Есть Миктротик - работает нормально,
Появилась необходимость подключения точек UNIFI через контроллер.
Настроил контроллер, точки и сделал так что внутреняя сеть 0.0 выдается в точки через определенyую WIFI сеть - CORP. Для гостей сделан GUEST сеть 100.0 и в точках стоит VLAN ID - 5. на Микротик сделан пул и отдельно интерфейс с VLAN - 5 . Так вот устройство подключенное к точке получает адрес из пула, но трафик не ходит и интернета нет, в сети CORP работает а по вилану 5 (Гостевой) не работает, куда смотреть?
Вот конфиг
/interface bridge
add admin-mac=CC:2D:E0:40:A4:C3 auto-mac=no comment=defconf name=bridge
/interface pppoe-client
add add-default-route=yes disabled=no interface=sfp1 name=pppoe-out1 \
use-peer-dns=yes user=**************
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
distance=indoors frequency=auto installation=indoor mode=ap-bridge ssid=\
MikroTik-40A4CC wireless-protocol=802.11
/interface vlan
add interface=bridge name=vlan1 vlan-id=5
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.0.100-192.168.0.254
add name=pptp-pool ranges=192.168.5.1-192.168.5.9
add comment=UNIFI name=guest ranges=192.168.100.200-192.168.100.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
add address-pool=guest disabled=no interface=vlan1 name=server1
/ppp profile
add change-tcp-mss=yes local-address=192.168.0.1 name=pptp-prodiles \
remote-address=pptp-pool
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=ether9
add bridge=bridge comment=defconf interface=ether10
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge interface=vlan1 pvid=5
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add comment=defconf disabled=yes interface=ether1 list=WAN
add interface=pppoe-out1 list=WAN
/interface pptp-server server
set authentication=mschap2 default-profile=pptp-prodiles enabled=yes
/ip address
add address=192.168.0.1/24 comment=defconf interface=bridge network=\
192.168.0.0
add address=192.168.100.1 interface=vlan1 network=192.168.100.0
/ip dhcp-client
add comment=defconf disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.0.0/24 comment=defconf dns-server=8.8.8.8,8.8.4.4 \
gateway=192.168.0.1 netmask=24
add address=192.168.100.0/24 dns-server=8.8.8.8 gateway=192.168.100.1 \
netmask=24
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment="defconf: accept ICMP" in-interface=\
vlan1 protocol=icmp
add action=drop chain=input comment="defconf: accept ICMP" in-interface=\
bridge protocol=icmp
add action=drop chain=forward log=yes log-prefix=drop_sip src-address=\
23.148.145.236
add action=drop chain=forward log=yes log-prefix=drop_sip src-address=\
185.16.38.0
add action=drop chain=forward log=yes log-prefix=drop_sip src-address=\
185.16.38.120
add action=drop chain=forward log=yes log-prefix=drop src-address=\
94.232.41.121
add action=drop chain=forward log=yes log-prefix=drop src-address=\
62.210.187.86
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=accept chain=input comment=\
"Accept pptp users. Modify Paritet 05-10-19" dst-port=1723 in-interface=\
pppoe-out1 protocol=tcp src-address=80.245.115.197
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat comment=softfon dst-port=5080 in-interface=\
pppoe-out1 protocol=udp to-addresses=192.168.0.102 to-ports=5080
add action=netmap chain=dstnat dst-address=******* dst-port=53389 \
protocol=tcp to-addresses=192.168.0.56 to-ports=3389
add action=dst-nat chain=dstnat dst-address=******* dst-port=43389 \
in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.0.55 to-ports=\
43389
add action=dst-nat chain=dstnat dst-address=******* dst-port=43389 \
in-interface=bridge protocol=tcp to-addresses=******* to-ports=43389
add action=dst-nat chain=dstnat dst-address=******* dst-port=1234 \
in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.0.55 to-ports=\
1234
add action=dst-nat chain=dstnat comment=MOBI-S dst-address=******* \
dst-port=1234 in-interface=bridge protocol=tcp to-addresses=192.168.0.55 \
to-ports=1234
add action=dst-nat chain=dstnat comment="RTP to Asterisk" dst-port=\
10000-20000 protocol=udp to-addresses=192.168.0.102 to-ports=10000-20000
add action=dst-nat chain=dstnat comment=VIDEO dst-address=******* \
dst-port=554 in-interface=pppoe-out1 protocol=udp to-addresses=\
192.168.0.48 to-ports=554
add action=dst-nat chain=dstnat comment=VIDEO dst-address=******* \
dst-port=8000 in-interface=pppoe-out1 protocol=tcp to-addresses=\
192.168.0.48 to-ports=8000
add action=dst-nat chain=dstnat comment=Video dst-address=******* \
dst-port=80 in-interface=pppoe-out1 protocol=tcp to-addresses=\
192.168.0.48 to-ports=80
add action=dst-nat chain=dstnat comment=Video dst-port=554 in-interface=\
pppoe-out1 protocol=tcp to-addresses=192.168.0.48 to-ports=554
add action=dst-nat chain=dstnat comment=\
"\C4\EE\F1\F2\F3\EF \D4\CE\D0\D2\C0 \E2 FREEPBX" dst-address=\
******* dst-port=55555 in-interface=pppoe-out1 protocol=tcp \
src-address=80.245.117.50 to-addresses=192.168.0.102 to-ports=80
/ip route
add distance=1 dst-address=192.168.0.0/24 gateway=vlan1 pref-src=\
192.168.100.1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
/lcd interface pages
set 0 interfaces="sfp1,ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8\
,ether9,ether10"
/ppp secret
add name=user profile=pptp-prodiles service=pptp
add local-address=192.168.0.1 name=xanm3 remote-address=192.168.6.1 service=\
