Acessar RBs e NanoStation de Outra VLAN

[jwjunior]

Boa tarde a todos estou separando minhas torres por vlans, estao funcionando blza so nao estou conseguindo acessar os radios, rbs e nanos da outra vlan. estou usando um switch gerenciavel em trunk e fazendo as vlan no mikrotik.

[alexandrecorrea]

roteamento intra-vlan somente em switchs Layer3 .. e nao vejo, para o seu caso, esta necessidade..

entao o seu roteamento tem q ser feito pelo mikrotik onde chegam as vlans..

necessariamente os radios precisam ter o GATEWAY padrao setado..


o teste inicial para ver onde o seu roteamento esta se perdendo, eh fazer um traceroute e ver em qual HOP ele para..

[jwjunior]

Obrigado alexandre. teria como me passar um modelo de como fazer sou iniciante em mikrotik.

roteamento intra-vlan somente em switchs Layer3 .. e nao vejo, para o seu caso, esta necessidade..

entao o seu roteamento tem q ser feito pelo mikrotik onde chegam as vlans..

necessariamente os radios precisam ter o GATEWAY padrao setado..


o teste inicial para ver onde o seu roteamento esta se perdendo, eh fazer um traceroute e ver em qual HOP ele para..

[alexandrecorrea]

primeiro voce deve postar a configuração que esta sendo feita nessa rb .. pra ver o que esta errado !! ok ?

[jwjunior]

OK. Qual comando eu exporto para ser analizado onde esta o erro.

[alexandrecorrea]

no terminal, digite export

[jwjunior]

nao estou conseguindo upar minhas configurações desde cedo tem um email que eu possa ta passar

no terminal, digite export

[jwjunior]

Bom dia a todos, ainda estou sem solução preciso da ajuda de todos para resolver esse problema.

[alexandrecorrea]

voce nao postou as configuracoes.. pode anexa-las ao topico

[jwjunior]

Alexandre estou tentando de varias formas anexar o arquivo nao vai colocar o texto por ser grande tambem nao vai, nao sei oque é?

voce nao postou as configuracoes.. pode anexa-las ao topico

[jwjunior]

