/interface bridge
add l2mtu=1598 name=bridge-lan4
add disabled=yes name=bridge-wan2
/interface ethernet
set [ find default-name=ether1 ] comment=WAN
set [ find default-name=ether4 ] comment=LAN
set [ find default-name=ether5 ] comment=LAN2
/ip neighbor discovery
set ether1 comment=WAN discover=no
set ether2 discover=no
set ether3 discover=no
set ether4 comment=LAN discover=no
set ether5 comment=LAN2 discover=no
set bridge-lan4 discover=no
/interface vlan
add disabled=yes interface=ether4 name=TestState vlan-id=1
add interface=bridge-lan4 l2mtu=1594 name=vlan2 vlan-id=2
add interface=bridge-lan4 l2mtu=1594 name=vlan8 vlan-id=8
add interface=bridge-lan4 l2mtu=1594 name=vlan29 vlan-id=29
add disabled=yes interface=bridge-lan4 name=vlan_test111 vlan-id=1
/ip neighbor discovery
set TestState discover=no
set vlan_test111 discover=no
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m mac-cookie-timeout=3d
/ip pool
add name=dhcp_pool6 ranges=192.168.2.100-192.168.2.200
/ip dhcp-server
add address-pool=dhcp_pool6 disabled=no interface=bridge-lan4 name=dhcp1
/queue type
add kind=pcq name=pcq-download-3M pcq-classifier=dst-address pcq-dst-address6-mask=64 pcq-rate=3M pcq-src-address6-mask=64
add kind=pcq name=pcq-upload-0.5M pcq-classifier=src-address pcq-dst-address6-mask=64 pcq-rate=512k pcq-src-address6-mask=64
add kind=pcq name=pcq-download-4M pcq-burst-time=32s pcq-classifier=dst-address pcq-dst-address6-mask=64 pcq-rate=4M pcq-src-address6-mask=\
64
add kind=pcq name=pcq-burst-download pcq-burst-rate=10M pcq-burst-threshold=2M pcq-burst-time=1m4s pcq-classifier=dst-address \
pcq-dst-address6-mask=64 pcq-rate=4M pcq-src-address6-mask=64
add kind=pcq name=pcq-burst-upload pcq-burst-rate=1800k pcq-burst-threshold=512k pcq-burst-time=1m4s pcq-classifier=src-address \
pcq-dst-address6-mask=64 pcq-rate=900k pcq-src-address6-mask=64
/queue simple
add disabled=yes max-limit=1500k/10M name=queue-limit-4M queue=pcq-upload-0.5M/pcq-download-4M target=192.168.2.0/24,192.168.8.0/24
add name=queue-burst-limit queue=pcq-burst-upload/pcq-burst-download target=192.168.2.0/24,192.168.8.0/24,192.168.29.0/24
/interface bridge filter
удалено
/interface bridge port
add bridge=bridge-lan4 interface=ether4
add bridge=bridge-lan4 interface=vlan2
add bridge=bridge-lan4 interface=vlan8
add bridge=bridge-lan4 interface=vlan29
add bridge=bridge-lan4 disabled=yes interface=vlan_test111
/interface bridge settings
set use-ip-firewall=yes use-ip-firewall-for-vlan=yes
/ip address
add address=192.168.100.190/24 interface=ether1 network=192.168.100.0
add address=192.168.200.154/24 interface=ether2 network=192.168.200.0
add address=192.168.2.1/24 interface=vlan2 network=192.168.2.0
add address=192.168.50.170/24 interface=ether3 network=192.168.50.0
add address=192.168.8.1/24 interface=vlan8 network=192.168.8.0
add address=192.168.29.1/24 interface=vlan29 network=192.168.29.0
add address=192.168.99.1/24 interface=TestState network=192.168.99.0
add address=192.168.94.1/32 interface=vlan_test111 network=192.168.94.1
/ip dhcp-client
add default-route-distance=0 dhcp-options=hostname,clientid disabled=yes interface=bridge-wan2
/ip dhcp-server network
add address=192.168.2.0/24 gateway=192.168.2.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip firewall filter
удалено
/ip firewall mangle
