Prima configurazione HELP

[smlick]

Innanzitutto un saluto a tutto il forum.
Ho recentemente acquistato un RB750 con il quale volevo semplificare quello che precedentemente facevo tramite un firewall astaro ed uno switch linksys.....ma con scarso successo.
So bene quello che voglio ma non riesco a tradurlo sul mikrotik.
Quello che facevo prima era una eth0 del firewall ext e due eth interne sulle quali erano configurate diverse VLAN con DHCP server abilitato che andavano verso lo switch (porte in trunk), controller ubiquiti su una delle porte dello switch (VLAN1) e AP Ubiquiti collegati su altre due porte (in trunk) dove veicolavo le VLAN di interesse e dove avevo comunque la VLAN1 di management per le antenne.
Quindi quello che vorrei è ad esempio l'eth1 con address 192.168.1.10, le eth da 2 a 5 con broadcast (come la VLAN 1 sui normali switch) e sempre nelle porte da 2 a 5 alcune porte con VLAN (esempio 10 e 20) con DHCP server abilitato, forse quello che mi manca d+ è come implementare il routing e la comunicazione tra le porte da 2 a 5 sul mikrotik (lo imposto come switch?, le metto in bridge?, le metto master/slave?).
Ho seguito vari tutorial video visto diversi wiki ma ho parecchi dubbi.

Potreste darmi qualche chiarimento/consiglio/dritta/configurazione per ottenere il risultato sperato?

Grazie
Alessio

[smlick]

In allegato l'export della configurazione..............mi manca qualcosa?????

Grazie

[smlick]

Non mi fa inserire il file, lo metto in plain text con la speranza di non beccarmi insulti



