Nto that it should make any difference
but only vlans need to be individually identified on interface list members so you can remove
all the port to LAN and just
have the two bridges identified as LAN interface members.
I'm a little confused about the above. Please specify what I should do with Interface and Interface-list. I get confused about the difference between these two
Here is s problem
/ip dhcp-client
# DHCP client can not run on slave interface!
add disabled=no interface=ether10
add disabled=no interface=bridge1
REmOVE the bridge1 under dhcp client it has no business being there.............
Other than that looks good.
See what happens when you make those changes.
The other thing to do is go to IP cloud and enable it and see if the IP address it returns is the same on your IP DHCP Client settings.
Also check your IP routes, to see if the IP address shows in any routes....
When I remove bridge1 under dhcp client and keep ether10, it breaks and internet does not work. Unless in bridge - port I make interface=ether10 Bridge=bridge1. Then ether10 in dhcp client becomes invalid.
if I have ether10 in dhcp client and ether10 is not on bridge1 then it does not work.
Here is a working config:
# dec/31/2021 16:37:02 by RouterOS 6.49.2
# software id = HLWE-KMIM
#
# model = RB4011iGS+5HacQ2HnD
# serial number = D4400C5050E1
/interface bridge
add name=Bridge-Guest
add name=bridge1
/interface ethernet switch port
set 0 default-vlan-id=0
set 1 default-vlan-id=0
set 2 default-vlan-id=0
set 3 default-vlan-id=0
set 4 default-vlan-id=0
set 5 default-vlan-id=0
set 6 default-vlan-id=0
set 7 default-vlan-id=0
set 8 default-vlan-id=0
set 9 default-vlan-id=0
set 10 default-vlan-id=0
set 11 default-vlan-id=0
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys \
supplicant-identity=MikroTik
add authentication-types=wpa2-psk eap-methods="" mode=dynamic-keys name=\
SecurityPrivate supplicant-identity=""
add authentication-types=wpa2-psk eap-methods="" mode=dynamic-keys name=\
SecurityGuest supplicant-identity=""
add authentication-types=wpa2-psk mode=dynamic-keys name=guest \
supplicant-identity=MikroTik
/interface wireless
set [ find default-name=wlan1 ] disabled=no frequency=auto mode=ap-bridge \
security-profile=SecurityPrivate ssid="FREE BELARUS 5GHZ"
set [ find default-name=wlan2 ] band=2ghz-b/g/n disabled=no mode=ap-bridge \
security-profile=SecurityPrivate ssid="FREE BELARUS"
add disabled=no keepalive-frames=disabled mac-address=4A:8F:5A:76:D6:A4 \
master-interface=wlan1 multicast-buffering=disabled name=GuestWIFI \
security-profile=SecurityGuest ssid=WIFI-Guest wds-cost-range=0 \
wds-default-cost=0 wps-mode=disabled
/ip pool
add name=dhcp_guest ranges=10.10.10.2-10.10.10.254
add name=dhcp_main ranges=10.10.5.2-10.10.5.100
/ip dhcp-server
add address-pool=dhcp_guest disabled=no interface=Bridge-Guest name=\
dhcp-guest
add address-pool=dhcp_main disabled=no interface=bridge1 name=dhcp-main
/interface bridge port
add bridge=bridge1 interface=wlan1
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=ether6
add bridge=bridge1 interface=ether7
add bridge=bridge1 interface=ether8
add bridge=bridge1 interface=ether9
add bridge=bridge1 interface=sfp-sfpplus1
add bridge=bridge1 interface=wlan2
add bridge=Bridge-Guest interface=GuestWIFI
add bridge=bridge1 disabled=yes interface=ether10
/interface list member
add interface=sfp-sfpplus1 list=LAN
add interface=wlan2 list=LAN
add interface=wlan1 list=LAN
add interface=ether10 list=WAN
add interface=GuestWIFI list=LAN
/ip address
add address=10.10.10.1/24 interface=Bridge-Guest network=10.10.10.0
