Ether1 for the company's WAN output
Ether2 for clients' WAN output
Ether10 for a switch where both networks will be divided by VLAN, as they will be distributed via Wi-Fi with Ubiquiti devices.
My problem is that with the configuration I have, I can't reach the internet. When I ping from the MikroTik RB3011 UiAS-RM router itself, it tells me that it doesn't have a route to the destination.
I'll attach the configuration to see if you can identify any issues.
Code: Select all
/interface bridge
add name=bridge-local vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] name=ether1-WANCORP
set [ find default-name=ether2 ] name=ether2-WANCLIENTES
/interface vlan
add interface=bridge-local name=vlan-clientes vlan-id=20
add interface=bridge-local name=vlan-local vlan-id=1
/interface list
add name=vlan
/ip pool
add name=dhcp_clients ranges=192.168.143.10-192.168.143.90,192.168.143.100-192.168.143.254
add name=dhcp_lan ranges=192.168.43.10-192.168.43.85,192.168.43.120-192.168.43.200
/ip dhcp-server
add address-pool=dhcp_clients comment="DHCP PARA VLAN CLIENTE" interface=vlan-clientes name=dhcp-clientes
add address-pool=dhcp_lan comment="DHCP PARA VLAN TRABAJO" interface=vlan-local lease-time=1h name=dhcp-work
/port
set 0 name=serial0
/routing table
add fib name=WORK
add fib name=CLIENTS
/interface bridge port
add bridge=bridge-local interface=ether3
add bridge=bridge-local interface=ether4
add bridge=bridge-local interface=ether5
add bridge=bridge-local interface=ether6
add bridge=bridge-local interface=ether7
add bridge=bridge-local interface=ether8
add bridge=bridge-local interface=ether9
add bridge=bridge-local interface=ether10
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface bridge vlan
add bridge=bridge-local tagged=ether10,bridge-local vlan-ids=1
add bridge=bridge-local tagged=bridge-local,ether10 vlan-ids=20
/interface list member
add interface=vlan-local list=vlan
add interface=vlan-clientes list=vlan
/ip address
add address=192.168.43.2/24 interface=bridge-local network=192.168.43.0
add address=192.168.43.1/24 interface=ether1-WANCORP network=192.168.43.0
add address=192.168.143.1/24 interface=ether2-WANCLIENTES network=192.168.143.0
add address=192.168.43.3/24 interface=vlan-local network=192.168.43.0
add address=192.168.143.2/24 interface=vlan-clientes network=192.168.143.0
/ip dhcp-server network
add address=192.168.43.0/24 dns-server=192.168.201.85,8.8.8.8,8.8.4.4 gateway=192.168.43.98
add address=192.168.143.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.143.98
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip firewall filter
add action=accept chain=forward disabled=yes out-interface=ether1-WANCORP src-address=19.168.43.0/24
add action=accept chain=forward disabled=yes out-interface=ether2-WANCLIENTES src-address=192.168.143.0/24
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1-WANCORP src-address=192.168.43.0/24
add action=masquerade chain=srcnat out-interface=ether2-WANCLIENTES src-address=192.168.143.0/24
/ip route
add dst-address=0.0.0.0/0 gateway=ether1-WANCORP routing-table=WORK
add dst-address=0.0.0.0/0 gateway=ether2-WANCLIENTES routing-table=CLIENTS
/routing rule
add action=lookup-only-in-table disabled=no src-address=192.168.43.0/24 table=WORK
add action=lookup-only-in-table disabled=no src-address=192.168.143.0/24 table=CLIENTS
/system note
set show-at-login=no