[admin@MikroTik] > export
# may/11/2012 15:15:13 by RouterOS 5.9
#
/interface ethernet
set 0 arp=enabled auto-negotiation=yes disabled=no full-duplex=yes l2mtu=1600 mac-address=D4:CA:6D:24:A8:45 mtu=1500 name=ether1 speed=100Mbps
set 1 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited disabled=no full-duplex=yes l2mtu=1598 mac-address=D4:CA:6D:24:A8:46 master-port=none mtu=1500 name=\
ether2 speed=100Mbps
set 2 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited disabled=no full-duplex=yes l2mtu=1598 mac-address=D4:CA:6D:24:A8:47 master-port=none mtu=1500 name=\
ether3 speed=100Mbps
set 3 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited disabled=no full-duplex=yes l2mtu=1598 mac-address=D4:CA:6D:24:A8:48 master-port=none mtu=1500 name=\
ether4 speed=100Mbps
set 4 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited disabled=no full-duplex=yes l2mtu=1598 mac-address=D4:CA:6D:24:A8:49 master-port=none mtu=1500 name=\
ether5 speed=100Mbps
/interface vlan
add arp=enabled disabled=no interface=ether2 l2mtu=1594 mtu=1500 name=vlan20eth2 use-service-tag=no vlan-id=20
add arp=enabled disabled=no interface=ether2 l2mtu=1594 mtu=1500 name=vlan10eth2 use-service-tag=no vlan-id=10
add arp=enabled disabled=no interface=ether3 l2mtu=1594 mtu=1500 name=vlan10eth3 use-service-tag=no vlan-id=10
add arp=enabled disabled=no interface=ether3 l2mtu=1594 mtu=1500 name=vlan20eth3 use-service-tag=no vlan-id=20
/interface ethernet switch
set switch1 mirror-source=none mirror-target=none name=switch1
/ip hotspot profile
set default dns-name="" hotspot-address=0.0.0.0 html-directory=hotspot http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=cookie,http-chap name=default rate-limit="" \
smtp-server=0.0.0.0 split-user-domain=no use-radius=no
/ip hotspot user profile
set default idle-timeout=none keepalive-timeout=2m name=default shared-users=1 status-autorefresh=1m transparent-proxy=no
/ip ipsec proposal
set default auth-algorithms=sha1 disabled=no enc-algorithms=3des lifetime=30m name=default pfs-group=modp1024
/ip pool
add name=dhcp_vlan10 ranges=10.10.10.2-10.10.10.254
add name=dhcp_vlan20 ranges=10.10.20.2-10.10.20.254
/ip dhcp-server
add address-pool=dhcp_vlan10 authoritative=after-2sec-delay bootp-support=static disabled=no interface=vlan10eth2 lease-time=3d name=DHCP_VLAN10
add address-pool=dhcp_vlan20 authoritative=after-2sec-delay bootp-support=static disabled=no interface=vlan20eth2 lease-time=3d name=DHCP_VLAN20
/ppp profile
set default change-tcp-mss=yes name=default only-one=default use-compression=default use-encryption=default use-mpls=default use-vj-compression=default
set default-encryption change-tcp-mss=yes name=default-encryption only-one=default use-compression=default use-encryption=yes use-mpls=default use-vj-compression=default
/queue type
set default kind=pfifo name=default pfifo-limit=50
set ethernet-default kind=pfifo name=ethernet-default pfifo-limit=50
set wireless-default kind=sfq name=wireless-default sfq-allot=1514 sfq-perturb=5
set synchronous-default kind=red name=synchronous-default red-avg-packet=1000 red-burst=20 red-limit=60 red-max-threshold=50 red-min-threshold=10
set hotspot-default kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=5
set only-hardware-queue kind=none name=only-hardware-queue
set multi-queue-ethernet-default kind=mq-pfifo mq-pfifo-limit=50 name=multi-queue-ethernet-default
set default-small kind=pfifo name=default-small pfifo-limit=10
/routing bgp instance
set default as=65530 client-to-client-reflection=yes disabled=no ignore-as-path-len=no name=default out-filter="" redistribute-connected=no redistribute-ospf=no \
redistribute-other-bgp=no redistribute-rip=no redistribute-static=no router-id=0.0.0.0 routing-table=""
/routing ospf instance
set default disabled=no distribute-default=never in-filter=ospf-in metric-bgp=auto metric-connected=20 metric-default=1 metric-other-ospf=auto metric-rip=20 metric-static=\
20 name=default out-filter=ospf-out redistribute-bgp=no redistribute-connected=no redistribute-other-ospf=no redistribute-rip=no redistribute-static=no router-id=\
0.0.0.0
/routing ospf area
set backbone area-id=0.0.0.0 disabled=no instance=default name=backbone type=default
/snmp
set contact="" enabled=no engine-id="" location="" trap-version=1
/snmp community
set public address=0.0.0.0/0 authentication-password="" authentication-protocol=MD5 encryption-password="" encryption-protocol=DES name=public read-access=yes security=\
none write-access=no
/system logging action
set memory memory-lines=100 memory-stop-on-full=no name=memory target=memory
set disk disk-file-count=2 disk-file-name=log disk-lines-per-file=100 disk-stop-on-full=no name=disk target=disk
set echo name=echo remember=yes target=echo
set remote bsd-syslog=no name=remote remote-port=514 src-address=0.0.0.0 syslog-facility=daemon syslog-severity=auto target=remote
/system routerboard settings
set boot-device=nand-if-fail-then-ethernet boot-protocol=bootp cpu-frequency=400MHz force-backup-booter=no silent-boot=no
set boot-device=nand-if-fail-then-ethernet boot-protocol=bootp cpu-frequency=400MHz force-backup-booter=no silent-boot=no
/user group
set read name=read policy=local,telnet,ssh,reboot,read,test,winbox,password,web,sniff,sensitive,api,!ftp,!write,!policy skin=default
set write name=write policy=local,telnet,ssh,reboot,read,write,test,winbox,password,web,sniff,sensitive,api,!ftp,!policy skin=default
set full name=full policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api skin=default
/interface bridge settings
set use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=no
/interface ethernet switch port
set ether2 vlan-header=leave-as-is vlan-mode=fallback
set ether3 vlan-header=leave-as-is vlan-mode=fallback
set ether4 vlan-header=leave-as-is vlan-mode=fallback
set ether5 vlan-header=leave-as-is vlan-mode=fallback
set switch1_cpu vlan-header=leave-as-is vlan-mode=fallback
/interface ethernet switch vlan
add disabled=no ports=ether2,ether3,ether4,ether5 switch=switch1 vlan-id=1
/interface l2tp-server server
set authentication=pap,chap,mschap1,mschap2 default-profile=default-encryption enabled=no max-mru=1460 max-mtu=1460 mrru=disabled
/interface ovpn-server server
set auth=sha1,md5 certificate=none cipher=blowfish128,aes128 default-profile=default enabled=no keepalive-timeout=60 mac-address=FE:08:CA:8D:85:1F max-mtu=1500 mode=ip \
netmask=24 port=1194 require-client-certificate=no
/interface pptp-server server
set authentication=mschap1,mschap2 default-profile=default-encryption enabled=no keepalive-timeout=30 max-mru=1460 max-mtu=1460 mrru=disabled
/interface sstp-server server
set authentication=pap,chap,mschap1,mschap2 certificate=none default-profile=default enabled=no keepalive-timeout=60 max-mru=1500 max-mtu=1500 mrru=disabled port=443 \
verify-client-certificate=no
/ip accounting
set account-local-traffic=no enabled=no threshold=256
/ip accounting web-access
set accessible-via-web=no address=0.0.0.0/0
/ip address
add address=192.168.1.199/24 disabled=no interface=ether1 network=192.168.1.0
add address=10.10.10.1/24 disabled=no interface=vlan10eth2 network=10.10.10.0
add address=10.10.20.1/24 disabled=no interface=vlan20eth2 network=10.10.20.0
/ip dhcp-server config
set store-leases-disk=5m
/ip dns
set allow-remote-requests=no cache-max-ttl=1w cache-size=2048KiB max-udp-packet-size=512 servers=192.168.88.1
/ip dns static
add address=8.8.8.8 disabled=no name=Google1 ttl=1d
add address=8.8.4.4 disabled=no name=Google2 ttl=1d
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s tcp-close-wait-timeout=10s tcp-established-timeout=1d tcp-fin-wait-timeout=10s \
tcp-last-ack-timeout=10s tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall nat
add action=accept chain=srcnat disabled=no dst-address=192.168.1.199 src-address=10.10.10.0
add action=accept chain=srcnat disabled=no dst-address=192.168.1.199 src-address=10.10.20.0
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061 sip-direct-media=yes
set pptp disabled=no
/ip hotspot service-port
set ftp disabled=no ports=21
/ip neighbor discovery
set ether1 disabled=no
set ether2 disabled=no
set ether3 disabled=no
set ether4 disabled=no
set ether5 disabled=no
set vlan20eth2 disabled=yes
set vlan10eth2 disabled=yes
set vlan10eth3 disabled=yes
set vlan20eth3 disabled=yes
/ip proxy
set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4 cache-on-disk=no enabled=no max-cache-size=none max-client-connections=600 max-fresh-time=3d \
max-server-connections=600 parent-proxy=0.0.0.0 parent-proxy-port=0 port=8080 serialize-connections=no src-address=0.0.0.0
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.1.1 scope=30 target-scope=10
/ip service
set telnet disabled=no port=23
set ftp disabled=no port=21
set www disabled=no port=80
set ssh disabled=no port=22
set www-ssl certificate=none disabled=yes port=443
set api disabled=yes port=8728
set winbox disabled=no port=8291
/ip socks
set connection-idle-timeout=2m enabled=no max-connections=200 port=1080
/ip ssh
set forwarding-enabled=no
/ip traffic-flow
set active-flow-timeout=30m cache-entries=4k enabled=no inactive-flow-timeout=15s interfaces=all
/ip upnp
set allow-disable-external-interface=yes enabled=no show-dummy-rule=yes
/mpls
set dynamic-label-range=16-1048575 propagate-ttl=yes
/mpls interface
add disabled=no interface=all mpls-mtu=1508
/mpls ldp
set distribute-for-default-route=no enabled=no hop-limit=255 loop-detect=no lsr-id=0.0.0.0 path-vector-limit=255 transport-address=0.0.0.0 use-explicit-null=no
/port firmware
set directory=firmware
/ppp aaa
set accounting=yes interim-update=0s use-radius=no
/queue interface
set ether1 queue=only-hardware-queue
set ether2 queue=only-hardware-queue
set ether3 queue=only-hardware-queue
set ether4 queue=only-hardware-queue
set ether5 queue=only-hardware-queue
/radius incoming
set accept=no port=3799
/routing bfd interface
set all disabled=no interface=all interval=0.2sec min-rx=0.2sec multiplier=5
/routing mme
set bidirectional-timeout=2 gateway-class=none gateway-keepalive=1m gateway-selection=no-gateway origination-interval=5s preferred-gateway=0.0.0.0 timeout=1m ttl=50
/routing rip
set distribute-default=never garbage-timer=2m metric-bgp=1 metric-connected=1 metric-default=1 metric-ospf=1 metric-static=1 redistribute-bgp=no redistribute-connected=no \
redistribute-ospf=no redistribute-static=no routing-table=main timeout-timer=3m update-timer=30s
/store
add disabled=no disk=system name=web-proxy1 type=web-proxy
/system clock
set time-zone-name=Europe/Rome
/system clock manual
set dst-delta=+00:00 dst-end="jan/01/1970 00:00:00" dst-start="jan/01/1970 00:00:00" time-zone=+00:00
/system health
set
/system identity
set name=MikroTik
/system logging
add action=memory disabled=no prefix="" topics=info
add action=memory disabled=no prefix="" topics=error
add action=memory disabled=no prefix="" topics=warning
add action=echo disabled=no prefix="" topics=critical
/system note
set note="" show-at-login=yes
/system ntp client
set enabled=no mode=broadcast primary-ntp=0.0.0.0 secondary-ntp=0.0.0.0
/system resource irq
set 0 cpu=auto
set 1 cpu=auto
set 2 cpu=auto
/system upgrade mirror
set check-interval=1d enabled=no primary-server=0.0.0.0 secondary-server=0.0.0.0 use
/system watchdog
set auto-send-supout=no automatic-supout=yes no-ping-delay=5m watch-address=none wat
/tool bandwidth-server
set allocate-udp-ports-from=2000 authenticate=yes enabled=yes max-sessions=100
/tool e-mail
set address=0.0.0.0 from=<> password="" port=25 user=""
/tool graphing
set page-refresh=300 store-every=5min
/tool mac-server
set (unknown) disabled=no interface=all
/tool mac-server ping
set enabled=yes
/tool sms
set allowed-number="" channel=0 keep-max-sms=0 receive-enabled=no secret=""
/tool sniffer
set file-limit=1000KiB file-name="" filter-stream=yes interface=all memory-limit=100
/tool traffic-generator
set latency-distribution-scale=10 test-id=0
/user aaa
set accounting=yes default-group=read interim-update=0s use-radius=no

[smlick]

Quindi riassumendo quello che vorrei ottenere è:

-un DHCP server sulle VLAN 10 e VLAN 20 che si trovano sia sull'eth2 che sull'eth3
-la VLAN1 sulle eth da 2 a 5
-il tutto ruotato dalla eth1 (192.168.1.199) che ha come default gateway la 192.168.1.1

[smlick]

Non tutti insieme ehhhh altrimenti non capisco uno per volta!!!!!

Nessun aiuto? Nessuno che mi sappia dire dove sbaglio?

Grazie