ho una configurazione complessa che sto studiando su un 951Ui 2HnD
La descrivo rapidamente
1) La wan si ottiene via WIFI su una connessione dedicata
2) Ci sono altri 3 wifi virtuali che fanno
Repeater
Dispositivi IOT
Disspositivi cellulari
Obiettivo 1 è far si che le lan fisiche Lan2, Lan3, Lan4 facciano parte di di una specifica VLAN
Obiettivo 2 è isolare le reti mediante le vlan in modo che tutte vadano sulla WAN e da li in internet.
Obiettivo 3 è mettere un bandwidth limit sulle vlan in modo che alcuni dipositivi non consumino troppa banda
Obiettivo 4 è far si che chi appartiene ad una VLAN possa accedere a determinati IP di un altra vlan
Obiettivo 5 è far si che la LAN1 sia backup della WIFI (Quì è tutto da capire)
Veniamo a dove sono arrivato:
- Codice: Seleziona tutto
# model = RB951Ui-2HnD
/interface bridge
add name=bridge1 port-cost-mode=short
add name=bridge2
/interface vlan
add interface=bridge2 name=vlan18_Lan vlan-id=18
add interface=ether1 name=vlan19_other vlan-id=1
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys \
supplicant-identity=MikroTik
add authentication-types=wpa2-psk mode=dynamic-keys name=cell \
supplicant-identity=""
add authentication-types=wpa2-psk group-ciphers=tkip,aes-ccm mode=\
dynamic-keys name=wifi supplicant-identity="" unicast-ciphers=\
tkip,aes-ccm
add authentication-types=wpa2-psk group-ciphers=tkip,aes-ccm mode=\
dynamic-keys name=4g supplicant-identity="" unicast-ciphers=tkip,aes-ccm
add authentication-types=wpa2-psk group-ciphers=tkip,aes-ccm mode=\
dynamic-keys name=smarthome supplicant-identity="" unicast-ciphers=\
tkip,aes-ccm
add authentication-types=wpa2-psk group-ciphers=tkip,aes-ccm mode=\
dynamic-keys name=cellulari supplicant-identity="" unicast-ciphers=\
tkip,aes-ccm
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-eC \
country=italy disabled=no frequency=2462 mode=station-pseudobridge \
security-profile=4g ssid=Modem4g
add disabled=no keepalive-frames=disabled mac-address=66:D1:54:DA:C6:C3 \
master-interface=wlan1 multicast-buffering=disabled name=\
wlan2-repeater-16 security-profile=wifi ssid=WIFI-ROS vlan-id=16 \
vlan-mode=use-tag wds-cost-range=0 wds-default-cost=0 wps-mode=disabled
add disabled=no keepalive-frames=disabled mac-address=66:D1:54:DA:C6:C4 \
master-interface=wlan1 multicast-buffering=disabled name=\
wlan3-smarthome-17 security-profile=cellulari ssid=WIFI-SHOME vlan-id=17 \
vlan-mode=use-tag wds-cost-range=0 wds-default-cost=1 wps-mode=disabled
add disabled=no keepalive-frames=disabled mac-address=66:D1:54:DA:C6:C5 \
master-interface=wlan1 multicast-buffering=disabled name=\
wlan4-cellulari-15 security-profile=cellulari ssid=WIFI-CELL vlan-id=15 \
vlan-mode=use-tag wds-cost-range=0 wds-default-cost=1 wps-mode=disabled
/interface vlan
#
add interface=wlan4-cellulari-15 name=vlan15_Cell vlan-id=15
add interface=wlan2-repeater-16 name=vlan16_Repeater vlan-id=16
add interface=wlan3-smarthome-17 name=vlan17_Smarthome vlan-id=17
#
/ip pool
add name=dhcp_pool172.19 ranges=172.19.0.2-172.19.255.254
add name=dhcp_pool9 ranges=172.18.0.2-172.18.255.254
add name=dhcp_pool10 ranges=172.17.0.2-172.17.255.254
add name=dhcp_pool11 ranges=172.16.0.2-172.16.255.254
add name=dhcp_pool12 ranges=172.15.0.2-172.15.255.254
/ip dhcp-server
add address-pool=dhcp_pool172.19 interface=vlan19_other name=dhcp5
add address-pool=dhcp_pool9 interface=vlan18_Lan name=dhcp1
add address-pool=dhcp_pool10 interface=vlan17_Smarthome name=dhcp2
add address-pool=dhcp_pool11 interface=vlan16_Repeater name=dhcp3
add address-pool=dhcp_pool12 interface=vlan15_Cell name=dhcp4
/interface bridge port
add bridge=bridge2 interface=ether1
add bridge=bridge2 interface=ether2
add bridge=bridge2 interface=ether3
add bridge=bridge2 interface=ether4
#
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=wlan1
#
add bridge=*F interface=wlan2-repeater-16
add bridge=*11 interface=wlan3-smarthome-17
add bridge=*10 interface=wlan4-cellulari-15
#
/ip firewall connection tracking
set udp-timeout=10s
/interface detect-internet
set detect-interface-list=all internet-interface-list=all lan-interface-list=\
all wan-interface-list=all
/interface wireless connect-list
add interface=wlan1 security-profile=4g ssid=Modem4g
#
/ip address
add address=172.18.0.1/16 interface=vlan18_Lan network=172.18.0.0
add address=172.16.0.1/16 interface=vlan16_Repeater network=172.16.0.0
add address=172.17.0.1/16 interface=vlan17_Smarthome network=172.17.0.0
add address=172.15.0.1/16 interface=vlan15_Cell network=172.15.0.0
add address=172.19.0.1/16 interface=vlan19_other network=172.19.0.0
#
/ip dhcp-client
add interface=bridge1
/ip dhcp-server network
add address=172.15.0.0/16 dns-server=8.8.8.8 gateway=172.15.0.1
add address=172.16.0.0/16 dns-server=8.8.8.8 gateway=172.16.0.1
add address=172.17.0.0/16 dns-server=8.8.8.8 gateway=172.17.0.1
add address=172.18.0.0/16 dns-server=8.8.8.8 gateway=172.18.0.1
add address=172.19.0.0/16 dns-server=8.8.8.8 gateway=172.19.0.1
/system clock
set time-zone-name=Europe/Rome
/system identity
set name=ROS
/system note
set show-at-login=no
Detto questo il bridge 2 lo dovrò togliere mentre il bridge 1 mi consente di navigare mentre lo configuro.
Mi piacerebbe capire come proseguire su questa strada.
NB sto usando questo dispositivo come oggetto di studio non mi aspetto prestazioni entusiasmanti ma almeno che funzioni.
Grazie.
