Физический порт с отдельной локальной сетью.
Добавлено: 21 авг 2020, 16:41
Добрый день, совсем не знаком с настройкой MikroTik, а дали задачу выделить физический порт на маршрутизаторе со своей локальной сетью. Т.е. в соседнем кабинете будет стоять свой роутер подключенный к нашему микротику и соответственно нашему интернету, нужно чтобы при подключении соседей со своим роутером к нашему порту они не смогли видеть нашу локальную сеть, но смогли бы выходить в интернет.
Текущие настройки прилагаю
# aug/21/2020 17:31:13 by RouterOS 6.43.12
# software id = A9EW-MYKC
#
# model = 951Ui-2nD
# serial number = 71A30759E58E
/interface bridge
add admin-mac=64:D1:54:3F:07:B1 auto-mac=no comment=defconf fast-forward=no name=bridge
/interface ethernet
set [ find default-name=ether1 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full arp=proxy-arp
set [ find default-name=ether2 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=ether2-master
set [ find default-name=ether3 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether4 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether5 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
/interface pptp-server
add name=pptp-interface user=""
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce country=russia disabled=no distance=indoors frequency=auto mode=ap-bridge ssid=Oktane wireless-protocol=802.11
/interface list
add exclude=dynamic name=discover
add name=mactel
add name=mac-winbox
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=9262536469 wpa2-pre-shared-key=9262536469
add authentication-types=wpa-psk,wpa2-psk mode=dynamic-keys name=profile supplicant-identity=MikroTik wpa-pre-shared-key=4964033900 wpa2-pre-shared-key=4964033900
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp ranges=192.168.1.100-192.168.1.199
add name=vpn ranges=192.168.89.2-192.168.89.255
/ip dhcp-server
add address-pool=dhcp authoritative=after-2sec-delay disabled=no interface=bridge name=defconf
/port
set 0 baud-rate=9600 data-bits=8 flow-control=none name=usb1 parity=none stop-bits=1
/interface ppp-client
add apn=internet info-channel=1 name=ppp-out1 password=gdata port=usb1 user=gdata
/ppp profile
set *FFFFFFFE local-address=192.168.89.1 remote-address=vpn
/interface bridge port
add bridge=bridge comment=defconf interface=ether2-master
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4
add bridge=bridge interface=ether5
/ip neighbor discovery-settings
set discover-interface-list=discover
/interface l2tp-server server
set enabled=yes ipsec-secret=passw0rd9262536469 use-ipsec=yes
/interface list member
add interface=ether2-master list=discover
add interface=ether3 list=discover
add interface=ether4 list=discover
add interface=ether5 list=discover
add interface=wlan1 list=discover
add interface=bridge list=discover
add interface=pptp-interface list=discover
add interface=ether2-master list=mactel
add interface=wlan1 list=mactel
add interface=ether2-master list=mac-winbox
add interface=wlan1 list=mac-winbox
/interface pptp-server server
set enabled=yes
/interface sstp-server server
set default-profile=default-encryption enabled=yes
/ip address
add address=192.168.1.1/24 comment=defconf interface=ether2-master network=192.168.1.0
add address=82.194.245.142/30 interface=ether1 network=82.194.245.140
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid interface=ether1
/ip dhcp-server lease
add address=192.168.1.113 client-id=1:BC:AE:C5:1D:BE:E8 mac-address=BC:AE:C5:1D:BE:E8 server=defconf