/interface ethernet
set 0 arp=enabled auto-negotiation=yes cable-settings=default comment="" \
disable-running-check=yes disabled=no full-duplex=yes l2mtu=1600 \
mac-address=00:1C:25:4A:F9:0B mtu=1500 name=Clientes speed=100Mbps
set 1 arp=enabled auto-negotiation=yes cable-settings=default comment="" \
disable-running-check=yes disabled=no full-duplex=yes mac-address=\
00:01:038:21:B8 mtu=1500 name=Pinheiros speed=100Mbps
set 2 arp=enabled auto-negotiation=yes cable-settings=default comment="" \
disable-running-check=yes disabled=no full-duplex=yes mac-address=\
00:0D:88:C5:B0:B4 mtu=1500 name=Back_UP speed=100Mbps
set 3 arp=enabled auto-negotiation=yes cable-settings=default comment="" \
disable-running-check=yes disabled=no full-duplex=yes mac-address=\
00:0D:88:C5:B0:B5 mtu=1500 name=Mk-Auth speed=100Mbps
set 4 arp=enabled auto-negotiation=yes cable-settings=default comment="" \
disable-running-check=yes disabled=no full-duplex=yes mac-address=\
00:0D:88:C5:B0:B6 mtu=1500 name="Interface Vlan" speed=100Mbps
set 5 arp=enabled auto-negotiation=yes cable-settings=default comment="" \
disable-running-check=yes disabled=no full-duplex=yes mac-address=\
00:0D:88:C5:B0:B7 mtu=1500 name=Link speed=100Mbps
/interface bridge
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes \
comment="" disabled=no forward-delay=15s l2mtu=65535 max-message-age=20s \
mtu=1500 name="BridgeVlan4_Casa Branca" priority=0x8000 protocol-mode=\
none transmit-hold-count=6
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes \
comment="" disabled=no forward-delay=15s l2mtu=1600 max-message-age=20s \
mtu=1500 name=Bridge_SAIDA priority=0x8000 protocol-mode=none \
transmit-hold-count=6
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes \
comment="" disabled=no forward-delay=15s l2mtu=65535 max-message-age=20s \
mtu=1500 name=BridgeVlan2_X-Lan priority=0x8000 protocol-mode=none \
transmit-hold-count=6
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes \
comment="" disabled=no forward-delay=15s l2mtu=65535 max-message-age=20s \
mtu=1500 name=BridgeVlan3_Vaquejada priority=0x8000 protocol-mode=none \
transmit-hold-count=6
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes \
comment="" disabled=no forward-delay=15s l2mtu=65535 max-message-age=20s \
mtu=1500 name=BridgeVlan5_Olimpica priority=0x8000 protocol-mode=none \
transmit-hold-count=6
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes \
comment="" disabled=no forward-delay=15s l2mtu=65535 max-message-age=20s \
mtu=1500 name=BridgeVlan6_Trajano priority=0x8000 protocol-mode=none \
transmit-hold-count=6
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes \
comment="" disabled=no forward-delay=15s l2mtu=65535 max-message-age=20s \
mtu=1500 name=BridgeVlan7_Lanhouse priority=0x8000 protocol-mode=none \
transmit-hold-count=6
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes \
comment="" disabled=no forward-delay=15s l2mtu=65535 max-message-age=20s \
mtu=1500 name="BridgeVlan8_Pedra Verde" priority=0x8000 protocol-mode=\
none transmit-hold-count=6
/interface vlan
add arp=enabled comment="" disabled=no interface="Interface Vlan" mtu=1500 \
name="Vlan1_Acesso Switch" use-service-tag=no vlan-id=1
add arp=enabled comment="" disabled=no interface="Interface Vlan" mtu=1500 \
name=Vlan2_X-Lan use-service-tag=no vlan-id=2
add arp=enabled comment="" disabled=no interface="Interface Vlan" mtu=1500 \
name=Vlan3_Vaquejada use-service-tag=no vlan-id=3
add arp=enabled comment="" disabled=no interface="Interface Vlan" mtu=1500 \
name=Vlan5_Olimpica use-service-tag=no vlan-id=5
add arp=enabled comment="" disabled=no interface="Interface Vlan" mtu=1500 \
name="Vlan4_Casa Branca" use-service-tag=no vlan-id=4
add arp=enabled comment="" disabled=no interface="Interface Vlan" mtu=1500 \
name=Vlan6_Trajano use-service-tag=no vlan-id=6
add arp=enabled comment="" disabled=no interface="Interface Vlan" mtu=1500 \
name=Vlan7_LanHouse use-service-tag=no vlan-id=7
add arp=enabled comment="" disabled=no interface="Interface Vlan" mtu=1500 \
name="Vlan8_Pedra Verde" use-service-tag=no vlan-id=8

[jwjunior]

