Blog.gowifi

Blog.gowifi

logos (other)

Logos

Go Wireless NZ

Follow by Email

Tuesday, July 28, 2015

MikroTik Basic Fibre Setup Script - Part 1

This is a basic script to setup a fibre connection on a MikroTik RouterOS device.

This is part 1 of 2 for setting up a MikroTik Routerboard with Fibre, with a CRS Switch off that with vlans




# Main Router setup for fibre
# with trunk port (ether5) to go to CRS for 'router on a stick' setup

# this script requires a blank routerboard
# port 1 - WAN/Fibre with vlan 10
# port 2-4 - Local lan subnet
# port 5 - trunk port to switch

#add vlan 10 tag on ether1 for fibre
/interface vlan
add interface=ether1 name=ether1.10 vlan-id=10

#add vlan tags on trunk interface
add interface=ether5 l2mtu=1594 name=ether5.10 vlan-id=10
add interface=ether5 l2mtu=1594 name=ether5.20 vlan-id=20
add interface=ether5 l2mtu=1594 name=ether5.30 vlan-id=30

#add pppoe-client for fibre connection - your isp may just want a dhcp-client here
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1.10 name=pppoe-out1 password=Passw0rd [email protected]

/interface bridge 
add name=br.10 comment="local lan"
add name=br.20 comment="voip"
add name=br.30 comment="security"

/interface ip address
add address=192.168.10.1/24 interface=br.10 network=192.168.10.0
add address=192.168.20.1/24 interface=br.20 network=192.168.20.0
add address=192.168.30.1/24 interface=br.30 network=192.168.30.0

/interface bridge port 
add interface=ether2 bridge=br.10 comment="local lan"
add interface=ether3 bridge=br.10 comment="local lan"
add interface=ether4 bridge=br.10 comment="local lan"
add interface=ether5.10 bridge=br.10 comment="local lan"
add interface=ether5.20 bridge=br.20 comment="voip"
add interface=ether5.30 bridge=br.30 comment="security"


/ip firewall filter
#input chain
add action=drop chain=input comment="Drop invalid connections" connection-state=invalid
add chain=input comment="Accept established connections" connection-state=established
add chain=input comment="Accept related connections" connection-state=related
add chain=input comment="Allow access from local network" in-interface=br.10 src-address=192.168.10.0/24
add action=drop chain=input comment="Drop everything else"


#forward chain
add action=drop chain=forward comment="Drop invalid connections" connection-state=invalid
add chain=forward comment="Accept established connections" connection-state=established
add chain=forward comment="Accept related connections" connection-state=related
add chain=forward comment="Allow traffic from Local network" in-interface=br.10 src-address=192.168.10.0/24
add chain=forward comment="Allow traffic from VOIP network" in-interface=br.20 src-address=192.168.20.0/24
add chain=forward comment="Allow traffic from Security network" in-interface=br.30 src-address=192.168.30.0/24 
add action=drop chain=forward comment="Drop everything else"

/ip firewall nat
add action=masquerade chain=srcnat out-interface=pppoe-out1



Thanks for reading my blog, please feel free to rate it below




Check out MikroTik Basic Fibre Setup Script Part 2


No comments:

Post a Comment