I just want that clients can plug into any switch or any AP on the network to get dhcp. But i dont want them to know that there is a pppoe server as well which can be connected on the same network.
The reason for a pppoe server is that i have to setup some special privileges for some clients.
I know i can configure pppoe on a separate port or can configure vlans, but i dont want to do that because i cannot access all the router or APs down the line for configuration.
Anyways, here is the config
# model = RB750r2
# serial number =
/interface ethernet
set [ find default-name=ether1 ] mac-address=CC:2D:E0 name=LAN
set [ find default-name=ether2 ] disabled=yes mac-address=CC:2D:E0 \
name=Test-LAN
set [ find default-name=ether3 ] mac-address=CC:2D:E0 name=WAN2
set [ find default-name=ether4 ] mac-address=CC:2D:E0 name=WAN3
set [ find default-name=ether5 ] mac-address=CC:2D:E0 name=WAN4
/interface list
add name="All WAN"
add name=LANs
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=192.168.15.2-192.168.15.254
add name="PPPoE Pool" ranges=192.168.20.2-192.168.20.254
/ip dhcp-server
add add-arp=yes address-pool=dhcp_pool0 interface=LAN lease-time=1d name=\
DHCP_LAN
/ppp profile
add local-address=192.168.20.1 name="PPPoE on LAN" remote-address=\
"PPPoE Pool"
set *FFFFFFFE local-address=192.168.89.1 remote-address="PPPoE Pool"
/queue type
add kind=fq-codel name=FQ-Codel
/routing bgp template
set default disabled=no output.network=bgp-networks
/routing ospf instance
add disabled=no name=default-v2
/routing ospf area
add disabled=yes instance=default-v2 name=backbone-v2
/routing table
add fib name=to_WAN2
add fib name=to_WAN3
add fib name=to_WAN4
/ip firewall connection tracking
set enabled=yes
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface detect-internet
set detect-interface-list="All WAN" internet-interface-list="All WAN" \
lan-interface-list=LANs wan-interface-list="All WAN"
/interface l2tp-server server
set use-ipsec=yes
/interface list member
add interface=WAN2 list="All WAN"
add interface=WAN3 list="All WAN"
add interface=WAN4 list="All WAN"
add interface=LAN list=LANs
/interface ovpn-server server
set auth=sha1,md5
/interface pppoe-server server
add default-profile="PPPoE on LAN" disabled=no interface=LAN \
keepalive-timeout=disabled one-session-per-host=yes service-name=\
PPPoE-Special
/ip address
add address=192.168.15.1/24 interface=LAN network=192.168.15.0
add address=192.168.12.250/24 interface=WAN2 network=192.168.12.0
add address=192.168.13.250/24 interface=WAN3 network=192.168.13.0
add address=192.168.14.250/24 interface=WAN4 network=192.168.14.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-server lease
add address=192.168.15.2 client-id=1:1c:87:2c:67
88 mac-address=\
1C:87:2C:67:CD:88 server=DHCP_LAN
/ip dhcp-server network
add address=192.168.15.0/24 dns-server=192.168.15.1,8.8.8.8 gateway=\
192.168.15.1
add address=192.168.20.0/24 dns-server=8.8.8.8 gateway=192.168.20.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,9.9.9.9
/ip dns static
add address=192.168.10.1 name=lan.com
/ip firewall address-list
add address=192.168.15.2-192.168.15.254 list=Clients
add address=192.168.12.250 list=WANs
add address=192.168.13.250 list=WANs
add address=192.168.14.250 list=WANs
/ip firewall filter
add action=drop chain=forward connection-state=invalid
add action=drop chain=forward connection-nat-state=!dstnat connection-state=\
new in-interface-list="All WAN"
add action=accept chain=forward comment="****dstNat Accept***" \
connection-nat-state=dstnat
add action=add-dst-to-address-list address-list=ABL address-list-timeout=3d \
chain=forward comment="****Detect MyABL List****" content=myabl \
out-interface-list="All WAN"
/ip firewall mangle
add action=accept chain=prerouting dst-address=192.168.12.0/24 \
in-interface-list=LANs
add action=accept chain=prerouting dst-address=192.168.13.0/24 \
in-interface-list=LANs
add action=accept chain=prerouting dst-address=192.168.14.0/24 \
in-interface-list=LANs
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local in-interface-list=LANs new-connection-mark=\
WAN2_conn passthrough=yes per-connection-classifier=\
both-addresses-and-ports:4/0
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local in-interface-list=LANs new-connection-mark=\
WAN3_conn passthrough=yes per-connection-classifier=\
both-addresses-and-ports:4/1
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local in-interface-list=LANs new-connection-mark=\
WAN3_conn passthrough=yes per-connection-classifier=\
both-addresses-and-ports:4/2
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local in-interface-list=LANs new-connection-mark=\
WAN4_conn passthrough=yes per-connection-classifier=\
both-addresses-and-ports:4/3
add action=mark-routing chain=prerouting connection-mark=WAN2_conn \