/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=accept chain=input comment="=== ACEITAR CONEXOES DE PROXY =========\
========================= SISTEMA===" disabled=no \
dst-port=3128 protocol=tcp
add action=drop chain=forward comment="=== BLOQUEIO DO P2P ===================\
===========================SISTEMA===" disabled=no \
p2p=all-p2p src-address-list=!p2p-sem-bloqueio
add action=drop chain=forward comment="=== BLOQUEIO DE IP REVERSO ============\
========================== SISTEMA===" content=\
.ctame700 disabled=no
add action=accept chain=input comment="=== PERMITIR CONEXOES ESTABELECIDAS ===\
========================= SISTEMA===" \
connection-state=established disabled=no
add action=accept chain=forward comment="" connection-state=established \
disabled=no
add action=accept chain=icmp comment="" disabled=no icmp-options=3:0 \
protocol=icmp
add action=accept chain=icmp comment="" disabled=no icmp-options=3:1 \
protocol=icmp
add action=accept chain=input comment="=== PERMITIR UDP ======================\
=========================== SISTEMA===" disabled=no \
protocol=udp
add action=drop chain=input comment="" disabled=no dst-port=23 protocol=tcp
add action=accept chain=forward comment="" disabled=no protocol=udp
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=0s chain=input comment="" disabled=no protocol=tcp \
psd=21,3s,3,1
add action=accept chain=input comment="" disabled=no protocol=tcp tcp-flags=\
fin,!syn,!rst,!psh,!ack,!urg
add action=drop chain=forward comment="" disabled=no dst-address=\
200.210.104.201
add action=accept chain=input comment="=== PERMITIR ACESSO DOS ROTEADORES A RE\
DE DOS CLIENTES======== SISTEMA===" disabled=no \
src-address=10.0.0.0/8
add action=accept chain=input comment="" disabled=no src-address=192.0.0.0/8
add action=accept chain=input comment="=== PERMITIR ICMP =====================\
=========================== SISTEMA===" disabled=no \
protocol=icmp
add action=drop chain=forward comment="=== BLOQUEAR CONEXOES INVALIDAS =======\
========================= SISTEMA===" \
connection-state=invalid disabled=no protocol=tcp
add action=drop chain=forward comment="" connection-state=invalid disabled=no
add action=accept chain=icmp comment="" disabled=no icmp-options=0:0 \
protocol=icmp
add action=accept chain=forward comment="=== PERMITIR CONEXOES RELACIONADAS ==\
=========================== SISTEMA===" \
connection-state=related disabled=no
add action=drop chain=forward comment="" disabled=no src-address=0.0.0.0/8
add action=drop chain=forward comment="" disabled=no dst-address=0.0.0.0/8
add action=drop chain=forward comment="" disabled=no src-address=127.0.0.0/8
add action=drop chain=forward comment="" disabled=no dst-address=127.0.0.0/8
add action=drop chain=forward comment="" disabled=no src-address=224.0.0.0/3
add action=drop chain=forward comment="" disabled=no dst-address=224.0.0.0/3
add action=jump chain=forward comment="" disabled=no jump-target=tcp \
protocol=tcp
add action=jump chain=forward comment="" disabled=no jump-target=icmp \
protocol=icmp
add action=drop chain=tcp comment="=== BLOQUEAR TFTP =========================\
====================== SISTEMA===" disabled=no \
dst-port=69 protocol=tcp
add action=drop chain=tcp comment="=== BLOQUEAR PORTMAPER ====================\
==================== SISTEMA===" disabled=no dst-port=\
111 protocol=tcp
add action=drop chain=tcp comment="" disabled=no dst-port=135 protocol=tcp
add action=drop chain=tcp comment="=== BLOQUEAR NBT ==========================\
====================== SISTEMA===" disabled=no \
dst-port=137-139 protocol=tcp
add action=drop chain=tcp comment="=== BLOQUEAR CIFS =========================\
======================= SISTEMA===" disabled=no \
dst-port=445 protocol=tcp
add action=drop chain=tcp comment="=== BLOQUEAR NFS ==========================\
====================== SISTEMA===" disabled=no \
dst-port=2049 protocol=tcp
add action=drop chain=tcp comment="=== BLOQUEAR NETBUS =======================\
===================== SISTEMA===" disabled=no \
dst-port=12345-12346 protocol=tcp
