Hello guys, is anybody here to help me setup this clever machine to act as PPPoE WAN on ether1 with other ports behavior as SEPARATED VLANs with DHCP server and NAT function with firewall forbidden IPv6 in and out and ipv4 forbidden in and open to internet all common ports? I’m solving a few housing estates with VDSL modem and about 20 flats. Now they use VDSLmodem as a router with nat and simple switches that creates many security issues. The connection is 20Mbit only so I do not care of the RouterOS speed, it should be possible to handle all the clients. If there could be done a shapin configuration too to 10 MBits to each VLAN except of one VLAN that would great too. I have found all the Config Suggestions not working due to the latest version on my CRS perhaps. I have created Cisco Serial cable to be able to use the serial console instead of WinOS. I’m OSX user and I do not like Windows at all however in the worst case I will install some emulator if really necessary. I have spent several days trying to let it run but I have to admit this router board would deserve a kind of visual config generator. I explain why - anytime I confront my CRS125 and I want to change anything I have problem to find out withch ether belongs to what VLAN. I think my task is clear and it should be easy for any higher level expert to reveal working configuration for me. Is there a way how to save my configuration vial serial console into text file I could double check or change easy and load it back later? The default web interface is not sufficient and as I said the WinOS is for toyOS (Windows) only. Thanks for any replay.
R.
Re: CRS125-24G-IN firmware 6.39
Winbox works quite happily under Wine in Linux and I've seen someone has bundled it for Mac as well (maybe with cider but I'm not a mac user). What you are doing with the CRS sounds quite CPU oriented so I would not expect it to work too well. that said your explanation didn't come across simple whilst reading, Is there any way you can draw a diagram maybe to explain it better?Hello guys, is anybody here to help me setup this clever machine to act as PPPoE WAN on ether1 with other ports behavior as SEPARATED VLANs with DHCP server and NAT function with firewall forbidden IPv6 in and out and ipv4 forbidden in and open to internet all common ports? I’m solving a few housing estates with VDSL modem and about 20 flats. Now they use VDSLmodem as a router with nat and simple switches that creates many security issues. The connection is 20Mbit only so I do not care of the RouterOS speed, it should be possible to handle all the clients. If there could be done a shapin configuration too to 10 MBits to each VLAN except of one VLAN that would great too. I have found all the Config Suggestions not working due to the latest version on my CRS perhaps. I have created Cisco Serial cable to be able to use the serial console instead of WinOS. I’m OSX user and I do not like Windows at all however in the worst case I will install some emulator if really necessary. I have spent several days trying to let it run but I have to admit this router board would deserve a kind of visual config generator. I explain why - anytime I confront my CRS125 and I want to change anything I have problem to find out withch ether belongs to what VLAN. I think my task is clear and it should be easy for any higher level expert to reveal working configuration for me. Is there a way how to save my configuration vial serial console into text file I could double check or change easy and load it back later? The default web interface is not sufficient and as I said the WinOS is for toyOS (Windows) only. Thanks for any replay.
R.
Re: CRS125-24G-IN firmware 6.39
Hello Steveocee and many thanks for your reply. I have seen the WinBox with wine under OSX to download although someone has warned there is some unwanter software so I better avoid using this method under my iMac. Good so the key is WinBox means I have to install some VirtualBox and run the WinBox. It is sad the Serial Cable with the console seemed the right one choice for me. Back to my task, well I do not expect my CRS will perform 1GBit speed, you know for internet connection even 10 Mbits are fine and I'm pretty sure the 600MHz CPU can handle it. Well
Diagram I can draw, it would be nice if there is a software that would create proper config file by such diagram but OK, let's make it simple. I need say Ether1 as WAN with static (public) IP NATed and Ether2-24 as 23xVLAN with config like 192.168.2.1 for Ether2 with DHCP server with range 192.168.2.100-200, for Ether3 I need 192.168.3.1 with DHCP range 192.168.3.100-200, for Ether4 I need 192.168.4.1 with DHCP range 192.168.4.100-200.. I hope it is more clear now. (simply 23 users need internet connection and they should not affect each other / 1xWAN with NAT for 23xVLAN with DHCP on each VLAN).
R.
Diagram I can draw, it would be nice if there is a software that would create proper config file by such diagram but OK, let's make it simple. I need say Ether1 as WAN with static (public) IP NATed and Ether2-24 as 23xVLAN with config like 192.168.2.1 for Ether2 with DHCP server with range 192.168.2.100-200, for Ether3 I need 192.168.3.1 with DHCP range 192.168.3.100-200, for Ether4 I need 192.168.4.1 with DHCP range 192.168.4.100-200.. I hope it is more clear now. (simply 23 users need internet connection and they should not affect each other / 1xWAN with NAT for 23xVLAN with DHCP on each VLAN).
R.
Re: CRS125-24G-IN firmware 6.39
This should be pretty easy to do without having to worry about vlans, with your requirement you can simply configure each interface as a network interface on the router. the following config should do the trick I think.
You will want to adjust the ether1 ip and might want to add some rules to the firewall filter above the drop rule for the input chain if you want to be able to manage it via SSH/Winbox whatever.
:edit: added firewall rule to allow DNS from all internal networks & enable remote-requests for dns
Also I tested this on my CRS125 and it works
You will want to adjust the ether1 ip and might want to add some rules to the firewall filter above the drop rule for the input chain if you want to be able to manage it via SSH/Winbox whatever.
Code: Select all
/interface ethernet
set [ find default-name=ether1 ] master-port=none
set [ find default-name=ether2 ] master-port=none
set [ find default-name=ether3 ] master-port=none
set [ find default-name=ether4 ] master-port=none
set [ find default-name=ether5 ] master-port=none
set [ find default-name=ether6 ] master-port=none
set [ find default-name=ether7 ] master-port=none
set [ find default-name=ether8 ] master-port=none
set [ find default-name=ether9 ] master-port=none
set [ find default-name=ether10 ] master-port=none
set [ find default-name=ether11 ] master-port=none
set [ find default-name=ether12 ] master-port=none
set [ find default-name=ether13 ] master-port=none
set [ find default-name=ether14 ] master-port=none
set [ find default-name=ether15 ] master-port=none
set [ find default-name=ether16 ] master-port=none
set [ find default-name=ether17 ] master-port=none
set [ find default-name=ether18 ] master-port=none
set [ find default-name=ether19 ] master-port=none
set [ find default-name=ether20 ] master-port=none
set [ find default-name=ether21 ] master-port=none
set [ find default-name=ether22 ] master-port=none
set [ find default-name=ether23 ] master-port=none
set [ find default-name=ether24 ] master-port=none
/interface pppoe-client
add interface=ether1 user=username password=password disabled=no
/ip address
add address=192.168.2.1/24 interface=ether2
add address=192.168.3.1/24 interface=ether3
add address=192.168.4.1/24 interface=ether4
add address=192.168.5.1/24 interface=ether5
add address=192.168.6.1/24 interface=ether6
add address=192.168.7.1/24 interface=ether7
add address=192.168.8.1/24 interface=ether8
add address=192.168.9.1/24 interface=ether9
add address=192.168.10.1/24 interface=ether10
add address=192.168.11.1/24 interface=ether11
add address=192.168.12.1/24 interface=ether12
add address=192.168.13.1/24 interface=ether13
add address=192.168.14.1/24 interface=ether14
add address=192.168.15.1/24 interface=ether15
add address=192.168.16.1/24 interface=ether16
add address=192.168.17.1/24 interface=ether17
add address=192.168.18.1/24 interface=ether18
add address=192.168.19.1/24 interface=ether19
add address=192.168.20.1/24 interface=ether20
add address=192.168.21.1/24 interface=ether21
add address=192.168.22.1/24 interface=ether22
add address=192.168.23.1/24 interface=ether23
add address=192.168.24.1/24 interface=ether24
/ip pool
add ranges=192.168.2.2-192.168.2.254 name=ether2-pool
add ranges=192.168.3.2-192.168.3.254 name=ether3-pool
add ranges=192.168.4.2-192.168.4.254 name=ether4-pool
add ranges=192.168.5.2-192.168.5.254 name=ether5-pool
add ranges=192.168.6.2-192.168.6.254 name=ether6-pool
add ranges=192.168.7.2-192.168.7.254 name=ether7-pool
add ranges=192.168.8.2-192.168.8.254 name=ether8-pool
add ranges=192.168.9.2-192.168.9.254 name=ether9-pool
add ranges=192.168.10.2-192.168.10.254 name=ether10-pool
add ranges=192.168.11.2-192.168.11.254 name=ether11-pool
add ranges=192.168.12.2-192.168.12.254 name=ether12-pool
add ranges=192.168.13.2-192.168.13.254 name=ether13-pool
add ranges=192.168.14.2-192.168.14.254 name=ether14-pool
add ranges=192.168.15.2-192.168.15.254 name=ether15-pool
add ranges=192.168.16.2-192.168.16.254 name=ether16-pool
add ranges=192.168.17.2-192.168.17.254 name=ether17-pool
add ranges=192.168.18.2-192.168.18.254 name=ether18-pool
add ranges=192.168.19.2-192.168.19.254 name=ether19-pool
add ranges=192.168.20.2-192.168.20.254 name=ether20-pool
add ranges=192.168.21.2-192.168.21.254 name=ether21-pool
add ranges=192.168.22.2-192.168.22.254 name=ether22-pool
add ranges=192.168.23.2-192.168.23.254 name=ether23-pool
add ranges=192.168.24.2-192.168.24.254 name=ether24-pool
/ip dhcp-server
add address-pool=ether2-pool disabled=no interface=ether2 authoritative=yes
add address-pool=ether3-pool disabled=no interface=ether3 authoritative=yes
add address-pool=ether4-pool disabled=no interface=ether4 authoritative=yes
add address-pool=ether5-pool disabled=no interface=ether5 authoritative=yes
add address-pool=ether6-pool disabled=no interface=ether6 authoritative=yes
add address-pool=ether7-pool disabled=no interface=ether7 authoritative=yes
add address-pool=ether8-pool disabled=no interface=ether8 authoritative=yes
add address-pool=ether9-pool disabled=no interface=ether9 authoritative=yes
add address-pool=ether10-pool disabled=no interface=ether10 authoritative=yes
add address-pool=ether11-pool disabled=no interface=ether11 authoritative=yes
add address-pool=ether12-pool disabled=no interface=ether12 authoritative=yes
add address-pool=ether13-pool disabled=no interface=ether13 authoritative=yes
add address-pool=ether14-pool disabled=no interface=ether14 authoritative=yes
add address-pool=ether15-pool disabled=no interface=ether15 authoritative=yes
add address-pool=ether16-pool disabled=no interface=ether16 authoritative=yes
add address-pool=ether17-pool disabled=no interface=ether17 authoritative=yes
add address-pool=ether18-pool disabled=no interface=ether18 authoritative=yes
add address-pool=ether19-pool disabled=no interface=ether19 authoritative=yes
add address-pool=ether20-pool disabled=no interface=ether20 authoritative=yes
add address-pool=ether21-pool disabled=no interface=ether21 authoritative=yes
add address-pool=ether22-pool disabled=no interface=ether22 authoritative=yes
add address-pool=ether23-pool disabled=no interface=ether23 authoritative=yes
add address-pool=ether24-pool disabled=no interface=ether24 authoritative=yes
/ip dhcp-server network
add address=192.168.2.0/24 gateway=192.168.2.1
add address=192.168.3.0/24 gateway=192.168.3.1
add address=192.168.4.0/24 gateway=192.168.4.1
add address=192.168.5.0/24 gateway=192.168.5.1
add address=192.168.6.0/24 gateway=192.168.6.1
add address=192.168.7.0/24 gateway=192.168.7.1
add address=192.168.8.0/24 gateway=192.168.8.1
add address=192.168.9.0/24 gateway=192.168.9.1
add address=192.168.10.0/24 gateway=192.168.10.1
add address=192.168.11.0/24 gateway=192.168.11.1
add address=192.168.12.0/24 gateway=192.168.12.1
add address=192.168.13.0/24 gateway=192.168.13.1
add address=192.168.14.0/24 gateway=192.168.14.1
add address=192.168.15.0/24 gateway=192.168.15.1
add address=192.168.16.0/24 gateway=192.168.16.1
add address=192.168.17.0/24 gateway=192.168.17.1
add address=192.168.18.0/24 gateway=192.168.18.1
add address=192.168.19.0/24 gateway=192.168.19.1
add address=192.168.20.0/24 gateway=192.168.20.1
add address=192.168.21.0/24 gateway=192.168.21.1
add address=192.168.22.0/24 gateway=192.168.22.1
add address=192.168.23.0/24 gateway=192.168.23.1
add address=192.168.24.0/24 gateway=192.168.24.1
/ip firewall filter
add action=accept chain=input connection-state=established,related
add action=accept chain=input protocol=icmp
add action=accept chain=input protocol=tcp in-interface=!pppoe-out1 dst-port=53
add action=accept chain=input protocol=udp in-interface=!pppoe-out1 dst-port=53
add action=drop chain=input
add action=fasttrack-connection chain=forward connection-state=established,related
add action=accept chain=forward connection-state=established,related
add action=accept chain=forward out-interface=pppoe-out1
add action=drop chain=forward
/ip firewall nat
add action=masquerade chain=srcnat out-interface=pppoe-out1
/ip dns
set allow-remote-requests=yes
Also I tested this on my CRS125 and it works
Re: CRS125-24G-IN firmware 6.39
I saw you mentioned PPPoE in the original post, I've updated the above config with that in mind, you can substitute your own username and password in there
You should be able to shape the ports to 10Mbits to each VLAN like as follows. you can just remove the lines mentioning whichever interface you don't want to be limited:
You should be able to shape the ports to 10Mbits to each VLAN like as follows. you can just remove the lines mentioning whichever interface you don't want to be limited:
Code: Select all
/interface ethernet switch ingress-port-policer
add port=ether2 meter-unit=bit rate=10M
add port=ether3 meter-unit=bit rate=10M
add port=ether4 meter-unit=bit rate=10M
add port=ether5 meter-unit=bit rate=10M
add port=ether6 meter-unit=bit rate=10M
add port=ether7 meter-unit=bit rate=10M
add port=ether8 meter-unit=bit rate=10M
add port=ether9 meter-unit=bit rate=10M
add port=ether10 meter-unit=bit rate=10M
add port=ether11 meter-unit=bit rate=10M
add port=ether12 meter-unit=bit rate=10M
add port=ether13 meter-unit=bit rate=10M
add port=ether14 meter-unit=bit rate=10M
add port=ether15 meter-unit=bit rate=10M
add port=ether16 meter-unit=bit rate=10M
add port=ether17 meter-unit=bit rate=10M
add port=ether18 meter-unit=bit rate=10M
add port=ether19 meter-unit=bit rate=10M
add port=ether20 meter-unit=bit rate=10M
add port=ether21 meter-unit=bit rate=10M
add port=ether22 meter-unit=bit rate=10M
add port=ether23 meter-unit=bit rate=10M
add port=ether24 meter-unit=bit rate=10M
/interface ethernet switch shaper
add port=ether2 meter-unit=bit rate=10M
add port=ether3 meter-unit=bit rate=10M
add port=ether4 meter-unit=bit rate=10M
add port=ether5 meter-unit=bit rate=10M
add port=ether6 meter-unit=bit rate=10M
add port=ether7 meter-unit=bit rate=10M
add port=ether8 meter-unit=bit rate=10M
add port=ether9 meter-unit=bit rate=10M
add port=ether10 meter-unit=bit rate=10M
add port=ether11 meter-unit=bit rate=10M
add port=ether12 meter-unit=bit rate=10M
add port=ether13 meter-unit=bit rate=10M
add port=ether14 meter-unit=bit rate=10M
add port=ether15 meter-unit=bit rate=10M
add port=ether16 meter-unit=bit rate=10M
add port=ether17 meter-unit=bit rate=10M
add port=ether18 meter-unit=bit rate=10M
add port=ether19 meter-unit=bit rate=10M
add port=ether20 meter-unit=bit rate=10M
add port=ether21 meter-unit=bit rate=10M
add port=ether22 meter-unit=bit rate=10M
add port=ether23 meter-unit=bit rate=10M
add port=ether24 meter-unit=bit rate=10MRe: CRS125-24G-IN firmware 6.39
WOW thanks a lot for complete config, I'm going to test it, hopefully it works and the trafic from other neighbouring networks is not visible for any user connected. I let you know.
