Community discussions

MikroTik App
just joined
Topic Author
Posts: 6
Joined: Mon Jun 17, 2019 4:21 pm

Please help with routing

Thu Jun 20, 2019 2:57 pm

Hi everybody,
i am new in mikrotik routers technology and now i am confused, because i don´t know how to fix this. Below is my full actually configuration. I have 2 problems, but actually solve 1 of them is enough for me, if it works. The goal is, that all APs and wireless clients to reach external network, and also have the internet connection. There i see two ways to reach that:

1. Configure routing from to, but i don´t know how. When are APs connected to 250.0, they have IP and distributed VLAN networks, they can ping (interface on ASA), but not access to ASA is configured correctly to enable access for both networks, and, but works only for first network.

2. I will give APs to network (I preffer this option). If i do that, APs obtain IP address from DHCP server, but if i ping them or try to connect via SSH, pinging changed with timeouting and sometime i connect via SSH successfully, sometimes not. Another problem is with distributing this network (is also VLAN20). Wireless clients can connect to network, but they have no internet access and also they are not able to reach

I am really don´t know, how to configure this, please help me, what i have to change for what.

Thank you so much!!!

For now, connection from to is working.
Note: Network have to only reach the internet, not connect to network
Here is my full configuration:

# jun/20/2019 13:54:46 by RouterOS 6.44.3
# software id = 5ZMQ-6A61
# model = 750GL
# serial number = 3B0502770449
/interface bridge
add name=bridge10-net-quest
add name=bridge20-net-in
add name=bridge250-ap-mng
/interface ethernet
set [ find default-name=ether1 ] comment="do CGW port 3 - pre" name=ether1-gateway speed=100Mbps
set [ find default-name=ether2 ] comment="do ASA port 2 - pre" name=ether2-ASA speed=100Mbps
set [ find default-name=ether3 ] comment="unifiObyvacka 44:D9:E7:F9:73:13" name=ether3-ap-obyvacka speed=100Mbps
set [ find default-name=ether4 ] comment="unifi na prvom 80:2A:A8:10:6E:0C" name=ether4-ap-prve_poschodie speed=100Mbps
set [ find default-name=ether5 ] comment="do switchu v kuchynke" name=ether5-to-switch speed=100Mbps
/interface vlan
add interface=ether3-ap-obyvacka name=vlan10-net-quest-obyvacka vlan-id=10
add interface=ether4-ap-prve_poschodie name=vlan10-net-quest-prve-poschodie vlan-id=10
add interface=ether5-to-switch name=vlan10-net-quest-sw vlan-id=10
add interface=ether3-ap-obyvacka name=vlan20-net-int-obyvacka vlan-id=20
add interface=ether4-ap-prve_poschodie name=vlan20-net-int-prve-poschodie vlan-id=20
add interface=ether5-to-switch name=vlan20-net-int-sw vlan-id=20
/interface list
add exclude=dynamic name=discover
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des
/ip pool
add name=dhcp_pool10-net-quest ranges=
add name=dhcp_pool20-net-int ranges=
add name=dhcp_pool250 ranges=
/ip dhcp-server
add address-pool=dhcp_pool10-net-quest disabled=no interface=bridge10-net-quest name=dhcp10
add address-pool=dhcp_pool20-net-int disabled=no interface=bridge20-net-in name=dhcp20
add address-pool=dhcp_pool250 disabled=no interface=bridge250-ap-mng name=dhcp250
/system logging action
set 0 memory-lines=100
set 1 disk-lines-per-file=100
/interface bridge port
add bridge=bridge250-ap-mng interface=ether3-ap-obyvacka
add bridge=bridge250-ap-mng interface=ether4-ap-prve_poschodie
add bridge=bridge250-ap-mng interface=ether5-to-switch
add bridge=bridge10-net-quest interface=vlan10-net-quest-obyvacka
add bridge=bridge10-net-quest interface=vlan10-net-quest-prve-poschodie
add bridge=bridge10-net-quest interface=vlan10-net-quest-sw
