SFP уходи в офис1 и далее в свитч DGS-1100 (там 2 камеры и пользователи), ether2 в офис2 и в свитч DGS-1100 (тоже 2 камеры). В ether5 подключен видеосервер 192.168.100.100:7000
Как правильно сделать? Дать камерам IP 192.168.100.X/24 и сделать маршрут между сетями или как то по другому?
Настройки роутера
# jan/15/2017 09:05:46 by RouterOS 6.37.3
# software id = GI9X-6HSD
#
/interface bridge
add disabled=yes name=bridge_domination
add name=bridge_main
add name=bridge_wifi_srv
/interface ethernet
set [ find default-name=ether1 ] comment=WAN
set [ find default-name=ether2 ] comment=104
set [ find default-name=ether3 ] comment=SRV2012
set [ find default-name=ether4 ] comment=SRV2008
set [ find default-name=ether5 ] comment=Domination
set [ find default-name=ether6 ] comment=wifi_srv
set [ find default-name=ether7 ] comment=none
set [ find default-name=ether8 ] comment=none
set [ find default-name=ether9 ] comment="for settngs "
set [ find default-name=ether10 ] comment=none
set [ find default-name=sfp1 ] comment=102
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 keepalive-timeout=10 \
name=internet_out password=0 use-peer-dns=yes user=0
/ip neighbor discovery
set ether1 comment=WAN
set ether2 comment=104
set ether3 comment=SRV2012
set ether4 comment=SRV2008
set ether5 comment=Domination
set ether6 comment=wifi_srv
set ether7 comment=none
set ether8 comment=none
set ether9 comment="for settngs "
set ether10 comment=none
set sfp1 comment=102
/interface vlan
add comment=admin interface=bridge_main loop-protect-disable-time=0s \
loop-protect-send-interval=0s name=vlan10 vlan-id=10
add comment=admin interface=bridge_domination loop-protect-disable-time=0s \
loop-protect-send-interval=0s name=vlan10_1 vlan-id=10
add comment=smet interface=bridge_main loop-protect-disable-time=0s \
loop-protect-send-interval=0s name=vlan20 vlan-id=20
add comment=omto interface=bridge_main loop-protect-disable-time=0s \
loop-protect-send-interval=0s name=vlan30 vlan-id=30
add comment=pto interface=bridge_main loop-protect-disable-time=0s \
loop-protect-send-interval=0s name=vlan40 vlan-id=40
add comment=buh interface=bridge_main loop-protect-disable-time=0s \
loop-protect-send-interval=0s name=vlan50 vlan-id=50
add comment=wifi_srv interface=bridge_wifi_srv loop-protect-disable-time=0s \
loop-protect-send-interval=0s name=vlan60 vlan-id=60
/ip neighbor discovery
set vlan10 comment=admin
set vlan10_1 comment=admin
set vlan20 comment=smet
set vlan30 comment=omto
set vlan40 comment=pto
set vlan50 comment=buh
set vlan60 comment=wifi_srv
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=pool_main ranges=192.168.0.65-192.168.0.127
add name=pool_wifi_srv ranges=192.168.60.1-192.168.60.254
/ip dhcp-server
add address-pool=pool_main disabled=no interface=bridge_main lease-time=1h \
name=dhcp_main
add address-pool=pool_wifi_srv disabled=no interface=bridge_wifi_srv \
lease-time=1h name=dhcp_wifi_srv
/caps-man manager
set enabled=yes
/interface bridge port
add bridge=bridge_main interface=ether2
add bridge=bridge_main interface=ether3
add bridge=bridge_main interface=ether4
add bridge=bridge_main interface=ether5
add bridge=bridge_wifi_srv interface=ether6
add bridge=bridge_main interface=ether9
add bridge=bridge_main interface=sfp1
/ip address
add address=192.168.0.1/24 interface=bridge_main network=192.168.0.0
add address=192.168.60.1/24 interface=bridge_wifi_srv network=192.168.60.0
/ip dhcp-client
add default-route-distance=0 dhcp-options=hostname,clientid disabled=no \
interface=ether1 use-peer-dns=no
/ip dhcp-server network
add address=192.168.0.0/24 dns-server=8.8.8.8 gateway=192.168.0.1 netmask=24
add address=192.168.60.0/24 dns-server=8.8.8.8 gateway=192.168.60.1 netmask=\
24
/ip dns
set allow-remote-requests=yes
/ip firewall address-list
add address=192.168.100.249 list=192.168.100.249
add address=192.168.30.127 list=192.168.30.127
/ip firewall filter
add action=accept chain=forward dst-address=192.168.100.0/24 src-address=\
192.168.0.0/24
/ip firewall nat
add action=masquerade chain=srcnat out-interface=internet_out
add action=masquerade chain=srcnat src-address=192.168.0.0/16
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/system clock
set time-zone-name=Europe/Samara
/system identity
set name=gw_01
/system ntp client
