Code: Select all
/interface wireless
add disabled=no mac-address=1A:FD:74:76:FE:76 master-interface=wlan1 mode=station name=wlan3
/interface vlan
add interface=bridge name=vlan13 vlan-id=13
/caps-man datapath
add bridge=bridge client-to-client-forwarding=no local-forwarding=yes name=datapath-VL13 vlan-id=13 vlan-mode=use-tag
/caps-man configuration
add channel=channel24 country=germany datapath=datapath-VL13 installation=indoor mode=ap name=Guest security=Guest ssid=Guest
Code: Select all
/ip firewall filter
add action=drop chain=input comment="drop packets into internal lan from guest vlan13" dst-address=10.10.0.0/16 in-interface=vlan13
add action=drop chain=input dst-address=192.168.13.1 in-interface=vlan13 protocol=tcp src-address=192.168.13.0/24
add action=drop chain=forward dst-address=10.10.0.0/16 in-interface=vlan13
add action=drop chain=forward disabled=yes dst-address=192.168.13.1 src-address=192.168.13.0/24
/ip firewall nat
add action=masquerade chain=srcnat comment="nat vlan13 into lan if dest is outside lan" dst-address=!10.10.0.0/16 src-address=192.168.13.0/24 to-addresses=10.10.10.120