Проблем с връзка между 2 подмрежи

[masterelectro]

Здравейте колеги,

Имам проблем със следната задача:

Искам да конфигурирам отделен VLAN, който да комуникира с основната мрежа. За момента успях да активирам този VLAN, устройствата в него работят, но не се свързват с основната мрежа. Ping има само до gateway на мрежата, но не и до устройствата в нея. От рутера на eth2 и eth3 има 2 суич-а неуправляеми. Моля за малко помощ, че нещо не правя като хората и не знам какво е.

Това е конфигурацията ми в момента:

# jun/12/2023 09:00:35 by RouterOS 6.48.6
# software id = xxxxxxxxx
#
# model = RB750Gr3
# serial number = xxxxxxxxxx
/interface bridge
add admin-mac=18:FD:74:D1:EF:32 auto-mac=no comment=defconf name=bridge
/interface vlan
add interface=bridge name=vlan10 use-service-tag=yes vlan-id=10
/caps-man datapath
add bridge=bridge client-to-client-forwarding=yes local-forwarding=yes name=\
    datapath1
add bridge=bridge client-to-client-forwarding=yes local-forwarding=yes name=\
    datapath2
/caps-man security
add authentication-types=wpa-psk,wpa2-psk encryption=aes-ccm name=security1 \
    passphrase=20202021
/caps-man configuration
add country=bulgaria datapath=datapath1 mode=ap name=cfg_2.4 security=security1 \
    ssid=MasterElectro
add country=bulgaria datapath=datapath2 mode=ap name=cfg_5 security=security1 \
    ssid=MasterElectro_5G
/caps-man interface
add configuration=cfg_5 disabled=no l2mtu=1600 mac-address=48:8F:5A:1E:80:FA \
    master-interface=none name=cap2 radio-mac=48:8F:5A:1E:80:FA radio-name=\
    488F5A1E80FA
add configuration=cfg_5 disabled=no l2mtu=1600 mac-address=48:8F:5A:1E:6D:18 \
    master-interface=none name=cap5 radio-mac=48:8F:5A:1E:6D:18 radio-name=\
    488F5A1E6D18
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/ip pool
add name=dhcp ranges=192.168.50.100-192.168.50.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/caps-man manager
set enabled=yes
/caps-man provisioning
add action=create-dynamic-enabled master-configuration=cfg_2.4
add action=create-dynamic-enabled master-configuration=cfg_5
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge interface=vlan10
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.50.1/24 comment=defconf interface=bridge network=\
    192.168.50.0
add address=192.168.11.1/24 interface=vlan10 network=192.168.11.0
/ip dhcp-client
add comment=defconf disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.50.0/24 comment=defconf gateway=192.168.50.1 netmask=24
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.50.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=\
    invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" \
    connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=\
    out,none out-interface-list=WAN
add action=dst-nat chain=dstnat dst-port=57778 protocol=tcp to-addresses=\
    192.168.50.10 to-ports=57778
/system clock
set time-zone-name=Europe/Sofia
/system identity
set name=RouterOS
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN

 

Поздрави!

[111111]

/IP Routes

опиши си къде да праща рутера клиентите и през кой геит.

[JohnTRIVOLTA]

Хем тагвате на бриджа:

/interface vlan
add interface=bridge name=vlan10 use-service-tag=yes vlan-id=10

Хем разтагвате в него:

/interface bridge port
add bridge=bridge interface=vlan10

Това правило в случая е ненужно или си добавете друг бридж за него вилан в който да разтагвате !

[masterelectro]

Благодаря ви!

А как точно да опиша пътищата, че пробвах всякакви варианти и не става?

Поздрави!

[111111]

Гейт на мрежата, така като го вижда микротика, адресна група на отсрещната мрежа