Thanks Cupaka, but I didn't really understand what you meant by that
I've eventually managed to get it working like I wanted:
It was actually very very simple:
- Created VLAN1 & VLAN2 on the Ether4 (connected to the WiFi AP)
- Created a bridge-WAN (with DHCP client enabled): Ether1 & VLAN1
- Created a bridge-local (with DHCP server enabled): Ether2, Ether3, Ether5 & VLAN2
The differences between the previous sketch of my network setup and the one I have now are:
- Removed Slave settings from Ether2-5
- Placed Ether3&5 in Local bridge
- Created a bridge-WAN: Ether1 & VLAN1
I'm not sure exactly where my mistakes were, but the biggest one was definitely that I had my Ether4 (connected the WiFi AP) set as a Slave of Ether2.
I've attached a screenshot (quick overview) of how my setup looks in WinBox:
working-network-setup.png
Here's a stripped down version of my config:
/interface bridge
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=proxy-arp auto-mac=yes \
comment="" disabled=no forward-delay=15s l2mtu=1520 max-message-age=20s \
mtu=1500 name=bridge-WAN priority=0x8000 protocol-mode=none \
transmit-hold-count=6
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes \
comment="" disabled=no forward-delay=15s l2mtu=1520 max-message-age=20s \
mtu=1500 name=bridge-local priority=0x8000 protocol-mode=none \
transmit-hold-count=6
/interface ethernet
set 0 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
"" disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:5E:9D:84 \
master-port=none mtu=1500 name=ether1-SCN speed=100Mbps
set 1 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
"" disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:5E:9D:85 \
master-port=none mtu=1500 name=ether2-local speed=100Mbps
set 2 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
"" disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:5E:9D:86 \
master-port=none mtu=1500 name=ether3-local speed=100Mbps
set 3 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
"" disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:5E:9D:87 \
master-port=none mtu=1500 name=ether4-D-Link speed=100Mbps
set 4 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
"" disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:5E:9D:88 \
master-port=none mtu=1500 name=ether5-local speed=100Mbps
/interface vlan
add arp=enabled comment="" disabled=no interface=ether4-D-Link l2mtu=1520 \
mtu=1500 name=VLAN-WAN use-service-tag=no vlan-id=1
add arp=enabled comment="" disabled=no interface=ether4-D-Link l2mtu=1520 \
mtu=1500 name=VLAN-local use-service-tag=no vlan-id=2
/interface ethernet switch
set switch1 mirror-source=none mirror-target=none name=switch1
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp authoritative=after-2sec-delay bootp-support=\
static disabled=no interface=bridge-local lease-time=3d name=local-dhcp
/interface bridge port
add bridge=bridge-WAN comment="" disabled=no edge=auto external-fdb=auto \
horizon=none interface=ether1-SCN path-cost=10 point-to-point=auto \
priority=0x80
add bridge=bridge-local comment="" disabled=no edge=auto external-fdb=auto \
horizon=none interface=ether2-local path-cost=10 point-to-point=auto \
priority=0x80
add bridge=bridge-WAN comment="" disabled=no edge=auto external-fdb=auto \
horizon=none interface=VLAN-WAN path-cost=10 point-to-point=auto \
priority=0x80
add bridge=bridge-local comment="" disabled=no edge=auto external-fdb=auto \
horizon=none interface=VLAN-local path-cost=10 point-to-point=auto \
priority=0x80
add bridge=bridge-local comment="" disabled=no edge=auto external-fdb=auto \
horizon=none interface=ether3-local path-cost=10 point-to-point=auto \
priority=0x80
add bridge=bridge-local comment="" disabled=no edge=auto external-fdb=auto \
horizon=none interface=ether5-local path-cost=10 point-to-point=auto \
priority=0x80
/interface bridge settings
set use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=\
no
/interface ethernet switch port
set (unknown) vlan-mode=fallback
set (unknown) vlan-mode=fallback
set (unknown) vlan-mode=fallback
set (unknown) vlan-mode=fallback
set (unknown) vlan-mode=fallback
/ip address
add address=192.168.88.1/24 broadcast=192.168.88.255 comment="Local IP range" \
disabled=no interface=bridge-local network=192.168.88.0
add address=192.168.0.51/31 broadcast=192.168.0.51 comment=\
"D-Link 2100 AP on 192.168.0.50" disabled=no interface=ether4-D-Link \
network=192.168.0.50
/ip dhcp-client
add add-default-route=yes comment="" default-route-distance=0 disabled=no \
interface=bridge-WAN use-peer-dns=yes use-peer-ntp=yes
/ip dhcp-server config
set store-leases-disk=5m
/ip dhcp-server network
add address=192.168.88.0/24 comment="default configuration" dns-server=\
192.168.88.1 gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB \
max-udp-packet-size=512 primary-dns=10.20.30.1
/ip dns static
add address=192.168.88.1 disabled=no name=router ttl=1d
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
tcp-close-wait-timeout=10s tcp-established-timeout=1d \
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=accept chain=input comment="default configuration" disabled=no \
protocol=icmp
add action=accept chain=input comment="default configuration" \
connection-state=established disabled=no in-interface=bridge-WAN
add action=accept chain=input comment="default configuration" \
connection-state=related disabled=no in-interface=bridge-WAN
add action=drop chain=input comment="default configuration" disabled=no \
in-interface=bridge-WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="SCN NAT" disabled=no dst-address=\
10.20.0.0/16 out-interface=bridge-WAN src-address=192.168.88.0/24
add action=masquerade chain=srcnat comment="Home Wireless Segment" disabled=\
no dst-address=192.168.0.0/24 dst-address-list="" out-interface=\
ether1-SCN src-address=192.168.88.0/24
add action=masquerade chain=srcnat comment=D-Link disabled=no dst-address=\
192.168.0.50/31 dst-address-list="" out-interface=ether4-D-Link \
src-address=192.168.88.0/23
/ip route
add comment="" disabled=no distance=1 dst-address=10.20.0.0/16 gateway=\
10.20.60.1 scope=30 target-scope=10
PS: What happened to the BBCode in this post of mine?!
You do not have the required permissions to view the files attached to this post.