R.
R.
Re: CRS125-24G-IN firmware 6.39
Hello LIV2, I have tested the configuration with static IP since PPPoE is available at my customer place only and it works for PING withi serail console to google DNS server also my iMac receive the DHCP address correctly but I'm not able to ping my public IP from my iMac and that means NATed internet is not working.
Code: Select all
# feb/06/2018 23:50:40 by RouterOS 6.35.4
# software id = EPQU-RFSN
#
/ip pool
add name=ether2-pool ranges=192.168.2.2-192.168.2.254
add name=ether3-pool ranges=192.168.3.2-192.168.3.254
add name=ether4-pool ranges=192.168.4.2-192.168.4.254
add name=ether5-pool ranges=192.168.5.2-192.168.5.254
add name=ether6-pool ranges=192.168.6.2-192.168.6.254
add name=ether7-pool ranges=192.168.7.2-192.168.7.254
add name=ether8-pool ranges=192.168.8.2-192.168.8.254
add name=ether9-pool ranges=192.168.9.2-192.168.9.254
add name=ether10-pool ranges=192.168.10.2-192.168.10.254
add name=ether11-pool ranges=192.168.11.2-192.168.11.254
add name=ether12-pool ranges=192.168.12.2-192.168.12.254
add name=ether13-pool ranges=192.168.13.2-192.168.13.254
add name=ether14-pool ranges=192.168.14.2-192.168.14.254
add name=ether15-pool ranges=192.168.15.2-192.168.15.254
add name=ether16-pool ranges=192.168.16.2-192.168.16.254
add name=ether17-pool ranges=192.168.17.2-192.168.17.254
add name=ether18-pool ranges=192.168.18.2-192.168.18.254
add name=ether19-pool ranges=192.168.19.2-192.168.19.254
add name=ether20-pool ranges=192.168.20.2-192.168.20.254
add name=ether21-pool ranges=192.168.21.2-192.168.21.254
add name=ether22-pool ranges=192.168.22.2-192.168.22.254
add name=ether23-pool ranges=192.168.23.2-192.168.23.254
add name=ether24-pool ranges=192.168.24.2-192.168.24.254
/ip dhcp-server
add address-pool=ether2-pool authoritative=yes disabled=no interface=ether2 name=dhcp1
add address-pool=ether3-pool authoritative=yes disabled=no interface=ether3 name=dhcp2
add address-pool=ether4-pool authoritative=yes disabled=no interface=ether4 name=dhcp3
add address-pool=ether5-pool authoritative=yes disabled=no interface=ether5 name=dhcp4
add address-pool=ether6-pool authoritative=yes disabled=no interface=ether6 name=dhcp5
add address-pool=ether7-pool authoritative=yes disabled=no interface=ether7 name=dhcp6
add address-pool=ether8-pool authoritative=yes disabled=no interface=ether8 name=dhcp7
add address-pool=ether9-pool authoritative=yes disabled=no interface=ether9 name=dhcp8
add address-pool=ether10-pool authoritative=yes disabled=no interface=ether10 name=dhcp9
add address-pool=ether11-pool authoritative=yes disabled=no interface=ether11 name=dhcp10
add address-pool=ether12-pool authoritative=yes disabled=no interface=ether12 name=dhcp11
add address-pool=ether13-pool authoritative=yes disabled=no interface=ether13 name=dhcp12
add address-pool=ether14-pool authoritative=yes disabled=no interface=ether14 name=dhcp13
add address-pool=ether15-pool authoritative=yes disabled=no interface=ether15 name=dhcp14
add address-pool=ether16-pool authoritative=yes disabled=no interface=ether16 name=dhcp15
add address-pool=ether17-pool authoritative=yes disabled=no interface=ether17 name=dhcp16
add address-pool=ether18-pool authoritative=yes disabled=no interface=ether18 name=dhcp17
add address-pool=ether19-pool authoritative=yes disabled=no interface=ether19 name=dhcp18
add address-pool=ether20-pool authoritative=yes disabled=no interface=ether20 name=dhcp19
add address-pool=ether21-pool authoritative=yes disabled=no interface=ether21 name=dhcp20
add address-pool=ether22-pool authoritative=yes disabled=no interface=ether22 name=dhcp21
add address-pool=ether23-pool authoritative=yes disabled=no interface=ether23 name=dhcp22
add address-pool=ether24-pool authoritative=yes disabled=no interface=ether24 name=dhcp23
/interface ethernet switch port
set 0 per-queue-scheduling=wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128
set 1 per-queue-scheduling=wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128
set 2 per-queue-scheduling=wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128
set 3 per-queue-scheduling=wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128
set 4 per-queue-scheduling=wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128
set 5 per-queue-scheduling=wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128
set 6 per-queue-scheduling=wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128
set 7 per-queue-scheduling=wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128
set 8 per-queue-scheduling=wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128
set 9 per-queue-scheduling=wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128
set 10 per-queue-scheduling=wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128
set 11 per-queue-scheduling=wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128
set 12 per-queue-scheduling=wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128
set 13 per-queue-scheduling=wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128
set 14 per-queue-scheduling=wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128
set 15 per-queue-scheduling=wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128
set 16 per-queue-scheduling=wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128
set 17 per-queue-scheduling=wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128
set 18 per-queue-scheduling=wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128
set 19 per-queue-scheduling=wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128
set 20 per-queue-scheduling=wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128
set 21 per-queue-scheduling=wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128
set 22 per-queue-scheduling=wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128
set 23 per-queue-scheduling=wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128
set 24 per-queue-scheduling=wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128
set 25 per-queue-scheduling=wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128
/ip address
add address=217.11.241.187/29 interface=ether1 network=217.11.241.184
add address=192.168.2.1/24 interface=ether2 network=192.168.2.0
add address=192.168.3.1/24 interface=ether3 network=192.168.3.0
add address=192.168.4.1/24 interface=ether4 network=192.168.4.0
add address=192.168.5.1/24 interface=ether5 network=192.168.5.0
add address=192.168.6.1/24 interface=ether6 network=192.168.6.0
add address=192.168.7.1/24 interface=ether7 network=192.168.7.0
add address=192.168.8.1/24 interface=ether8 network=192.168.8.0
add address=192.168.9.1/24 interface=ether9 network=192.168.9.0
add address=192.168.10.1/24 interface=ether10 network=192.168.10.0
add address=192.168.11.1/24 interface=ether11 network=192.168.11.0
add address=192.168.12.1/24 interface=ether12 network=192.168.12.0
add address=192.168.13.1/24 interface=ether13 network=192.168.13.0
add address=192.168.14.1/24 interface=ether14 network=192.168.14.0
add address=192.168.15.1/24 interface=ether15 network=192.168.15.0
add address=192.168.16.1/24 interface=ether16 network=192.168.16.0
add address=192.168.17.1/24 interface=ether17 network=192.168.17.0
add address=192.168.18.1/24 interface=ether18 network=192.168.18.0
add address=192.168.19.1/24 interface=ether19 network=192.168.19.0
add address=192.168.20.1/24 interface=ether20 network=192.168.20.0
add address=192.168.21.1/24 interface=ether21 network=192.168.21.0
add address=192.168.22.1/24 interface=ether22 network=192.168.22.0
add address=192.168.23.1/24 interface=ether23 network=192.168.23.0
add address=192.168.24.1/24 interface=ether24 network=192.168.24.0
/ip dhcp-server network
add address=192.168.2.0/24 gateway=192.168.2.1
add address=192.168.3.0/24 gateway=192.168.3.1
add address=192.168.4.0/24 gateway=192.168.4.1
add address=192.168.5.0/24 gateway=192.168.5.1
add address=192.168.6.0/24 gateway=192.168.6.1
add address=192.168.7.0/24 gateway=192.168.7.1
add address=192.168.8.0/24 gateway=192.168.8.1
add address=192.168.9.0/24 gateway=192.168.9.1
add address=192.168.10.0/24 gateway=192.168.10.1
add address=192.168.11.0/24 gateway=192.168.11.1
add address=192.168.12.0/24 gateway=192.168.12.1
add address=192.168.13.0/24 gateway=192.168.13.1
add address=192.168.14.0/24 gateway=192.168.14.1
add address=192.168.15.0/24 gateway=192.168.15.1
add address=192.168.16.0/24 gateway=192.168.16.1
add address=192.168.17.0/24 gateway=192.168.17.1
add address=192.168.18.0/24 gateway=192.168.18.1
add address=192.168.19.0/24 gateway=192.168.19.1
add address=192.168.20.0/24 gateway=192.168.20.1
add address=192.168.21.0/24 gateway=192.168.21.1
add address=192.168.22.0/24 gateway=192.168.22.1
add address=192.168.23.0/24 gateway=192.168.23.1
add address=192.168.24.0/24 gateway=192.168.24.1
/ip dns
set allow-remote-requests=yes
/ip firewall filter
add chain=input connection-state=established,related
add chain=input protocol=icmp
add chain=input dst-port=53 in-interface=!ether1 protocol=tcp
add chain=input dst-port=53 in-interface=!ether1 protocol=udp
add action=drop chain=input
add action=fasttrack-connection chain=forward connection-state=established,related
add chain=forward connection-state=established,related
add chain=forward out-interface=ether1
add action=drop chain=forward
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
/ip route
add distance=1 gateway=217.11.241.190
/system clock
set time-zone-name=Europe/Prague
/system routerboard settings
set protected-routerboot=disabled
Last edited by digitec on Mon Feb 12, 2018 9:16 pm, edited 1 time in total.
Re: CRS125-24G-IN firmware 6.39
Can you ping google from the iMac? What about pinging 8.8.8.8 from the Mac?
Re: CRS125-24G-IN firmware 6.39
Also did you do this bit? it is important that you set the master-port=none for all of the ports otherwise it will not work properly
Code: Select all
/interface ethernet
set [ find default-name=ether1 ] master-port=none
set [ find default-name=ether2 ] master-port=none
set [ find default-name=ether3 ] master-port=none
set [ find default-name=ether4 ] master-port=none
set [ find default-name=ether5 ] master-port=none
set [ find default-name=ether6 ] master-port=none
set [ find default-name=ether7 ] master-port=none
set [ find default-name=ether8 ] master-port=none
set [ find default-name=ether9 ] master-port=none
set [ find default-name=ether10 ] master-port=none
set [ find default-name=ether11 ] master-port=none
set [ find default-name=ether12 ] master-port=none
set [ find default-name=ether13 ] master-port=none
set [ find default-name=ether14 ] master-port=none
set [ find default-name=ether15 ] master-port=none
set [ find default-name=ether16 ] master-port=none
set [ find default-name=ether17 ] master-port=none
set [ find default-name=ether18 ] master-port=none
set [ find default-name=ether19 ] master-port=none
set [ find default-name=ether20 ] master-port=none
set [ find default-name=ether21 ] master-port=none
set [ find default-name=ether22 ] master-port=none
set [ find default-name=ether23 ] master-port=none
set [ find default-name=ether24 ] master-port=none
Re: CRS125-24G-IN firmware 6.39
Found the problem, it works now. One local expert helped me. I have missed "to-addresses=217.11.241.187"
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1 to-addresses=217.11.241.187
However this is not real VLAN configuration. This is ROUTER/SWITCH and not the ETHERNET layer2 VLAN. So this should be my next step forward.
R.
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1 to-addresses=217.11.241.187
However this is not real VLAN configuration. This is ROUTER/SWITCH and not the ETHERNET layer2 VLAN. So this should be my next step forward.
R.
Re: CRS125-24G-IN firmware 6.39
You can configure vlans using the following config, note that it is extremely important that you run the master-port sets otherwise it will not work properly, the default sets every interfaces master-port to ether1 which essentially bridges the LANs and your WAN side connection.
The NAT should have worked without the IP address needing to be specified on the masquerade rule
The below configuration sets things up how you wanted, with each port on a separate VLAN.
The config sets up your CRS to work like this diagram, ether1 is connected directly to the wan interface, ether2 is connected to the switch and carries all the vlans. the switch chip connects each port to its own vlan
The NAT should have worked without the IP address needing to be specified on the masquerade rule
The below configuration sets things up how you wanted, with each port on a separate VLAN.
