Mikrotik : Vlan sur les séries Hex
De www.yakakliker.org
[admin@MikroTik] > export
# 2023-07-26 16:57:14 by RouterOS 7.10.2
# software id = EJAV-8QRI
#
# model = RB750Gr3
# serial number = CC210F337586
/interface bridge
add admin-mac=DC:2C:6E:AA:3F:5E auto-mac=no comment=defconf ingress-filtering=no name=bridge vlan-filtering=yes
/interface vlan
add interface=bridge name=vlan2001 vlan-id=2001
add interface=bridge name=vlan2002 vlan-id=2002
add interface=bridge name=vlan2003 vlan-id=2003
add interface=bridge name=vlan2004 vlan-id=2004
add interface=bridge name=vlan2005 vlan-id=2005
add interface=bridge name=vlan2006 vlan-id=2006
add interface=bridge name=vlan2007 vlan-id=2007
add interface=bridge name=vlan2008 vlan-id=2008
add interface=bridge name=vlan2009 vlan-id=2009
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=172.16.0.2-172.16.0.10
/ip dhcp-server
add address-pool=dhcp interface=bridge lease-time=10m name=defconf
/port
set 0 name=serial0
/interface bridge port
add bridge=bridge comment=defconf ingress-filtering=no interface=ether2
add bridge=bridge comment=defconf ingress-filtering=no interface=ether3
add bridge=bridge comment=defconf ingress-filtering=no interface=ether4
add bridge=bridge comment=defconf ingress-filtering=no interface=ether5
/ip neighbor discovery-settings
set discover-interface-list=LAN
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface bridge vlan
add bridge=bridge tagged=bridge,ether2 vlan-ids=2001
add bridge=bridge tagged=bridge,ether2 vlan-ids=2002
add bridge=bridge tagged=bridge,ether2 vlan-ids=2003
add bridge=bridge tagged=bridge,ether2 vlan-ids=2004
add bridge=bridge tagged=bridge,ether2 vlan-ids=2005
add bridge=bridge tagged=bridge,ether2 vlan-ids=2006
add bridge=bridge tagged=bridge,ether2 vlan-ids=2007
add bridge=bridge tagged=bridge,ether2 vlan-ids=2008
add bridge=bridge tagged=bridge,ether2 vlan-ids=2009
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/interface ovpn-server server
set auth=sha1,md5
/ip address
add address=172.16.0.1/28 comment=defconf interface=bridge network=172.16.0.0
add address=172.16.1.1/28 interface=vlan2001 network=172.16.1.0
add address=172.16.2.1/28 interface=vlan2002 network=172.16.2.0
add address=172.16.3.1/28 interface=vlan2003 network=172.16.3.0
add address=172.16.4.1/28 interface=vlan2004 network=172.16.4.0
add address=172.16.5.1/28 interface=vlan2005 network=172.16.5.0
add address=172.16.6.1/28 interface=vlan2006 network=172.16.6.0
add address=172.16.7.1/28 interface=vlan2007 network=172.16.7.0
add address=172.16.8.1/28 interface=vlan2008 network=172.16.8.0
add address=172.16.9.1/28 interface=vlan2009 network=172.16.9.0
/ip dhcp-client
add comment=defconf interface=ether1
/ip dhcp-server network
add address=172.16.0.0/28 comment=defconf dns-server=172.16.0.1 gateway=172.16.0.1 netmask=28
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=172.16.0.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related hw-offload=yes
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
/routing bfd configuration
add disabled=no interfaces=all min-rx=200us min-tx=200us multiplier=5
/system clock
set time-zone-name=Europe/Paris
/system note
set show-at-login=no
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
[admin@MikroTik] >
