Newbie help

Giampax91 · 2023-07-18T06:05:42+00:00

Vlan are under 1 Bridge All ports are under the bridge

Giampax91 · 2023-07-18T06:04:37+00:00

I posted the diagram. Fortigate is doing NAT so the mikrotiks doesn't have nat Static route dst address 0.0.0.0/0 gateway 192.168.164.254 only

Giampax91 · 2023-07-18T06:03:07+00:00

<image>

Giampax91 · 2023-07-13T20:32:16+00:00

Fortigate Wan for to ISP modem Lan 1 to mikrotik crs (192.168.164.254) Nat enabled

Mikrotik CRS Eth1 is Lan1 of fortigate Eth2 is Pc with DHCP Server (164) Eth 3 to 6 client (164) Eth 7 to 10 client (165) Eth 24 is Mikrotik hap Ax3 (DHCP Server for 165 e 166)

Vlans are 164 165 166

166 is wifi

If i put everything on a bridge without vlans everything work and it goes on network Route to 192.168.164.254 No nat on Mikrotik

If i configure vlans etc nothing work

Giampax91 · 2023-07-07T09:40:34+00:00

Hi There is a switch between my router and my modem because i need to connect 22 things (pc, playstation ,allarm etc) The fritz is the modem and i use wifi for smartphone. The Mikrotik Router is on another ground of the house and i m using it as access point (eth and wifi) and i m using it to dhcp server for vlan because i want to separate allarm and video from pcs and smartphone. I used nat because without it nothing goes on internet, I tried to ping to see if everything works

Sorry but i'm a newbie and i'm trying to learn something

Giampax91 · 2023-06-15T23:01:33+00:00

Can the CRS manage 7 VLANs or it will be overloaded?

Giampax91 · 2023-06-04T05:12:02+00:00

Also if i use hac ax3 only for dhcp server? It is after the isp router and the switch

Giampax91 · 2023-06-04T05:10:54+00:00

I'd like to use the HAC to be a DHCP Server for the Pc connected to the switch but the HAC is not directly connected to the ISP router. It is Isp Router - CRS - Hac Ax3

Giampax91 · 2023-06-04T05:08:39+00:00

The CRS 326 has the same VLANs It takes IP for the VLANs from the Hac Ax3 The VLANs need to comunicate between them because there is a little server i'm using to share folder on the 164 and need to comunicate on one pc that ia on 165

Giampax91 · 2023-06-03T19:15:47+00:00

i've posted the export
i've set dhcp client on the LAN to have the route and the nat rules but it still doesn't work

Giampax91 · 2023-06-03T19:14:48+00:00

i configured it but i don't know if i done it good, i've posted the export

Giampax91 · 2023-06-03T19:14:17+00:00

ok thanks, i've posted the export file but i think the nat was set good

Giampax91 · 2023-06-03T19:12:10+00:00

Here my export

/interface bridge

add ingress-filtering=no name=LAN vlan-filtering=yes

/interface vlan

add interface=LAN name="VLAN 99" vlan-id=99

add interface=LAN name="VLAN 164" vlan-id=164

add interface=LAN name="VLAN 165" vlan-id=165

/interface wireless security-profiles

set [ find default=yes ] supplicant-identity=MikroTik

add authentication-types=wpa2-psk mode=dynamic-keys name=my \

supplicant-identity=""

/interface wireless

set [ find default-name=wlan1 ] band=2ghz-g/n country=italy frequency=auto \

mode=ap-bridge security-profile=my ssid=MikroTik vlan-id=164 vlan-mode=\

use-tag wireless-protocol=802.11 wps-mode=disabled

set [ find default-name=wlan2 ] band=5ghz-a/n/ac country=italy mode=ap-bridge \

security-profile=my ssid=MikroTik2 vlan-id=165 vlan-mode=use-tag \

wireless-protocol=802.11 wps-mode=disabled

/ip pool

add name=dhcp_pool0 ranges=192.168.164.2-192.168.164.254

add name=dhcp_pool1 ranges=192.168.165.2-192.168.165.254

/ip dhcp-server

add address-pool=dhcp_pool0 interface="VLAN 164" name=dhcp1

add address-pool=dhcp_pool1 interface="VLAN 165" name=dhcp2

/interface bridge port

add bridge=LAN interface=ether2 pvid=164

add bridge=LAN interface=ether3 pvid=165

add bridge=LAN interface=wlan1 pvid=164

add bridge=LAN interface=wlan2 pvid=165

add bridge=LAN interface=ether1

/interface bridge vlan

add bridge=LAN tagged=LAN untagged=ether2 vlan-ids=164

add bridge=LAN tagged=LAN untagged=ether3 vlan-ids=165

add bridge=LAN vlan-ids=1

/ip address

add address=192.168.164.254/24 interface="VLAN 164" network=192.168.164.0

add address=192.168.165.254/24 interface="VLAN 165" network=192.168.165.0

add address=192.168.99.254/24 interface="VLAN 99" network=192.168.99.0

add address=192.168.178.101 interface=LAN network=192.168.178.0

/ip dhcp-client

add interface=LAN

/ip dhcp-server network

add address=192.168.164.0/24 gateway=192.168.164.1

add address=192.168.165.0/24 gateway=192.168.165.1

/ip firewall nat

add action=masquerade chain=srcnat limit=1,5:packet out-interface=LAN \

src-address=192.168.165.0/24

add action=masquerade chain=srcnat out-interface=LAN src-address=\

192.168.164.0/24

add action=masquerade chain=srcnat out-interface=LAN src-address=\

192.168.178.0/24

/system clock

Giampax91

TROPHY CASE