一、LAN口桥接
1:添加桥接
/interface/bridge/add name=lan
2:把端口加到桥接
/interface/bridge/port/add interface=ether2 bridge=lan
/interface/bridge/port/add interface=ether3 bridge=lan
/interface/bridge/port/add interface=ether4 bridge=lan
3:创建VLAN
/interface/vlan/add name=vlan2001 interface=lan vlan-id=2001
/interface/vlan/add name=vlan2002 interface=lan vlan-id=2002
二、IP地址和路由配置
1:添加内网IP地址添加到接口(也可以是VLAN)
/ip/address/add address=172.16.99.254/24 interface=lan
/ip/address/add address=10.10.1.254/24 interface=vlan2001
/ip/address/add address=10.10.2.254/24 interface=vlan2001
2:添加外网IP地址到接口
/ip/address/add address=192.168.51.101/24 interface=ether1
/ip/address/add address=192.168.51.102/24 interface=ether1
3:添加默认网关到路由表
/ip/route/add dst-address=0.0.0.0/0 gateway=192.168.51.254
4:设置DNS
/ip/dns/set servers=8.8.4.4,8.8.8.8
三、添加NAT
1:添加客户上网用NAT
/ip/firewall/nat/add chain=srcnat src-address=10.10.1.0/24 action=src-nat to-addresses=192.168.51.101
/ip/firewall/nat/add chain=srcnat src-address=10.10.2.0/24 action=src-nat to-addresses=192.168.51.102
2:添加远程管理内部设备用NAT
/ip/firewall/nat/add chain=dstnat dst-address=192.168.51.101 dst-port=9901 protocol=tcp action=dst-nat to-addresses=172.16.99.1 to-ports=80
四、添加DHCP
1:添加IP地址池
/ip/pool/add name=vlan2001 ranges=10.10.1.1-10.10.1.253
/ip/pool/add name=vlan2002 ranges=10.10.2.1-10.10.2.253
2:添加DHCP服务器
/ip/dhcp-server/add name=vlan2001 interface=vlan2001 address-pool=vlan2001
/ip/dhcp-server/add name=vlan2002 interface=vlan2002 address-pool=vlan2002
3:添加DHCP分配网络信息
/ip/dhcp-server/network/add address=10.10.1.0/24 gateway=10.10.1.254 dns-server=10.10.1.254,8.8.4.4
/ip/dhcp-server/network/add address=10.10.2.0/24 gateway=10.10.2.254 dns-server=10.10.2.254,8.8.4.4