pptp
add name=New profile=pptp-prodiles service=pptp
add disabled=yes name=pppShamil service=pptp
add name=users21 service=pptp
add name=Users22 service=pptp
/system clock
set time-zone-name=Europe/МУХОСРАНСК
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
add admin-mac=CC:2D:E0:40:A4:C3 auto-mac=no comment=defconf name=bridge
/interface pppoe-client
add add-default-route=yes disabled=no interface=sfp1 name=pppoe-out1 \
use-peer-dns=yes user=**************
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
distance=indoors frequency=auto installation=indoor mode=ap-bridge ssid=\
MikroTik-40A4CC wireless-protocol=802.11
/interface vlan
add interface=bridge name=vlan1 vlan-id=5
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.0.100-192.168.0.254
add name=pptp-pool ranges=192.168.5.1-192.168.5.9
add comment=UNIFI name=guest ranges=192.168.100.200-192.168.100.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
add address-pool=guest disabled=no interface=vlan1 name=server1
/ppp profile
add change-tcp-mss=yes local-address=192.168.0.1 name=pptp-prodiles \
remote-address=pptp-pool
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=ether9
add bridge=bridge comment=defconf interface=ether10
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge interface=vlan1 pvid=5
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add comment=defconf disabled=yes interface=ether1 list=WAN
add interface=pppoe-out1 list=WAN
/interface pptp-server server
set authentication=mschap2 default-profile=pptp-prodiles enabled=yes
/ip address
add address=192.168.0.1/24 comment=defconf interface=bridge network=\
192.168.0.0
add address=192.168.100.1 interface=vlan1 network=192.168.100.0
/ip dhcp-client
add comment=defconf disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.0.0/24 comment=defconf dns-server=8.8.8.8,8.8.4.4 \
gateway=192.168.0.1 netmask=24
add address=192.168.100.0/24 dns-server=8.8.8.8 gateway=192.168.100.1 \
netmask=24
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment="defconf: accept ICMP" in-interface=\
vlan1 protocol=icmp
add action=drop chain=input comment="defconf: accept ICMP" in-interface=\
bridge protocol=icmp
add action=drop chain=forward log=yes log-prefix=drop_sip src-address=\
23.148.145.236
add action=drop chain=forward log=yes log-prefix=drop_sip src-address=\
185.16.38.0
add action=drop chain=forward log=yes log-prefix=drop_sip src-address=\
185.16.38.120
add action=drop chain=forward log=yes log-prefix=drop src-address=\
94.232.41.121
add action=drop chain=forward log=yes log-prefix=drop src-address=\
62.210.187.86
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=accept chain=input comment=\
"Accept pptp users. Modify Paritet 05-10-19" dst-port=1723 in-interface=\
pppoe-out1 protocol=tcp src-address=80.245.115.197
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat comment=softfon dst-port=5080 in-interface=\
pppoe-out1 protocol=udp to-addresses=192.168.0.102 to-ports=5080
add action=netmap chain=dstnat dst-address=******* dst-port=53389 \
protocol=tcp to-addresses=192.168.0.56 to-ports=3389
add action=dst-nat chain=dstnat dst-address=******* dst-port=43389 \
in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.0.55 to-ports=\
43389
add action=dst-nat chain=dstnat dst-address=******* dst-port=43389 \
in-interface=bridge protocol=tcp to-addresses=******* to-ports=43389
add action=dst-nat chain=dstnat dst-address=******* dst-port=1234 \
in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.0.55 to-ports=\
1234
add action=dst-nat chain=dstnat comment=MOBI-S dst-address=******* \
dst-port=1234 in-interface=bridge protocol=tcp to-addresses=192.168.0.55 \
to-ports=1234
add action=dst-nat chain=dstnat comment="RTP to Asterisk" dst-port=\
10000-20000 protocol=udp to-addresses=192.168.0.102 to-ports=10000-20000
add action=dst-nat chain=dstnat comment=VIDEO dst-address=******* \
dst-port=554 in-interface=pppoe-out1 protocol=udp to-addresses=\
192.168.0.48 to-ports=554
add action=dst-nat chain=dstnat comment=VIDEO dst-address=******* \
dst-port=8000 in-interface=pppoe-out1 protocol=tcp to-addresses=\
192.168.0.48 to-ports=8000
add action=dst-nat chain=dstnat comment=Video dst-address=******* \
dst-port=80 in-interface=pppoe-out1 protocol=tcp to-addresses=\
192.168.0.48 to-ports=80
add action=dst-nat chain=dstnat comment=Video dst-port=554 in-interface=\
pppoe-out1 protocol=tcp to-addresses=192.168.0.48 to-ports=554
add action=dst-nat chain=dstnat comment=\
"\C4\EE\F1\F2\F3\EF \D4\CE\D0\D2\C0 \E2 FREEPBX" dst-address=\
******* dst-port=55555 in-interface=pppoe-out1 protocol=tcp \
src-address=80.245.117.50 to-addresses=192.168.0.102 to-ports=80
/ip route
add distance=1 dst-address=192.168.0.0/24 gateway=vlan1 pref-src=\
192.168.100.1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
/lcd interface pages
set 0 interfaces="sfp1,ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8\
,ether9,ether10"
/ppp secret
add name=user profile=pptp-prodiles service=pptp
add local-address=192.168.0.1 name=xanm3 remote-address=192.168.6.1 service=\
pptp
add name=New profile=pptp-prodiles service=pptp
add disabled=yes name=pppShamil service=pptp
add name=users21 service=pptp
add name=Users22 service=pptp
/system clock
set time-zone-name=Europe/МУХОСРАНСК
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN