Neregistrovaný Přihlásit Registrovat

Přidat otázku mezi oblíbenéZasílat nové odpovědi e-mailem 2x MikroTik hAP lite a VLAN

forward pravidla jsou správně, nicméně bez znalosti celého konfigu je to celkem k ničemu.

Níže máš příklad pro RB941 (rozdíl je jen ve 4 portech, tudíž tam chybí ether5), kde ether1 je WAN, ether2 je trunkport a zbytek (E3+E4 jsou LAN porty):


/interface bridge
add admin-mac=6C:3B:6B:EE:BA:E8 auto-mac=no comment=defconf name=bridge
add name=hoste-bridge
/interface ethernet
set [ find default-name=ether2 ] name=ether2-AP
set [ find default-name=ether3 ] name=ether3-master
set [ find default-name=ether4 ] master-port=ether3-master
/ip neighbor discovery
set ether1 discover=no
set bridge comment=defconf
/interface vlan
add interface=ether2-AP name=VLAN1_E2 vlan-id=1
add interface=ether2-AP name=VLAN2_E2 vlan-id=2
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=\
    dynamic-keys supplicant-identity=MikroTik wpa2-pre-shared-key=\
    ffffffffssssss
add authentication-types=wpa2-psk eap-methods="" management-protection=\
    allowed mode=dynamic-keys name=Domaci supplicant-identity="" \
    wpa2-pre-shared-key=aaaaabbbbbccccc
add authentication-types=wpa2-psk eap-methods="" management-protection=\
    allowed mode=dynamic-keys name=Hoste supplicant-identity="" \
    wpa2-pre-shared-key=zzzzzzzzzzzzzzz
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \
    disabled=no distance=indoors frequency=auto mode=ap-bridge name=\
    "wlan1-Domaci" security-profile=Domaci ssid=Domaci \
    wds-default-bridge=bridge wds-mode=dynamic wireless-protocol=802.11 \
    wps-mode=disabled
add disabled=no keepalive-frames=disabled mac-address=6C:3B:6B:EE:BA:E9 \
    master-interface="wlan1-Domaci" multicast-buffering=disabled name=\
    "wlan2-Hoste" security-profile=Hoste ssid=Hoste vlan-id=2 \
    wds-cost-range=0 wds-default-bridge=hoste-bridge wds-default-cost=0 \
    wds-mode=dynamic wps-mode=disabled
/ip pool
add name=default-dhcp ranges=192.168.100.50-192.168.100.200
add name="pool-hoste" ranges=192.168.200.100-192.168.200.200
/ip dhcp-server
add add-arp=yes address-pool=default-dhcp authoritative=yes disabled=no \
    interface=bridge name=defconf
add add-arp=yes address-pool="pool-hoste" authoritative=yes disabled=no \
    interface=hoste-bridge name=hoste
/caps-man manager
set ca-certificate=auto certificate=auto upgrade-policy=require-same-version
/interface bridge port
add bridge=bridge interface="wlan1-Domaci"
add bridge=hoste-bridge interface="wlan2-hoste"
add bridge=bridge interface=ether3-master
add bridge=bridge interface=VLAN1_E2
add bridge=hoste-bridge interface=VLAN2_E2
/ip address
add address=192.168.100.1/24 comment=defconf interface=bridge network=\
    192.168.100.0
add address=192.168.200.1/24 interface=hoste-bridge network=192.168.200.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=\
    ether1
/ip dhcp-server network
add address=192.168.100.0/24 comment=defconf dns-server=192.168.100.1 gateway=\
    192.168.100.1
add address=192.168.200.0/24 dns-server=192.168.200.1 gateway=192.168.200.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.100.1 name=router
/ip firewall filter
add chain=input comment="defconf: accept ICMP" protocol=icmp
add chain=input comment="defconf: accept established,related" \
    connection-state=established,related
add action=drop chain=input comment="defconf: drop all from WAN" \
    in-interface=ether1
add action=drop chain=forward in-interface=hoste-bridge \
    out-interface=bridge
add action=drop chain=forward in-interface=hoste \
    out-interface=bridge-bridge
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add chain=forward comment="defconf: accept established,related" \
    connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface=ether1
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    out-interface=ether1
/system clock
set time-zone-name=Europe/Prague
/system identity
set name=Router
/system ntp client
set enabled=yes primary-ntp=37.187.104.44 secondary-ntp=46.28.110.244
/system routerboard settings
set boot-device=flash-boot cpu-frequency=650MHz protected-routerboot=disabled
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=bridge
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=bridge

Podobně řešení pro AP (tady je to o dost jednodušší, žádný routing, jen jeden trunkport v podobě ether1 a zbytek v bridgi):


/interface bridge
add name=bridge
add name=bridge-hoste
/interface ethernet
set [ find default-name=ether1 ] name=ether1-ROUTER
set [ find default-name=ether2 ] name=ether2-master
set [ find default-name=ether3 ] master-port=ether2-master
set [ find default-name=ether4 ] master-port=ether2-master
/interface vlan
add interface=ether1-ROUTER name=VLAN1_E1 vlan-id=1
add interface=ether1-ROUTER name=VLAN2_E1 vlan-id=2
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=\
    dynamic-keys supplicant-identity=MikroTik wpa2-pre-shared-key=\
    ffffffffssssss
add authentication-types=wpa2-psk eap-methods="" management-protection=\
    allowed mode=dynamic-keys name=Domaci supplicant-identity="" \
    wpa2-pre-shared-key=aaaaabbbbbccccc
add authentication-types=wpa2-psk eap-methods="" management-protection=\
    allowed mode=dynamic-keys name=Hoste supplicant-identity="" \
    wpa2-pre-shared-key=zzzzzzzzzzzzzzz
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \
    disabled=no distance=indoors frequency=auto mode=ap-bridge name=\
    "wlan1-Domaci" security-profile=Domaci ssid=Domaci \
    wds-default-bridge=bridge wds-mode=dynamic wireless-protocol=802.11 \
    wps-mode=disabled
add disabled=no keepalive-frames=disabled mac-address=6C:3B:6B:EE:BA:EA \
    master-interface="wlan1-Domaci" multicast-buffering=disabled name=\
    "wlan2-Hoste" security-profile=Hoste ssid=Hoste vlan-id=2 \
    wds-cost-range=0 wds-default-bridge=hoste-bridge wds-default-cost=0 \
    wds-mode=dynamic wps-mode=disabled
/interface bridge port
add bridge=bridge interface=VLAN1_E1
add bridge=bridge interface=ether2-master
add bridge=bridge interface=wlan1-Domaci
add bridge=bridge-hoste interface=VLAN2_E1
add bridge=bridge-hoste interface=wlan2-Hoste
/ip address
add address=192.168.100.2/24 interface=bridge network=192.168.100.0
/ip route
add distance=1 gateway=192.168.100.1
/system clock
set time-zone-name=Europe/Prague
/system ntp client
set enabled=yes primary-ntp=37.187.104.44 secondary-ntp=46.28.110.244
/system routerboard settings
set boot-device=flash-boot cpu-frequency=650MHz protected-routerboot=disabled

samotný propoj je nutno realizovat přes trunk porty (Ether2 na routeru, Ether1 na AP).

Reakce na odpověď

1 Zadajte svou přezdívku:
2 Napište svou odpověď:
3 Pokud chcete dostat ban, zadejte libovolný text:

Zpět do poradny