add address=10.10.5.1/24 interface=bridge1 network=10.10.5.0
/ip dhcp-client
add disabled=no interface=ether10
/ip dhcp-server lease
add address=10.10.5.87 client-id=1:e6:ac:ca:2f:e4:81 mac-address=\
E6:AC:CA:2F:E4:81 server=dhcp-main
add address=10.10.5.91 client-id=1:18:60:24:95:5c:3a mac-address=\
18:60:24:95:5C:3A server=dhcp-main
add address=10.10.5.88 client-id=1:a4:5e:60:bd:96:ed mac-address=\
A4:5E:60:BD:96:ED server=dhcp-main
/ip dhcp-server network
add address=10.10.5.0/24 dns-server=10.10.5.1 gateway=10.10.5.1
add address=10.10.10.0/24 dns-server=10.10.10.1 gateway=10.10.10.1
/ip firewall address-list
add address=10.10.5.91 list=authorized
add address=10.10.5.88 list=authorized
add address=10.10.5.87 list=authorized
/ip firewall filter
add action=accept chain=input comment="default configuration" \
connection-state=established,related,untracked
add action=drop chain=forward comment="default configuration" \
connection-state=invalid
add action=accept chain=input comment="default configuration" protocol=icmp
add action=accept chain=input in-interface=bridge1 src-address-list=\
authorized
add action=accept chain=input comment="Allow LAN DNS queries-UDP" \
connection-state=new dst-port=53 in-interface-list=LAN protocol=udp
add action=accept chain=input comment="Allow LAN DNS queries - TCP" \
connection-state=new dst-port=53 in-interface-list=LAN protocol=tcp
add action=drop chain=input comment="drop all else"
add action=fasttrack-connection chain=forward comment="default configuration" \
connection-state=established,related
add chain=forward comment="default configuration" connection-state=\
established,related,untracked
add action=drop chain=forward comment="default configuration" \
connection-state=invalid
add action=accept chain=forward comment="allow port forwarding" \
connection-nat-state=dstnat connection-state=new in-interface-list=WAN
add action=accept chain=forward in-interface-list=LAN out-interface-list=WAN
add action=drop chain=forward comment="drop all else"
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
/system clock
set time-zone-name=America/Los_Angeles
/system identity
set name=RouterSwitchAP
/system leds
add interface=wlan2 leds="wlan2_signal1-led,wlan2_signal2-led,wlan2_signal3-le\
d,wlan2_signal4-led,wlan2_signal5-led" type=wireless-signal-strength
add interface=wlan2 leds=wlan2_tx-led type=interface-transmit
add interface=wlan2 leds=wlan2_rx-led type=interface-receive
This config Doesn't work:
# dec/31/2021 16:43:30 by RouterOS 6.49.2
# software id = HLWE-KMIM
#
# model = RB4011iGS+5HacQ2HnD
# serial number = D4400C5050E1
/interface bridge
add name=Bridge-Guest
add name=bridge1
/interface ethernet switch port
set 0 default-vlan-id=0
set 1 default-vlan-id=0
set 2 default-vlan-id=0
set 3 default-vlan-id=0
set 4 default-vlan-id=0
set 5 default-vlan-id=0
set 6 default-vlan-id=0
set 7 default-vlan-id=0
set 8 default-vlan-id=0
set 9 default-vlan-id=0
set 10 default-vlan-id=0
set 11 default-vlan-id=0
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys \
supplicant-identity=MikroTik
add authentication-types=wpa2-psk eap-methods="" mode=dynamic-keys name=\
SecurityPrivate supplicant-identity=""
add authentication-types=wpa2-psk eap-methods="" mode=dynamic-keys name=\
SecurityGuest supplicant-identity=""
add authentication-types=wpa2-psk mode=dynamic-keys name=guest \
supplicant-identity=MikroTik
/interface wireless
set [ find default-name=wlan1 ] disabled=no frequency=auto mode=ap-bridge \
security-profile=SecurityPrivate ssid="FREE BELARUS 5GHZ"
set [ find default-name=wlan2 ] band=2ghz-b/g/n disabled=no mode=ap-bridge \
