unknown),da-based,sa-based,pcp-based,ingress-policy-based\
    ,(unknown)"
set 15 egress-vlan-mode=unmodified isolation-profile=1 \
    qos-pcp-dei-map-drop-precedence=0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1 \
    qos-pcp-dei-map-priority=0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3 qos-resolution="(un\
    known),vlan-based,(unknown),da-based,sa-based,pcp-based,ingress-policy-based\
    ,(unknown)"
set 16 egress-vlan-mode=unmodified isolation-profile=1 \
    qos-pcp-dei-map-drop-precedence=0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1 \
    qos-pcp-dei-map-priority=0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3 qos-resolution="(un\
    known),vlan-based,(unknown),da-based,sa-based,pcp-based,ingress-policy-based\
    ,(unknown)"
set 17 egress-vlan-mode=unmodified isolation-profile=1 \
    qos-pcp-dei-map-drop-precedence=0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1 \
    qos-pcp-dei-map-priority=0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3 qos-resolution="(un\
    known),vlan-based,(unknown),da-based,sa-based,pcp-based,ingress-policy-based\
    ,(unknown)"
set 18 egress-vlan-mode=unmodified isolation-profile=1 \
    qos-pcp-dei-map-drop-precedence=0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1 \
    qos-pcp-dei-map-priority=0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3 qos-resolution="(un\
    known),vlan-based,(unknown),da-based,sa-based,pcp-based,ingress-policy-based\
    ,(unknown)"
set 19 egress-vlan-mode=unmodified isolation-profile=1 \
    qos-pcp-dei-map-drop-precedence=0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1 \
    qos-pcp-dei-map-priority=0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3 qos-resolution="(un\
    known),vlan-based,(unknown),da-based,sa-based,pcp-based,ingress-policy-based\
    ,(unknown)"
set 20 egress-vlan-mode=unmodified isolation-profile=1 \
    qos-pcp-dei-map-drop-precedence=0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1 \
    qos-pcp-dei-map-priority=0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3 qos-resolution="(un\
    known),vlan-based,(unknown),da-based,sa-based,pcp-based,ingress-policy-based\
    ,(unknown)"
set 21 egress-vlan-mode=unmodified isolation-profile=1 \
    qos-pcp-dei-map-drop-precedence=0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1 \
    qos-pcp-dei-map-priority=0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3 qos-resolution="(un\
    known),vlan-based,(unknown),da-based,sa-based,pcp-based,ingress-policy-based\
    ,(unknown)"
set 22 egress-vlan-mode=unmodified isolation-profile=1 \
    qos-pcp-dei-map-drop-precedence=0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1 \
    qos-pcp-dei-map-priority=0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3 qos-resolution="(un\
    known),vlan-based,(unknown),da-based,sa-based,pcp-based,ingress-policy-based\
    ,(unknown)"
set 23 egress-vlan-mode=unmodified isolation-profile=1 \
    qos-pcp-dei-map-drop-precedence=0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1 \
    qos-pcp-dei-map-priority=0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3 qos-resolution="(un\
    known),vlan-based,(unknown),da-based,sa-based,pcp-based,ingress-policy-based\
    ,(unknown)"
set 24 egress-vlan-mode=unmodified isolation-profile=1 \
    qos-pcp-dei-map-drop-precedence=0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1 \
    qos-pcp-dei-map-priority=0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3 qos-resolution="(un\
    known),vlan-based,(unknown),da-based,sa-based,pcp-based,ingress-policy-based\
    ,(unknown)"
set 25 egress-vlan-mode=unmodified qos-pcp-dei-map-drop-precedence=\
    0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1 qos-pcp-dei-map-priority=\
    0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3 qos-resolution="(unknown),vlan-based,(unknow\
    n),da-based,sa-based,pcp-based,ingress-policy-based,(unknown)"
/ip address
add address=192.168.14.0/24 interface=ether2 network=192.168.14.0
add address=192.168.15.0/24 interface=private_bridge network=192.168.15.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.14.0/24 dns-server=192.168.14.1 gateway=192.168.14.1
add address=192.168.15.0/24 dns-server=192.168.15.1 gateway=192.168.15.1
/lcd interface
set wlan1 interface=wlan1
set ether1 interface=ether1
set ether2 interface=ether2
set ether3 interface=ether3
set ether4 interface=ether4
set ether5 interface=ether5
set ether6 interface=ether6
set ether7 interface=ether7
set ether8 interface=ether8
set ether9 interface=ether9
set ether10 interface=ether10
set ether11 interface=ether11
set ether12 interface=ether12
set ether13 interface=ether13
set ether14 interface=ether14
set ether15 interface=ether15
set ether16 interface=ether16
set ether17 interface=ether17
set ether18 interface=ether18
set ether19 interface=ether19
set ether20 interface=ether20
set ether21 interface=ether21
set ether22 interface=ether22
set ether23 interface=ether23
set ether24 interface=ether24
set sfp1 interface=sfp1
/lcd interface pages
set 0 interfaces="wlan1,ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,\
    ether9,ether10,ether11"
set 1 interfaces="ether12,ether13,ether14,ether15,ether16,ether17,ether18,ether1\
    9,ether20,ether21,ether22,ether23"
 