add action=mark-routing chain=prerouting comment="\C8\ED\F4\E0 \F1 \FE\F2\F3\E1\E0" new-routing-mark=m2 passthrough=no src-address=\
192.168.2.0/24
add action=mark-routing chain=prerouting new-routing-mark=m8 passthrough=no src-address=192.168.8.0/24
add action=mark-routing chain=prerouting new-routing-mark=m29 passthrough=no src-address=192.168.29.0/24
add action=mark-connection chain=input comment="\C8\ED\F4\E0 \F1
https://geektimes.ru/post/186284/" disabled=yes dst-address=192.168.100.1 \
in-interface=ether1 new-connection-mark=ISP1
add action=mark-routing chain=output connection-mark=ISP1 disabled=yes new-routing-mark=ISP1 passthrough=no
add action=mark-connection chain=input disabled=yes dst-address=192.168.200.1 in-interface=ether2 new-connection-mark=ISP2
add action=mark-routing chain=output connection-mark=ISP2 disabled=yes new-routing-mark=ISP2 passthrough=no
add action=mark-connection chain=input disabled=yes dst-address=192.168.250.1 in-interface=ether3 new-connection-mark=ISP3
add action=mark-routing chain=output connection-mark=ISP3 disabled=yes new-routing-mark=ISP3 passthrough=no
add action=mark-routing chain=prerouting disabled=yes new-routing-mark=network2 passthrough=no src-address=192.168.2.0/24
add action=mark-routing chain=prerouting disabled=yes new-routing-mark=network8 passthrough=no src-address=192.168.8.0/24
add action=mark-routing chain=prerouting disabled=yes new-routing-mark=network29 passthrough=no src-address=192.168.29.0/24
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
add action=masquerade chain=srcnat out-interface=ether2
add action=masquerade chain=srcnat out-interface=ether3
/ip firewall service-port
set ftp disabled=yes
/ip route
add comment="\CC\E0\F0\EA\E8\F0\EE\E2\EA\E0 (\E2\E0\F0\E8\E0\ED\F2 \F1 \FE\F2\F3\E1\E0)" distance=1 gateway=192.168.100.1 routing-mark=m2
add distance=2 gateway=192.168.200.1 routing-mark=m8
add distance=3 gateway=192.168.50.1 routing-mark=m29
add check-gateway=arp comment="\CC\E0\F0\F8\F0\F3\F2 \F1 \F1\E0\E9\F2\E0" disabled=yes distance=10 gateway=192.168.100.1 routing-mark=\
network2
add check-gateway=arp disabled=yes distance=11 gateway=192.168.200.1 routing-mark=network8
add check-gateway=arp disabled=yes distance=12 gateway=192.168.250.1 routing-mark=network29
add comment="\CC\E0\F0\F8\F0\F3\F2 (\EE\E1\F9\E8\E9)" distance=1 gateway=192.168.100.1,192.168.50.1,192.168.200.1
add comment="\CC\E0\F0\F8\F0\F3\F2 (\EE\F2\E4\E5\EB\FC\ED\EE)" disabled=yes distance=1 gateway=192.168.200.1
add disabled=yes distance=1 gateway=192.168.100.1
add disabled=yes distance=1 gateway=192.168.250.1
/ip service
set telnet address=192.168.8.0/24 disabled=yes
set ftp address=192.168.8.0/24 disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set winbox address=192.168.2.208/32,192.168.8.208/32,192.168.29.208/32
set api-ssl disabled=yes
/system clock manual
set time-zone=+02:00
/system ntp client
set enabled=yes mode=unicast primary-ntp=79.142.192.4 secondary-ntp=31.28.161.68
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=bridge-lan4
add interface=vlan2
add interface=vlan8
add interface=vlan29
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=bridge-lan4
add interface=vlan2
add interface=vlan8
add interface=vlan29
/tool traffic-monitor
add disabled=yes interface=bridge-lan4 name=tmon1 threshold=0 traffic=received trigger=always