设置管理员密码
/user set admin password=123456
配置密码管理
/interface wireless security-profiles add name=vpn-profile authentication-types=wpa-psk,wpa2-psk unicast-ciphers=aes-ccm group-ciphers=aes-ccm mode=dynamic-keys wpa-pre-shared-key=12342234 wpa2-pre-shared-key=12342234
创建VLAN接口
/interface vlan add name=vlan01 vlan-id=01 interface=wlan1
/interface vlan add name=vlan02 vlan-id=02 interface=wlan1
/interface vlan add name=vlan03 vlan-id=03 interface=wlan1
/interface vlan add name=vlan04 vlan-id=04 interface=wlan1
/interface vlan add name=vlan05 vlan-id=05 interface=wlan1
/interface vlan add name=vlan06 vlan-id=06 interface=wlan1
/interface vlan add name=vlan10 vlan-id=10 interface=wlan1
创建多个Virtual Wifi接口
/interface wireless add name=wifi01 master-interface=wlan1 ssid="wifi01" security-profile=vpn-profile disabled=no vlan-id=01 vlan-mode=use-tag
/interface wireless add name=wifi02 master-interface=wlan1 ssid="wifi02" security-profile=vpn-profile disabled=no vlan-id=02 vlan-mode=use-tag
/interface wireless add name=wifi03 master-interface=wlan1 ssid="wifi03" security-profile=vpn-profile disabled=no vlan-id=03 vlan-mode=use-tag
/interface wireless add name=wifi04 master-interface=wlan2 ssid="wifi01" security-profile=vpn-profile disabled=no vlan-id=04 vlan-mode=use-tag
/interface wireless add name=wifi05 master-interface=wlan2 ssid="wifi02" security-profile=vpn-profile disabled=no vlan-id=05 vlan-mode=use-tag
/interface wireless add name=wifi06 master-interface=wlan2 ssid="wifi03" security-profile=vpn-profile disabled=no vlan-id=06 vlan-mode=use-tag
/interface wireless add name=wifi10 master-interface=wlan1 ssid="wifi10" security-profile=vpn-profile disabled=no vlan-id=10 vlan-mode=use-tag
禁用接口间路由
/ip settings set rp-filter=strict
配置每个Wifi的L2TP客户端
/interface l2tp-client add name=l2tp-out01 connect-to=1.2.3.4 user=user1 password=12345678 add-default-route=yes disabled=no
/interface l2tp-client add name=l2tp-out02 connect-to=1.2.3.4 user=user1 password=12345678 add-default-route=yes disabled=no
/interface l2tp-client add name=l2tp-out03 connect-to=1.2.3.4 user=user1 password=12345678 add-default-route=yes disabled=no
/interface l2tp-client add name=l2tp-out04 connect-to=1.2.3.4 user=user1 password=12345678 add-default-route=yes disabled=no
/interface l2tp-client add name=l2tp-out05 connect-to=1.2.3.4 user=user1 password=12345678 add-default-route=yes disabled=no
/interface l2tp-client add name=l2tp-out06 connect-to=1.2.3.4 user=user1 password=12345678 add-default-route=yes disabled=no
/interface l2tp-client add name=l2tp-out10 con
为每个Wifi创建地址池
/ip pool add name=wifi01-pool ranges=192.168.71.2-192.168.71.11
/ip pool add name=wifi02-pool ranges=192.168.72.2-192.168.72.11
/ip pool add name=wifi03-pool ranges=192.168.73.2-192.168.73.11
/ip pool add name=wifi04-pool ranges=192.168.74.2-192.168.74.11
/ip pool add name=wifi05-pool ranges=192.168.75.2-192.168.75.11
/ip pool add name=wifi06-pool ranges=192.168.76.2-192.168.76.11
/ip pool add name=wifi10-pool ranges=192.168.81.2-192.168.81.11
配置ip地址
/ip address add address=192.168.71.1/24 interface=wifi01 disabled=no
/ip address add address=192.168.72.1/24 interface=wifi02 disabled=no
/ip address add address=192.168.73.1/24 interface=wifi03 disabled=no
/ip address add address=192.168.74.1/24 interface=wifi04 disabled=no
/ip address add address=192.168.75.1/24 interface=wifi05 disabled=no
/ip address add address=192.168.76.1/24 interface=wifi06 disabled=no
/ip address add address=192.168.81.1/24 interface=wifi10 disabled=no
添加DHCP服务器
/ip dhcp-server add name=wifi01-dhcp interface=wifi01 address-pool=wifi01-pool disabled=no
/ip dhcp-server add name=wifi02-dhcp interface=wifi02 address-pool=wifi02-pool disabled=no
