it now connects to the head office with L2TP
ether1 it used for WAN
ether2 - 5 is office LAN
now i wanna enable WLAN but wifi clients must not reach the LAN or L2TP.. internet only
here is an edited export:
Code: Select all
[admin@MikroTik88] > export
# feb/11/2016 13:10:32 by RouterOS 6.34.1
# software id = PLP3-P4UV
#
/interface bridge
add admin-mac=00:0C:42:E1:B2:A7 auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce distance=\
indoors frequency=auto mode=ap-bridge ssid=MikroTik-E1B2AB wireless-protocol=802.11
/interface ethernet
set [ find default-name=ether1 ] name=WAN
set [ find default-name=ether2 ] name=ether2-master
set [ find default-name=ether3 ] master-port=ether2-master
set [ find default-name=ether4 ] master-port=ether2-master
set [ find default-name=ether5 ] master-port=ether2-master
/interface l2tp-client
add add-default-route=yes connect-to=myl2tpserver.com default-route-distance=1 disabled=no \
ipsec-secret=mypsk mrru=1600 name=L2TP-NAME password=myl2tppassword use-ipsec=yes \
user=mylt2puser
/ip neighbor discovery
set WAN discover=no
set bridge comment=defconf
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether2-master
add bridge=bridge comment=defconf interface=wlan1
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=192.168.88.0
/ip cloud
set ddns-enabled=yes update-time=no
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=WAN
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf dns-server=192.168.0.5,192.168.88.1 gateway=\
192.168.88.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip dns static
add address=192.168.88.1 name=router
/ip firewall filter
add chain=input comment="defconf: accept ICMP" protocol=icmp
add chain=input comment="defconf: accept establieshed,related" connection-state=\
established,related
add action=drop chain=input comment="defconf: drop all from WAN" in-interface=WAN
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add chain=forward comment="defconf: accept established,related" connection-state=\
established,related
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" \
connection-nat-state=!dstnat connection-state=new in-interface=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" out-interface=WAN
# L2TP-NAME not ready
add action=masquerade chain=srcnat comment="defconf: masquerade" out-interface=L2TP-NAME
/ip route
add distance=1 dst-address=192.168.0.0/24 gateway=L2TP-NAME
/system clock
set time-zone-name=Europe/Stockholm
/system identity
set name=MikroTik88
/system leds
set 0 interface=wlan1
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=bridge
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=bridge