The config sets up your CRS to work like this diagram, ether1 is connected directly to the wan interface, ether2 is connected to the switch and carries all the vlans. the switch chip connects each port to its own vlan
Code: Select all
/interface ethernet
set [ find default-name=ether1 ] master-port=none
set [ find default-name=ether2 ] master-port=none
set [ find default-name=ether3 ] master-port=ether2
set [ find default-name=ether4 ] master-port=ether2
set [ find default-name=ether5 ] master-port=ether2
set [ find default-name=ether6 ] master-port=ether2
set [ find default-name=ether7 ] master-port=ether2
set [ find default-name=ether8 ] master-port=ether2
set [ find default-name=ether9 ] master-port=ether2
set [ find default-name=ether10 ] master-port=ether2
set [ find default-name=ether11 ] master-port=ether2
set [ find default-name=ether12 ] master-port=ether2
set [ find default-name=ether13 ] master-port=ether2
set [ find default-name=ether14 ] master-port=ether2
set [ find default-name=ether15 ] master-port=ether2
set [ find default-name=ether16 ] master-port=ether2
set [ find default-name=ether17 ] master-port=ether2
set [ find default-name=ether18 ] master-port=ether2
set [ find default-name=ether19 ] master-port=ether2
set [ find default-name=ether20 ] master-port=ether2
set [ find default-name=ether21 ] master-port=ether2
set [ find default-name=ether22 ] master-port=ether2
set [ find default-name=ether23 ] master-port=ether2
set [ find default-name=ether24 ] master-port=ether2
/interface vlan
add interface=ether2 name=VLAN2 vlan-id=2
add interface=ether2 name=VLAN3 vlan-id=3
add interface=ether2 name=VLAN4 vlan-id=4
add interface=ether2 name=VLAN5 vlan-id=5
add interface=ether2 name=VLAN6 vlan-id=6
add interface=ether2 name=VLAN7 vlan-id=7
add interface=ether2 name=VLAN8 vlan-id=8
add interface=ether2 name=VLAN9 vlan-id=9
add interface=ether2 name=VLAN10 vlan-id=10
add interface=ether2 name=VLAN11 vlan-id=11
add interface=ether2 name=VLAN12 vlan-id=12
add interface=ether2 name=VLAN13 vlan-id=13
add interface=ether2 name=VLAN14 vlan-id=14
add interface=ether2 name=VLAN15 vlan-id=15
add interface=ether2 name=VLAN16 vlan-id=16
add interface=ether2 name=VLAN17 vlan-id=17
add interface=ether2 name=VLAN18 vlan-id=18
add interface=ether2 name=VLAN19 vlan-id=19
add interface=ether2 name=VLAN20 vlan-id=20
add interface=ether2 name=VLAN21 vlan-id=21
add interface=ether2 name=VLAN22 vlan-id=22
add interface=ether2 name=VLAN23 vlan-id=23
add interface=ether2 name=VLAN24 vlan-id=24
/interface ethernet switch vlan
add ports=ether2,switch1-cpu vlan-id=2 learn=yes
add ports=ether3,switch1-cpu vlan-id=3 learn=yes
add ports=ether4,switch1-cpu vlan-id=4 learn=yes
add ports=ether5,switch1-cpu vlan-id=5 learn=yes
add ports=ether6,switch1-cpu vlan-id=6 learn=yes
add ports=ether7,switch1-cpu vlan-id=7 learn=yes
add ports=ether8,switch1-cpu vlan-id=8 learn=yes
add ports=ether9,switch1-cpu vlan-id=9 learn=yes
add ports=ether10,switch1-cpu vlan-id=10 learn=yes
add ports=ether11,switch1-cpu vlan-id=11 learn=yes
add ports=ether12,switch1-cpu vlan-id=12 learn=yes
add ports=ether13,switch1-cpu vlan-id=13 learn=yes
add ports=ether14,switch1-cpu vlan-id=14 learn=yes
add ports=ether15,switch1-cpu vlan-id=15 learn=yes
add ports=ether16,switch1-cpu vlan-id=16 learn=yes
add ports=ether17,switch1-cpu vlan-id=17 learn=yes
add ports=ether18,switch1-cpu vlan-id=18 learn=yes
add ports=ether19,switch1-cpu vlan-id=19 learn=yes
add ports=ether20,switch1-cpu vlan-id=20 learn=yes
add ports=ether21,switch1-cpu vlan-id=21 learn=yes
add ports=ether22,switch1-cpu vlan-id=22 learn=yes
add ports=ether23,switch1-cpu vlan-id=23 learn=yes
add ports=ether24,switch1-cpu vlan-id=24 learn=yes
/interface ethernet switch egress-vlan-tag
add tagged-ports=switch1-cpu vlan-id=2
add tagged-ports=switch1-cpu vlan-id=3
add tagged-ports=switch1-cpu vlan-id=4
add tagged-ports=switch1-cpu vlan-id=5
add tagged-ports=switch1-cpu vlan-id=6
add tagged-ports=switch1-cpu vlan-id=7
add tagged-ports=switch1-cpu vlan-id=8
add tagged-ports=switch1-cpu vlan-id=9
add tagged-ports=switch1-cpu vlan-id=10
add tagged-ports=switch1-cpu vlan-id=11
add tagged-ports=switch1-cpu vlan-id=12
add tagged-ports=switch1-cpu vlan-id=13
add tagged-ports=switch1-cpu vlan-id=14
add tagged-ports=switch1-cpu vlan-id=15
add tagged-ports=switch1-cpu vlan-id=16
add tagged-ports=switch1-cpu vlan-id=17
add tagged-ports=switch1-cpu vlan-id=18
add tagged-ports=switch1-cpu vlan-id=19
add tagged-ports=switch1-cpu vlan-id=20
add tagged-ports=switch1-cpu vlan-id=21
add tagged-ports=switch1-cpu vlan-id=22
add tagged-ports=switch1-cpu vlan-id=23
add tagged-ports=switch1-cpu vlan-id=24
/interface ethernet switch ingress-vlan-translation
add ports=ether2,switch1-cpu customer-vid=0 new-customer-vid=2 sa-learning=yes
add ports=ether3,switch1-cpu customer-vid=0 new-customer-vid=3 sa-learning=yes
add ports=ether4,switch1-cpu customer-vid=0 new-customer-vid=4 sa-learning=yes
add ports=ether5,switch1-cpu customer-vid=0 new-customer-vid=5 sa-learning=yes
add ports=ether6,switch1-cpu customer-vid=0 new-customer-vid=6 sa-learning=yes
add ports=ether7,switch1-cpu customer-vid=0 new-customer-vid=7 sa-learning=yes
add ports=ether8,switch1-cpu customer-vid=0 new-customer-vid=8 sa-learning=yes
add ports=ether9,switch1-cpu customer-vid=0 new-customer-vid=9 sa-learning=yes
add ports=ether10,switch1-cpu customer-vid=0 new-customer-vid=10 sa-learning=yes
add ports=ether11,switch1-cpu customer-vid=0 new-customer-vid=11 sa-learning=yes
add ports=ether12,switch1-cpu customer-vid=0 new-customer-vid=12 sa-learning=yes
add ports=ether13,switch1-cpu customer-vid=0 new-customer-vid=13 sa-learning=yes
add ports=ether14,switch1-cpu customer-vid=0 new-customer-vid=14 sa-learning=yes
add ports=ether15,switch1-cpu customer-vid=0 new-customer-vid=15 sa-learning=yes
add ports=ether16,switch1-cpu customer-vid=0 new-customer-vid=16 sa-learning=yes
add ports=ether17,switch1-cpu customer-vid=0 new-customer-vid=17 sa-learning=yes
add ports=ether18,switch1-cpu customer-vid=0 new-customer-vid=18 sa-learning=yes
add ports=ether19,switch1-cpu customer-vid=0 new-customer-vid=19 sa-learning=yes
add ports=ether20,switch1-cpu customer-vid=0 new-customer-vid=20 sa-learning=yes
add ports=ether21,switch1-cpu customer-vid=0 new-customer-vid=21 sa-learning=yes
add ports=ether22,switch1-cpu customer-vid=0 new-customer-vid=22 sa-learning=yes
add ports=ether23,switch1-cpu customer-vid=0 new-customer-vid=23 sa-learning=yes
add ports=ether24,switch1-cpu customer-vid=0 new-customer-vid=24 sa-learning=yes
/interface ethernet switch
set drop-if-invalid-or-src-port-not-member-of-vlan-on-ports=ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10,ether11,ether12,ether13,ether14,ether15,ether16,ether17,ether18,ether19,ether20,ether21,ether22,ether23,ether24,sfp1,switch1-cpu
/ip pool
add name=VLAN2-pool ranges=192.168.2.2-192.168.2.254
add name=VLAN3-pool ranges=192.168.3.2-192.168.3.254
add name=VLAN4-pool ranges=192.168.4.2-192.168.4.254
add name=VLAN5-pool ranges=192.168.5.2-192.168.5.254
add name=VLAN6-pool ranges=192.168.6.2-192.168.6.254
add name=VLAN7-pool ranges=192.168.7.2-192.168.7.254
add name=VLAN8-pool ranges=192.168.8.2-192.168.8.254
add name=VLAN9-pool ranges=192.168.9.2-192.168.9.254
add name=VLAN10-pool ranges=192.168.10.2-192.168.10.254
add name=VLAN11-pool ranges=192.168.11.2-192.168.11.254
add name=VLAN12-pool ranges=192.168.12.2-192.168.12.254
add name=VLAN13-pool ranges=192.168.13.2-192.168.13.254
add name=VLAN14-pool ranges=192.168.14.2-192.168.14.254
add name=VLAN15-pool ranges=192.168.15.2-192.168.15.254
add name=VLAN16-pool ranges=192.168.16.2-192.168.16.254
add name=VLAN17-pool ranges=192.168.17.2-192.168.17.254
add name=VLAN18-pool ranges=192.168.18.2-192.168.18.254
add name=VLAN19-pool ranges=192.168.19.2-192.168.19.254
add name=VLAN20-pool ranges=192.168.20.2-192.168.20.254
add name=VLAN21-pool ranges=192.168.21.2-192.168.21.254
add name=VLAN22-pool ranges=192.168.22.2-192.168.22.254
add name=VLAN23-pool ranges=192.168.23.2-192.168.23.254
add name=VLAN24-pool ranges=192.168.24.2-192.168.24.254
/ip dhcp-server
add address-pool=VLAN2-pool authoritative=yes disabled=no interface=VLAN2 name=dhcp1
add address-pool=VLAN3-pool authoritative=yes disabled=no interface=VLAN3 name=dhcp2
add address-pool=VLAN4-pool authoritative=yes disabled=no interface=VLAN4 name=dhcp3
add address-pool=VLAN5-pool authoritative=yes disabled=no interface=VLAN5 name=dhcp4
add address-pool=VLAN6-pool authoritative=yes disabled=no interface=VLAN6 name=dhcp5
add address-pool=VLAN7-pool authoritative=yes disabled=no interface=VLAN7 name=dhcp6
add address-pool=VLAN8-pool authoritative=yes disabled=no interface=VLAN8 name=dhcp7
add address-pool=VLAN9-pool authoritative=yes disabled=no interface=VLAN9 name=dhcp8
add address-pool=VLAN10-pool authoritative=yes disabled=no interface=VLAN10 name=dhcp9
add address-pool=VLAN11-pool authoritative=yes disabled=no interface=VLAN11 name=dhcp10
add address-pool=VLAN12-pool authoritative=yes disabled=no interface=VLAN12 name=dhcp11
add address-pool=VLAN13-pool authoritative=yes disabled=no interface=VLAN13 name=dhcp12
add address-pool=VLAN14-pool authoritative=yes disabled=no interface=VLAN14 name=dhcp13
add address-pool=VLAN15-pool authoritative=yes disabled=no interface=VLAN15 name=dhcp14
add address-pool=VLAN16-pool authoritative=yes disabled=no interface=VLAN16 name=dhcp15
add address-pool=VLAN17-pool authoritative=yes disabled=no interface=VLAN17 name=dhcp16
add address-pool=VLAN18-pool authoritative=yes disabled=no interface=VLAN18 name=dhcp17
add address-pool=VLAN19-pool authoritative=yes disabled=no interface=VLAN19 name=dhcp18
add address-pool=VLAN20-pool authoritative=yes disabled=no interface=VLAN20 name=dhcp19
add address-pool=VLAN21-pool authoritative=yes disabled=no interface=VLAN21 name=dhcp20
add address-pool=VLAN22-pool authoritative=yes disabled=no interface=VLAN22 name=dhcp21
add address-pool=VLAN23-pool authoritative=yes disabled=no interface=VLAN23 name=dhcp22
add address-pool=VLAN24-pool authoritative=yes disabled=no interface=VLAN24 name=dhcp23
/interface ethernet switch port
set 0 per-queue-scheduling=wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128
set 1 per-queue-scheduling=wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128
set 2 per-queue-scheduling=wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128
set 3 per-queue-scheduling=wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128
set 4 per-queue-scheduling=wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128
set 5 per-queue-scheduling=wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128
set 6 per-queue-scheduling=wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128
set 7 per-queue-scheduling=wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128
set 8 per-queue-scheduling=wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128
set 9 per-queue-scheduling=wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128
set 10 per-queue-scheduling=wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128
set 11 per-queue-scheduling=wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128
set 12 per-queue-scheduling=wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128
set 13 per-queue-scheduling=wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128
set 14 per-queue-scheduling=wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128
set 15 per-queue-scheduling=wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128
set 16 per-queue-scheduling=wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128
set 17 per-queue-scheduling=wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128
set 18 per-queue-scheduling=wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128
set 19 per-queue-scheduling=wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128
set 20 per-queue-scheduling=wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128
set 21 per-queue-scheduling=wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128
set 22 per-queue-scheduling=wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128
set 23 per-queue-scheduling=wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128
set 24 per-queue-scheduling=wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128
set 25 per-queue-scheduling=wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128
/ip address
add address=217.11.241.187/29 interface=ether1 network=217.11.241.184
add address=192.168.2.1/24 interface=VLAN2 network=192.168.2.0
add address=192.168.3.1/24 interface=VLAN3 network=192.168.3.0
add address=192.168.4.1/24 interface=VLAN4 network=192.168.4.0
add address=192.168.5.1/24 interface=VLAN5 network=192.168.5.0
add address=192.168.6.1/24 interface=VLAN6 network=192.168.6.0
add address=192.168.7.1/24 interface=VLAN7 network=192.168.7.0
add address=192.168.8.1/24 interface=VLAN8 network=192.168.8.0
add address=192.168.9.1/24 interface=VLAN9 network=192.168.9.0
add address=192.168.10.1/24 interface=VLAN10 network=192.168.10.0
add address=192.168.11.1/24 interface=VLAN11 network=192.168.11.0
add address=192.168.12.1/24 interface=VLAN12 network=192.168.12.0
add address=192.168.13.1/24 interface=VLAN13 network=192.168.13.0
add address=192.168.14.1/24 interface=VLAN14 network=192.168.14.0
add address=192.168.15.1/24 interface=VLAN15 network=192.168.15.0
add address=192.168.16.1/24 interface=VLAN16 network=192.168.16.0
add address=192.168.17.1/24 interface=VLAN17 network=192.168.17.0
add address=192.168.18.1/24 interface=VLAN18 network=192.168.18.0
add address=192.168.19.1/24 interface=VLAN19 network=192.168.19.0
add address=192.168.20.1/24 interface=VLAN20 network=192.168.20.0
add address=192.168.21.1/24 interface=VLAN21 network=192.168.21.0
add address=192.168.22.1/24 interface=VLAN22 network=192.168.22.0
add address=192.168.23.1/24 interface=VLAN23 network=192.168.23.0
add address=192.168.24.1/24 interface=VLAN24 network=192.168.24.0
/ip dhcp-server network
add address=192.168.2.0/24 gateway=192.168.2.1
add address=192.168.3.0/24 gateway=192.168.3.1
add address=192.168.4.0/24 gateway=192.168.4.1
add address=192.168.5.0/24 gateway=192.168.5.1
add address=192.168.6.0/24 gateway=192.168.6.1
add address=192.168.7.0/24 gateway=192.168.7.1
add address=192.168.8.0/24 gateway=192.168.8.1
add address=192.168.9.0/24 gateway=192.168.9.1
add address=192.168.10.0/24 gateway=192.168.10.1
add address=192.168.11.0/24 gateway=192.168.11.1
add address=192.168.12.0/24 gateway=192.168.12.1
add address=192.168.13.0/24 gateway=192.168.13.1
add address=192.168.14.0/24 gateway=192.168.14.1
add address=192.168.15.0/24 gateway=192.168.15.1
add address=192.168.16.0/24 gateway=192.168.16.1
add address=192.168.17.0/24 gateway=192.168.17.1
add address=192.168.18.0/24 gateway=192.168.18.1
add address=192.168.19.0/24 gateway=192.168.19.1
add address=192.168.20.0/24 gateway=192.168.20.1
add address=192.168.21.0/24 gateway=192.168.21.1
add address=192.168.22.0/24 gateway=192.168.22.1
add address=192.168.23.0/24 gateway=192.168.23.1
add address=192.168.24.0/24 gateway=192.168.24.1
/ip dns
set allow-remote-requests=yes
/ip firewall filter
add chain=input connection-state=established,related
add chain=input protocol=icmp
add chain=input dst-port=53 in-interface=!ether1 protocol=tcp
add chain=input dst-port=53 in-interface=!ether1 protocol=udp
add action=drop chain=input
add action=fasttrack-connection chain=forward connection-state=established,related
add chain=forward connection-state=established,related
add chain=forward out-interface=ether1
add action=drop chain=forward
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1 to-addresses=217.11.241.187
/ip route
add distance=1 gateway=217.11.241.190
/system clock
set time-zone-name=Europe/Prague
/system routerboard settings
set protected-routerboot=disabled
Re: CRS125-24G-IN firmware 6.39
I have nothing to say except that it works like a charm! LIV2, you have my thanks, you saved me a lot of time and digging arround. This CRS125-24G-IN is worth every penny device. Thanks again!