/ip dhcp-server add name=wifi03-dhcp interface=wifi03 address-pool=wifi03-pool disabled=no
/ip dhcp-server add name=wifi04-dhcp interface=wifi04 address-pool=wifi04-pool disabled=no
/ip dhcp-server add name=wifi50-dhcp interface=wifi05 address-pool=wifi05-pool disabled=no
/ip dhcp-server add name=wif6i0-dhcp interface=wifi06 address-pool=wifi06-pool disabled=no
/ip dhcp-server add name=w10fi0-dhcp interface=wifi10 address-pool=wifi10-pool disabled=no
/ip dhcp-server network add address=192.168.71.0/24 gateway=192.168.71.1 dns-server=114.114.114.114,8.8.8.8
/ip dhcp-server network add address=192.168.72.0/24 gateway=192.168.72.1 dns-server=114.114.114.114,8.8.8.8
/ip dhcp-server network add address=192.168.73.0/24 gateway=192.168.73.1 dns-server=114.114.114.114,8.8.8.8
/ip dhcp-server network add address=192.168.74.0/24 gateway=192.168.74.1 dns-server=114.114.114.114,8.8.8.8
/ip dhcp-server network add address=192.168.75.0/24 gateway=192.168.75.1 dns-server=114.114.114.114,8.8.8.8
/ip dhcp-server network add address=192.168.76.0/24 gateway=192.168.76.1 dns-server=114.114.114.114,8.8.8.8
/ip dhcp-server network add address=192.168.81.0/24 gateway=192.168.81.1 dns-server=114.114.114.114,8.8.8.8
配置路由和防火墙规则
/ip firewall mangle add action=mark-routing chain=prerouting comment="wifi01-traffic" in-interface=wifi01 new-routing-mark=to_l2tp01
/ip firewall mangle add action=mark-routing chain=prerouting comment="wifi02-traffic" in-interface=wifi02 new-routing-mark=to_l2tp02
/ip firewall mangle add action=mark-routing chain=prerouting comment="wifi03-traffic" in-interface=wifi03 new-routing-mark=to_l2tp03
/ip firewall mangle add action=mark-routing chain=prerouting comment="wifi01-traffic" in-interface=wifi04 new-routing-mark=to_l2tp04
/ip firewall mangle add action=mark-routing chain=prerouting comment="wifi02-traffic" in-interface=wifi05 new-routing-mark=to_l2tp05
/ip firewall mangle add action=mark-routing chain=prerouting comment="wifi03-traffic" in-interface=wifi06 new-routing-mark=to_l2tp06
/ip firewall mangle add action=mark-routing chain=prerouting comment="wifi03-traffic" in-interface=wifi10 new-routing-mark=to_l2tp10
/ip route add comment="wifi01-route" dst-address=0.0.0.0/0 distance=1 gateway=l2tp-out01 routing-mark=to_l2tp01
/ip route add comment="wifi02-route" dst-address=0.0.0.0/0 distance=1 gateway=l2tp-out02 routing-mark=to_l2tp02
/ip route add comment="wifi03-route" dst-address=0.0.0.0/0 distance=1 gateway=l2tp-out03 routing-mark=to_l2tp03
/ip route add comment="wifi04-route" dst-address=0.0.0.0/0 distance=1 gateway=l2tp-out04 routing-mark=to_l2tp04
/ip route add comment="wifi05-route" dst-address=0.0.0.0/0 distance=1 gateway=l2tp-out05 routing-mark=to_l2tp05
/ip route add comment="wifi06-route" dst-address=0.0.0.0/0 distance=1 gateway=l2tp-out06 routing-mark=to_l2tp06
/ip route add comment="wifi10-route" dst-address=0.0.0.0/0 distance=1 gateway=l2tp-out10 routing-mark=to_l2tp10
/ip firewall nat add chain=srcnat out-interface=l2tp-out01 action=masquerade 这里需要调整为用src-nat
/ip firewall nat add chain=srcnat out-interface=l2tp-out02 action=masquerade 这里需要调整为用src-nat
/ip firewall nat add chain=srcnat out-interface=l2tp-out03 action=masquerade 这里需要调整为用src-nat
/ip firewall nat add chain=srcnat out-interface=l2tp-out04 action=masquerade 这里需要调整为用src-nat
/ip firewall nat add chain=srcnat out-interface=l2tp-out05 action=masquerade 这里需要调整为用src-nat
/ip firewall nat add chain=srcnat out-interface=l2tp-out06 action=masquerade 这里需要调整为用src-nat
/ip firewall nat add chain=srcnat out-interface=l2tp-out10 action=masquerade 这里需要调整为用src-nat
允许l2tp端口
/ip firewall filter add chain=input protocol=udp dst-port=1701 action=accept
/ip firewall nat add chain=dstnat protocol=udp dst-port=1701 action=accept
评论 (0)