Here is an example of setting up MikroTik as two different devices, a switch (switch) and a router (router).
Ports 1-5 and sfp1 will work as a switch, as a router there will be ports: LAN 6-9 and wlan1, WAN – 10.
The Internet will come via two cables, the first one to switch to sfp1, the second to port 10, if the Internet cable is only one – we connect it to sfp1 and connect the router port 10 to any switch ports with a patchcord, but it’s better to do without a patchcord and to “bridge-switch” manually specify the MAC address of one of the ports that are included in it (so as not to change), enable the DHCP client for the “bridge-switch” and set up masquerading on this bridge in the firewall.
We make two bridges:
/interface bridge
add name=bridge-router
add name=bridge-switch
Let’s configure the ports:
/interface ethernet
set [ find default-name=ether2 ] name=ether2-master
set [ find default-name=ether3 ] master-port=ether2-master
set [ find default-name=ether4 ] master-port=ether2-master
set [ find default-name=ether5 ] master-port=ether2-master
set [ find default-name=ether6 ] name=ether6-master
set [ find default-name=ether7 ] master-port=ether6-master
set [ find default-name=ether8 ] master-port=ether6-master
set [ find default-name=ether9 ] master-port=ether6-master
set [ find default-name=ether10 ] name=ether10-Gataway
set [ find default-name=sfp1 ] name=sfp1-toNetwork1
set [ find default-name=ether1 ] master-port=ether2-master
Add ports to the bridges:
/interface bridge port
add bridge=bridge-switch interface=ether2-master
add bridge=bridge-switch interface=sfp1-toNetwork1
add bridge=bridge-router interface=wlan1
add bridge=bridge-router interface=ether6-master
Let’s configure the wireless network:
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce disabled=no distance=indoors frequency=auto mode=ap-bridge ssid=WiFi tx-power=30 tx-power-mode=all-rates-fixed wireless-protocol=802.11
Configure the address range for the DHCP server:
/ip pool
add name=dhcp ranges=192.168.0.10-192.168.0.254
Let’s configure the DHCP server:
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge-router name=dhcp
/ip dhcp-server network
add address=192.168.0.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.0.1 netmask=24
Let’s assign an internal IP router:
/ip address
add address=192.168.0.1/24 interface=bridge-router network=192.168.0.0
Enable DHCP client WAN port router:
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=ether10-Gataway
Let’s configure DNS:
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.0.1 name=router
Enable NAT router:
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether10-Gataway
We will configure the standard Firewall rules, allow ping and access to the web from outside:
/ip firewall filter
add chain=input comment="defconf: accept ICMP" protocol=icmp
add chain=input comment="defconf: accept established,related" connection-state=established,related
add action=drop chain=input comment="defconf: drop all from WAN" in-interface=ether10-Gataway
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add chain=forward comment="defconf: accept established,related" connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface=ether10-Gataway
add chain=input dst-port=80 protocol=tcp
Done.
See also my article:
Automatic switching between backup channels on MikroTik (RouterOS)
Thanks ;-)