add action=drop chain=tcp comment="" disabled=no dst-port=20034 protocol=tcp
add action=drop chain=tcp comment="=== BLOQUEAR BACKORIFFICE =================\
====================== SISTEMA===" disabled=no \
dst-port=3133 protocol=tcp
add action=accept chain=icmp comment="=== PERMITIR BUSCAS ====================\
========================== SISTEMA===" disabled=no \
icmp-options=4:0 protocol=icmp
add action=accept chain=icmp comment="=== PERMITIR TEMPO RESTANTE ============\
======================== SISTEMA===" disabled=no \
icmp-options=8:0 protocol=icmp
add action=accept chain=icmp comment="=== PERMITIR TEMPO EXCEDENTE ===========\
======================== SISTEMA===" disabled=no \
icmp-options=11:0 protocol=icmp
add action=accept chain=icmp comment="=== PERMITIR PARAMETROS BAIXOS =========\
======================== SISTEMA===" disabled=no \
icmp-options=12:0 protocol=icmp
add action=drop chain=icmp comment="=== BLOQUEAR TODOS OS OUTROS SERVICOS=====\
==================== SISTEMA===" disabled=no
add action=accept chain="forward protocol=tcp dst-port=135-139 action=drop" \
comment="" disabled=no
add action=accept chain="forward protocol=udp dst-port=135-139 action=drop" \
comment="" disabled=no
add action=accept chain="forward protocol=tcp dst-port=445-449 action=drop" \
comment="" disabled=no
add action=accept chain="forward protocol=udp dst-port=445-449 action=drop" \
comment="" disabled=no
add action=add-src-to-address-list address-list=blocked-addr \
address-list-timeout=1d chain=sanity-check comment="=== BLOQUEIO SCANER DE\
\_PORTA =================================== SISTEMA===" \
disabled=no protocol=tcp psd=20,3s,3,1
add action=add-src-to-address-list address-list=blocked-addr \
address-list-timeout=1d chain=sanity-check comment="" disabled=no \
protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list=blocked-addr \
address-list-timeout=1d chain=sanity-check comment="" disabled=no \
protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=accept chain=sanity-check comment="=== ACEITAR CONEXOES ESTABELECID\
AS ============================= SISTEMA===" \
connection-state=established disabled=no
add action=accept chain=sanity-check comment="=== ACEITAR CONEXOES RELACIONADA\
S ============================== SISTEMA===" \
connection-state=related disabled=no
add action=jump chain=forward comment="" disabled=no jump-target=restrict-tcp \
protocol=tcp
add action=reject chain=restrict-tcp comment="" connection-mark=auth \
disabled=no reject-with=icmp-network-unreachable
add action=jump chain=restrict-tcp comment="=== MONITORAMENTO DE ANTI-SPAM ===\
============================= SISTEMA===" \
connection-mark=smtp disabled=no jump-target=smtp-first-drop
add action=add-src-to-address-list address-list=approved-smtp \
address-list-timeout=0s chain=smtp-first-drop comment="" disabled=no \
src-address-list=first-smtp
add action=return chain=smtp-first-drop comment="" disabled=no \
src-address-list=approved-smtp
add action=add-src-to-address-list address-list=first-smtp \
address-list-timeout=0s chain=smtp-first-drop comment="" disabled=no
add action=reject chain=smtp-first-drop comment="" disabled=no reject-with=\
icmp-network-unreachable
add action=jump chain=forward comment="=== TESTE DE INTEGRIDADE ==============\
========================== SISTEMA===" disabled=no \
jump-target=sanity-check
add action=jump chain=input comment="" disabled=no jump-target=sanity-check
add action=accept chain=dhcp comment="" disabled=no dst-address=\
255.255.255.255 src-address=0.0.0.0
add action=accept chain=dhcp comment="" disabled=no dst-address-type=local \
src-address=0.0.0.0
add action=accept chain=dhcp comment="" disabled=no dst-address-type=local \
src-address-list=local-addr
add action=accept chain=local-services comment="=== DIRECIONAR PARA O DNS ====\
=================================== SISTEMA===" \
connection-mark=dns disabled=no
add action=accept chain=public-services comment="=== LIBERAR PPTP ============\
===================================== SISTEMA===" \
connection-mark=gre disabled=no