R.
R.
Re: CRS125-24G-IN firmware 6.39
Well, for some reason the last octel of ethers does not work - no DHCP, no internet if manual assigning. Any idea? ether2-16 works fine, ether 17-24 silent.
R.
R.
Re: CRS125-24G-IN firmware 6.39
I was a bit curious whether new firmware can help all the VLAN working so I upgraded manually to version
[admin@MikroTik] > export
# feb/07/2018 20:18:37 by RouterOS 6.41.1
# software id = EPQU-RFSN
#
# model = CRS125-24G-1S
and the VLANs completelly have stopped working with previous configuration. Router / switch config works fine but in case of VLANs - I have to see how to fix
the VLAN config you gave me.
R.
[admin@MikroTik] > export
# feb/07/2018 20:18:37 by RouterOS 6.41.1
# software id = EPQU-RFSN
#
# model = CRS125-24G-1S
and the VLANs completelly have stopped working with previous configuration. Router / switch config works fine but in case of VLANs - I have to see how to fix
the VLAN config you gave me.
R.
Re: CRS125-24G-IN firmware 6.39
That's weird, all the ports should have worked, perhaps there is something wrong with the hardware?
You could try resetting to defaults and see if you can get a lease on the higher ports. the default config places every port in the same vlan with a dhcp server configured to hand out addresses on the 192.168.88.0/24 subnet.
With 6.41+ the config will have slightly changed, instead of using "master-port" every port will be part of a bridge under /interface bridge and ports will be under /interface bridge ports
All the VLANs should have their interface set to the bridge interface, other than that the config should mostly be the same
Can you attach the current config? it's possible that the migration to the new style didn't work properly
You could try resetting to defaults and see if you can get a lease on the higher ports. the default config places every port in the same vlan with a dhcp server configured to hand out addresses on the 192.168.88.0/24 subnet.
With 6.41+ the config will have slightly changed, instead of using "master-port" every port will be part of a bridge under /interface bridge and ports will be under /interface bridge ports
All the VLANs should have their interface set to the bridge interface, other than that the config should mostly be the same
Can you attach the current config? it's possible that the migration to the new style didn't work properly
Re: CRS125-24G-IN firmware 6.39
If I use your first config, all ports are working perfectly fine, if I use VLAN than 16 ports only for my hardware. Sure I can reset the device. There are several ways to reset it. Whitch way do you suggest for my case?
Re: CRS125-24G-IN firmware 6.39
With 6.41+ the config VLAN I did not experiment but the 6.35 VLAN config is refused and not working at all.
Re: CRS125-24G-IN firmware 6.39
Configuration as I understood changes. It works for ether2 only now, other ports are silent for some reason. I wanted to downgrade to 6.35 with master-port but Mikrotik says even if downgraded there is no more master port available and config has to be reworked. So I'm staying with my 6.41.1 version. Any idea why VLAN2 is working only??? other VLANs VLAN3-VLAN24 are silent now?
There must be something I still do not see because I'm newbie in VLAN.
[admin@MikroTik] > ping 192.168.3.1
SEQ HOST SIZE TTL TIME STATUS
0 192.168.3.1 56 64 0ms
1 192.168.3.1 56 64 0ms
2 192.168.3.1 56 64 0ms
sent=3 received=3 packet-loss=0% min-rtt=0ms avg-rtt=0ms max-rtt=0ms
[admin@MikroTik] > ping 192.168.24.1
SEQ HOST SIZE TTL TIME STATUS
0 192.168.24.1 56 64 0ms
1 192.168.24.1 56 64 0ms
sent=2 received=2 packet-loss=0% min-rtt=0ms avg-rtt=0ms max-rtt=0ms
[admin@MikroTik] > ping 192.168.2.1
SEQ HOST SIZE TTL TIME STATUS
0 192.168.2.1 56 64 0ms
1 192.168.2.1 56 64 0ms
sent=2 received=2 packet-loss=0% min-rtt=0ms avg-rtt=0ms max-rtt=0ms
CONFIG EXPORTED:
There must be something I still do not see because I'm newbie in VLAN.
[admin@MikroTik] > ping 192.168.3.1
SEQ HOST SIZE TTL TIME STATUS
0 192.168.3.1 56 64 0ms
1 192.168.3.1 56 64 0ms
2 192.168.3.1 56 64 0ms
sent=3 received=3 packet-loss=0% min-rtt=0ms avg-rtt=0ms max-rtt=0ms
[admin@MikroTik] > ping 192.168.24.1
SEQ HOST SIZE TTL TIME STATUS
0 192.168.24.1 56 64 0ms
1 192.168.24.1 56 64 0ms
sent=2 received=2 packet-loss=0% min-rtt=0ms avg-rtt=0ms max-rtt=0ms
[admin@MikroTik] > ping 192.168.2.1
SEQ HOST SIZE TTL TIME STATUS
0 192.168.2.1 56 64 0ms
1 192.168.2.1 56 64 0ms
sent=2 received=2 packet-loss=0% min-rtt=0ms avg-rtt=0ms max-rtt=0ms
CONFIG EXPORTED:
Code: Select all
[admin@MikroTik] > export
# feb/08/2018 19:27:46 by RouterOS 6.41.1
# software id = EPQU-RFSN
#
# model = CRS125-24G-1S
/interface bridge
add name=bridge1 protocol-mode=none
/interface vlan
add interface=ether2 name=VLAN2 vlan-id=2
add interface=ether2 name=VLAN3 vlan-id=3
add interface=ether2 name=VLAN4 vlan-id=4
add interface=ether2 name=VLAN5 vlan-id=5
add interface=ether2 name=VLAN6 vlan-id=6
add interface=ether2 name=VLAN7 vlan-id=7
add interface=ether2 name=VLAN8 vlan-id=8
add interface=ether2 name=VLAN9 vlan-id=9
add interface=ether2 name=VLAN10 vlan-id=10
add interface=ether2 name=VLAN11 vlan-id=11
add interface=ether2 name=VLAN12 vlan-id=12
add interface=ether2 name=VLAN13 vlan-id=13
add interface=ether2 name=VLAN14 vlan-id=14
add interface=ether2 name=VLAN15 vlan-id=15
add interface=ether2 name=VLAN16 vlan-id=16
add interface=ether2 name=VLAN17 vlan-id=17
add interface=ether2 name=VLAN18 vlan-id=18
add interface=ether2 name=VLAN19 vlan-id=19
add interface=ether2 name=VLAN20 vlan-id=20
add interface=ether2 name=VLAN21 vlan-id=21
add interface=ether2 name=VLAN22 vlan-id=22
add interface=ether2 name=VLAN23 vlan-id=23
add interface=ether2 name=VLAN24 vlan-id=24
/interface ethernet switch
set drop-if-invalid-or-src-port-not-member-of-vlan-on-ports="ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10,ether11,ether12,ether13,ether14,ether15,\
ether16,ether17,ether18,ether19,ether20,ether21,ether22,ether23,ether24,sfp1,switch1-cpu"
/ip pool
add name=VLAN2-pool ranges=192.168.2.2-192.168.2.254
add name=VLAN3-pool ranges=192.168.3.2-192.168.3.254
add name=VLAN4-pool ranges=192.168.4.2-192.168.4.254
add name=VLAN5-pool ranges=192.168.5.2-192.168.5.254
add name=VLAN6-pool ranges=192.168.6.2-192.168.6.254
add name=VLAN7-pool ranges=192.168.7.2-192.168.7.254
add name=VLAN8-pool ranges=192.168.8.2-192.168.8.254
add name=VLAN9-pool ranges=192.168.9.2-192.168.9.254
add name=VLAN10-pool ranges=192.168.10.2-192.168.10.254
add name=VLAN11-pool ranges=192.168.11.2-192.168.11.254
add name=VLAN12-pool ranges=192.168.12.2-192.168.12.254
add name=VLAN13-pool ranges=192.168.13.2-192.168.13.254
add name=VLAN14-pool ranges=192.168.14.2-192.168.14.254
add name=VLAN15-pool ranges=192.168.15.2-192.168.15.254
add name=VLAN16-pool ranges=192.168.16.2-192.168.16.254
add name=VLAN17-pool ranges=192.168.17.2-192.168.17.254
add name=VLAN18-pool ranges=192.168.18.2-192.168.18.254
add name=VLAN19-pool ranges=192.168.19.2-192.168.19.254
add name=VLAN20-pool ranges=192.168.20.2-192.168.20.254
add name=VLAN21-pool ranges=192.168.21.2-192.168.21.254
add name=VLAN22-pool ranges=192.168.22.2-192.168.22.254
add name=VLAN23-pool ranges=192.168.23.2-192.168.23.254
add name=VLAN24-pool ranges=192.168.24.2-192.168.24.254
/ip dhcp-server
add address-pool=VLAN2-pool disabled=no interface=VLAN2 name=dhcp1
add address-pool=VLAN3-pool disabled=no interface=VLAN3 name=dhcp2
add address-pool=VLAN4-pool disabled=no interface=VLAN4 name=dhcp3
add address-pool=VLAN5-pool disabled=no interface=VLAN5 name=dhcp4
add address-pool=VLAN6-pool disabled=no interface=VLAN6 name=dhcp5
add address-pool=VLAN7-pool disabled=no interface=VLAN7 name=dhcp6
add address-pool=VLAN8-pool disabled=no interface=VLAN8 name=dhcp7
add address-pool=VLAN9-pool disabled=no interface=VLAN9 name=dhcp8
add address-pool=VLAN10-pool disabled=no interface=VLAN10 name=dhcp9
add address-pool=VLAN11-pool disabled=no interface=VLAN11 name=dhcp10
add address-pool=VLAN12-pool disabled=no interface=VLAN12 name=dhcp11
add address-pool=VLAN13-pool disabled=no interface=VLAN13 name=dhcp12
add address-pool=VLAN14-pool disabled=no interface=VLAN14 name=dhcp13
add address-pool=VLAN15-pool disabled=no interface=VLAN15 name=dhcp14
add address-pool=VLAN16-pool disabled=no interface=VLAN16 name=dhcp15
add address-pool=VLAN17-pool disabled=no interface=VLAN17 name=dhcp16
add address-pool=VLAN18-pool disabled=no interface=VLAN18 name=dhcp17
add address-pool=VLAN19-pool disabled=no interface=VLAN19 name=dhcp18
add address-pool=VLAN20-pool disabled=no interface=VLAN20 name=dhcp19
add address-pool=VLAN21-pool disabled=no interface=VLAN21 name=dhcp20
add address-pool=VLAN22-pool disabled=no interface=VLAN22 name=dhcp21
add address-pool=VLAN23-pool disabled=no interface=VLAN23 name=dhcp22
add address-pool=VLAN24-pool disabled=no interface=VLAN24 name=dhcp23
/tool user-manager customer
set admin access=own-routers,own-users,own-profiles,own-limits,config-payment-gw
/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=ether6
add bridge=bridge1 interface=ether7
add bridge=bridge1 interface=ether8
add bridge=bridge1 interface=ether9
add bridge=bridge1 interface=ether10
add bridge=bridge1 interface=ether11
add bridge=bridge1 interface=ether12
add bridge=bridge1 interface=ether13
add bridge=bridge1 interface=ether14
add bridge=bridge1 interface=ether15
add bridge=bridge1 interface=ether16
add bridge=bridge1 interface=ether17
add bridge=bridge1 interface=ether18
add bridge=bridge1 interface=ether19
add bridge=bridge1 interface=ether20
add bridge=bridge1 interface=ether21
add bridge=bridge1 interface=ether22
add bridge=bridge1 interface=ether23
add bridge=bridge1 interface=ether24
add bridge=bridge1 interface=sfp1
/interface ethernet switch egress-vlan-tag
add tagged-ports=switch1-cpu vlan-id=2
add tagged-ports=switch1-cpu vlan-id=3
add tagged-ports=switch1-cpu vlan-id=4
add tagged-ports=switch1-cpu vlan-id=5
add tagged-ports=switch1-cpu vlan-id=6
add tagged-ports=switch1-cpu vlan-id=7
add tagged-ports=switch1-cpu vlan-id=8
add tagged-ports=switch1-cpu vlan-id=9
add tagged-ports=switch1-cpu vlan-id=10
add tagged-ports=switch1-cpu vlan-id=11