babbelut
newbie
Topic Author
Posts: 37
Joined: Tue Nov 19, 2013 10:15 pm

Re: First time with RouterOS, where to start, how to configu

Sun Dec 01, 2013 9:41 pm

Up... Still not solved
 
babbelut
newbie
Topic Author
Posts: 37
Joined: Tue Nov 19, 2013 10:15 pm

Re: First time with RouterOS, where to start, how to configu

Tue Dec 03, 2013 11:46 pm

Anyone with feedback?
 
babbelut
newbie
Topic Author
Posts: 37
Joined: Tue Nov 19, 2013 10:15 pm

Re: First time with RouterOS, where to start, how to configu

Wed Dec 04, 2013 9:39 pm

Come on guys...
 
CTrain
Frequent Visitor
Frequent Visitor
Posts: 66
Joined: Thu Nov 07, 2013 4:41 am

Re: First time with RouterOS, where to start, how to configu

Sat Dec 07, 2013 10:25 am

You appear to have the setup correct with a few problems,

1.IP addresses should be

ros code

/ip address
add address=192.168.14.1/24 interface=ether2 network=192.168.14.0
add address=192.168.15.1/24 interface=private_bridge network=192.168.15.0
So that the router has a real IP address.

2.
Also firewall rules and a NAT must be created to masquerade all traffic heading onto the internet as if it is coming from on of the DHCP leases of the ISP. thus all traffic out ether1 is to be masqueraded.

and the firewall rule blocking communication between the public and private subsets should also be created. I would recommend you use the winbox tool to create the firewall/NAT rules. Whilst I am proficient in creating them with the GUI(winbox) I don't know the exact command line setup to use sorry.

3.
Also you based upon your export you have a hotspot set up on what I believe to be the private wifi network. For security reasons I recommended that you use WPA2 sercurty wifi for the private network and hotspot for the public network. I can't help you to setup a hotspot because I never use them, however I can hep you to create a WPA2 wifi network if you need me to.

If you need an more help perhaps we can arrange a Skype meeting or something similar so that I can demonstrate the setup and solve the problems in real time, whilst using the GUI tool set for non standard tasks. Get your problem solved soon you have been screwed around enough. Sorry I have not replied sooner I have been very busy and I have not logged on in a while
 
babbelut
newbie
Topic Author
Posts: 37
Joined: Tue Nov 19, 2013 10:15 pm

Re: First time with RouterOS, where to start, how to configu

Sun Dec 08, 2013 10:52 am

You appear to have the setup correct with a few problems,

1.IP addresses should be

ros code

/ip address
add address=192.168.14.1/24 interface=ether2 network=192.168.14.0
add address=192.168.15.1/24 interface=private_bridge network=192.168.15.0
So that the router has a real IP address.

2.
Also firewall rules and a NAT must be created to masquerade all traffic heading onto the internet as if it is coming from on of the DHCP leases of the ISP. thus all traffic out ether1 is to be masqueraded.

and the firewall rule blocking communication between the public and private subsets should also be created. I would recommend you use the winbox tool to create the firewall/NAT rules. Whilst I am proficient in creating them with the GUI(winbox) I don't know the exact command line setup to use sorry.

3.
Also you based upon your export you have a hotspot set up on what I believe to be the private wifi network. For security reasons I recommended that you use WPA2 sercurty wifi for the private network and hotspot for the public network. I can't help you to setup a hotspot because I never use them, however I can hep you to create a WPA2 wifi network if you need me to.

If you need an more help perhaps we can arrange a Skype meeting or something similar so that I can demonstrate the setup and solve the problems in real time, whilst using the GUI tool set for non standard tasks. Get your problem solved soon you have been screwed around enough. Sorry I have not replied sooner I have been very busy and I have not logged on in a while
Hey,
no problem, your help is much appriciated!

Can we do the skype session? How can I contact you? I cannot send any private messages here...

Who is online

Users browsing this forum: MTNick and 46 guests