[jwjunior]

add action=drop chain=virus comment="=== BLOQUEIO DE VIRUS ===================\
========================= SISTEMA===" disabled=no \
dst-port=135-139 protocol=tcp
add action=drop chain=virus comment="" disabled=no dst-port=135-139 protocol=\
udp
add action=drop chain=virus comment="" disabled=no dst-port=445 protocol=tcp
add action=drop chain=virus comment="" disabled=no dst-port=445 protocol=udp
add action=drop chain=virus comment="" disabled=no dst-port=593 protocol=tcp
add action=drop chain=virus comment="" disabled=no dst-port=1024-1030 \
protocol=tcp
add action=drop chain=virus comment="" disabled=no dst-port=1080 protocol=tcp
add action=drop chain=virus comment="" disabled=no dst-port=1214 protocol=tcp
add action=drop chain=virus comment="" disabled=no dst-port=1363 protocol=tcp
add action=drop chain=virus comment="" disabled=no dst-port=1364 protocol=tcp
add action=drop chain=virus comment="" disabled=no dst-port=1368 protocol=tcp
add action=drop chain=virus comment="" disabled=no dst-port=1373 protocol=tcp
add action=drop chain=virus comment="" disabled=no dst-port=1377 protocol=tcp
add action=drop chain=virus comment="" disabled=no dst-port=1433-1434 \
protocol=tcp
add action=drop chain=virus comment="" disabled=no dst-port=2283 protocol=tcp
add action=drop chain=virus comment="" disabled=no dst-port=2535 protocol=tcp
add action=drop chain=virus comment="" disabled=no dst-port=2745 protocol=tcp
add action=drop chain=virus comment="" disabled=no dst-port=3410 protocol=tcp
add action=drop chain=virus comment="" disabled=no dst-port=4444 protocol=tcp
add action=drop chain=virus comment="" disabled=no dst-port=4444 protocol=udp
add action=drop chain=virus comment="" disabled=no dst-port=5554 protocol=tcp
add action=drop chain=virus comment="" disabled=no dst-port=8866 protocol=tcp
add action=drop chain=virus comment="" disabled=no dst-port=9898 protocol=tcp
add action=drop chain=virus comment="" disabled=no dst-port=10000 protocol=\
tcp
add action=drop chain=virus comment="" disabled=no dst-port=10080 protocol=\
tcp
add action=drop chain=virus comment="" disabled=no dst-port=12345 protocol=\
tcp
add action=drop chain=virus comment="" disabled=no dst-port=17300 protocol=\
tcp
add action=drop chain=virus comment="" disabled=no dst-port=27374 protocol=\
tcp
add action=drop chain=virus comment="" disabled=no dst-port=65506 protocol=\
tcp
add action=accept chain=forward comment="=== PERMITIR PING ===================\
============================= SISTEMA===" disabled=no \
protocol=icmp
add action=accept chain=input comment="=== DIRECIONAR WINBOX PARA O SERVIDOR =\
========================= SISTEMA===" disabled=no \
dst-port=8291 protocol=tcp
add action=accept chain=input comment="" disabled=no dst-port=8292 protocol=\
tcp
add action=add-src-to-address-list address-list="drop winbox" \
address-list-timeout=12h chain=input comment="=== BRUTE FORCE PARA O SERVI\
DOR ================================= SISTEMA===" \
connection-limit=2,32 connection-state=established disabled=no dst-port=\
8291 protocol=tcp
add action=add-src-to-address-list address-list="drop winbox" \
address-list-timeout=12h chain=input comment="" connection-limit=2,32 \
connection-state=established disabled=no dst-port=8292 protocol=tcp
add action=add-src-to-address-list address-list="drop winbox" \
address-list-timeout=12h chain=input comment="" connection-limit=2,32 \
connection-state=established disabled=no dst-port=80 protocol=tcp
add action=drop chain=input comment="" disabled=no src-address-list=\
"drop winbox"
add action=drop chain=input comment="=== BLOQUEAR PERMISOES ==================\
======================== SISTEMA===" disabled=no
add action=drop chain=tcp comment="=== BLOQUEAR DHCP==========================\
===================== SISTEMA===" disabled=no \
dst-port=67-68 protocol=tcp
add action=drop chain=public-services comment="=== BLOQUEAR OUTROS SERVICOS PU\
BLICOS ========================= SISTEMA===" \
disabled=no
add action=drop chain=local-services comment="=== BLOQUEAR OUTROS SERVICOS LOC\
AIS ============================ SISTEMA===" disabled=\
