I would like everyone on ether23 to be in guest vlan 40. Except mac address 98:FA:9B:AD:85:35, which should be on vlan 20.
I have tried to arrange this with a switch rule, but it does not work. Anyone have an idea?
I have tried to arrange this with a switch rule, but it does not work. Anyone have an idea?
Code:
# 2025-03-13 07:59:11 by RouterOS 7.18.2# model = CRS326-24G-2S+/interface bridgeadd name=bridge1 vlan-filtering=yes/interface vlanadd interface=bridge1 name="vlan guest" vlan-id=40add interface=bridge1 name="vlan iot" vlan-id=30add interface=bridge1 name="vlan lan" vlan-id=20add interface=bridge1 name="vlan mgmt" vlan-id=10/interface listadd name=WANadd name=LAN/ip pooladd name=dhcp_pool_iot ranges=10.0.30.2-10.0.30.254add name=dhcp_pool_guest ranges=10.0.40.2-10.0.40.254add name=dhcp_pool_lan ranges=10.0.20.2-10.0.20.254add name=dhcp_pool_mgmt ranges=10.0.10.2-10.0.10.254/ip dhcp-serveradd address-pool=dhcp_pool_iot interface="vlan iot" name="dhcp iot"add address-pool=dhcp_pool_guest interface="vlan guest" name="dhcp guest"add address-pool=dhcp_pool_lan interface="vlan lan" name="dhcp lan"add address-pool=dhcp_pool_mgmt interface="vlan mgmt" name="dhcp mgmt"/portset 0 name=serial0/user groupadd name=api policy="read,api,!local,!telnet,!ssh,!ftp,!reboot,!write,!policy,!t\ est,!winbox,!password,!web,!sniff,!sensitive,!romon,!rest-api"/interface bridge portadd bridge=bridge1 disabled=yes interface=ether2add bridge=bridge1 disabled=yes interface=ether3add bridge=bridge1 disabled=yes interface=ether4add bridge=bridge1 disabled=yes interface=ether5add bridge=bridge1 disabled=yes interface=ether6add bridge=bridge1 disabled=yes interface=ether7add bridge=bridge1 disabled=yes interface=ether8add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \ interface=ether9 pvid=30add bridge=bridge1 disabled=yes interface=ether10add bridge=bridge1 disabled=yes interface=ether11add bridge=bridge1 disabled=yes interface=ether12add bridge=bridge1 disabled=yes interface=ether13add bridge=bridge1 disabled=yes interface=ether14add bridge=bridge1 disabled=yes interface=ether15add bridge=bridge1 disabled=yes interface=ether16add bridge=bridge1 disabled=yes interface=ether17add bridge=bridge1 disabled=yes interface=ether18add bridge=bridge1 disabled=yes interface=ether19add bridge=bridge1 disabled=yes interface=ether20add bridge=bridge1 disabled=yes interface=ether21add bridge=bridge1 disabled=yes interface=ether22add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \ interface=ether23 pvid=40add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \ interface=ether24 pvid=10add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \ interface=sfp-sfpplus1add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \ interface=sfp-sfpplus2/ip neighbor discovery-settingsset discover-interface-list=LAN/interface bridge vlanadd bridge=bridge1 tagged=bridge1,sfp-sfpplus1,sfp-sfpplus2 untagged=ether9 \ vlan-ids=30add bridge=bridge1 tagged=bridge1,sfp-sfpplus1,sfp-sfpplus2 untagged=ether24 \ vlan-ids=10add bridge=bridge1 tagged=bridge1,sfp-sfpplus1,sfp-sfpplus2 untagged=ether23 \ vlan-ids=20add bridge=bridge1 tagged=bridge1,sfp-sfpplus1,sfp-sfpplus2 untagged=ether23 \ vlan-ids=40/interface ethernet switch ruleadd new-vlan-id=20 ports=ether23 src-mac-address=\ 98:FA:9B:AD:85:35/FF:FF:FF:FF:FF:FF switch=switch1/interface list memberadd interface=ether1 list=WANadd interface=bridge1 list=LANadd interface="vlan mgmt" list=LANadd interface="vlan guest" list=LANadd interface="vlan iot" list=LANadd interface="vlan lan" list=LAN/ip addressadd address=10.0.40.1/24 interface="vlan guest" network=10.0.40.0add address=10.0.30.1/24 interface="vlan iot" network=10.0.30.0add address=10.0.20.1/24 interface="vlan lan" network=10.0.20.0add address=10.0.10.1/24 interface="vlan mgmt" network=10.0.10.0/ip cloudset ddns-enabled=yes/ip dhcp-clientadd interface=ether1/ip dhcp-server networkadd address=10.0.10.0/24 dns-server=10.0.10.1 gateway=10.0.10.1add address=10.0.20.0/24 dns-server=10.0.20.1 gateway=10.0.20.1add address=10.0.30.0/24 dns-server=10.0.30.1 gateway=10.0.30.1add address=10.0.40.0/24 dns-server=10.0.40.1 gateway=10.0.40.1/ip dnsset allow-remote-requests=yes servers=8.8.8.8/ip firewall address-listadd address=10.0.10.0/24 list=Local-Networksadd address=10.0.20.0/24 list=Local-Networksadd address=10.0.30.0/24 list=Local-Networksadd address=10.0.40.0/24 list=Local-Networks/ip firewall filteradd action=accept chain=input comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untrackedadd action=drop chain=input comment="defconf: drop invalid" connection-state=\ invalidadd action=accept chain=input comment="accept webmanagement" dst-port=80,8291 \ in-interface-list=WAN protocol=tcp src-address-list=ITNadd action=accept chain=input dst-port=8291 in-interface-list=WAN protocol=tcpadd action=accept chain=input comment="defconf: accept ICMP" in-interface-list=\ !WAN protocol=icmpadd action=drop chain=input comment="defconf: drop all not coming from LAN" \ in-interface-list=!LANadd action=fasttrack-connection chain=forward comment="defconf: fasttrack" \ connection-state=established,related hw-offload=yesadd action=accept chain=input comment="vlan input accept" dst-address=\ 10.0.10.0/24 in-interface="vlan mgmt"add action=accept chain=input dst-address=10.0.20.0/24 in-interface="vlan lan"add action=accept chain=input dst-address=10.0.30.0/24 in-interface="vlan iot"add action=accept chain=input dst-address=10.0.40.1 in-interface="vlan guest"add action=accept chain=input connection-state=new dst-address=10.0.20.0/24 \ src-address=10.0.10.0/24add action=accept chain=input connection-state=new dst-address=10.0.30.0/24 \ src-address=10.0.10.0/24add action=drop chain=input comment="vlan block traffic between networks" \ connection-state=new dst-address-list=Local-Networks src-address-list=\ Local-Networksadd action=drop chain=forward connection-state=new out-interface="vlan guest"add action=drop chain=forward connection-state=new in-interface="vlan guest" \ out-interface-list=!WANadd action=accept chain=forward comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untrackedadd action=drop chain=forward comment="defconf: drop invalid" connection-state=\ invalidadd action=drop chain=forward comment=\ "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \ connection-state=new in-interface-list=WAN/ip firewall natadd action=masquerade chain=srcnat out-interface-list=WAN/system clockset time-zone-name=Europe/Amsterdam/system noteset show-at-login=no/system routerboard settingsset auto-upgrade=yes enter-setup-on=delete-key[admin@MikroTik] > Statistics: Posted by gjniewenhuijse — Thu Mar 13, 2025 9:03 am