Code: Select all
Here is my configuration.
# jan/02/2022 10:45:13 by RouterOS 6.49.2
# software id = R5E1-5B9P
#
# model = CRS326-24G-2S+
# serial number = <redacted>
/interface bridge
add name=bridge1
add name=brnet0 vlan-filtering=yes
/interface vlan
add interface=brnet0 name=vlan10 vlan-id=10
add interface=brnet0 name=vlan20 vlan-id=20
add interface=brnet0 name=vlan30 vlan-id=30
add interface=brnet0 name=vlan40 vlan-id=40
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool_88 ranges=192.168.88.2-192.168.88.254
add name=dhcp_pool_10 ranges=192.168.10.2-192.168.10.254
add name=dhcp_pool_20 ranges=192.168.20.2-192.168.20.254
add name=dhcp_pool_30 ranges=192.168.30.2-192.168.30.254
add name=dhcp_pool_40 ranges=192.168.40.2-192.168.40.254
/ip dhcp-server
add address-pool=dhcp_pool_88 disabled=no interface=bridge1 name=dhcp1
add address-pool=dhcp_pool_10 disabled=no interface=vlan10 name=dhcp_vlan10
add address-pool=dhcp_pool_20 disabled=no interface=vlan20 name=dhcp_vlan20
add address-pool=dhcp_pool_30 disabled=no interface=vlan30 name=dhcp_vlan30
add address-pool=dhcp_pool_40 disabled=no interface=vlan40 name=dhcp_vlan40
/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
add bridge=brnet0 frame-types=admit-only-untagged-and-priority-tagged \
ingress-filtering=yes interface=ether6 pvid=20
add bridge=bridge1 interface=ether7
add bridge=bridge1 interface=ether8
add bridge=bridge1 interface=ether9
add bridge=bridge1 interface=ether10
add bridge=bridge1 interface=ether11
add bridge=bridge1 interface=ether12
add bridge=bridge1 interface=ether13
add bridge=bridge1 interface=ether14
add bridge=bridge1 interface=ether15
add bridge=bridge1 interface=ether16
add bridge=bridge1 interface=ether17
add bridge=bridge1 interface=ether18
add bridge=bridge1 interface=ether19
add bridge=bridge1 interface=ether20
add bridge=bridge1 interface=ether21
add bridge=bridge1 interface=ether22
add bridge=bridge1 interface=ether23
add bridge=bridge1 interface=ether24
add bridge=bridge1 interface=sfp-sfpplus1
add bridge=bridge1 interface=sfp-sfpplus2
/interface bridge vlan
add bridge=brnet0 vlan-ids=20
/interface list member
add interface=ether1 list=WAN
add interface=bridge1 list=LAN
/ip address
add address=192.168.88.1/24 interface=bridge1 network=192.168.88.0
add address=192.168.10.1/24 interface=vlan10 network=192.168.10.0
add address=192.168.20.1/24 interface=vlan20 network=192.168.20.0
add address=192.168.30.1/24 interface=vlan30 network=192.168.30.0
add address=192.168.40.1/24 interface=vlan40 network=192.168.40.0
/ip dhcp-client
add disabled=no interface=ether1
/ip dhcp-server network
add address=0.0.0.0/24 gateway=0.0.0.0 netmask=24
add address=192.168.10.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.10.1
add address=192.168.20.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.20.1
add address=192.168.30.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.30.1
add address=192.168.40.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.40.1
add address=192.168.88.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.88.1
/ip dns
set servers=8.8.8.8,8.8.4.4
/ip firewall filter
add action=accept chain=input comment="defconf: accept ICMP after RAW" \
protocol=icmp
add action=accept chain=input comment=\
"defconf: access established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
/ip firewall nat
add action=masquerade chain=srcnat
/system clock
set time-zone-name=America/Los_Angeles
/system identity
set name=R0
/system routerboard settings
set boot-os=router-os