add tagged-ports=switch1-cpu vlan-id=12
add tagged-ports=switch1-cpu vlan-id=13
add tagged-ports=switch1-cpu vlan-id=14
add tagged-ports=switch1-cpu vlan-id=15
add tagged-ports=switch1-cpu vlan-id=16
add tagged-ports=switch1-cpu vlan-id=17
add tagged-ports=switch1-cpu vlan-id=18
add tagged-ports=switch1-cpu vlan-id=19
add tagged-ports=switch1-cpu vlan-id=20
add tagged-ports=switch1-cpu vlan-id=21
add tagged-ports=switch1-cpu vlan-id=22
add tagged-ports=switch1-cpu vlan-id=23
add tagged-ports=switch1-cpu vlan-id=24
/interface ethernet switch ingress-vlan-translation
add customer-vid=0 new-customer-vid=2 ports=ether2,switch1-cpu
add customer-vid=0 new-customer-vid=3 ports=ether3,switch1-cpu
add customer-vid=0 new-customer-vid=4 ports=ether4,switch1-cpu
add customer-vid=0 new-customer-vid=5 ports=ether5,switch1-cpu
add customer-vid=0 new-customer-vid=6 ports=ether6,switch1-cpu
add customer-vid=0 new-customer-vid=7 ports=ether7,switch1-cpu
add customer-vid=0 new-customer-vid=8 ports=ether8,switch1-cpu
add customer-vid=0 new-customer-vid=9 ports=ether9,switch1-cpu
add customer-vid=0 new-customer-vid=10 ports=ether10,switch1-cpu
add customer-vid=0 new-customer-vid=11 ports=ether11,switch1-cpu
add customer-vid=0 new-customer-vid=12 ports=ether12,switch1-cpu
add customer-vid=0 new-customer-vid=13 ports=ether13,switch1-cpu
add customer-vid=0 new-customer-vid=14 ports=ether14,switch1-cpu
add customer-vid=0 new-customer-vid=15 ports=ether15,switch1-cpu
add customer-vid=0 new-customer-vid=16 ports=ether16,switch1-cpu
add customer-vid=0 new-customer-vid=17 ports=ether17,switch1-cpu
add customer-vid=0 new-customer-vid=18 ports=ether18,switch1-cpu
add customer-vid=0 new-customer-vid=19 ports=ether19,switch1-cpu
add customer-vid=0 new-customer-vid=20 ports=ether20,switch1-cpu
add customer-vid=0 new-customer-vid=21 ports=ether21,switch1-cpu
add customer-vid=0 new-customer-vid=22 ports=ether22,switch1-cpu
add customer-vid=0 new-customer-vid=23 ports=ether23,switch1-cpu
add customer-vid=0 new-customer-vid=24 ports=ether24,switch1-cpu
/interface ethernet switch vlan
add ports=ether2,switch1-cpu vlan-id=2
add ports=ether3,switch1-cpu vlan-id=3
add ports=ether4,switch1-cpu vlan-id=4
add ports=ether5,switch1-cpu vlan-id=5
add ports=ether6,switch1-cpu vlan-id=6
add ports=ether7,switch1-cpu vlan-id=7
add ports=ether8,switch1-cpu vlan-id=8
add ports=ether9,switch1-cpu vlan-id=9
add ports=ether10,switch1-cpu vlan-id=10
add ports=ether11,switch1-cpu vlan-id=11
add ports=ether12,switch1-cpu vlan-id=12
add ports=ether13,switch1-cpu vlan-id=13
add ports=ether14,switch1-cpu vlan-id=14
add ports=ether15,switch1-cpu vlan-id=15
add ports=ether16,switch1-cpu vlan-id=16
add ports=ether17,switch1-cpu vlan-id=17
add ports=ether18,switch1-cpu vlan-id=18
add ports=ether19,switch1-cpu vlan-id=19
add ports=ether20,switch1-cpu vlan-id=20
add ports=ether21,switch1-cpu vlan-id=21
add ports=ether22,switch1-cpu vlan-id=22
add ports=ether23,switch1-cpu vlan-id=23
add ports=ether24,switch1-cpu vlan-id=24
/ip address
add address=217.11.241.187/29 interface=ether1 network=217.11.241.184
add address=192.168.2.1/24 interface=VLAN2 network=192.168.2.0
add address=192.168.3.1/24 interface=VLAN3 network=192.168.3.0
add address=192.168.4.1/24 interface=VLAN4 network=192.168.4.0
add address=192.168.5.1/24 interface=VLAN5 network=192.168.5.0
add address=192.168.6.1/24 interface=VLAN6 network=192.168.6.0
add address=192.168.7.1/24 interface=VLAN7 network=192.168.7.0
add address=192.168.8.1/24 interface=VLAN8 network=192.168.8.0
add address=192.168.9.1/24 interface=VLAN9 network=192.168.9.0
add address=192.168.10.1/24 interface=VLAN10 network=192.168.10.0
add address=192.168.11.1/24 interface=VLAN11 network=192.168.11.0
add address=192.168.12.1/24 interface=VLAN12 network=192.168.12.0
add address=192.168.13.1/24 interface=VLAN13 network=192.168.13.0
add address=192.168.14.1/24 interface=VLAN14 network=192.168.14.0
add address=192.168.15.1/24 interface=VLAN15 network=192.168.15.0
add address=192.168.16.1/24 interface=VLAN16 network=192.168.16.0
add address=192.168.17.1/24 interface=VLAN17 network=192.168.17.0
add address=192.168.18.1/24 interface=VLAN18 network=192.168.18.0
add address=192.168.19.1/24 interface=VLAN19 network=192.168.19.0
add address=192.168.20.1/24 interface=VLAN20 network=192.168.20.0
add address=192.168.21.1/24 interface=VLAN21 network=192.168.21.0
add address=192.168.22.1/24 interface=VLAN22 network=192.168.22.0
add address=192.168.23.1/24 interface=VLAN23 network=192.168.23.0
add address=192.168.24.1/24 interface=VLAN24 network=192.168.24.0
/ip dhcp-server network
add address=192.168.2.0/24 gateway=192.168.2.1
add address=192.168.3.0/24 gateway=192.168.3.1
add address=192.168.4.0/24 gateway=192.168.4.1
add address=192.168.5.0/24 gateway=192.168.5.1
add address=192.168.6.0/24 gateway=192.168.6.1
add address=192.168.7.0/24 gateway=192.168.7.1
add address=192.168.8.0/24 gateway=192.168.8.1
add address=192.168.9.0/24 gateway=192.168.9.1
add address=192.168.10.0/24 gateway=192.168.10.1
add address=192.168.11.0/24 gateway=192.168.11.1
add address=192.168.12.0/24 gateway=192.168.12.1
add address=192.168.13.0/24 gateway=192.168.13.1
add address=192.168.14.0/24 gateway=192.168.14.1
add address=192.168.15.0/24 gateway=192.168.15.1
add address=192.168.16.0/24 gateway=192.168.16.1
add address=192.168.17.0/24 gateway=192.168.17.1
add address=192.168.18.0/24 gateway=192.168.18.1
add address=192.168.19.0/24 gateway=192.168.19.1
add address=192.168.20.0/24 gateway=192.168.20.1
add address=192.168.21.0/24 gateway=192.168.21.1
add address=192.168.22.0/24 gateway=192.168.22.1
add address=192.168.23.0/24 gateway=192.168.23.1
add address=192.168.24.0/24 gateway=192.168.24.1
/ip dns
set allow-remote-requests=yes
/ip firewall filter
add chain=input connection-state=established,related
add chain=input protocol=icmp
add chain=input dst-port=53 in-interface=!ether1 protocol=tcp
add chain=input dst-port=53 in-interface=!ether1 protocol=udp
add action=drop chain=input
add action=fasttrack-connection chain=forward connection-state=established,related
add chain=forward connection-state=established,related
add chain=forward out-interface=ether1
add action=drop chain=forward
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1 to-addresses=217.11.241.187
/ip route
add distance=1 gateway=217.11.241.190
/system clock
set time-zone-name=Europe/Prague
/tool user-manager database
set db-path=user-manager
Last edited by digitec on Fri Feb 09, 2018 12:47 am, edited 1 time in total.
Re: CRS125-24G-IN firmware 6.39
OK, it works now, I had all VLAN id leading to ether2. Still there is my problem of 16 ports working for VLANs resp. ether 1-16 are doing fine, ether 17-24 are still silent means that the problem I'm encountering is not related to firmware version...
Code: Select all
[admin@MikroTik] > export
# jan/01/2002 02:02:46 by RouterOS 6.41.1
# software id = EPQU-RFSN
#
# model = CRS125-24G-1S
/interface bridge
add name=bridge1 protocol-mode=none
/interface vlan
add interface=ether2 name=VLAN2 vlan-id=2
add interface=ether3 name=VLAN3 vlan-id=3
add interface=ether4 name=VLAN4 vlan-id=4
add interface=ether5 name=VLAN5 vlan-id=5
add interface=ether6 name=VLAN6 vlan-id=6
add interface=ether7 name=VLAN7 vlan-id=7
add interface=ether8 name=VLAN8 vlan-id=8
add interface=ether9 name=VLAN9 vlan-id=9
add interface=ether10 name=VLAN10 vlan-id=10
add interface=ether11 name=VLAN11 vlan-id=11
add interface=ether12 name=VLAN12 vlan-id=12
add interface=ether13 name=VLAN13 vlan-id=13
add interface=ether14 name=VLAN14 vlan-id=14
add interface=ether15 name=VLAN15 vlan-id=15
add interface=ether16 name=VLAN16 vlan-id=16
add interface=ether17 name=VLAN17 vlan-id=17
add interface=ether18 name=VLAN18 vlan-id=18
add interface=ether19 name=VLAN19 vlan-id=19
add interface=ether20 name=VLAN20 vlan-id=20
add interface=ether21 name=VLAN21 vlan-id=21
add interface=ether22 name=VLAN22 vlan-id=22
add interface=ether23 name=VLAN23 vlan-id=23
add interface=ether24 name=VLAN24 vlan-id=24
/interface ethernet switch
set drop-if-invalid-or-src-port-not-member-of-vlan-on-ports="ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10,ether11,ether12,ether13,ether14,ether15,\
ether16,ether17,ether18,ether19,ether20,ether21,ether22,ether23,ether24,sfp1,switch1-cpu"
/ip pool
add name=VLAN2-pool ranges=192.168.2.2-192.168.2.254
add name=VLAN3-pool ranges=192.168.3.2-192.168.3.254
add name=VLAN4-pool ranges=192.168.4.2-192.168.4.254
add name=VLAN5-pool ranges=192.168.5.2-192.168.5.254
add name=VLAN6-pool ranges=192.168.6.2-192.168.6.254
add name=VLAN7-pool ranges=192.168.7.2-192.168.7.254
add name=VLAN8-pool ranges=192.168.8.2-192.168.8.254
add name=VLAN9-pool ranges=192.168.9.2-192.168.9.254
add name=VLAN10-pool ranges=192.168.10.2-192.168.10.254
add name=VLAN11-pool ranges=192.168.11.2-192.168.11.254
add name=VLAN12-pool ranges=192.168.12.2-192.168.12.254
add name=VLAN13-pool ranges=192.168.13.2-192.168.13.254
add name=VLAN14-pool ranges=192.168.14.2-192.168.14.254
add name=VLAN15-pool ranges=192.168.15.2-192.168.15.254
add name=VLAN16-pool ranges=192.168.16.2-192.168.16.254
add name=VLAN17-pool ranges=192.168.17.2-192.168.17.254
add name=VLAN18-pool ranges=192.168.18.2-192.168.18.254
add name=VLAN19-pool ranges=192.168.19.2-192.168.19.254
add name=VLAN20-pool ranges=192.168.20.2-192.168.20.254
add name=VLAN21-pool ranges=192.168.21.2-192.168.21.254
add name=VLAN22-pool ranges=192.168.22.2-192.168.22.254
add name=VLAN23-pool ranges=192.168.23.2-192.168.23.254
add name=VLAN24-pool ranges=192.168.24.2-192.168.24.254
/ip dhcp-server
add address-pool=VLAN2-pool disabled=no interface=VLAN2 name=dhcp1
add address-pool=VLAN3-pool disabled=no interface=VLAN3 name=dhcp2
add address-pool=VLAN4-pool disabled=no interface=VLAN4 name=dhcp3
add address-pool=VLAN5-pool disabled=no interface=VLAN5 name=dhcp4
add address-pool=VLAN6-pool disabled=no interface=VLAN6 name=dhcp5
add address-pool=VLAN7-pool disabled=no interface=VLAN7 name=dhcp6
add address-pool=VLAN8-pool disabled=no interface=VLAN8 name=dhcp7
add address-pool=VLAN9-pool disabled=no interface=VLAN9 name=dhcp8
add address-pool=VLAN10-pool disabled=no interface=VLAN10 name=dhcp9
