Buonasera, qualcuno può aiutarmi con questa configurazione?
Rb4011...
Non naviga ne la lan ne la rete guest ma la rb va su internet e i servizi pubblicati all.esterno sono raggiungibili
# jun/15/2019 16:44:54 by RouterOS 6.44.3
# software id = SPWF-MC4C
#
# model = RB4011iGS+5HacQ2HnD
# serial number = 96890943DDBE
/interface bridge
add name=bridge_LAN
add name=bridge_guest
/interface wireless
set [ find default-name=wlan1 ] band=5ghz-n/ac channel-width=20/40/80mhz-Ceee \
disabled=no frequency=5600 frequency-mode=superchannel installation=\
indoor mode=ap-bridge name=wlan1_5ghz ssid=Wifine_A wireless-protocol=\
802.11
set [ find default-name=wlan2 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \
disabled=no frequency=2437 frequency-mode=superchannel installation=\
indoor mode=ap-bridge name="wlan2 2Ghz" ssid=Wifine_A wireless-protocol=\
802.11
/interface ethernet
set [ find default-name=ether1 ] name=ether1_WAN
/interface vlan
add interface=ether2 name=vlan_local vlan-id=10
/interface ethernet switch port
set 0 default-vlan-id=0
set 1 default-vlan-id=0
set 2 default-vlan-id=0
set 3 default-vlan-id=0
set 4 default-vlan-id=0
set 5 default-vlan-id=0
set 6 default-vlan-id=0
set 7 default-vlan-id=0
set 8 default-vlan-id=0
set 9 default-vlan-id=0
set 10 default-vlan-id=0
set 11 default-vlan-id=0
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk eap-methods="" \
mode=dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=\
fafeffa289ne wpa2-pre-shared-key=fafeffa289ne
add authentication-types=wpa-psk,wpa2-psk eap-methods="" mode=dynamic-keys \
name=AP_guest supplicant-identity="" wpa-pre-shared-key=12345678 \
wpa2-pre-shared-key=12345678
/interface wireless
add disabled=no keepalive-frames=disabled mac-address=BA:69:F4:D2:E9:ED \
master-interface=wlan1_5ghz multicast-buffering=disabled name=\
"wlan3_guest 5Ghz" security-profile=AP_guest ssid=Guest_5GHZ \
wds-cost-range=0 wds-default-cost=0 wps-mode=disabled
add disabled=no keepalive-frames=disabled mac-address=BA:69:F4:B6:8C:FA \
master-interface="wlan2 2Ghz" multicast-buffering=disabled name=\
"wlan4_guest 2Ghz" security-profile=AP_guest ssid=Guest_5GHZ \
wds-cost-range=0 wds-default-cost=0 wps-mode=disabled
/interface vlan
add interface="wlan3_guest 5Ghz" name=vlan_guest vlan-id=20
/ip pool
add name=dhcp_LAN ranges=192.168.2.100-192.168.2.250
add name=dhcp_guest ranges=10.10.157.25-10.10.157.250
/ip dhcp-server
add address-pool=dhcp_LAN disabled=no interface=bridge_LAN name=dhcp-serv.LAN
add address-pool=dhcp_guest disabled=no interface=bridge_guest name=\
dhcp-serv.guest
/queue type
add kind=pcq name="pcq down" pcq-classifier=dst-address \
pcq-dst-address6-mask=64 pcq-rate=4M pcq-src-address6-mask=64
add kind=pcq name="pcq up" pcq-classifier=dst-address pcq-dst-address6-mask=\
64 pcq-rate=2M pcq-src-address6-mask=64
/queue simple
add name=limit_speed_guest queue="pcq up/pcq down" target=10.10.157.0/24
/tool user-manager customer
set admin access=\
own-routers,own-users,own-profiles,own-limits,config-payment-gw
/interface bridge port
add bridge=bridge_LAN interface=ether2
add bridge=bridge_LAN interface=ether3
add bridge=bridge_LAN interface=ether4
add bridge=bridge_LAN interface=ether5
add bridge=bridge_LAN interface=ether6
add bridge=bridge_LAN interface=ether7
add bridge=bridge_LAN interface=ether8
add bridge=bridge_LAN interface=ether9
add bridge=bridge_LAN interface=ether10
add bridge=bridge_LAN interface="wlan2 2Ghz"
add bridge=bridge_LAN interface=wlan1_5ghz
add bridge=bridge_LAN interface=sfp-sfpplus1
add bridge=bridge_LAN interface=vlan_local
add bridge=bridge_guest interface="wlan3_guest 5Ghz"
add bridge=bridge_guest interface="wlan4_guest 2Ghz"
add bridge=bridge_guest interface=vlan_guest
/ip neighbor discovery-settings
set discover-interface-list=none
/ip address
add address=192.168.1.2/24 interface=ether1_WAN network=192.168.1.0
add address=192.168.2.1/24 interface=bridge_LAN network=192.168.2.0
add address=10.10.157.254/24 interface=vlan_guest network=10.10.157.0
/ip cloud
set ddns-enabled=yes ddns-update-interval=1m update-time=no
/ip dhcp-server network
add address=10.10.157.0/24 dns-server=10.10.157.254 gateway=10.10.157.254 \
netmask=24 ntp-server=193.204.114.105
add address=192.168.2.0/24 dns-server=192.168.2.1 gateway=192.168.2.1 \
