I'm trying to make this mikriotiuk Router to our new network.
But needing 5 VLAN for making it all work - and have tried to follow some guide . Men now I'm stuck and hoping you can help me further.
I've bought the CCR1009-8G-1s-1s+
ether1 is the WAN access and ether8 is my DMZ zone
The rest is a bridged incl ether2-7 and sfp+1
Here's my setup:
Code: Select all
# Creating Interface
/interface ethernet set ether1 name=WAN
/interface ethernet set ether8 name=DMZ_Zone
# DHCP
/ip dhcp-client add interface=WAN add-default-route=yes use-peer-dns=yes use-peer-ntp=yes comment=wan-ip-address disabled=no
# Setting up DNS
/ip dns set allow-remote-requests=yes
# Creating the bridge
/interface bridge add name=LOCAL comment="Internal Network" disabled=no
# Adding Interfaces to bridge
/interface bridge port add bridge=LOCAL interface=ether2
/interface bridge port add bridge=LOCAL interface=ether3
/interface bridge port add bridge=LOCAL interface=ether4
/interface bridge port add bridge=LOCAL interface=ether5
/interface bridge port add bridge=LOCAL interface=ether6
/interface bridge port add bridge=LOCAL interface=ether7
/interface bridge port add bridge=LOCAL interface=sfp-sfpplus1
# Creating VLAN
/interface vlan
add name=LAN interface=LOCAL vlan-id=10
add name=RD interface=LOCAL vlan-id=30
add name=MON interface=LOCAL vlan-id=40
add name=GUEST interface=LOCAL vlan-id=50
add name=DMZ interface=DMZ_Zone vlan-id=20
# IP-addresses for VLANS
/ip address
add address=172.16.100.1/23 interface=LAN
add address=192.168.100.1/24 interface=DMZ
add address=172.16.110.1/24 interface=RD
add address=172.16.120.1/24 interface=MON
add address=192.168.150.1/24 interface=GUEST
# Create DHCP server Pool addresses
/ip pool add name=LAN ranges=172.16.100.100-172.16.101.254
/ip pool add name=RD ranges=172.16.110.10-172.16.110.254
/ip pool add name=MON ranges=172.16.120.10-172.16.120.254
/ip pool add name=DMZ ranges=192.168.100.100-192.168.100.254
/ip pool add name=GUEST ranges=192.168.150.10-192.168.150.254
# DHCP Server Configuration for VLAN
/ip dhcp-server enable 0
/ip dhcp-server add interface=LOCAL address-pool=LAN
/ip dhcp-server add interface=LOCAL address-pool=RD
/ip dhcp-server add interface=LOCAL address-pool=MON
/ip dhcp-server add interface=LOCAL address-pool=GUEST
/ip dhcp-server add interface=DMZ address-pool=DMZ
/ip dhcp-server network add address=172.16.100.0/23 gateway=172.16.100.1 dns-server=4.4.4.4,8.8.8.8 comment=LAN_GREEN
/ip dhcp-server network add address=172.16.110.0/24 gateway=172.16.110.1 dns-server=4.4.4.4,8.8.8.8 comment=RD_BLUE
/ip dhcp-server network add address=172.16.120.0/24 gateway=172.16.120.1 dns-server=4.4.4.4,8.8.8.8 comment=MON_YELLOW
/ip dhcp-server network add address=192.168.100.0/24 gateway=192.168.100.1 dns-server=4.4.4.4,8.8.8.8 comment=DMZ_RED
/ip dhcp-server network add address=192.168.150.0/24 gateway=192.168.150.1 dns-server=4.4.4.4,8.8.8.8 comment=GUEST_GREY
/ip dns set allow-remote-requests=yes cache-max-ttl=1d cache-size=5000KiB max-udp-packet-size=512 servers=4.4.4.4,8,8.8.8.8
# NAT Configuration
/ip firewall nat
add chain=srcnat action=masquerade src-address=172.16.100.0/23 out-interface=WAN
add chain=srcnat action=masquerade src-address=172.16.110.0/24 out-interface=WAN
add chain=srcnat action=masquerade src-address=172.16.120.0/24 out-interface=WAN
add chain=srcnat action=masquerade src-address=192.168.100.0/24 out-interface=WAN
add chain=srcnat action=masquerade src-address=192.168.150.0/24 out-interface=WAN
# DEFAULT ROUTE
/ip route
add dst-address=0.0.0.0/0 gateway=172.16.50.1
Can anyone see my mistakes and help med further in this case
Or could anyone guide me to the right setup for this.
I'm having WAN on ether2 .
a switch with ether2-7+sfp+
DMZ zone on ether8
--------------------------------------------------------------------------------
sfp+ should be used for connecting to other switches using Fiber.
But cannot make this work with these VLANS -so I must be doing something wrong
THanks in advance
P