add address-pool=VLAN11-pool disabled=no interface=VLAN11 name=dhcp10
add address-pool=VLAN12-pool disabled=no interface=VLAN12 name=dhcp11
add address-pool=VLAN13-pool disabled=no interface=VLAN13 name=dhcp12
add address-pool=VLAN14-pool disabled=no interface=VLAN14 name=dhcp13
add address-pool=VLAN15-pool disabled=no interface=VLAN15 name=dhcp14
add address-pool=VLAN16-pool disabled=no interface=VLAN16 name=dhcp15
add address-pool=VLAN17-pool disabled=no interface=VLAN17 name=dhcp16
add address-pool=VLAN18-pool disabled=no interface=VLAN18 name=dhcp17
add address-pool=VLAN19-pool disabled=no interface=VLAN19 name=dhcp18
add address-pool=VLAN20-pool disabled=no interface=VLAN20 name=dhcp19
add address-pool=VLAN21-pool disabled=no interface=VLAN21 name=dhcp20
add address-pool=VLAN22-pool disabled=no interface=VLAN22 name=dhcp21
add address-pool=VLAN23-pool disabled=no interface=VLAN23 name=dhcp22
add address-pool=VLAN24-pool disabled=no interface=VLAN24 name=dhcp23
/tool user-manager customer
set admin access=own-routers,own-users,own-profiles,own-limits,config-payment-gw
/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=ether6
add bridge=bridge1 interface=ether7
add bridge=bridge1 interface=ether8
add bridge=bridge1 interface=ether9
add bridge=bridge1 interface=ether10
add bridge=bridge1 interface=ether11
add bridge=bridge1 interface=ether12
add bridge=bridge1 interface=ether13
add bridge=bridge1 interface=ether14
add bridge=bridge1 interface=ether15
add bridge=bridge1 interface=ether16
add bridge=bridge1 interface=ether17
add bridge=bridge1 interface=ether18
add bridge=bridge1 interface=ether19
add bridge=bridge1 interface=ether20
add bridge=bridge1 interface=ether21
add bridge=bridge1 interface=ether22
add bridge=bridge1 interface=ether23
add bridge=bridge1 interface=ether24
add bridge=bridge1 interface=sfp1
/interface ethernet switch egress-vlan-tag
add tagged-ports=switch1-cpu vlan-id=2
add tagged-ports=switch1-cpu vlan-id=3
add tagged-ports=switch1-cpu vlan-id=4
add tagged-ports=switch1-cpu vlan-id=5
add tagged-ports=switch1-cpu vlan-id=6
add tagged-ports=switch1-cpu vlan-id=7
add tagged-ports=switch1-cpu vlan-id=8
add tagged-ports=switch1-cpu vlan-id=9
add tagged-ports=switch1-cpu vlan-id=10
add tagged-ports=switch1-cpu vlan-id=11
add tagged-ports=switch1-cpu vlan-id=12
add tagged-ports=switch1-cpu vlan-id=13
add tagged-ports=switch1-cpu vlan-id=14
add tagged-ports=switch1-cpu vlan-id=15
add tagged-ports=switch1-cpu vlan-id=16
add tagged-ports=switch1-cpu vlan-id=17
add tagged-ports=switch1-cpu vlan-id=18
add tagged-ports=switch1-cpu vlan-id=19
add tagged-ports=switch1-cpu vlan-id=20
add tagged-ports=switch1-cpu vlan-id=21
add tagged-ports=switch1-cpu vlan-id=22
add tagged-ports=switch1-cpu vlan-id=23
add tagged-ports=switch1-cpu vlan-id=24
/interface ethernet switch ingress-vlan-translation
add customer-vid=0 new-customer-vid=2 ports=ether2,switch1-cpu
add customer-vid=0 new-customer-vid=3 ports=ether3,switch1-cpu
add customer-vid=0 new-customer-vid=4 ports=ether4,switch1-cpu
add customer-vid=0 new-customer-vid=5 ports=ether5,switch1-cpu
add customer-vid=0 new-customer-vid=6 ports=ether6,switch1-cpu
add customer-vid=0 new-customer-vid=7 ports=ether7,switch1-cpu
add customer-vid=0 new-customer-vid=8 ports=ether8,switch1-cpu
add customer-vid=0 new-customer-vid=9 ports=ether9,switch1-cpu
add customer-vid=0 new-customer-vid=10 ports=ether10,switch1-cpu
add customer-vid=0 new-customer-vid=11 ports=ether11,switch1-cpu
add customer-vid=0 new-customer-vid=12 ports=ether12,switch1-cpu
add customer-vid=0 new-customer-vid=13 ports=ether13,switch1-cpu
add customer-vid=0 new-customer-vid=14 ports=ether14,switch1-cpu
add customer-vid=0 new-customer-vid=15 ports=ether15,switch1-cpu
add customer-vid=0 new-customer-vid=16 ports=ether16,switch1-cpu
add customer-vid=0 new-customer-vid=17 ports=ether17,switch1-cpu
add customer-vid=0 new-customer-vid=18 ports=ether18,switch1-cpu
add customer-vid=0 new-customer-vid=19 ports=ether19,switch1-cpu
add customer-vid=0 new-customer-vid=20 ports=ether20,switch1-cpu
add customer-vid=0 new-customer-vid=21 ports=ether21,switch1-cpu
add customer-vid=0 new-customer-vid=22 ports=ether22,switch1-cpu
add customer-vid=0 new-customer-vid=23 ports=ether23,switch1-cpu
add customer-vid=0 new-customer-vid=24 ports=ether24,switch1-cpu
/interface ethernet switch vlan
add ports=ether2,switch1-cpu vlan-id=2
add ports=ether3,switch1-cpu vlan-id=3
add ports=ether4,switch1-cpu vlan-id=4
add ports=ether5,switch1-cpu vlan-id=5
add ports=ether6,switch1-cpu vlan-id=6
add ports=ether7,switch1-cpu vlan-id=7
add ports=ether8,switch1-cpu vlan-id=8
add ports=ether9,switch1-cpu vlan-id=9
add ports=ether10,switch1-cpu vlan-id=10
add ports=ether11,switch1-cpu vlan-id=11
add ports=ether12,switch1-cpu vlan-id=12
add ports=ether13,switch1-cpu vlan-id=13
add ports=ether14,switch1-cpu vlan-id=14
add ports=ether15,switch1-cpu vlan-id=15
add ports=ether16,switch1-cpu vlan-id=16
add ports=ether17,switch1-cpu vlan-id=17
add ports=ether18,switch1-cpu vlan-id=18
add ports=ether19,switch1-cpu vlan-id=19
add ports=ether20,switch1-cpu vlan-id=20
add ports=ether21,switch1-cpu vlan-id=21
add ports=ether22,switch1-cpu vlan-id=22
add ports=ether23,switch1-cpu vlan-id=23
add ports=ether24,switch1-cpu vlan-id=24
/ip address
add address=217.11.241.187/29 interface=ether1 network=217.11.241.184
add address=192.168.2.1/24 interface=VLAN2 network=192.168.2.0
add address=192.168.3.1/24 interface=VLAN3 network=192.168.3.0
add address=192.168.4.1/24 interface=VLAN4 network=192.168.4.0
add address=192.168.5.1/24 interface=VLAN5 network=192.168.5.0
add address=192.168.6.1/24 interface=VLAN6 network=192.168.6.0
add address=192.168.7.1/24 interface=VLAN7 network=192.168.7.0
add address=192.168.8.1/24 interface=VLAN8 network=192.168.8.0
add address=192.168.9.1/24 interface=VLAN9 network=192.168.9.0
add address=192.168.10.1/24 interface=VLAN10 network=192.168.10.0
add address=192.168.11.1/24 interface=VLAN11 network=192.168.11.0
add address=192.168.12.1/24 interface=VLAN12 network=192.168.12.0
add address=192.168.13.1/24 interface=VLAN13 network=192.168.13.0
add address=192.168.14.1/24 interface=VLAN14 network=192.168.14.0
add address=192.168.15.1/24 interface=VLAN15 network=192.168.15.0
add address=192.168.16.1/24 interface=VLAN16 network=192.168.16.0
add address=192.168.17.1/24 interface=VLAN17 network=192.168.17.0
add address=192.168.18.1/24 interface=VLAN18 network=192.168.18.0
add address=192.168.19.1/24 interface=VLAN19 network=192.168.19.0
add address=192.168.20.1/24 interface=VLAN20 network=192.168.20.0
add address=192.168.21.1/24 interface=VLAN21 network=192.168.21.0
add address=192.168.22.1/24 interface=VLAN22 network=192.168.22.0
add address=192.168.23.1/24 interface=VLAN23 network=192.168.23.0
add address=192.168.24.1/24 interface=VLAN24 network=192.168.24.0
/ip dhcp-server network
add address=192.168.2.0/24 gateway=192.168.2.1
add address=192.168.3.0/24 gateway=192.168.3.1
add address=192.168.4.0/24 gateway=192.168.4.1
add address=192.168.5.0/24 gateway=192.168.5.1
add address=192.168.6.0/24 gateway=192.168.6.1
add address=192.168.7.0/24 gateway=192.168.7.1
add address=192.168.8.0/24 gateway=192.168.8.1
add address=192.168.9.0/24 gateway=192.168.9.1
add address=192.168.10.0/24 gateway=192.168.10.1
add address=192.168.11.0/24 gateway=192.168.11.1
add address=192.168.12.0/24 gateway=192.168.12.1
add address=192.168.13.0/24 gateway=192.168.13.1
add address=192.168.14.0/24 gateway=192.168.14.1
add address=192.168.15.0/24 gateway=192.168.15.1
add address=192.168.16.0/24 gateway=192.168.16.1
add address=192.168.17.0/24 gateway=192.168.17.1
add address=192.168.18.0/24 gateway=192.168.18.1
add address=192.168.19.0/24 gateway=192.168.19.1
add address=192.168.20.0/24 gateway=192.168.20.1
add address=192.168.21.0/24 gateway=192.168.21.1
add address=192.168.22.0/24 gateway=192.168.22.1
add address=192.168.23.0/24 gateway=192.168.23.1
add address=192.168.24.0/24 gateway=192.168.24.1
/ip dns
set allow-remote-requests=yes
/ip firewall filter
add chain=input connection-state=established,related
add chain=input protocol=icmp
add chain=input dst-port=53 in-interface=!ether1 protocol=tcp
add chain=input dst-port=53 in-interface=!ether1 protocol=udp
add action=drop chain=input
add action=fasttrack-connection chain=forward connection-state=established,related
add chain=forward connection-state=established,related
add chain=forward out-interface=ether1
add action=drop chain=forward
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1 to-addresses=217.11.241.187
/ip route
add distance=1 gateway=217.11.241.190
/system clock
set time-zone-name=Europe/Prague
/tool user-manager database
set db-path=user-manager
Last edited by digitec on Fri Feb 09, 2018 12:45 am, edited 1 time in total.
Re: CRS125-24G-IN firmware 6.39
Sucks about ports 17 and up 
Re: VLANs I'm surprised. when you upgraded to 6.41 it should've modified their interface parameter automatically, I'm also suprised setting them to the physical port actually works too because usually with a bridge you need to set the vlan's interface to the bridge.
CRS's are weird switches
I hope you can get a replacement switch soon!
Re: VLANs I'm surprised. when you upgraded to 6.41 it should've modified their interface parameter automatically, I'm also suprised setting them to the physical port actually works too because usually with a bridge you need to set the vlan's interface to the bridge.
CRS's are weird switches
I hope you can get a replacement switch soon!
Re: CRS125-24G-IN firmware 6.39
Well I have changed config just to be sure my ports ether17-24 are physically correct (not HW damaged or HW related problem) and I used ether24 for WAN (internet) and let ether1 working as VLAN1, the starnge thing is that now I can work from ether24 correctly but ether1 as VLAN1 is silent, but VLAN2 as ether2 is working fine. What could this be? It seems to me there could be maximum 15 x VLAN limit that is strange. Perhaps someone can find why my CRS125 is 15 x VLAN capable only. Right now VLAN2-VLAN16 are working well, VLAN1, VLAN17-23 are silent now and ether24 works fine as WAN (internet) interface.