netmask=24 ntp-server=193.204.114.105
/ip dns
set allow-remote-requests=yes servers=1.1.1.1,8.8.8.8
/ip firewall filter
add action=drop chain=forward comment="DROP RETE GUEST" dst-address=\
10.10.157.0/24 src-address=192.168.2.0/24
add action=drop chain=forward dst-address=192.168.2.0/24 src-address=\
10.10.157.0/24
add action=drop chain=input dst-port=8291 protocol=tcp src-address=\
10.10.157.0/24
/ip firewall nat
add action=masquerade chain=srcnat comment="Masquerade WAN" out-interface=\
ether1_WAN
add action=dst-nat chain=dstnat comment=\
"porta 20 su porta 20 Nas 192.168.2.100" dst-port=20 protocol=tcp \
src-address-list="" to-addresses=192.168.2.100 to-ports=20
add action=dst-nat chain=dstnat comment=\
"porta 21 su porta 21 Nas 192.168.2.100" dst-port=21 protocol=tcp \
src-address-list="" to-addresses=192.168.2.100 to-ports=21
add action=dst-nat chain=dstnat comment=\
"porta 8080 su porta 8080 Nas 192.168.2.100" dst-port=8080 protocol=tcp \
src-address-list="" to-addresses=192.168.2.100 to-ports=8080
add action=dst-nat chain=dstnat comment=\
"porta 80 su porta 80 Nas 192.168.2.100" dst-port=80 protocol=tcp \
src-address-list="" to-addresses=192.168.2.100 to-ports=80
add action=dst-nat chain=dstnat comment=\
"porta 8083 su porta 8083 Nas 192.168.2.100" dst-port=8083 protocol=tcp \
src-address-list="" to-addresses=192.168.2.100 to-ports=8083
add action=dst-nat chain=dstnat comment=\
"porta 82 su porta 82 Vimar Videosorveg 192.168.2.2" dst-port=82 \
protocol=tcp src-address-list="" to-addresses=192.168.2.2 to-ports=82
add action=dst-nat chain=dstnat comment=\
"porta 6036 su porta 6036 Vimar Videosorveg 192.168.2.2" dst-port=6036 \
protocol=tcp src-address-list="" to-addresses=192.168.2.2 to-ports=6036
add action=dst-nat chain=dstnat comment=\
"porta 554 su porta 554 Vimar Videosorveg 192.168.2.2" dst-port=554 \
protocol=tcp src-address-list="" to-addresses=192.168.2.2 to-ports=554
add action=dst-nat chain=dstnat comment=\
"porta 443 su porta 443 Vimar Domotico 192.168.2.4" dst-port=443 \
protocol=tcp src-address-list="" to-addresses=192.168.2.4 to-ports=443
add action=dst-nat chain=dstnat comment=\
"porta 443 su porta 443 Vimar Domotico 192.168.2.4 udp" dst-port=443 \
protocol=udp src-address-list="" to-addresses=192.168.2.4 to-ports=443
/ip route
add distance=1 gateway=192.168.1.1
add distance=1 dst-address=10.140.100.254/32 gateway=10.166.42.1
add distance=1 dst-address=10.246.159.50/32 gateway=192.168.90.1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
/system clock
set time-zone-name=Europe/Rome
/system identity
set name=Router-Roberto
/system leds
add interface="wlan2 2Ghz" leds="wlan2 2Ghz_signal1-led,wlan2 2Ghz_signal2-led\
,wlan2 2Ghz_signal3-led,wlan2 2Ghz_signal4-led,wlan2 2Ghz_signal5-led" \
type=wireless-signal-strength
add interface="wlan2 2Ghz" leds="wlan2 2Ghz_tx-led" type=interface-transmit
add interface="wlan2 2Ghz" leds="wlan2 2Ghz_rx-led" type=interface-receive
/system ntp client
set enabled=yes primary-ntp=193.204.114.105 secondary-ntp=10.0.32.138
/system routerboard settings
set silent-boot=yes
/system scheduler
add interval=1w3d name="Upgrade Firmware Routerboard" on-event=\
Update_Routerboard_script policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
apr/21/2018 start-time=03:30:00
add interval=2d name="Upgrade RouterOS" on-event=Update_RouterOS_script \
policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive \
start-date=apr/25/2018 start-time=03:00:00
add interval=1w3d name="flush dns cache" on-event="ip dns cache flush" \
policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive \
start-date=may/19/2018 start-time=04:00:00
/system script
add dont-require-permissions=no name=Update_RouterOS_script owner=admin \
policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive source="\
/system package update\r\
\ncheck-for-updates once\r\
\n:delay 3s;\r\
\n:if ( [get status] = \"New version is available\") do={ install };\r\
\n\r\
\n/system reboot"
add dont-require-permissions=no name=Update_Routerboard_script owner=admin \
policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive source="\
/system routerboard upgrade\r\
\n\r\
\n:delay 3s;\r\
\n\r\
\n /system reboot\r\
\n"
/tool user-manager database
set db-path=user-manager
r
