( Z0l | 2021. 06. 21., h – 18:29 )

Na, igy mukodik nalam a CAPSMAN + VLAN filtering jelenleg;CAPSMAN forwarding van es igy hogy a bridge-eknek van IP cime, azokon tud futni a DHCP szerver is. Ether8-9-10-en vannak a CAP-ek, amik az internal IP tartomanybol kaptak 1-1 IP cimet, de a wifi SSID-k mint kulon VLAN-okban jonnek be.

# jun/21/2021 17:56:06 by RouterOS 6.48.3
# software id = 
#
# model = RB4011iGS+
# serial number = xxx
/interface bridge add name=bridge-guest protocol-mode=mstp pvid=3 vlan-filtering=yes
/interface bridge add admin-mac=xx auto-mac=no igmp-snooping=yes name=bridge-internal protocol-mode=mstp vlan-filtering=yes
/interface bridge add name=bridge-iot protocol-mode=mstp pvid=2 vlan-filtering=yes
/interface bridge add name=bridge-vpn
...
/caps-man configuration add channel.band=5ghz-n/ac channel.reselect-interval=1h channel.skip-dfs-channels=yes comment="Internal wifi 5G" country=hungary datapath.bridge=bridge-internal datapath.client-to-client-forwarding=yes datapath.local-forwarding=no datapath.vlan-id=1 datapath.vlan-mode=use-tag hide-ssid=no installation=indoor mode=ap name=internal_5g security.authentication-types=wpa2-psk security.disable-pmkid=yes security.encryption=aes-ccm security.group-encryption=aes-ccm ssid=Z0lwireless5
/caps-man configuration add channel.band=2ghz-g/n channel.reselect-interval=1h channel.skip-dfs-channels=yes comment="Internal wifi 2G" country=hungary datapath.bridge=bridge-internal datapath.client-to-client-forwarding=yes datapath.local-forwarding=no datapath.vlan-id=1 datapath.vlan-mode=use-tag disconnect-timeout=5s hide-ssid=no hw-retries=2 installation=indoor mode=ap name=internal_2g security.authentication-types=wpa2-psk security.disable-pmkid=yes security.encryption=aes-ccm security.group-encryption=aes-ccm ssid=Z0lwireless2
/caps-man configuration add channel.band=2ghz-g/n channel.skip-dfs-channels=yes comment="Guest wifi 2G" country=hungary datapath.bridge=bridge-guest datapath.vlan-id=3 datapath.vlan-mode=use-tag installation=indoor mode=ap name=guest_2g security.authentication-types=wpa2-psk security.disable-pmkid=yes security.encryption=aes-ccm security.group-encryption=aes-ccm ssid=Guest
/caps-man configuration add channel.band=2ghz-g/n comment="IOT wifi 2G" country=hungary datapath.bridge=bridge-iot datapath.vlan-id=2 datapath.vlan-mode=use-tag hide-ssid=no installation=indoor mode=ap name=iot_2g security.authentication-types=wpa2-psk security.disable-pmkid=yes security.encryption=aes-ccm security.group-encryption=aes-ccm security.group-key-update=1h ssid=Automatron
/caps-man interface add configuration=internal_2g disabled=no l2mtu=1600 mac-address=xxx master-interface=none name=cap1 radio-mac=xxx
...
/ip pool add name=internal-pool ranges=192.168.10.15-192.168.10.250
/ip pool add name=iot-pool ranges=192.168.1.100-192.168.1.250
/ip pool add name=guest-pool ranges=192.168.192.100-192.168.192.200
/ip dhcp-server add add-arp=yes address-pool=internal-pool disabled=no interface=bridge-internal name=internal-dhcp
/ip dhcp-server add add-arp=yes address-pool=iot-pool disabled=no interface=bridge-iot name=iot-dhcp
/ip dhcp-server add address-pool=guest-pool disabled=no interface=bridge-guest name=guest-dhcp
...
/caps-man access-list add action=accept allow-signal-out-of-range=10s client-to-client-forwarding=yes disabled=no signal-range=-80..120 ssid-regexp="" time=0s-1d,sun,mon,tue,wed,thu,fri,sat
/caps-man access-list add action=reject allow-signal-out-of-range=10s disabled=no signal-range=-120..120 ssid-regexp=""
/caps-man manager set ca-certificate=auto certificate=auto enabled=yes require-peer-certificate=yes upgrade-policy=suggest-same-version
/caps-man manager interface set [ find default=yes ] forbid=yes
/caps-man manager interface add disabled=no interface=ether8
/caps-man manager interface add disabled=no interface=ether9
/caps-man manager interface add disabled=no interface=ether10
/caps-man manager interface add disabled=no interface=bridge-internal
/caps-man provisioning add action=create-enabled comment="5g ssid" hw-supported-modes=ac master-configuration=internal_5g
/caps-man provisioning add action=create-enabled comment="2g ssid-k" hw-supported-modes=gn master-configuration=internal_2g slave-configurations=iot_2g,guest_2g
/interface bridge port add bridge=bridge-internal comment=defconf interface=ether2
/interface bridge port add bridge=bridge-guest comment=defconf ingress-filtering=yes interface=ether4 pvid=3
/interface bridge port add bridge=bridge-iot comment=defconf interface=ether5 pvid=2
/interface bridge port add bridge=bridge-iot comment=defconf interface=ether6 pvid=2
/interface bridge port add bridge=bridge-iot comment=defconf interface=ether7 pvid=2
/interface bridge port add bridge=bridge-internal comment=defconf interface=sfp-sfpplus1
/interface bridge port add bridge=bridge-internal interface=*E
/interface bridge port add bridge=bridge-internal interface=ether3
/interface bridge port add bridge=bridge-guest interface=*10 pvid=3
/interface bridge port add bridge=bridge-iot interface=*F pvid=2
/interface bridge port add bridge=bridge-internal interface=ether8
/interface bridge port add bridge=bridge-internal interface=ether9
/interface bridge port add bridge=bridge-internal interface=ether10
...
/interface bridge vlan add bridge=bridge-internal comment=Internal untagged=bridge-internal,*E,ether2,ether3 vlan-ids=1
/interface bridge vlan add bridge=bridge-guest untagged=*10,bridge-guest vlan-ids=3
/interface bridge vlan add bridge=bridge-iot untagged=*F,bridge-iot vlan-ids=2
...
/ip address add address=192.168.10.1/24 comment=defconf interface=bridge-internal network=192.168.10.0
/ip address add address=192.168.1.1/24 interface=bridge-iot network=192.168.1.0
/ip address add address=192.168.192.1/24 interface=bridge-guest network=192.168.192.0
...
/ip dhcp-server network add address=192.168.10.0/24 comment=defconf dns-server=192.168.10.2 gateway=192.168.10.1 netmask=24
/ip dhcp-server network add address=192.168.1.0/24 dns-server=192.168.1.1 gateway=192.168.1.1
/ip dhcp-server network add address=192.168.192.0/24 dns-server=192.168.192.1 gateway=192.168.192.1
...