no
/ip firewall mangle
add action=jump chain=prerouting comment="PG CORTE" disabled=no jump-target=\
hotspot
add action=mark-connection chain=output comment="=== CONTROLE DO CACHE =======\
=====================================SISTEMA===" \
content="X-Cache: HIT" disabled=no new-connection-mark=conn_squid-up \
passthrough=yes protocol=tcp src-port=3128
add action=mark-packet chain=output comment="" connection-mark=conn_squid-up \
disabled=no new-packet-mark=pacotes_squid-up passthrough=yes
add action=mark-connection chain=prerouting comment="" disabled=no dst-port=\
3128 new-connection-mark=conn_squid-down passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting comment="" connection-mark=\
conn_squid-down disabled=no new-packet-mark=pacotes_squid-down \
passthrough=yes
add action=mark-connection chain=prerouting comment="\r\
\n=== CONTROLE DE P2P ===============================================WWW.M\
ICROCENTERWEB.COM.BR ===\r\
\n" disabled=no new-connection-mark=conexao-p2p p2p=all-p2p passthrough=\
yes
add action=mark-packet chain=prerouting comment="" connection-mark=\
conexao-p2p disabled=no new-packet-mark=pacotes-p2p passthrough=yes
add action=mark-routing chain=prerouting comment="" disabled=no \
new-routing-mark=p2p p2p=all-p2p passthrough=no src-address=0.0.0.0/0
add action=mark-packet chain=prerouting comment="=== MELHORIAS DO MSN ========\
=====================================SISTEMA===" \
disabled=no dst-port=1863 new-packet-mark=msn_in passthrough=yes \
protocol=tcp
add action=mark-packet chain=prerouting comment="" disabled=no \
new-packet-mark=msn_out passthrough=yes protocol=tcp src-port=1863
add action=change-mss chain=forward comment="" disabled=no new-mss=1360 \
protocol=tcp tcp-flags=syn
add action=mark-packet chain=forward comment="=== MARCANCO OS PACOTES SEM LIMI\
TE DE CONEXAO ==================SISTEMA===" disabled=\
no dst-port=21 new-packet-mark=semlimite passthrough=yes protocol=tcp \
src-address=10.0.0.0/8
add action=mark-packet chain=forward comment="" disabled=no dst-port=22 \
new-packet-mark=semlimite passthrough=yes protocol=tcp src-address=\
10.0.0.0/8
add action=mark-packet chain=forward comment="" disabled=no dst-port=23 \
new-packet-mark=semlimite passthrough=yes protocol=tcp src-address=\
10.0.0.0/8
add action=mark-packet chain=forward comment="" disabled=no dst-port=25 \
new-packet-mark=semlimite passthrough=yes protocol=tcp src-address=\
10.0.0.0/8
add action=mark-packet chain=forward comment="" disabled=no dst-port=53 \
new-packet-mark=semlimite passthrough=yes protocol=tcp src-address=\
10.0.0.0/8
add action=mark-packet chain=forward comment="" disabled=no dst-port=110 \
new-packet-mark=semlimite passthrough=yes protocol=tcp src-address=\
10.0.0.0/8
add action=mark-packet chain=forward comment="" disabled=no dst-port=80 \
new-packet-mark=semlimite passthrough=yes protocol=tcp src-address=\
10.0.0.0/8
add action=mark-packet chain=forward comment="" disabled=no dst-port=443 \
new-packet-mark=semlimite passthrough=yes protocol=tcp src-address=\
10.0.0.0/8
add action=mark-packet chain=forward comment="" disabled=no dst-port=8080 \
new-packet-mark=semlimite passthrough=yes protocol=tcp src-address=\
10.0.0.0/8
add action=mark-packet chain=forward comment="" disabled=no dst-port=\
6891-6901 new-packet-mark=semlimite passthrough=yes protocol=tcp \
src-address=10.0.0.0/8
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat comment="NAT FULL" disabled=no
add action=dst-nat chain=dstnat comment="PG CORTE" disabled=no protocol=tcp \
src-address-list=pgcorte to-addresses=192.10.1.2 to-ports=85
add action=dst-nat chain=hotspot comment="PG CORTE" disabled=no packet-mark=\
bloqueado protocol=tcp to-addresses=192.10.1.2 to-ports=85
add action=dst-nat chain=dstnat comment="DIRECIONAMENTO MK-AUTH" disabled=no \
dst-port=8293 protocol=tcp to-addresses=192.10.1.2 to-ports=80
add action=dst-nat chain=dstnat comment="AVISO REPARO" disabled=no protocol=\
tcp src-address=10.0.0.0/8 src-port=80 to-addresses=192.10.1.2 to-ports=\
89
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061
set pptp disabled=no