set enabled=yes primary-ntp=88.147.254.229 secondary-ntp=88.147.254.234
/system ntp server
set enabled=yes
/system routerboard settings
set protected-routerboot=disabled
# software id = GI9X-6HSD
#
/interface bridge
add disabled=yes name=bridge_domination
add name=bridge_main
add name=bridge_wifi_srv
/interface ethernet
set [ find default-name=ether1 ] comment=WAN
set [ find default-name=ether2 ] comment=104
set [ find default-name=ether3 ] comment=SRV2012
set [ find default-name=ether4 ] comment=SRV2008
set [ find default-name=ether5 ] comment=Domination
set [ find default-name=ether6 ] comment=wifi_srv
set [ find default-name=ether7 ] comment=none
set [ find default-name=ether8 ] comment=none
set [ find default-name=ether9 ] comment="for settngs "
set [ find default-name=ether10 ] comment=none
set [ find default-name=sfp1 ] comment=102
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 keepalive-timeout=10 \
name=internet_out password=0 use-peer-dns=yes user=0
/ip neighbor discovery
set ether1 comment=WAN
set ether2 comment=104
set ether3 comment=SRV2012
set ether4 comment=SRV2008
set ether5 comment=Domination
set ether6 comment=wifi_srv
set ether7 comment=none
set ether8 comment=none
set ether9 comment="for settngs "
set ether10 comment=none
set sfp1 comment=102
/interface vlan
add comment=admin interface=bridge_main loop-protect-disable-time=0s \
loop-protect-send-interval=0s name=vlan10 vlan-id=10
add comment=admin interface=bridge_domination loop-protect-disable-time=0s \
loop-protect-send-interval=0s name=vlan10_1 vlan-id=10
add comment=smet interface=bridge_main loop-protect-disable-time=0s \
loop-protect-send-interval=0s name=vlan20 vlan-id=20
add comment=omto interface=bridge_main loop-protect-disable-time=0s \
loop-protect-send-interval=0s name=vlan30 vlan-id=30
add comment=pto interface=bridge_main loop-protect-disable-time=0s \
loop-protect-send-interval=0s name=vlan40 vlan-id=40
add comment=buh interface=bridge_main loop-protect-disable-time=0s \
loop-protect-send-interval=0s name=vlan50 vlan-id=50
add comment=wifi_srv interface=bridge_wifi_srv loop-protect-disable-time=0s \
loop-protect-send-interval=0s name=vlan60 vlan-id=60
/ip neighbor discovery
set vlan10 comment=admin
set vlan10_1 comment=admin
set vlan20 comment=smet
set vlan30 comment=omto
set vlan40 comment=pto
set vlan50 comment=buh
set vlan60 comment=wifi_srv
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=pool_main ranges=192.168.0.65-192.168.0.127
add name=pool_wifi_srv ranges=192.168.60.1-192.168.60.254
/ip dhcp-server
add address-pool=pool_main disabled=no interface=bridge_main lease-time=1h \
name=dhcp_main
add address-pool=pool_wifi_srv disabled=no interface=bridge_wifi_srv \
lease-time=1h name=dhcp_wifi_srv
/caps-man manager
set enabled=yes
/interface bridge port
add bridge=bridge_main interface=ether2
add bridge=bridge_main interface=ether3
add bridge=bridge_main interface=ether4
add bridge=bridge_main interface=ether5
add bridge=bridge_wifi_srv interface=ether6
add bridge=bridge_main interface=ether9
add bridge=bridge_main interface=sfp1
/ip address
add address=192.168.0.1/24 interface=bridge_main network=192.168.0.0
add address=192.168.60.1/24 interface=bridge_wifi_srv network=192.168.60.0
/ip dhcp-client
add default-route-distance=0 dhcp-options=hostname,clientid disabled=no \
interface=ether1 use-peer-dns=no
/ip dhcp-server network
add address=192.168.0.0/24 dns-server=8.8.8.8 gateway=192.168.0.1 netmask=24
add address=192.168.60.0/24 dns-server=8.8.8.8 gateway=192.168.60.1 netmask=\
24
/ip dns
set allow-remote-requests=yes
/ip firewall address-list
add address=192.168.100.249 list=192.168.100.249
add address=192.168.30.127 list=192.168.30.127
/ip firewall filter
add action=accept chain=forward dst-address=192.168.100.0/24 src-address=\
192.168.0.0/24
/ip firewall nat
add action=masquerade chain=srcnat out-interface=internet_out
add action=masquerade chain=srcnat src-address=192.168.0.0/16
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/system clock
set time-zone-name=Europe/Samara
/system identity
set name=gw_01
/system ntp client
set enabled=yes primary-ntp=88.147.254.229 secondary-ntp=88.147.254.234
/system ntp server
set enabled=yes
/system routerboard settings
set protected-routerboot=disabled