Code: Select all
[admin@MikroTik] > export
# jan/01/2002 02:06:49 by RouterOS 6.41.1
# software id = EPQU-RFSN
#
# model = CRS125-24G-1S
/interface bridge
add name=bridge1 protocol-mode=none
/interface vlan
add interface=ether1 name=VLAN1 vlan-id=1
add interface=ether2 name=VLAN2 vlan-id=2
add interface=ether3 name=VLAN3 vlan-id=3
add interface=ether4 name=VLAN4 vlan-id=4
add interface=ether5 name=VLAN5 vlan-id=5
add interface=ether6 name=VLAN6 vlan-id=6
add interface=ether7 name=VLAN7 vlan-id=7
add interface=ether8 name=VLAN8 vlan-id=8
add interface=ether9 name=VLAN9 vlan-id=9
add interface=ether10 name=VLAN10 vlan-id=10
add interface=ether11 name=VLAN11 vlan-id=11
add interface=ether12 name=VLAN12 vlan-id=12
add interface=ether13 name=VLAN13 vlan-id=13
add interface=ether14 name=VLAN14 vlan-id=14
add interface=ether15 name=VLAN15 vlan-id=15
add interface=ether16 name=VLAN16 vlan-id=16
add interface=ether17 name=VLAN17 vlan-id=17
add interface=ether18 name=VLAN18 vlan-id=18
add interface=ether19 name=VLAN19 vlan-id=19
add interface=ether20 name=VLAN20 vlan-id=20
add interface=ether21 name=VLAN21 vlan-id=21
add interface=ether22 name=VLAN22 vlan-id=22
add interface=ether23 name=VLAN23 vlan-id=23
/interface ethernet switch
set drop-if-invalid-or-src-port-not-member-of-vlan-on-ports="ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10,ether11,ether12,ether13,ether14,ether15,\
ether16,ether17,ether18,ether19,ether20,ether21,ether22,ether23,ether24,sfp1,switch1-cpu"
/ip pool
add name=VLAN2-pool ranges=192.168.2.2-192.168.2.254
add name=VLAN3-pool ranges=192.168.3.2-192.168.3.254
add name=VLAN4-pool ranges=192.168.4.2-192.168.4.254
add name=VLAN5-pool ranges=192.168.5.2-192.168.5.254
add name=VLAN6-pool ranges=192.168.6.2-192.168.6.254
add name=VLAN7-pool ranges=192.168.7.2-192.168.7.254
add name=VLAN8-pool ranges=192.168.8.2-192.168.8.254
add name=VLAN9-pool ranges=192.168.9.2-192.168.9.254
add name=VLAN10-pool ranges=192.168.10.2-192.168.10.254
add name=VLAN11-pool ranges=192.168.11.2-192.168.11.254
add name=VLAN12-pool ranges=192.168.12.2-192.168.12.254
add name=VLAN13-pool ranges=192.168.13.2-192.168.13.254
add name=VLAN14-pool ranges=192.168.14.2-192.168.14.254
add name=VLAN15-pool ranges=192.168.15.2-192.168.15.254
add name=VLAN16-pool ranges=192.168.16.2-192.168.16.254
add name=VLAN17-pool ranges=192.168.17.2-192.168.17.254
add name=VLAN18-pool ranges=192.168.18.2-192.168.18.254
add name=VLAN19-pool ranges=192.168.19.2-192.168.19.254
add name=VLAN20-pool ranges=192.168.20.2-192.168.20.254
add name=VLAN21-pool ranges=192.168.21.2-192.168.21.254
add name=VLAN22-pool ranges=192.168.22.2-192.168.22.254
add name=VLAN23-pool ranges=192.168.23.2-192.168.23.254
add name=VLAN1-pool ranges=192.168.1.2-192.168.1.254
/ip dhcp-server
add address-pool=VLAN2-pool disabled=no interface=VLAN2 name=dhcp1
add address-pool=VLAN3-pool disabled=no interface=VLAN3 name=dhcp2
add address-pool=VLAN4-pool disabled=no interface=VLAN4 name=dhcp3
add address-pool=VLAN5-pool disabled=no interface=VLAN5 name=dhcp4
add address-pool=VLAN6-pool disabled=no interface=VLAN6 name=dhcp5
add address-pool=VLAN7-pool disabled=no interface=VLAN7 name=dhcp6
add address-pool=VLAN8-pool disabled=no interface=VLAN8 name=dhcp7
add address-pool=VLAN9-pool disabled=no interface=VLAN9 name=dhcp8
add address-pool=VLAN10-pool disabled=no interface=VLAN10 name=dhcp9
add address-pool=VLAN11-pool disabled=no interface=VLAN11 name=dhcp10
add address-pool=VLAN12-pool disabled=no interface=VLAN12 name=dhcp11
add address-pool=VLAN13-pool disabled=no interface=VLAN13 name=dhcp12
add address-pool=VLAN14-pool disabled=no interface=VLAN14 name=dhcp13
add address-pool=VLAN15-pool disabled=no interface=VLAN15 name=dhcp14
add address-pool=VLAN16-pool disabled=no interface=VLAN16 name=dhcp15
add address-pool=VLAN17-pool disabled=no interface=VLAN17 name=dhcp16
add address-pool=VLAN18-pool disabled=no interface=VLAN18 name=dhcp17
add address-pool=VLAN19-pool disabled=no interface=VLAN19 name=dhcp18
add address-pool=VLAN20-pool disabled=no interface=VLAN20 name=dhcp19
add address-pool=VLAN21-pool disabled=no interface=VLAN21 name=dhcp20
add address-pool=VLAN22-pool disabled=no interface=VLAN22 name=dhcp21
add address-pool=VLAN23-pool disabled=no interface=VLAN23 name=dhcp22
add address-pool=VLAN1-pool disabled=no interface=VLAN1 name=dhcp23
/tool user-manager customer
set admin access=own-routers,own-users,own-profiles,own-limits,config-payment-gw
/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=ether6
add bridge=bridge1 interface=ether7
add bridge=bridge1 interface=ether8
add bridge=bridge1 interface=ether9
add bridge=bridge1 interface=ether10
add bridge=bridge1 interface=ether11
add bridge=bridge1 interface=ether12
add bridge=bridge1 interface=ether13
add bridge=bridge1 interface=ether14
add bridge=bridge1 interface=ether15
add bridge=bridge1 interface=ether16
add bridge=bridge1 interface=ether17
add bridge=bridge1 interface=ether18
add bridge=bridge1 interface=ether19
add bridge=bridge1 interface=ether20
add bridge=bridge1 interface=ether21
add bridge=bridge1 interface=ether22
add bridge=bridge1 interface=ether23
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=sfp1
/interface ethernet switch egress-vlan-tag
add tagged-ports=switch1-cpu vlan-id=2
add tagged-ports=switch1-cpu vlan-id=3
add tagged-ports=switch1-cpu vlan-id=4
add tagged-ports=switch1-cpu vlan-id=5
add tagged-ports=switch1-cpu vlan-id=6
add tagged-ports=switch1-cpu vlan-id=7
add tagged-ports=switch1-cpu vlan-id=8
add tagged-ports=switch1-cpu vlan-id=9
add tagged-ports=switch1-cpu vlan-id=10
add tagged-ports=switch1-cpu vlan-id=11
add tagged-ports=switch1-cpu vlan-id=12
add tagged-ports=switch1-cpu vlan-id=13
add tagged-ports=switch1-cpu vlan-id=14
add tagged-ports=switch1-cpu vlan-id=15
add tagged-ports=switch1-cpu vlan-id=16
add tagged-ports=switch1-cpu vlan-id=17
add tagged-ports=switch1-cpu vlan-id=18
add tagged-ports=switch1-cpu vlan-id=19
add tagged-ports=switch1-cpu vlan-id=20
add tagged-ports=switch1-cpu vlan-id=21
add tagged-ports=switch1-cpu vlan-id=22
add tagged-ports=switch1-cpu vlan-id=23
add tagged-ports=switch1-cpu vlan-id=1
/interface ethernet switch ingress-vlan-translation
add customer-vid=0 new-customer-vid=2 ports=ether2,switch1-cpu
add customer-vid=0 new-customer-vid=3 ports=ether3,switch1-cpu
add customer-vid=0 new-customer-vid=4 ports=ether4,switch1-cpu
add customer-vid=0 new-customer-vid=5 ports=ether5,switch1-cpu
add customer-vid=0 new-customer-vid=6 ports=ether6,switch1-cpu
add customer-vid=0 new-customer-vid=7 ports=ether7,switch1-cpu
add customer-vid=0 new-customer-vid=8 ports=ether8,switch1-cpu
add customer-vid=0 new-customer-vid=9 ports=ether9,switch1-cpu
add customer-vid=0 new-customer-vid=10 ports=ether10,switch1-cpu
add customer-vid=0 new-customer-vid=11 ports=ether11,switch1-cpu
add customer-vid=0 new-customer-vid=12 ports=ether12,switch1-cpu
add customer-vid=0 new-customer-vid=13 ports=ether13,switch1-cpu
add customer-vid=0 new-customer-vid=14 ports=ether14,switch1-cpu
add customer-vid=0 new-customer-vid=15 ports=ether15,switch1-cpu
add customer-vid=0 new-customer-vid=16 ports=ether16,switch1-cpu
add customer-vid=0 new-customer-vid=17 ports=ether17,switch1-cpu
add customer-vid=0 new-customer-vid=18 ports=ether18,switch1-cpu
add customer-vid=0 new-customer-vid=19 ports=ether19,switch1-cpu
add customer-vid=0 new-customer-vid=20 ports=ether20,switch1-cpu
add customer-vid=0 new-customer-vid=21 ports=ether21,switch1-cpu
add customer-vid=0 new-customer-vid=22 ports=ether22,switch1-cpu
add customer-vid=0 new-customer-vid=23 ports=ether23,switch1-cpu
add customer-vid=0 new-customer-vid=1 ports=ether1,switch1-cpu
/interface ethernet switch vlan
add ports=ether2,switch1-cpu vlan-id=2
add ports=ether3,switch1-cpu vlan-id=3
add ports=ether4,switch1-cpu vlan-id=4
add ports=ether5,switch1-cpu vlan-id=5
add ports=ether6,switch1-cpu vlan-id=6
add ports=ether7,switch1-cpu vlan-id=7
add ports=ether8,switch1-cpu vlan-id=8
add ports=ether9,switch1-cpu vlan-id=9
add ports=ether10,switch1-cpu vlan-id=10
add ports=ether11,switch1-cpu vlan-id=11
add ports=ether12,switch1-cpu vlan-id=12
add ports=ether13,switch1-cpu vlan-id=13
add ports=ether14,switch1-cpu vlan-id=14
add ports=ether15,switch1-cpu vlan-id=15
add ports=ether16,switch1-cpu vlan-id=16
add ports=ether17,switch1-cpu vlan-id=17
add ports=ether18,switch1-cpu vlan-id=18
add ports=ether19,switch1-cpu vlan-id=19
add ports=ether20,switch1-cpu vlan-id=20
add ports=ether21,switch1-cpu vlan-id=21
add ports=ether22,switch1-cpu vlan-id=22
add ports=ether23,switch1-cpu vlan-id=23
add ports=ether1,switch1-cpu vlan-id=1
/ip address
add address=217.11.241.187/29 interface=ether24 network=217.11.241.184
add address=192.168.2.1/24 interface=VLAN2 network=192.168.2.0
add address=192.168.3.1/24 interface=VLAN3 network=192.168.3.0
add address=192.168.4.1/24 interface=VLAN4 network=192.168.4.0
add address=192.168.5.1/24 interface=VLAN5 network=192.168.5.0
add address=192.168.6.1/24 interface=VLAN6 network=192.168.6.0
add address=192.168.7.1/24 interface=VLAN7 network=192.168.7.0
add address=192.168.8.1/24 interface=VLAN8 network=192.168.8.0
add address=192.168.9.1/24 interface=VLAN9 network=192.168.9.0
add address=192.168.10.1/24 interface=VLAN10 network=192.168.10.0
add address=192.168.11.1/24 interface=VLAN11 network=192.168.11.0
add address=192.168.12.1/24 interface=VLAN12 network=192.168.12.0
add address=192.168.13.1/24 interface=VLAN13 network=192.168.13.0
add address=192.168.14.1/24 interface=VLAN14 network=192.168.14.0
add address=192.168.15.1/24 interface=VLAN15 network=192.168.15.0
add address=192.168.16.1/24 interface=VLAN16 network=192.168.16.0
add address=192.168.17.1/24 interface=VLAN17 network=192.168.17.0
add address=192.168.18.1/24 interface=VLAN18 network=192.168.18.0
add address=192.168.19.1/24 interface=VLAN19 network=192.168.19.0
add address=192.168.20.1/24 interface=VLAN20 network=192.168.20.0
add address=192.168.21.1/24 interface=VLAN21 network=192.168.21.0
add address=192.168.22.1/24 interface=VLAN22 network=192.168.22.0
add address=192.168.23.1/24 interface=VLAN23 network=192.168.23.0
add address=192.168.1.1/24 interface=VLAN1 network=192.168.1.0
/ip dhcp-server network
add address=192.168.1.0/24 gateway=192.168.1.1
add address=192.168.2.0/24 gateway=192.168.2.1
add address=192.168.3.0/24 gateway=192.168.3.1
add address=192.168.4.0/24 gateway=192.168.4.1
add address=192.168.5.0/24 gateway=192.168.5.1
add address=192.168.6.0/24 gateway=192.168.6.1
add address=192.168.7.0/24 gateway=192.168.7.1
add address=192.168.8.0/24 gateway=192.168.8.1
add address=192.168.9.0/24 gateway=192.168.9.1
add address=192.168.10.0/24 gateway=192.168.10.1
add address=192.168.11.0/24 gateway=192.168.11.1
add address=192.168.12.0/24 gateway=192.168.12.1
add address=192.168.13.0/24 gateway=192.168.13.1
add address=192.168.14.0/24 gateway=192.168.14.1
add address=192.168.15.0/24 gateway=192.168.15.1
add address=192.168.16.0/24 gateway=192.168.16.1
add address=192.168.17.0/24 gateway=192.168.17.1
add address=192.168.18.0/24 gateway=192.168.18.1
add address=192.168.19.0/24 gateway=192.168.19.1
add address=192.168.20.0/24 gateway=192.168.20.1
add address=192.168.21.0/24 gateway=192.168.21.1
add address=192.168.22.0/24 gateway=192.168.22.1
add address=192.168.23.0/24 gateway=192.168.23.1
/ip dns
set allow-remote-requests=yes
/ip firewall filter
add chain=input connection-state=established,related
add chain=input protocol=icmp
add chain=input dst-port=53 in-interface=!ether24 protocol=tcp
add chain=input dst-port=53 in-interface=!ether24 protocol=udp
add action=drop chain=input
add action=fasttrack-connection chain=forward connection-state=established,related
add chain=forward connection-state=established,related
add chain=forward out-interface=ether24
add action=drop chain=forward
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether24 to-addresses=217.11.241.187
/ip route
add distance=1 gateway=217.11.241.190
/lcd interface pages
set 0 interfaces=ether24,sfp1
/system clock
set time-zone-name=Europe/Prague
/tool user-manager database
set db-path=user-manager
Last edited by digitec on Fri Feb 09, 2018 12:43 am, edited 1 time in total.
Re: CRS125-24G-IN firmware 6.39
Well, reading about https://wiki.mikrotik.com/wiki/Manual:I ... _Filtering Mikrotik VLAN filtering my friend assumed this could be the cause why it does not work as it should. I have followed manual and deleted previous SWITCH section in config and added BRIDGE1 filtering VLAN section. It works fine now. I'm glad my CRS is not HW faulty. All ports are usefull. ETH1=WAN ETH2-ETH23 are VLANs with DHCP. Hopefully someone will find this usefull too. Thanks LIV2 for your help!