[jwjunior]

voce nao postou as configuracoes.. pode anexa-las ao topico

Sistema2.txt

Hoje consegui Alexandre eu tava tentando de todas as formas e nao ia sempre dava erro no envio eu dei uma mechida no load e agora foi.

[jwjunior]

Opa alexandre esqueci de uma coisa antes quando minha rede nao tinha a separação por vlan eu fiz assim separei todas as rbs e ponto a ponto com uma classe de ip de 192.1.1.0/24 e todas as nanos e rbs que queria acessar coloco no hotspot ip bindings em bypassed, pois minha rede era 192.168.10.0/24 e agora com as vlans estao assim
vlan1 10.0.0.0/24
vlan2 10.0.1.0/24
vlan3 10.0.2.0/24
vlan4 10.0.3.0/24
E todos os ponto a ponto e rbs nao fiz nenhuma alteração continua 192.1.1.0/24. Acho que assim ta mais explicado..

voce nao postou as configuracoes.. pode anexa-las ao topico

[jwjunior]

Tiago bom dia estava fora por uns tempos tem alguma dica nessa situação acima?

[agatangelos]

estou exatamente com o mesmo problema, minhas antenas ubnt tem os ips 192.168.100.0/24, e minhas vlans estão como 10.10.10.1 , 10.10.10.2 etc ... não consigo acessar as antenas que estão nas outras vlans, assim não acesso as antenas dos clientes, dificultando algumas manutenções e monitoramento, já troquei uma vlan para 192.168.100.100/24 mas mesmo assim não acessa as antenas entre as vlans, que estão em bridge wds., minha rb que recebe as vlans e distribui para outras antenas esta assim ... Um abraço a todos ... Rodrigo

/interface vlan
add arp=enabled disabled=no interface=ether1 l2mtu=1594 mtu=1500 name=vlan_JMeudon use-service-tag=yes vlan-id=1111
add arp=enabled disabled=no interface=ether1 l2mtu=1594 mtu=1500 name=vlan_Barra use-service-tag=yes vlan-id=1112
add arp=enabled disabled=no interface=ether1 l2mtu=1594 mtu=1500 name=vlan_Varzea5.8 use-service-tag=yes vlan-id=1113
add arp=enabled disabled=no interface=ether1 l2mtu=1594 mtu=1500 name=vlan_Artistas use-service-tag=yes vlan-id=1114


/interface bridge port
add bridge=bridge_JMeudon disabled=no edge=auto external-fdb=auto horizon=none interface=vlan_JMeudon path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge_JMeudon disabled=no edge=auto external-fdb=auto horizon=none interface=ether2 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge_Barra disabled=no edge=auto external-fdb=auto horizon=none interface=vlan_Barra path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge_Barra disabled=no edge=auto external-fdb=auto horizon=none interface=ether3 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge_Varzea5.8 disabled=no edge=auto external-fdb=auto horizon=none interface=ether4 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge_Varzea5.8 disabled=no edge=auto external-fdb=auto horizon=none interface=vlan_Varzea5.8 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge_Artistas disabled=no edge=auto external-fdb=auto horizon=none interface=ether5 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge_Artistas disabled=no edge=auto external-fdb=auto horizon=none interface=vlan_Artistas path-cost=10 point-to-point=auto priority=0x80
/interface bridge settings
set use-ip-firewall=yes use-ip-firewall-for-pppoe=yes use-ip-firewall-for-vlan=yes

/ip address
add address=10.10.11.2/30 disabled=no interface=vlan_JMeudon network=\
10.10.11.0
add address=192.168.100.101/24 disabled=no interface=vlan_Barra network=\
192.168.100.0
add address=10.10.13.2/30 disabled=no interface=vlan_Varzea5.8 network=\
10.10.13.0
add address=10.10.14.2/30 disabled=no interface=vlan_Artistas network=\
10.10.14.0
add address=192.168.100.2/24 disabled=no interface=ether1 network=\
192.168.100.0