security-profile=SecurityPrivate ssid="FREE BELARUS"
add disabled=no keepalive-frames=disabled mac-address=4A:8F:5A:76:D6:A4 \
master-interface=wlan1 multicast-buffering=disabled name=GuestWIFI \
security-profile=SecurityGuest ssid=WIFI-Guest wds-cost-range=0 \
wds-default-cost=0 wps-mode=disabled
/ip pool
add name=dhcp_guest ranges=10.10.10.2-10.10.10.254
add name=dhcp_main ranges=10.10.5.2-10.10.5.100
/ip dhcp-server
add address-pool=dhcp_guest disabled=no interface=Bridge-Guest name=\
dhcp-guest
add address-pool=dhcp_main disabled=no interface=bridge1 name=dhcp-main
/interface bridge port
add bridge=bridge1 interface=wlan1
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=ether6
add bridge=bridge1 interface=ether7
add bridge=bridge1 interface=ether8
add bridge=bridge1 interface=ether9
add bridge=bridge1 interface=sfp-sfpplus1
add bridge=bridge1 interface=wlan2
add bridge=Bridge-Guest interface=GuestWIFI
/interface list member
add interface=sfp-sfpplus1 list=LAN
add interface=wlan2 list=LAN
add interface=wlan1 list=LAN
add interface=ether10 list=WAN
add interface=GuestWIFI list=LAN
/ip address
add address=10.10.10.1/24 interface=Bridge-Guest network=10.10.10.0
add address=10.10.5.1/24 interface=bridge1 network=10.10.5.0
/ip dhcp-client
add disabled=no interface=ether10
/ip dhcp-server lease
add address=10.10.5.87 client-id=1:e6:ac:ca:2f:e4:81 mac-address=\
E6:AC:CA:2F:E4:81 server=dhcp-main
add address=10.10.5.91 client-id=1:18:60:24:95:5c:3a mac-address=\
18:60:24:95:5C:3A server=dhcp-main
add address=10.10.5.88 client-id=1:a4:5e:60:bd:96:ed mac-address=\
A4:5E:60:BD:96:ED server=dhcp-main
/ip dhcp-server network
add address=10.10.5.0/24 dns-server=10.10.5.1 gateway=10.10.5.1
add address=10.10.10.0/24 dns-server=10.10.10.1 gateway=10.10.10.1
/ip firewall address-list
add address=10.10.5.91 list=authorized
add address=10.10.5.88 list=authorized
add address=10.10.5.87 list=authorized
/ip firewall filter
add action=accept chain=input comment="default configuration" \
connection-state=established,related,untracked
add action=drop chain=forward comment="default configuration" \
connection-state=invalid
add action=accept chain=input comment="default configuration" protocol=icmp
add action=accept chain=input in-interface=bridge1 src-address-list=\
authorized
add action=accept chain=input comment="Allow LAN DNS queries-UDP" \
connection-state=new dst-port=53 in-interface-list=LAN protocol=udp
add action=accept chain=input comment="Allow LAN DNS queries - TCP" \
connection-state=new dst-port=53 in-interface-list=LAN protocol=tcp
add action=drop chain=input comment="drop all else"
add action=fasttrack-connection chain=forward comment="default configuration" \
connection-state=established,related
add chain=forward comment="default configuration" connection-state=\
established,related,untracked
add action=drop chain=forward comment="default configuration" \
connection-state=invalid
add action=accept chain=forward comment="allow port forwarding" \
connection-nat-state=dstnat connection-state=new in-interface-list=WAN
add action=accept chain=forward in-interface-list=LAN out-interface-list=WAN
add action=drop chain=forward comment="drop all else"
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
/system clock
set time-zone-name=America/Los_Angeles
/system identity
set name=RouterSwitchAP
/system leds
add interface=wlan2 leds="wlan2_signal1-led,wlan2_signal2-led,wlan2_signal3-le\
d,wlan2_signal4-led,wlan2_signal5-led" type=wireless-signal-strength
add interface=wlan2 leds=wlan2_tx-led type=interface-transmit
add interface=wlan2 leds=wlan2_rx-led type=interface-receive