add address=192.168.1.11 client-id=1:00:27:0E:0F:CB:A8 mac-address=00:27:0E:0F:CB:A8 server=defconf
add address=192.168.1.8 client-id=1:00:80:48:16:23:B1 mac-address=00:80:48:16:23:B1 server=defconf
add address=192.168.1.131 client-id=1:60:e3:27:0:4b:d9 mac-address=60:E3:27:00:4B:D9 server=defconf
add address=192.168.1.177 always-broadcast=yes client-id=1:54:be:f7:c:e0:65 mac-address=54:BE:F7:0C:E0:65 server=defconf
add address=192.168.1.153 client-id=1:0:1c:c4:17:fc:86 comment=ReplicationServer mac-address=00:1C:C4:17:FC:86 server=defconf
add address=192.168.1.151 client-id=1:88:d7:f6:7b:21:5c mac-address=88:D7:F6:7B:21:5C server=defconf
add address=192.168.1.169 client-id=1:5a:58:0:7f:f5:83 mac-address=5A:58:00:7F:F5:83 server=defconf
add address=192.168.1.110 client-id=1:c4:2f:90:21:2a:6 mac-address=C4:2F:90:21:2A:06 server=defconf
add address=192.168.1.105 client-id=1:0:15:5d:1:83:2 mac-address=00:15:5D:01:83:02 server=defconf
add address=192.168.1.107 client-id=1:b4:a3:82:96:b0:b4 mac-address=B4:A3:82:96:B0:B4 server=defconf
add address=192.168.1.109 client-id=1:44:2c:5:10:6d:88 mac-address=44:2C:05:10:6D:88 server=defconf
add address=192.168.1.175 client-id=1:38:2c:4a:71:de:70 mac-address=38:2C:4A:71:DE:70 server=defconf
add address=192.168.1.106 client-id=1:54:be:f7:c:e0:66 mac-address=54:BE:F7:0C:E0:66 server=defconf
add address=192.168.1.108 client-id=1:34:64:a9:11:ed:2d mac-address=34:64:A9:11:ED:2D server=defconf
add address=192.168.1.115 client-id=1:54:4:a6:3e:48:cd mac-address=54:04:A6:3E:48:CD server=defconf
add address=192.168.1.198 client-id=1:7c:3:ab:eb:68:3e mac-address=7C:03:AB:EB:68:3E server=defconf
add address=192.168.1.112 client-id=1:bc:1c:81:9e:1f:bb mac-address=BC:1C:81:9E:1F:BB server=defconf
/ip dhcp-server network
add address=192.168.1.0/24 comment=defconf gateway=192.168.1.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip dns static
add address=192.168.1.1 name=router
Текущие настройки прилагаю
# aug/21/2020 17:31:13 by RouterOS 6.43.12
# software id = A9EW-MYKC
#
# model = 951Ui-2nD
# serial number = 71A30759E58E
/interface bridge
add admin-mac=64:D1:54:3F:07:B1 auto-mac=no comment=defconf fast-forward=no name=bridge
/interface ethernet
set [ find default-name=ether1 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full arp=proxy-arp
set [ find default-name=ether2 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=ether2-master
set [ find default-name=ether3 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether4 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether5 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
/interface pptp-server
add name=pptp-interface user=""
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce country=russia disabled=no distance=indoors frequency=auto mode=ap-bridge ssid=Oktane wireless-protocol=802.11
/interface list
add exclude=dynamic name=discover
add name=mactel
add name=mac-winbox
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=9262536469 wpa2-pre-shared-key=9262536469
add authentication-types=wpa-psk,wpa2-psk mode=dynamic-keys name=profile supplicant-identity=MikroTik wpa-pre-shared-key=4964033900 wpa2-pre-shared-key=4964033900
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp ranges=192.168.1.100-192.168.1.199
add name=vpn ranges=192.168.89.2-192.168.89.255
/ip dhcp-server
add address-pool=dhcp authoritative=after-2sec-delay disabled=no interface=bridge name=defconf
