Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

Initial Setup doesn't work

Post Reply
 
myhomeswitch
just joined
Topic Author
Posts: 1
Joined: Wed Oct 13, 2021 7:57 pm

Initial Setup doesn't work

Fri Oct 29, 2021 6:43 pm

Hi there,
this is my first mikrotik device and I'm not able to get it running.
I followed the guide from pcunite and expanded it only to use more interfaces and IP-Ranges
But I'm not able to access the internet or the network between my isp router and router-os.
This is my setup:
ISP Router <-> internal Network <- mikro tik (CRS326-24G-2S+)<-> Laptop
this is my configuration:
Code: Select all
# jan/02/1970 00:25:00 by RouterOS 6.49
# software id = MWC8-F2JW
#
# model = CRS326-24G-2S+
/interface bridge
add fast-forward=no name=bridge1 vlan-filtering=yes
/interface vlan
add interface=bridge1 name=V_Gast_99 vlan-id=99
add interface=bridge1 name=V_Haupt_10 vlan-id=10
add interface=bridge1 name=V_MGMT_69 vlan-id=69
/interface list
add name=WAN
add name=VLAN
add name=BASE
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=pool_V_Haupt_10 ranges=10.81.10.50-10.81.10.250
add name=pool_V_MGMT_69 ranges=10.81.69.50-10.81.69.250
add name=pool_V_Gast_99 ranges=192.168.1.50-192.168.1.250
/ip dhcp-server
add address-pool=pool_V_Haupt_10 disabled=no interface=V_Haupt_10 name=\
    dhcp_V_Haupt_10
add address-pool=pool_V_MGMT_69 disabled=no interface=V_MGMT_69 name=\
    dhcp_V_MGMT_69
add address-pool=pool_V_Gast_99 disabled=no interface=V_Gast_99 name=\
    dhcp_V_Gast_99
/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3 pvid=10
add bridge=bridge1 interface=ether4 pvid=10
add bridge=bridge1 interface=ether5 pvid=10
add bridge=bridge1 interface=ether6 pvid=10
add bridge=bridge1 interface=ether7 pvid=10
add bridge=bridge1 interface=ether8 pvid=10
add bridge=bridge1 interface=ether9 pvid=99
add bridge=bridge1 interface=ether10 pvid=99
add bridge=bridge1 interface=ether11 pvid=99
add bridge=bridge1 interface=ether12 pvid=99
add bridge=bridge1 interface=ether13 pvid=99
add bridge=bridge1 interface=ether15 pvid=99
add bridge=bridge1 interface=ether16 pvid=99
add bridge=bridge1 interface=ether17 pvid=69
add bridge=bridge1 interface=ether18 pvid=69
add bridge=bridge1 interface=ether19 pvid=69
add bridge=bridge1 interface=ether20 pvid=69
/interface bridge vlan
add bridge=bridge1 tagged=bridge1,ether2 untagged=\
    ether3,ether4,ether5,ether6,ether7,ether8 vlan-ids=10
add bridge=bridge1 tagged=bridge1,ether2 untagged=\
    ether17,ether18,ether19,ether20 vlan-ids=69
add bridge=bridge1 tagged=bridge1,ether2 untagged=\
    ether9,ether10,ether11,ether12,ether13,ether15,ether16 vlan-ids=99
/interface ethernet switch rule
add dst-address=192.168.189.0/24 new-dst-ports="" ports=\
    ether2,ether3,ether4,ether5,ether6,ether7,ether8 src-address=\
    10.81.10.0/24 switch=switch1
add dst-address=192.168.189.0/24 new-dst-ports="" ports=\
    ether9,ether10,ether11,ether12,ether13,ether15,ether16 src-address=\
    192.168.1.0/24 switch=switch1
/interface list member
add interface=ether1 list=WAN
add interface=V_Haupt_10 list=VLAN
add interface=V_MGMT_69 list=VLAN
add interface=V_Gast_99 list=VLAN
add interface=V_MGMT_69 list=BASE
/ip address
add address=192.168.189.2/24 interface=ether1 network=192.168.189.0
add address=10.81.10.1/24 interface=V_Haupt_10 network=10.81.10.0
add address=192.168.1.1/24 interface=V_Gast_99 network=192.168.1.0
add address=10.81.69.1/24 interface=V_MGMT_69 network=10.81.69.0
/ip dhcp-server network
add address=10.81.10.0/24 dns-server=192.168.189.1 gateway=10.81.10.1
add address=10.81.69.0/24 dns-server=192.168.189.1 gateway=10.81.69.1
add address=192.168.1.0/24 dns-server=192.168.189.1 gateway=192.168.1.1
/ip firewall filter
add action=accept chain=input comment="Allow Estab & Related" connection-state=established,related
add action=accept chain=input comment="Allow VLAN" in-interface-list=VLAN
add action=accept chain=input comment="Allow Base_Vlan Full Access" in-interface-list=BASE
add action=drop chain=input comment=Drop
add action=accept chain=forward comment="Allow Estab & Related" connection-state=established,related
add action=accept chain=forward comment="VLAN Internet Access only" connection-state=new in-interface-list=VLAN out-interface-list=WAN
add action=drop chain=forward comment=Drop
/ip firewall nat
add action=masquerade chain=srcnat comment="Default masquerade" out-interface-list=WAN
/ip route
add distance=1 gateway=192.168.189.1
/system routerboard settings
set boot-os=router-os
I can ping the router ip, but everything beyond the mikrotik is blocked and I don't know why.
Top
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19352
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:
Contact anav

Re: Initial Setup doesn't work

Mon Nov 01, 2021 4:40 pm

Well the config has to match expectations and functionality.

a. Is the MT device supposed to be a router or a switch?
b. Are the vlans not already identified on the main router?


Its clear to me that you dont understand the purpose or use of firewall rules.
add action=accept chain=input comment="Allow VLAN" in-interface-list=VLAN
add action=accept chain=input comment="Allow Base_Vlan Full Access" in-interface-list=BASE

What is the difference between these rules..........

ether1 should not be a bridge port..........

Very strange ethernet switch rules, not sure of their purpose?
Top
Post Reply

Who is online

Users browsing this forum: No registered users and 63 guests
  4. RouterOS
  5. Beginner Basics