It's my first Mikrotik and I'm trying to replace my Tomato based configuration. I need some VLAN-s but I realized I can have only one to manage my router. I have RB5009 (no WiFi, no PoE).
I was failing each time when I was enabling VLANS for the bridge. As a workaround I configured all VLANs on new bridge and now it is like:
eth8 - WAN
eth7 - LAN-mgmt & LAN (bridge with single eth, untagged, no VLANs)
eth1-eth6 - LAN (running VLANs)
For now I don't understand fully idea of management VLAN, so I created vlan100-mgmt, but I left it unconfigured and for now I want to have ability to manage the router from VLAN 1 (192.168.10.0/24).
I understand to make it happen I need to move vlan1 part to the first place here, so from:
Code: Select all
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge-mgmt network=192.168.88.0
add address=192.168.10.1/24 interface=vlan1 network=192.168.10.0
add address=192.168.30.1/24 interface=vlan3 network=192.168.30.0
add address=192.168.40.1/24 interface=vlan4 network=192.168.40.0
add address=192.168.50.1/24 interface=vlan5 network=192.168.50.0
Code: Select all
/ip address
add address=192.168.10.1/24 interface=vlan1 network=192.168.10.0
add address=192.168.88.1/24 comment=defconf interface=bridge-mgmt network=192.168.88.0
add address=192.168.30.1/24 interface=vlan3 network=192.168.30.0
add address=192.168.40.1/24 interface=vlan4 network=192.168.40.0
add address=192.168.50.1/24 interface=vlan5 network=192.168.50.0
Code: Select all
# 2024-04-21 21:49:02 by RouterOS 7.14.2
# software id = YEVK-ILAI
#
# model = RB5009UG+S+
# serial number = HFE09765FH3
/interface bridge
add name=bridge pvid=2 vlan-filtering=yes
add admin-mac=78:9A:18:CA:4E:C4 auto-mac=no name=bridge-mgmt
/interface ethernet
set [ find default-name=ether8 ] name=ether8-WAN
/interface vlan
add interface=bridge name=vlan1 vlan-id=1
add interface=bridge name=vlan3 vlan-id=3
add interface=bridge name=vlan4 vlan-id=4
add interface=bridge name=vlan5 vlan-id=5
add interface=bridge name=vlan100-mgmt vlan-id=100
/interface list
add name=WAN
add name=LAN
add name=LAN-mgmt
/ip pool
add name=default-dhcp ranges=192.168.88.220-192.168.88.229
add name=dhcp_pool21 ranges=192.168.30.200-192.168.30.219
add name=dhcp_pool31 ranges=192.168.40.200-192.168.40.219
add name=dhcp_pool53 ranges=192.168.50.200-192.168.50.219
add name=dhcp_pool11 ranges=192.168.10.200-192.168.10.219
/ip dhcp-server
add address-pool=default-dhcp interface=bridge-mgmt lease-time=1m name=defconf
add address-pool=dhcp_pool21 interface=vlan3 lease-time=1m name=dhcp3
add address-pool=dhcp_pool31 interface=vlan4 lease-time=1m name=dhcp4
add address-pool=dhcp_pool53 interface=vlan5 lease-time=1m name=dhcp5
add address-pool=dhcp_pool11 interface=vlan1 lease-time=1m name=dhcp1
/interface bridge port
add bridge=bridge-mgmt hw=no interface=ether7 pvid=2
add bridge=bridge interface=ether1
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged interface=ether5 pvid=3
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged interface=ether6 pvid=100
add bridge=bridge interface=ether2
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface bridge vlan
add bridge=bridge tagged=bridge,ether1,ether2,ether3,ether4 untagged=ether6 vlan-ids=100
add bridge=bridge tagged=bridge untagged=ether1,ether2,ether3,ether4 vlan-ids=1
add bridge=bridge tagged=bridge,ether1,ether2,ether3,ether4 untagged=ether5 vlan-ids=3
add bridge=bridge tagged=bridge,ether1,ether2,ether3,ether4 vlan-ids=4
add bridge=bridge tagged=bridge,ether1,ether2,ether3,ether4 vlan-ids=5
/interface list member
add interface=bridge-mgmt list=LAN
add interface=ether8-WAN list=WAN
add interface=bridge list=LAN
add interface=bridge-mgmt list=LAN-mgmt
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge-mgmt network=192.168.88.0
add address=192.168.10.1/24 interface=vlan1 network=192.168.10.0
add address=192.168.30.1/24 interface=vlan3 network=192.168.30.0
add address=192.168.40.1/24 interface=vlan4 network=192.168.40.0
add address=192.168.50.1/24 interface=vlan5 network=192.168.50.0
/ip dhcp-client
add interface=ether8-WAN
/ip dhcp-server network
add address=192.168.10.0/24 dns-server=192.168.10.1 gateway=192.168.10.1
add address=192.168.30.0/24 dns-server=192.168.30.1 gateway=192.168.30.1 netmask=24
add address=192.168.40.0/24 dns-server=192.168.40.1 gateway=192.168.40.1
add address=192.168.50.0/24 dns-server=192.168.50.1 gateway=192.168.50.1
add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
# Removed for example
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
/ipv6 firewall address-list
# Removed for example
/ipv6 firewall filter
# Removed for example
#error exporting "/ipv6/nd/prefix" (timeout)
/system clock
set time-zone-name=Europe/Warsaw
/system note
set show-at-login=no
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN