Tuesday, December 24, 2019

Noob trying to play ISP

Hey there! I am trying to provide internet to multiple apartments via an mikrotik cloud router switch (CRS125-24G-1S-IN). This is my first time doing anything of this scale and outside of home networking so please be gentle lol (ofcourse y'all can give constructive criticism, i want that!). I am trying to configure it so that every rj45 port gets its own dedicated subnet in which talking between eachother is allowed, and talking to the internet is allowed, but nothing else is. Sort off like port isolation i guess? i dunno this just seemed like the best setup to me for this use case but again i have 0 theoretical knowledge beyond some googling. Heres the current config:

# dec/24/2019 09:52:33 by RouterOS 6.46.1 # # model = CRS125-24G-1S /interface ethernet set [ find default-name=ether1 ] loop-protect=on name=1_WAN set [ find default-name=ether2 ] loop-protect=on name=2_Man set [ find default-name=ether3 ] disabled=yes loop-protect=on name=3 set [ find default-name=ether4 ] disabled=yes loop-protect=on name=4 set [ find default-name=ether5 ] disabled=yes loop-protect=on name=5 set [ find default-name=ether6 ] disabled=yes loop-protect=on name=6 set [ find default-name=ether7 ] disabled=yes loop-protect=on name=7 set [ find default-name=ether8 ] disabled=yes loop-protect=on name=8 set [ find default-name=ether9 ] disabled=yes loop-protect=on name=9 set [ find default-name=ether10 ] loop-protect=on name=10_234 set [ find default-name=ether11 ] loop-protect=on name=11_234A set [ find default-name=ether12 ] loop-protect=on name=12_234B set [ find default-name=ether13 ] loop-protect=on name=13_236 set [ find default-name=ether14 ] loop-protect=on name=14_236A set [ find default-name=ether15 ] loop-protect=on name=15_236B set [ find default-name=ether16 ] loop-protect=on name=16_236C set [ find default-name=ether17 ] loop-protect=on name=17_236D set [ find default-name=ether18 ] loop-protect=on name=18_236E set [ find default-name=ether19 ] loop-protect=on name=19_236F set [ find default-name=ether20 ] loop-protect=on name=20 set [ find default-name=ether21 ] disabled=yes loop-protect=on name=21 set [ find default-name=ether22 ] disabled=yes loop-protect=on name=22 set [ find default-name=ether23 ] disabled=yes loop-protect=on name=23 set [ find default-name=ether24 ] disabled=yes loop-protect=on name=24 set [ find default-name=sfp1 ] disabled=yes loop-protect=on /interface list add name=Appartementen add name=WAN add name=Management /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik /ip pool add name=pool10 ranges=10.10.10.11-10.10.10.254 add name=pool11 ranges=10.10.11.12-10.10.11.254 add name=pool12 ranges=10.10.12.13-10.10.12.254 add name=pool13 ranges=10.10.13.14-10.10.13.254 add name=pool2 ranges=10.10.2.3-10.10.2.254 add name=pool3 ranges=10.10.3.4-10.10.3.254 add name=pool4 ranges=10.10.4.5-10.10.4.254 add name=pool5 ranges=10.10.5.6-10.10.5.254 add name=pool6 ranges=10.10.6.7-10.10.6.254 add name=pool7 ranges=10.10.7.8-10.10.7.254 add name=pool8 ranges=10.10.8.9-10.10.8.254 add name=pool9 ranges=10.10.9.10-10.10.9.254 add name=pool14 ranges=10.10.14.15-10.10.14.254 add name=pool15 ranges=10.10.15.16-10.10.15.254 add name=pool16 ranges=10.10.16.17-10.10.16.254 add name=pool17 ranges=10.10.17.18-10.10.17.254 add name=pool18 ranges=10.10.18.19-10.10.18.254 add name=pool19 ranges=10.10.19.20-10.10.19.254 add name=pool20 ranges=10.10.20.21-10.10.20.254 add name=pool21 ranges=10.10.21.22-10.10.21.254 add name=pool22 ranges=10.10.22.23-10.10.22.254 add name=pool23 ranges=10.10.23.24-10.10.23.254 add name=pool24 ranges=10.10.24.25-10.10.24.254 /ip dhcp-server add address-pool=pool10 bootp-support=dynamic disabled=no interface=10_234 name=dhcp10 add address-pool=pool11 bootp-support=dynamic disabled=no interface=11_234A name=dhcp11 add address-pool=pool12 bootp-support=dynamic disabled=no interface=12_234B name=dhcp12 add address-pool=pool13 bootp-support=dynamic disabled=no interface=13_236 name=dhcp13 add address-pool=pool14 bootp-support=dynamic disabled=no interface=14_236A name=dhcp14 add address-pool=pool15 bootp-support=dynamic disabled=no interface=15_236B name=dhcp15 add address-pool=pool16 bootp-support=dynamic disabled=no interface=16_236C name=dhcp16 add address-pool=pool17 bootp-support=dynamic disabled=no interface=17_236D name=dhcp17 add address-pool=pool18 bootp-support=dynamic disabled=no interface=18_236E name=dhcp18 add address-pool=pool19 bootp-support=dynamic disabled=no interface=19_236F name=dhcp19 add address-pool=pool20 bootp-support=dynamic disabled=no interface=20 name=dhcp20 add address-pool=pool2 bootp-support=dynamic disabled=no interface=2_Man name=dhcp2 /ip neighbor discovery-settings set discover-interface-list=all /interface list member add interface=10_234 list=Appartementen add interface=11_234A list=Appartementen add interface=12_234B list=Appartementen add interface=13_236 list=Appartementen add interface=14_236A list=Appartementen add interface=15_236B list=Appartementen add interface=16_236C list=Appartementen add interface=17_236D list=Appartementen add interface=18_236E list=Appartementen add interface=19_236F list=Appartementen add interface=20 list=Appartementen add interface=21 list=Appartementen add interface=22 list=Appartementen add interface=23 list=Appartementen add interface=24 list=Appartementen add interface=1_WAN list=WAN add interface=2_Man list=Management /ip address add address=10.10.10.0/24 interface=10_234 network=10.10.10.0 add address=10.10.11.0/24 interface=11_234A network=10.10.11.0 add address=10.10.12.0/24 interface=12_234B network=10.10.12.0 add address=10.10.13.0/24 interface=13_236 network=10.10.13.0 add address=10.10.14.0/24 interface=14_236A network=10.10.14.0 add address=10.10.15.0/24 interface=15_236B network=10.10.15.0 add address=10.10.16.0/24 interface=16_236C network=10.10.16.0 add address=10.10.17.0/24 interface=17_236D network=10.10.17.0 add address=10.10.18.0/24 interface=18_236E network=10.10.18.0 add address=10.10.19.0/24 interface=19_236F network=10.10.19.0 add address=10.10.20.0/24 interface=20 network=10.10.20.0 add address=10.10.21.0/24 interface=21 network=10.10.21.0 add address=10.10.22.0/24 interface=22 network=10.10.22.0 add address=10.10.23.0/24 interface=23 network=10.10.23.0 add address=10.10.24.0/24 interface=24 network=10.10.24.0 add address=10.10.2.0/24 interface=2_Man network=10.10.2.0 add address=10.10.3.0/24 interface=3 network=10.10.3.0 add address=10.10.4.0/24 interface=4 network=10.10.4.0 add address=10.10.5.0/24 interface=5 network=10.10.5.0 add address=10.10.6.0/24 interface=6 network=10.10.6.0 add address=10.10.7.0/24 interface=7 network=10.10.7.0 add address=10.10.8.0/24 interface=8 network=10.10.8.0 add address=10.10.9.0/24 interface=9 network=10.10.9.0 /ip dhcp-client add disabled=no interface=1_WAN /ip dhcp-server alert add disabled=no interface=10_234 valid-server=CC:2D:E0:8E:78:A5 add disabled=no interface=11_234A valid-server=CC:2D:E0:8E:78:A6 add disabled=no interface=12_234B valid-server=CC:2D:E0:8E:78:A7 add disabled=no interface=13_236 valid-server=CC:2D:E0:8E:78:A8 add disabled=no interface=14_236A valid-server=CC:2D:E0:8E:78:A9 add disabled=no interface=15_236B valid-server=CC:2D:E0:8E:78:AA add disabled=no interface=16_236C valid-server=CC:2D:E0:8E:78:AB add disabled=no interface=17_236D valid-server=CC:2D:E0:8E:78:AC add disabled=no interface=18_236E valid-server=CC:2D:E0:8E:78:AD add disabled=no interface=19_236F valid-server=CC:2D:E0:8E:78:AE add disabled=no interface=20 valid-server=CC:2D:E0:8E:78:AF /ip dhcp-server network add address=10.10.2.0/24 gateway=10.10.2.2 add address=10.10.10.0/24 gateway=10.10.10.10 add address=10.10.11.0/24 gateway=10.10.11.11 add address=10.10.12.0/24 gateway=10.10.12.12 add address=10.10.13.0/24 gateway=10.10.13.13 add address=10.10.14.0/24 gateway=10.10.14.14 add address=10.10.15.0/24 gateway=10.10.15.15 add address=10.10.16.0/24 gateway=10.10.16.16 add address=10.10.17.0/24 gateway=10.10.17.17 add address=10.10.18.0/24 gateway=10.10.18.18 add address=10.10.19.0/24 gateway=10.10.19.19 add address=10.10.20.0/24 gateway=10.10.20.20 /ip service set telnet disabled=yes set ftp disabled=yes set www disabled=yes set api disabled=yes set api-ssl disabled=yes /lcd set backlight-timeout=never default-screen=informative-slideshow /lcd interface set "1_WAN" timeout=1s set "2_Man" timeout=1s set "4" timeout=1s set "5" timeout=1s set "6" timeout=1s set "7" timeout=1s set "8" timeout=1s set "9" timeout=1s set "10_234" timeout=1s set "11_234A" timeout=1s set "12_234B" timeout=1s set "13_236" timeout=1s set "14_236A" timeout=1s set "15_236B" timeout=1s set "16_236C" timeout=1s set "17_236D" timeout=1s set "18_236E" timeout=1s set "19_236F" timeout=1s set "21" timeout=1s set "22" timeout=1s set "23" timeout=1s set "24" timeout=1s set sfp1 timeout=1s /lcd screen set 0 timeout=1s set 1 timeout=1s set 2 timeout=1s set 3 timeout=1s set 4 timeout=1s set 5 timeout=1s /system clock set time-zone-name=Europe/Amsterdam 


No comments:

Post a Comment