# may/11/2020 22:00:07 by RouterOS 6.46.6 # software id = # # # /interface bridge add name=Vlan-Bridge protocol-mode=none vlan-filtering=yes /interface ethernet set [ find default-name=ether1 ] disable-running-check=no set [ find default-name=ether2 ] disable-running-check=no /interface vlan add interface=Vlan-Bridge name=Camera_Vlan vlan-id=8 add interface=Vlan-Bridge name=Data_Vlan vlan-id=10 add interface=Vlan-Bridge name=Managment_Vlan vlan-id=20 add interface=Vlan-Bridge name=No_Internet_Vlan vlan-id=15 add interface=Vlan-Bridge name=OOB_Mgmt vlan-id=14 add interface=Vlan-Bridge name=Server_Vlan vlan-id=11 add interface=Vlan-Bridge name=WiFi_Vlan vlan-id=12 add interface=Vlan-Bridge name=Wired_Clients vlan-id=9 add interface=Vlan-Bridge name=vMotion_Vlan vlan-id=13 /interface list add name=WAN add name=VLAN add name=Base /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik /ip pool add name=Camera_Vlan-Pool ranges=10.10.8.1-10.10.8.254 add name=Wired_Client-Pool ranges=10.10.9.2-10.10.9.254 add name=Data_Vlan-Pool ranges=10.10.10.2-10.10.10.10 add name=Server_Vlan-Pool ranges=10.10.11.2-10.10.11.254 add name=WiFi_Vlan-Pool ranges=10.10.12.2-10.10.12.254 add name=vMotion_Pool ranges=10.10.13.2-10.10.13.254 add name=OOB_Mgmt-Pool ranges=10.10.14.2-10.10.14.254 add name=No_Internet-Pool ranges=10.10.15.2-10.10.15.254 add name=Mgmt-Pool ranges=10.10.20.2-10.10.20.250 /ip dhcp-server add address-pool=Camera_Vlan-Pool interface=Camera_Vlan name=\ Camera_Vlan-DHCP-Service add address-pool=Wired_Client-Pool interface=Wired_Clients name=\ Wired_Client-DHCP-Service add address-pool=Data_Vlan-Pool interface=Data_Vlan name=\ Data_Vlan-DHCP-Service add address-pool=Server_Vlan-Pool interface=Server_Vlan name=\ Server_Vlan-DHCP-Service add address-pool=WiFi_Vlan-Pool interface=WiFi_Vlan name=\ WiFi_Vlan-DHCP-Service add address-pool=vMotion_Pool interface=vMotion_Vlan name=vMotion_Vlan add address-pool=OOB_Mgmt-Pool interface=OOB_Mgmt name=OOB_Mgmt_Vlan add address-pool=No_Internet_Vlan interface=No_Internet_Vlan name=\ No_Internet_Vlan-DHCP-Service add address-pool=Mgmt-Pool disabled=no interface=Managment_Vlan name=\ Management_DHCP-Service /interface bridge port add bridge=Vlan-Bridge ingress-filtering=yes interface=ether2 /ip neighbor discovery-settings set discover-interface-list=Base /interface bridge vlan add bridge=Vlan-Bridge tagged=Vlan-Bridge,ether2 vlan-ids=8 add bridge=Vlan-Bridge tagged=Vlan-Bridge,ether2 vlan-ids=9 add bridge=Vlan-Bridge tagged=Vlan-Bridge,ether2 vlan-ids=10 add bridge=Vlan-Bridge tagged=Vlan-Bridge,ether2 vlan-ids=11 add bridge=Vlan-Bridge tagged=Vlan-Bridge,ether2 vlan-ids=12 add bridge=Vlan-Bridge tagged=Vlan-Bridge,ether2 vlan-ids=13 add bridge=Vlan-Bridge tagged=Vlan-Bridge,ether2 vlan-ids=14 add bridge=Vlan-Bridge tagged=Vlan-Bridge,ether2 vlan-ids=15 add bridge=Vlan-Bridge tagged=Vlan-Bridge,ether2 vlan-ids=20 /interface list member add interface=ether1 list=WAN add interface=Wired_Clients list=VLAN add interface=Data_Vlan list=VLAN add interface=Server_Vlan list=VLAN add interface=WiFi_Vlan list=VLAN add interface=vMotion_Vlan list=VLAN add interface=OOB_Mgmt list=VLAN add interface=No_Internet_Vlan list=VLAN add interface=Managment_Vlan list=Base /ip address add address=10.10.8.1/24 interface=Camera_Vlan network=10.10.8.0 add address=10.10.9.1/24 interface=Wired_Clients network=10.10.9.0 add address=10.10.10.1/24 interface=Data_Vlan network=10.10.10.0 add address=10.10.11.1/24 interface=Server_Vlan network=10.10.11.0 add address=10.10.12.1/24 interface=WiFi_Vlan network=10.10.12.0 add address=10.10.13.1/24 interface=vMotion_Vlan network=10.10.13.0 add address=10.10.14.1/24 interface=OOB_Mgmt network=10.10.14.0 add address=10.10.15.1/24 interface=No_Internet_Vlan network=10.10.15.0 add address=10.10.20.1/24 interface=Managment_Vlan network=10.10.20.0 add address=10.10.20.200/24 interface=ether2 network=10.10.20.0 /ip dhcp-client add disabled=no interface=ether1 /ip dhcp-server network add address=10.10.8.0/24 dns-server=192.168.1.101 gateway=10.10.8.1 add address=10.10.9.0/24 dns-server=192.168.1.101 gateway=10.10.9.1 add address=10.10.10.0/24 dns-server=192.168.1.101 gateway=10.10.10.1 add address=10.10.11.0/24 dns-server=192.168.1.101 gateway=10.10.11.1 add address=10.10.12.0/24 dns-server=192.168.1.101 gateway=10.10.12.1 add address=10.10.13.0/24 dns-server=192.168.1.101 gateway=10.10.13.1 add address=10.10.14.0/24 dns-server=192.168.1.101 gateway=10.10.14.1 add address=10.10.15.0/24 dns-server=192.168.1.101 gateway=10.10.15.1 /ip dns set allow-remote-requests=yes servers=1.1.1.1 /ip firewall filter add action=accept chain=input comment="Allow Base_Vlan Full Access" disabled=\ yes in-interface=Managment_Vlan add action=drop chain=input comment=Drop disabled=yes add action=accept chain=forward comment="Allow Established & Related" \ connection-state=established,related disabled=yes add action=accept chain=forward comment="VLAN Internet Access only" \ connection-state=new disabled=yes in-interface-list=VLAN \ out-interface-list=WAN add action=drop chain=forward comment=Drop disabled=yes /ip firewall nat add action=masquerade chain=srcnat comment="Default masquerade" \ out-interface-list=WAN /ip service set telnet disabled=yes set ftp disabled=yes set www disabled=yes set ssh disabled=yes set api disabled=yes set api-ssl disabled=yes /system identity set name=MikroTik_CHR /tool mac-server set allowed-interface-list=Base /tool mac-server mac-winbox set allowed-interface-list=Base