/port
set 0 baud-rate=9600 data-bits=8 flow-control=none name=usb1 parity=none stop-bits=1
/interface ppp-client
add apn=internet info-channel=1 name=ppp-out1 password=gdata port=usb1 user=gdata
/ppp profile
set *FFFFFFFE local-address=192.168.89.1 remote-address=vpn
/interface bridge port
add bridge=bridge comment=defconf interface=ether2-master
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4
add bridge=bridge interface=ether5
/ip neighbor discovery-settings
set discover-interface-list=discover
/interface l2tp-server server
set enabled=yes ipsec-secret=passw0rd9262536469 use-ipsec=yes
/interface list member
add interface=ether2-master list=discover
add interface=ether3 list=discover
add interface=ether4 list=discover
add interface=ether5 list=discover
add interface=wlan1 list=discover
add interface=bridge list=discover
add interface=pptp-interface list=discover
add interface=ether2-master list=mactel
add interface=wlan1 list=mactel
add interface=ether2-master list=mac-winbox
add interface=wlan1 list=mac-winbox
/interface pptp-server server
set enabled=yes
/interface sstp-server server
set default-profile=default-encryption enabled=yes
/ip address
add address=192.168.1.1/24 comment=defconf interface=ether2-master network=192.168.1.0
add address=82.194.245.142/30 interface=ether1 network=82.194.245.140
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid interface=ether1
/ip dhcp-server lease
add address=192.168.1.113 client-id=1:BC:AE:C5:1D:BE:E8 mac-address=BC:AE:C5:1D:BE:E8 server=defconf
add address=192.168.1.11 client-id=1:00:27:0E:0F:CB:A8 mac-address=00:27:0E:0F:CB:A8 server=defconf
add address=192.168.1.8 client-id=1:00:80:48:16:23:B1 mac-address=00:80:48:16:23:B1 server=defconf
add address=192.168.1.131 client-id=1:60:e3:27:0:4b:d9 mac-address=60:E3:27:00:4B:D9 server=defconf
add address=192.168.1.177 always-broadcast=yes client-id=1:54:be:f7:c:e0:65 mac-address=54:BE:F7:0C:E0:65 server=defconf
add address=192.168.1.153 client-id=1:0:1c:c4:17:fc:86 comment=ReplicationServer mac-address=00:1C:C4:17:FC:86 server=defconf
add address=192.168.1.151 client-id=1:88:d7:f6:7b:21:5c mac-address=88:D7:F6:7B:21:5C server=defconf
add address=192.168.1.169 client-id=1:5a:58:0:7f:f5:83 mac-address=5A:58:00:7F:F5:83 server=defconf
add address=192.168.1.110 client-id=1:c4:2f:90:21:2a:6 mac-address=C4:2F:90:21:2A:06 server=defconf
add address=192.168.1.105 client-id=1:0:15:5d:1:83:2 mac-address=00:15:5D:01:83:02 server=defconf
add address=192.168.1.107 client-id=1:b4:a3:82:96:b0:b4 mac-address=B4:A3:82:96:B0:B4 server=defconf
add address=192.168.1.109 client-id=1:44:2c:5:10:6d:88 mac-address=44:2C:05:10:6D:88 server=defconf
add address=192.168.1.175 client-id=1:38:2c:4a:71:de:70 mac-address=38:2C:4A:71:DE:70 server=defconf
add address=192.168.1.106 client-id=1:54:be:f7:c:e0:66 mac-address=54:BE:F7:0C:E0:66 server=defconf
add address=192.168.1.108 client-id=1:34:64:a9:11:ed:2d mac-address=34:64:A9:11:ED:2D server=defconf
add address=192.168.1.115 client-id=1:54:4:a6:3e:48:cd mac-address=54:04:A6:3E:48:CD server=defconf
add address=192.168.1.198 client-id=1:7c:3:ab:eb:68:3e mac-address=7C:03:AB:EB:68:3E server=defconf
add address=192.168.1.112 client-id=1:bc:1c:81:9e:1f:bb mac-address=BC:1C:81:9E:1F:BB server=defconf
/ip dhcp-server network
add address=192.168.1.0/24 comment=defconf gateway=192.168.1.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip dns static
add address=192.168.1.1 name=router