Community discussions

 
LukasGlonec
just joined
Topic Author
Posts: 6
Joined: Mon Jun 17, 2019 4:21 pm

Please help with routing

Thu Jun 20, 2019 2:57 pm

Hi everybody,
i am new in mikrotik routers technology and now i am confused, because i don´t know how to fix this. Below is my full actually configuration. I have 2 problems, but actually solve 1 of them is enough for me, if it works. The goal is, that all APs and wireless clients to reach external network 10.53.0.0/16, and also have the internet connection. There i see two ways to reach that:

1. Configure routing from 10.54.250.0/24 to 10.53.0.0/16, but i don´t know how. When are APs connected to 250.0, they have IP and distributed VLAN networks, they can ping 10.54.10.1 (interface on ASA), but not access to 10.53.0.0/16. ASA is configured correctly to enable access for both networks, 10.54.10.0 and 10.54.250.0, but works only for first network.

2. I will give APs to network 10.54.10.0/2 (I preffer this option). If i do that, APs obtain IP address from DHCP server, but if i ping them or try to connect via SSH, pinging changed with timeouting and sometime i connect via SSH successfully, sometimes not. Another problem is with distributing this network 10.54.10.0 (is also VLAN20). Wireless clients can connect to network, but they have no internet access and also they are not able to reach 10.53.0.0/16.

I am really don´t know, how to configure this, please help me, what i have to change for what.

Thank you so much!!!

For now, connection from 10.54.10.0/24 to 10.53.0.0./16 is working.
Note: Network 10.54.1.0/24 have to only reach the internet, not connect to network 10.53.0.0/16.
Here is my full configuration:

# jun/20/2019 13:54:46 by RouterOS 6.44.3
# software id = 5ZMQ-6A61
#
# model = 750GL
# serial number = 3B0502770449
/interface bridge
add name=bridge10-net-quest
add name=bridge20-net-in
add name=bridge250-ap-mng
/interface ethernet
set [ find default-name=ether1 ] comment="do CGW port 3 - pre 10.54.1.0" name=ether1-gateway speed=100Mbps
set [ find default-name=ether2 ] comment="do ASA port 2 - pre 10.54.10.0" name=ether2-ASA speed=100Mbps
set [ find default-name=ether3 ] comment="unifiObyvacka 44:D9:E7:F9:73:13" name=ether3-ap-obyvacka speed=100Mbps
set [ find default-name=ether4 ] comment="unifi na prvom 80:2A:A8:10:6E:0C" name=ether4-ap-prve_poschodie speed=100Mbps
set [ find default-name=ether5 ] comment="do switchu v kuchynke" name=ether5-to-switch speed=100Mbps
/interface vlan
add interface=ether3-ap-obyvacka name=vlan10-net-quest-obyvacka vlan-id=10
add interface=ether4-ap-prve_poschodie name=vlan10-net-quest-prve-poschodie vlan-id=10
add interface=ether5-to-switch name=vlan10-net-quest-sw vlan-id=10
add interface=ether3-ap-obyvacka name=vlan20-net-int-obyvacka vlan-id=20
add interface=ether4-ap-prve_poschodie name=vlan20-net-int-prve-poschodie vlan-id=20
add interface=ether5-to-switch name=vlan20-net-int-sw vlan-id=20
/interface list
add exclude=dynamic name=discover
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des
/ip pool
add name=dhcp_pool10-net-quest ranges=10.54.1.11-10.54.1.254
add name=dhcp_pool20-net-int ranges=10.54.10.11-10.54.10.254
add name=dhcp_pool250 ranges=10.54.250.2-10.54.250.254
/ip dhcp-server
add address-pool=dhcp_pool10-net-quest disabled=no interface=bridge10-net-quest name=dhcp10
add address-pool=dhcp_pool20-net-int disabled=no interface=bridge20-net-in name=dhcp20
add address-pool=dhcp_pool250 disabled=no interface=bridge250-ap-mng name=dhcp250
/system logging action
set 0 memory-lines=100
set 1 disk-lines-per-file=100
/interface bridge port
add bridge=bridge250-ap-mng interface=ether3-ap-obyvacka
add bridge=bridge250-ap-mng interface=ether4-ap-prve_poschodie
add bridge=bridge250-ap-mng interface=ether5-to-switch
add bridge=bridge10-net-quest interface=vlan10-net-quest-obyvacka
add bridge=bridge10-net-quest interface=vlan10-net-quest-prve-poschodie
add bridge=bridge10-net-quest interface=vlan10-net-quest-sw
add bridge=bridge20-net-in interface=vlan20-net-int-obyvacka
add bridge=bridge20-net-in interface=vlan20-net-int-prve-poschodie
add bridge=bridge20-net-in interface=vlan20-net-int-sw
add bridge=bridge20-net-in interface=ether2-ASA
/ip neighbor discovery-settings
set discover-interface-list=all
/interface list member
add interface=ether1-gateway list=discover
add interface=ether3-ap-obyvacka list=discover
add interface=ether4-ap-prve_poschodie list=discover
add interface=ether5-to-switch list=discover
add list=discover
add interface=bridge10-net-quest list=discover
add interface=bridge20-net-in list=discover
add interface=vlan10-net-quest-obyvacka list=discover
add interface=vlan10-net-quest-prve-poschodie list=discover
add interface=vlan10-net-quest-sw list=discover
add interface=vlan20-net-int-obyvacka list=discover
add interface=vlan20-net-int-prve-poschodie list=discover
add interface=vlan20-net-int-sw list=discover
add interface=ether2-ASA list=discover
add interface=bridge250-ap-mng list=discover
add interface=ether1-gateway list=WAN
add interface=bridge250-ap-mng list=LAN
add interface=bridge20-net-in list=LAN
add list=discover
add interface=ether2-ASA list=WAN
add list=LAN
/ip address
add address=10.54.1.1/24 comment=net-quest interface=bridge10-net-quest network=10.54.1.0
add address=10.54.10.2/24 comment=net-int interface=bridge20-net-in network=10.54.10.0
add address=195.168.8.62/29 interface=ether1-gateway network=195.168.8.56
add address=10.54.250.1/24 interface=bridge250-ap-mng network=10.54.250.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid interface=ether1-gateway
/ip dhcp-server lease
add address=10.54.250.254 client-id=1:44:d9:e7:f9:73:13 mac-address=44:D9:E7:F9:73:13 server=dhcp250
add address=10.54.250.253 client-id=1:80:2a:a8:10:6e:c mac-address=80:2A:A8:10:6E:0C server=dhcp250
add address=10.54.250.252 client-id=1:44:8a:5b:b5:35:fc mac-address=44:8A:5B:B5:35:FC server=dhcp250
add address=10.54.250.251 client-id=1:4:18:d6:20:97:f3 mac-address=04:18:D6:20:97:F3 server=dhcp250
add address=10.54.250.250 client-id=1:f0:9f:c2:f0:83:f6 mac-address=F0:9F:C2:F0:83:F6 server=dhcp250
add address=10.54.10.247 client-id=1:4:b1:67:ac:32:a7 comment="PAD osobny mobil" mac-address=04:B1:67:AC:32:A7 server=dhcp20
add address=10.54.10.246 client-id=1:cc:fa:0:af:ef:8a comment="PAD sluzobny mobil" mac-address=CC:FA:00:AF:EF:8A server=dhcp20
add address=10.54.10.239 client-id=1:8c:1a:bf:a0:7:a1 comment="LGL mobil" mac-address=8C:1A:BF:A0:07:A1 server=dhcp20
add address=10.54.10.238 client-id=1:28:c6:3f:4f:52:4a comment="OHO notebook" mac-address=28:C6:3F:4F:52:4A server=dhcp20
add address=10.54.10.237 client-id=1:24:77:3:1d:20:f8 comment="JPU notebook" mac-address=24:77:03:1D:20:F8 server=dhcp20
add address=10.54.10.234 client-id=1:34:41:5d:30:46:ed comment="MCV notebook" mac-address=34:41:5D:30:46:ED server=dhcp20
add address=10.54.10.233 client-id=1:dc:a9:4:88:ef:27 comment="JDU notebook" mac-address=DC:A9:04:88:EF:27 server=dhcp20
/ip dhcp-server network
add address=10.54.1.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=10.54.1.1
add address=10.54.10.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=10.54.10.1
add address=10.54.250.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=10.54.250.1
/ip dns
set servers=8.8.8.8
/ip dns static
add address=192.168.88.1 name=router
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" out-interface=ether1-gateway out-interface-list=WAN
/ip route
add distance=1 gateway=195.168.8.57
add distance=1 dst-address=10.53.0.0/16 gateway=bridge20-net-in pref-src=10.54.10.2
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip tftp
add ip-addresses=10.53.61.35
/system clock
set time-zone-autodetect=no time-zone-name=Europe/Bratislava
/system identity
set name=wlPlaut.wifi
/system ntp client
set enabled=yes primary-ntp=217.73.28.10
/system routerboard settings
set cpu-frequency=250MHz
/tool mac-server
set allowed-interface-list=WAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN

Who is online

Users browsing this forum: No registered users and 74 guests