in-interface-list=LANs new-routing-mark=to_WAN2 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN3_conn \
in-interface-list=LANs new-routing-mark=to_WAN3 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN4_conn \
in-interface-list=LANs new-routing-mark=to_WAN4 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN3_conn \
new-routing-mark=to_WAN3 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN4_conn \
new-routing-mark=to_WAN4 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN2_conn \
new-routing-mark=to_WAN2 passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark \
in-interface=WAN2 new-connection-mark=WAN2_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark="" in-interface=\
WAN3 new-connection-mark=WAN3_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark \
in-interface=WAN4 new-connection-mark=WAN4_conn passthrough=yes
add action=mark-routing chain=prerouting comment=\
"******MyABL Route to WAN3******" dst-address-list=ABL new-routing-mark=\
to_WAN3 passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list="All WAN"
add action=dst-nat chain=dstnat comment="\"\"\"Port Fwd for AC68u\"\"\"\"\"" \
dst-port=11945 in-interface-list="All WAN" protocol=udp to-addresses=\
192.168.15.2 to-ports=11945
/ip firewall service-port
set rtsp disabled=no
/ip route
add comment="Monitor WAN 2" disabled=no distance=1 dst-address=1.1.1.1/32 \
gateway=192.168.12.1 pref-src="" routing-table=main scope=10 \
suppress-hw-offload=no target-scope=10
add comment="Monitor WAN3" disabled=no distance=1 dst-address=39.39.39.39/32 \
gateway=192.168.13.1 pref-src="" routing-table=main scope=10 \
suppress-hw-offload=no target-scope=10
add comment="Monitor WAN4" disabled=no distance=1 dst-address=8.8.4.4/32 \
gateway=192.168.14.1 pref-src=0.0.0.0 routing-table=main scope=10 \
suppress-hw-offload=no target-scope=10
add check-gateway=ping comment="Routing WAN 2" disabled=no distance=1 \
dst-address=0.0.0.0/0 gateway=1.1.1.1 pref-src="" routing-table=to_WAN2 \
scope=30 suppress-hw-offload=no target-scope=11
add check-gateway=ping comment="Routing WAN 3" disabled=no distance=1 \
dst-address=0.0.0.0/0 gateway=39.39.39.39 pref-src="" routing-table=\
to_WAN3 scope=30 suppress-hw-offload=no target-scope=11
add check-gateway=ping comment="Routing WAN 4" disabled=no distance=1 \
dst-address=0.0.0.0/0 gateway=8.8.4.4 pref-src="" routing-table=to_WAN4 \
scope=30 suppress-hw-offload=no target-scope=11
add check-gateway=ping comment="Default WAN 2" disabled=no distance=1 \
dst-address=0.0.0.0/0 gateway=1.1.1.1 pref-src=0.0.0.0 routing-table=main \
scope=30 suppress-hw-offload=no target-scope=11
add check-gateway=ping comment="Default WAN 3" disabled=no distance=2 \
dst-address=0.0.0.0/0 gateway=39.39.39.39 pref-src=0.0.0.0 routing-table=\
main scope=30 suppress-hw-offload=no target-scope=11
add check-gateway=ping comment="Default WAN 4" disabled=no distance=3 \
dst-address=0.0.0.0/0 gateway=8.8.4.4 pref-src=0.0.0.0 routing-table=main \
scope=30 suppress-hw-offload=no target-scope=11
add check-gateway=ping comment="Failover WAN 2 to 3" disabled=no distance=2 \
dst-address=0.0.0.0/0 gateway=1.1.1.1 pref-src="" routing-table=to_WAN3 \
scope=30 suppress-hw-offload=no target-scope=11
add check-gateway=ping comment="Failover WAN 3 to 4" disabled=no distance=2 \
dst-address=0.0.0.0/0 gateway=39.39.39.39 pref-src=0.0.0.0 routing-table=\
to_WAN4 scope=30 suppress-hw-offload=no target-scope=11
add check-gateway=ping comment="Failover WAN 4 to 3" disabled=no distance=2 \
dst-address=0.0.0.0/0 gateway=8.8.4.4 pref-src=0.0.0.0 routing-table=\
to_WAN3 scope=30 suppress-hw-offload=no target-scope=11
add check-gateway=ping comment="Failover WAN 2 to 4" disabled=no distance=3 \
dst-address=0.0.0.0/0 gateway=1.1.1.1 pref-src="" routing-table=to_WAN4 \
scope=30 suppress-hw-offload=no target-scope=11
add check-gateway=ping comment="Failover WAN 3 to 2" disabled=no distance=3 \
dst-address=0.0.0.0/0 gateway=39.39.39.39 pref-src="" routing-table=\
to_WAN2 scope=30 suppress-hw-offload=no target-scope=11
add check-gateway=ping comment="Failover WAN 4 to 2" disabled=no distance=3 \
dst-address=0.0.0.0/0 gateway=8.8.4.4 pref-src="" routing-table=to_WAN2 \
scope=30 suppress-hw-offload=no target-scope=11
/ip service
set telnet disabled=yes
set ftp disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip upnp
set enabled=yes
/ppp secret
add name=*********** profile="PPPoE on LAN" service=pppoe
add name=*********** profile="PPPoE on LAN" service=pppoe
add name=*********** profile="PPPoE on LAN" service=pppoe
add name=*********** profile="PPPoE on LAN" service=pppoe
add name=*********** profile="PPPoE on LAN" service=pppoe
add name=*********** profile="PPPoE on LAN" service=pppoe
add name=*********** profile="PPPoE on LAN" service=pppoe
add name=*********** profile="PPPoE on LAN" service=pppoe