add bridge=bridge20-net-in interface=vlan20-net-int-obyvacka
add bridge=bridge20-net-in interface=vlan20-net-int-prve-poschodie
add bridge=bridge20-net-in interface=vlan20-net-int-sw
add bridge=bridge20-net-in interface=ether2-ASA
/ip neighbor discovery-settings
set discover-interface-list=all
/interface list member
add interface=ether1-gateway list=discover
add interface=ether3-ap-obyvacka list=discover
add interface=ether4-ap-prve_poschodie list=discover
add interface=ether5-to-switch list=discover
add list=discover
add interface=bridge10-net-quest list=discover
add interface=bridge20-net-in list=discover
add interface=vlan10-net-quest-obyvacka list=discover
add interface=vlan10-net-quest-prve-poschodie list=discover
add interface=vlan10-net-quest-sw list=discover
add interface=vlan20-net-int-obyvacka list=discover
add interface=vlan20-net-int-prve-poschodie list=discover
add interface=vlan20-net-int-sw list=discover
add interface=ether2-ASA list=discover
add interface=bridge250-ap-mng list=discover
add interface=ether1-gateway list=WAN
add interface=bridge250-ap-mng list=LAN
add interface=bridge20-net-in list=LAN
add list=discover
add interface=ether2-ASA list=WAN
add list=LAN
/ip address
add address= comment=net-quest interface=bridge10-net-quest network=
add address= comment=net-int interface=bridge20-net-in network=
add address= interface=ether1-gateway network=
add address= interface=bridge250-ap-mng network=
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid interface=ether1-gateway
/ip dhcp-server lease
add address= client-id=1:44:d9:e7:f9:73:13 mac-address=44:D9:E7:F9:73:13 server=dhcp250
add address= client-id=1:80:2a:a8:10:6e:c mac-address=80:2A:A8:10:6E:0C server=dhcp250
add address= client-id=1:44:8a:5b:b5:35:fc mac-address=44:8A:5B:B5:35:FC server=dhcp250
add address= client-id=1:4:18:d6:20:97:f3 mac-address=04:18:D6:20:97:F3 server=dhcp250
add address= client-id=1:f0:9f:c2:f0:83:f6 mac-address=F0:9F:C2:F0:83:F6 server=dhcp250
add address= client-id=1:4:b1:67:ac:32:a7 comment="PAD osobny mobil" mac-address=04:B1:67:AC:32:A7 server=dhcp20
add address= client-id=1:cc:fa:0:af:ef:8a comment="PAD sluzobny mobil" mac-address=CC:FA:00:AF:EF:8A server=dhcp20
add address= client-id=1:8c:1a:bf:a0:7:a1 comment="LGL mobil" mac-address=8C:1A:BF:A0:07:A1 server=dhcp20
add address= client-id=1:28:c6:3f:4f:52:4a comment="OHO notebook" mac-address=28:C6:3F:4F:52:4A server=dhcp20
add address= client-id=1:24:77:3:1d:20:f8 comment="JPU notebook" mac-address=24:77:03:1D:20:F8 server=dhcp20
add address= client-id=1:34:41:5d:30:46:ed comment="MCV notebook" mac-address=34:41:5D:30:46:ED server=dhcp20
add address= client-id=1:dc:a9:4:88:ef:27 comment="JDU notebook" mac-address=DC:A9:04:88:EF:27 server=dhcp20
/ip dhcp-server network
add address= dns-server=, gateway=
add address= dns-server=, gateway=
add address= dns-server=, gateway=
/ip dns
set servers=
/ip dns static
add address= name=router
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" out-interface=ether1-gateway out-interface-list=WAN
/ip route
add distance=1 gateway=
add distance=1 dst-address= gateway=bridge20-net-in pref-src=
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip tftp
add ip-addresses=
/system clock
set time-zone-autodetect=no time-zone-name=Europe/Bratislava
/system identity
set name=wlPlaut.wifi
/system ntp client
set enabled=yes primary-ntp=
/system routerboard settings
set cpu-frequency=250MHz
/tool mac-server
set allowed-interface-list=WAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN

Who is online

Users browsing this forum: ErfanDL, eworm, heidari, ivanfm, Majestic-12 [Bot], msatter, Sob, txfz and 68 guests