Mikrotik开局配置

一、LAN口桥接

1：添加桥接

/interface/bridge/add name=lan

2：把端口加到桥接

/interface/bridge/port/add interface=ether2 bridge=lan
/interface/bridge/port/add interface=ether3 bridge=lan
/interface/bridge/port/add interface=ether4 bridge=lan

3：创建VLAN

/interface/vlan/add name=vlan2001 interface=lan vlan-id=2001
/interface/vlan/add name=vlan2002 interface=lan vlan-id=2002

二、IP地址和路由配置

1：添加内网IP地址添加到接口（也可以是VLAN）

/ip/address/add address=172.16.99.254/24 interface=lan
/ip/address/add address=10.10.1.254/24 interface=vlan2001
/ip/address/add address=10.10.2.254/24 interface=vlan2001

2：添加外网IP地址到接口

/ip/address/add address=192.168.51.101/24 interface=ether1
/ip/address/add address=192.168.51.102/24 interface=ether1

3：添加默认网关到路由表

/ip/route/add dst-address=0.0.0.0/0 gateway=192.168.51.254

4：设置DNS

/ip/dns/set servers=8.8.4.4,8.8.8.8

三、添加NAT

1：添加客户上网用NAT

/ip/firewall/nat/add chain=srcnat src-address=10.10.1.0/24 action=src-nat to-addresses=192.168.51.101
/ip/firewall/nat/add chain=srcnat src-address=10.10.2.0/24 action=src-nat to-addresses=192.168.51.102

2：添加远程管理内部设备用NAT

/ip/firewall/nat/add chain=dstnat dst-address=192.168.51.101 dst-port=9901 protocol=tcp action=dst-nat to-addresses=172.16.99.1 to-ports=80

四、添加DHCP

1：添加IP地址池

/ip/pool/add name=vlan2001 ranges=10.10.1.1-10.10.1.253
/ip/pool/add name=vlan2002 ranges=10.10.2.1-10.10.2.253

2：添加DHCP服务器

/ip/dhcp-server/add name=vlan2001 interface=vlan2001 address-pool=vlan2001
/ip/dhcp-server/add name=vlan2002 interface=vlan2002 address-pool=vlan2002

3：添加DHCP分配网络信息

/ip/dhcp-server/network/add address=10.10.1.0/24 gateway=10.10.1.254 dns-server=10.10.1.254,8.8.4.4
/ip/dhcp-server/network/add address=10.10.2.0/24 gateway=10.10.2.254 dns-server=10.10.2.254,8.8.4.4