Code: Select all
[admin@MikroTik] > export
# feb/08/2018 23:32:41 by RouterOS 6.41.1
# software id = EPQU-RFSN
#
# model = CRS125-24G-1S
/interface bridge
add name=bridge1 protocol-mode=none vlan-filtering=yes
/interface vlan
add interface=bridge1 name=VLAN2 vlan-id=2
add interface=bridge1 name=VLAN3 vlan-id=3
add interface=bridge1 name=VLAN4 vlan-id=4
add interface=bridge1 name=VLAN5 vlan-id=5
add interface=bridge1 name=VLAN6 vlan-id=6
add interface=bridge1 name=VLAN7 vlan-id=7
add interface=bridge1 name=VLAN8 vlan-id=8
add interface=bridge1 name=VLAN9 vlan-id=9
add interface=bridge1 name=VLAN10 vlan-id=10
add interface=bridge1 name=VLAN11 vlan-id=11
add interface=bridge1 name=VLAN12 vlan-id=12
add interface=bridge1 name=VLAN13 vlan-id=13
add interface=bridge1 name=VLAN14 vlan-id=14
add interface=bridge1 name=VLAN15 vlan-id=15
add interface=bridge1 name=VLAN16 vlan-id=16
add interface=bridge1 name=VLAN17 vlan-id=17
add interface=bridge1 name=VLAN18 vlan-id=18
add interface=bridge1 name=VLAN19 vlan-id=19
add interface=bridge1 name=VLAN20 vlan-id=20
add interface=bridge1 name=VLAN21 vlan-id=21
add interface=bridge1 name=VLAN22 vlan-id=22
add interface=bridge1 name=VLAN23 vlan-id=23
add interface=bridge1 name=VLAN24 vlan-id=24
/interface ethernet switch
set drop-if-invalid-or-src-port-not-member-of-vlan-on-ports="ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10,ether11,ether12,ether13,ether14,ether15,\
ether16,ether17,ether18,ether19,ether20,ether21,ether22,ether23,ether24,sfp1,switch1-cpu"
/ip pool
add name=VLAN2-pool ranges=192.168.2.2-192.168.2.254
add name=VLAN3-pool ranges=192.168.3.2-192.168.3.254
add name=VLAN4-pool ranges=192.168.4.2-192.168.4.254
add name=VLAN5-pool ranges=192.168.5.2-192.168.5.254
add name=VLAN6-pool ranges=192.168.6.2-192.168.6.254
add name=VLAN7-pool ranges=192.168.7.2-192.168.7.254
add name=VLAN8-pool ranges=192.168.8.2-192.168.8.254
add name=VLAN9-pool ranges=192.168.9.2-192.168.9.254
add name=VLAN10-pool ranges=192.168.10.2-192.168.10.254
add name=VLAN11-pool ranges=192.168.11.2-192.168.11.254
add name=VLAN12-pool ranges=192.168.12.2-192.168.12.254
add name=VLAN13-pool ranges=192.168.13.2-192.168.13.254
add name=VLAN14-pool ranges=192.168.14.2-192.168.14.254
add name=VLAN15-pool ranges=192.168.15.2-192.168.15.254
add name=VLAN16-pool ranges=192.168.16.2-192.168.16.254
add name=VLAN17-pool ranges=192.168.17.2-192.168.17.254
add name=VLAN18-pool ranges=192.168.18.2-192.168.18.254
add name=VLAN19-pool ranges=192.168.19.2-192.168.19.254
add name=VLAN20-pool ranges=192.168.20.2-192.168.20.254
add name=VLAN21-pool ranges=192.168.21.2-192.168.21.254
add name=VLAN22-pool ranges=192.168.22.2-192.168.22.254
add name=VLAN23-pool ranges=192.168.23.2-192.168.23.254
add name=VLAN24-pool ranges=192.168.24.2-192.168.24.254
/ip dhcp-server
add address-pool=VLAN2-pool disabled=no interface=VLAN2 name=dhcp1
add address-pool=VLAN3-pool disabled=no interface=VLAN3 name=dhcp2
add address-pool=VLAN4-pool disabled=no interface=VLAN4 name=dhcp3
add address-pool=VLAN5-pool disabled=no interface=VLAN5 name=dhcp4
add address-pool=VLAN6-pool disabled=no interface=VLAN6 name=dhcp5
add address-pool=VLAN7-pool disabled=no interface=VLAN7 name=dhcp6
add address-pool=VLAN8-pool disabled=no interface=VLAN8 name=dhcp7
add address-pool=VLAN9-pool disabled=no interface=VLAN9 name=dhcp8
add address-pool=VLAN10-pool disabled=no interface=VLAN10 name=dhcp9
add address-pool=VLAN11-pool disabled=no interface=VLAN11 name=dhcp10
add address-pool=VLAN12-pool disabled=no interface=VLAN12 name=dhcp11
add address-pool=VLAN13-pool disabled=no interface=VLAN13 name=dhcp12
add address-pool=VLAN14-pool disabled=no interface=VLAN14 name=dhcp13
add address-pool=VLAN15-pool disabled=no interface=VLAN15 name=dhcp14
add address-pool=VLAN16-pool disabled=no interface=VLAN16 name=dhcp15
add address-pool=VLAN17-pool disabled=no interface=VLAN17 name=dhcp16
add address-pool=VLAN18-pool disabled=no interface=VLAN18 name=dhcp17
add address-pool=VLAN19-pool disabled=no interface=VLAN19 name=dhcp18
add address-pool=VLAN20-pool disabled=no interface=VLAN20 name=dhcp19
add address-pool=VLAN21-pool disabled=no interface=VLAN21 name=dhcp20
add address-pool=VLAN22-pool disabled=no interface=VLAN22 name=dhcp21
add address-pool=VLAN23-pool disabled=no interface=VLAN23 name=dhcp22
add address-pool=VLAN24-pool disabled=no interface=VLAN24 name=dhcp23
/tool user-manager customer
set admin access=own-routers,own-users,own-profiles,own-limits,config-payment-gw
/interface bridge port
add bridge=bridge1 interface=ether2 pvid=2
add bridge=bridge1 interface=ether3 pvid=3
add bridge=bridge1 interface=ether4 pvid=4
add bridge=bridge1 interface=ether5 pvid=5
add bridge=bridge1 interface=ether6 pvid=6
add bridge=bridge1 interface=ether7 pvid=7
add bridge=bridge1 interface=ether8 pvid=8
add bridge=bridge1 interface=ether9 pvid=9
add bridge=bridge1 interface=ether10 pvid=10
add bridge=bridge1 interface=ether11 pvid=11
add bridge=bridge1 interface=ether12 pvid=12
add bridge=bridge1 interface=ether13 pvid=13
add bridge=bridge1 interface=ether14 pvid=14
add bridge=bridge1 interface=ether15 pvid=15
add bridge=bridge1 interface=ether16 pvid=16
add bridge=bridge1 interface=ether17 pvid=17
add bridge=bridge1 interface=ether18 pvid=18
add bridge=bridge1 interface=ether19 pvid=19
add bridge=bridge1 interface=ether20 pvid=20
add bridge=bridge1 interface=ether21 pvid=21
add bridge=bridge1 interface=ether22 pvid=22
add bridge=bridge1 interface=ether23 pvid=23
add bridge=bridge1 interface=ether24 pvid=24
add bridge=bridge1 interface=sfp1 pvid=100
/interface bridge vlan
add bridge=bridge1 tagged=bridge1 untagged=ether2 vlan-ids=2
add bridge=bridge1 tagged=bridge1 untagged=ether3 vlan-ids=3
add bridge=bridge1 tagged=bridge1 untagged=ether4 vlan-ids=4
add bridge=bridge1 tagged=bridge1 untagged=ether5 vlan-ids=5
add bridge=bridge1 tagged=bridge1 untagged=ether6 vlan-ids=6
add bridge=bridge1 tagged=bridge1 untagged=ether7 vlan-ids=7
add bridge=bridge1 tagged=bridge1 untagged=ether8 vlan-ids=8
add bridge=bridge1 tagged=bridge1 untagged=ether9 vlan-ids=9
add bridge=bridge1 tagged=bridge1 untagged=ether10 vlan-ids=10
add bridge=bridge1 tagged=bridge1 untagged=ether11 vlan-ids=11
add bridge=bridge1 tagged=bridge1 untagged=ether12 vlan-ids=12
add bridge=bridge1 tagged=bridge1 untagged=ether13 vlan-ids=13
add bridge=bridge1 tagged=bridge1 untagged=ether14 vlan-ids=14
add bridge=bridge1 tagged=bridge1 untagged=ether15 vlan-ids=15
add bridge=bridge1 tagged=bridge1 untagged=ether16 vlan-ids=16
add bridge=bridge1 tagged=bridge1 untagged=ether17 vlan-ids=17
add bridge=bridge1 tagged=bridge1 untagged=ether18 vlan-ids=18
add bridge=bridge1 tagged=bridge1 untagged=ether19 vlan-ids=19
add bridge=bridge1 tagged=bridge1 untagged=ether20 vlan-ids=20
add bridge=bridge1 tagged=bridge1 untagged=ether21 vlan-ids=21
add bridge=bridge1 tagged=bridge1 untagged=ether22 vlan-ids=22
add bridge=bridge1 tagged=bridge1 untagged=ether23 vlan-ids=23
add bridge=bridge1 tagged=bridge1 untagged=ether24 vlan-ids=24
/interface ethernet switch ingress-vlan-translation
add customer-vid=0 new-customer-vid=2 ports=ether2,switch1-cpu
add customer-vid=0 new-customer-vid=3 ports=ether3,switch1-cpu
add customer-vid=0 new-customer-vid=4 ports=ether4,switch1-cpu
add customer-vid=0 new-customer-vid=5 ports=ether5,switch1-cpu
add customer-vid=0 new-customer-vid=6 ports=ether6,switch1-cpu
add customer-vid=0 new-customer-vid=7 ports=ether7,switch1-cpu
add customer-vid=0 new-customer-vid=8 ports=ether8,switch1-cpu
add customer-vid=0 new-customer-vid=9 ports=ether9,switch1-cpu
add customer-vid=0 new-customer-vid=10 ports=ether10,switch1-cpu
add customer-vid=0 new-customer-vid=11 ports=ether11,switch1-cpu
add customer-vid=0 new-customer-vid=12 ports=ether12,switch1-cpu
add customer-vid=0 new-customer-vid=13 ports=ether13,switch1-cpu
add customer-vid=0 new-customer-vid=14 ports=ether14,switch1-cpu
add customer-vid=0 new-customer-vid=15 ports=ether15,switch1-cpu
add customer-vid=0 new-customer-vid=16 ports=ether16,switch1-cpu
add customer-vid=0 new-customer-vid=17 ports=ether17,switch1-cpu
add customer-vid=0 new-customer-vid=18 ports=ether18,switch1-cpu
add customer-vid=0 new-customer-vid=19 ports=ether19,switch1-cpu
add customer-vid=0 new-customer-vid=20 ports=ether20,switch1-cpu
add customer-vid=0 new-customer-vid=21 ports=ether21,switch1-cpu
add customer-vid=0 new-customer-vid=22 ports=ether22,switch1-cpu
add customer-vid=0 new-customer-vid=23 ports=ether23,switch1-cpu
add customer-vid=0 new-customer-vid=24 ports=ether24,switch1-cpu
/interface ethernet switch vlan
add ports=ether2,switch1-cpu vlan-id=2
add ports=ether3,switch1-cpu vlan-id=3
add ports=ether4,switch1-cpu vlan-id=4
add ports=ether5,switch1-cpu vlan-id=5
add ports=ether6,switch1-cpu vlan-id=6
add ports=ether7,switch1-cpu vlan-id=7
add ports=ether8,switch1-cpu vlan-id=8
add ports=ether9,switch1-cpu vlan-id=9
add ports=ether10,switch1-cpu vlan-id=10
add ports=ether11,switch1-cpu vlan-id=11
add ports=ether12,switch1-cpu vlan-id=12
add ports=ether13,switch1-cpu vlan-id=13
add ports=ether14,switch1-cpu vlan-id=14
add ports=ether15,switch1-cpu vlan-id=15
add ports=ether16,switch1-cpu vlan-id=16
add ports=ether17,switch1-cpu vlan-id=17
add ports=ether18,switch1-cpu vlan-id=18
add ports=ether19,switch1-cpu vlan-id=19
add ports=ether20,switch1-cpu vlan-id=20
add ports=ether21,switch1-cpu vlan-id=21
add ports=ether22,switch1-cpu vlan-id=22
add ports=ether23,switch1-cpu vlan-id=23
add ports=ether24,switch1-cpu vlan-id=24
/ip address
add address=217.11.241.187/29 interface=ether1 network=217.11.241.184
add address=192.168.2.1/24 interface=VLAN2 network=192.168.2.0
add address=192.168.3.1/24 interface=VLAN3 network=192.168.3.0
add address=192.168.4.1/24 interface=VLAN4 network=192.168.4.0
add address=192.168.5.1/24 interface=VLAN5 network=192.168.5.0
add address=192.168.6.1/24 interface=VLAN6 network=192.168.6.0
add address=192.168.7.1/24 interface=VLAN7 network=192.168.7.0
add address=192.168.8.1/24 interface=VLAN8 network=192.168.8.0
add address=192.168.9.1/24 interface=VLAN9 network=192.168.9.0
add address=192.168.10.1/24 interface=VLAN10 network=192.168.10.0
add address=192.168.11.1/24 interface=VLAN11 network=192.168.11.0
add address=192.168.12.1/24 interface=VLAN12 network=192.168.12.0
add address=192.168.13.1/24 interface=VLAN13 network=192.168.13.0
add address=192.168.14.1/24 interface=VLAN14 network=192.168.14.0
add address=192.168.15.1/24 interface=VLAN15 network=192.168.15.0
add address=192.168.16.1/24 interface=VLAN16 network=192.168.16.0
add address=192.168.17.1/24 interface=VLAN17 network=192.168.17.0
add address=192.168.18.1/24 interface=VLAN18 network=192.168.18.0
add address=192.168.19.1/24 interface=VLAN19 network=192.168.19.0
add address=192.168.20.1/24 interface=VLAN20 network=192.168.20.0
add address=192.168.21.1/24 interface=VLAN21 network=192.168.21.0
add address=192.168.22.1/24 interface=VLAN22 network=192.168.22.0
add address=192.168.23.1/24 interface=VLAN23 network=192.168.23.0
add address=192.168.24.1/24 interface=VLAN24 network=192.168.24.0
/ip dhcp-server network
add address=192.168.2.0/24 gateway=192.168.2.1
add address=192.168.3.0/24 gateway=192.168.3.1
add address=192.168.4.0/24 gateway=192.168.4.1
add address=192.168.5.0/24 gateway=192.168.5.1
add address=192.168.6.0/24 gateway=192.168.6.1
add address=192.168.7.0/24 gateway=192.168.7.1
add address=192.168.8.0/24 gateway=192.168.8.1
add address=192.168.9.0/24 gateway=192.168.9.1
add address=192.168.10.0/24 gateway=192.168.10.1
add address=192.168.11.0/24 gateway=192.168.11.1
add address=192.168.12.0/24 gateway=192.168.12.1
add address=192.168.13.0/24 gateway=192.168.13.1
add address=192.168.14.0/24 gateway=192.168.14.1
add address=192.168.15.0/24 gateway=192.168.15.1
add address=192.168.16.0/24 gateway=192.168.16.1
add address=192.168.17.0/24 gateway=192.168.17.1
add address=192.168.18.0/24 gateway=192.168.18.1
add address=192.168.19.0/24 gateway=192.168.19.1
add address=192.168.20.0/24 gateway=192.168.20.1
add address=192.168.21.0/24 gateway=192.168.21.1
add address=192.168.22.0/24 gateway=192.168.22.1
add address=192.168.23.0/24 gateway=192.168.23.1
add address=192.168.24.0/24 gateway=192.168.24.1
/ip dns
set allow-remote-requests=yes
/ip firewall filter
add chain=input connection-state=established,related
add chain=input protocol=icmp
add chain=input dst-port=53 in-interface=!ether1 protocol=tcp
add chain=input dst-port=53 in-interface=!ether1 protocol=udp
#add action=accept chain=input in-interface=!ether1 src-address=192.168.0.0/16
add action=drop chain=input
add action=fasttrack-connection chain=forward connection-state=established,related
add chain=forward connection-state=established,related
add chain=forward out-interface=ether1
add action=drop chain=forward
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1 to-addresses=217.11.241.187
/ip route
add distance=1 gateway=217.11.241.190
/system clock
set time-zone-name=Europe/Prague
/tool user-manager database
set db-path=user-manager