General • Access single server across VLANs

# 2024-02-08 22:09:41 by RouterOS 7.12.1## model = L009UiGS/interface bridgeadd name=BR0 protocol-mode=none vlan-filtering=yes/interface vlanadd interface=BR0 name=GUEST_VLAN vlan-id=40add interface=BR0 name=IOT_VLAN vlan-id=30add interface=BR0 name=KID_VLAN vlan-id=20add interface=BR0 name=LAN_VLAN vlan-id=10add interface=BR0 name=WAN_VLAN vlan-id=201/interface listadd name=WANadd name=LANadd name=MANAGE/interface wireless security-profilesset [ find default=yes ] supplicant-identity=MikroTik/ip pooladd name=LAN_POOL ranges=10.20.30.100-10.20.30.254add name=KID_POOL ranges=10.20.40.10-10.20.40.254add name=IOT_POOL ranges=10.20.60.10-10.20.60.254add name=GUEST_POOL ranges=10.20.50.10-10.20.50.254/ip dhcp-serveradd address-pool=LAN_POOL interface=LAN_VLAN lease-time=3d name=LAN_DHCPadd address-pool=KID_POOL interface=KID_VLAN lease-time=3d name=KID_DHCPadd address-pool=IOT_POOL interface=IOT_VLAN lease-time=3d name=IOT_DHCPadd address-pool=GUEST_POOL interface=GUEST_VLAN lease-time=4h name=\    GUEST_DHCP/portset 0 name=serial0/queue simpleadd max-limit=500M/500M name=KID_QUEUE target=10.20.40.0/24add max-limit=200M/200M name=GUEST_QUEUE target=10.20.50.0/24add max-limit=100M/100M name=IOT_QUEUE target=10.20.60.0/24/snmp communityset [ find default=yes ] addresses=10.20.30.0/24/interface bridge portadd bridge=BR0 frame-types=admit-only-untagged-and-priority-tagged interface=\    ether2 pvid=10add bridge=BR0 frame-types=admit-only-untagged-and-priority-tagged interface=\    ether3 pvid=10add bridge=BR0 frame-types=admit-only-untagged-and-priority-tagged interface=\    ether4 pvid=10add bridge=BR0 frame-types=admit-only-untagged-and-priority-tagged interface=\    ether5 pvid=10add bridge=BR0 frame-types=admit-only-untagged-and-priority-tagged interface=\    ether6 pvid=10add bridge=BR0 frame-types=admit-only-untagged-and-priority-tagged interface=\    ether7 pvid=20add bridge=BR0 frame-types=admit-only-vlan-tagged interface=ether8add bridge=BR0 frame-types=admit-only-untagged-and-priority-tagged interface=\    ether1 pvid=201/ip neighbor discovery-settingsset discover-interface-list=LAN/ipv6 settingsset disable-ipv6=yes/interface bridge vlanadd bridge=BR0 tagged=BR0,ether8 untagged=ether2,ether3,ether4,ether5,ether6 \    vlan-ids=10add bridge=BR0 tagged=BR0,ether8 untagged=ether7 vlan-ids=20,30,40add bridge=BR0 tagged=BR0 vlan-ids=201/interface list memberadd interface=WAN_VLAN list=WANadd interface=LAN_VLAN list=MANAGEadd interface=KID_VLAN list=LANadd interface=LAN_VLAN list=LANadd interface=IOT_VLAN list=LANadd interface=GUEST_VLAN list=LAN/ip addressadd address=10.20.30.1/24 interface=LAN_VLAN network=10.20.30.0add address=10.20.40.1/24 interface=KID_VLAN network=10.20.40.0add address=10.20.60.1/24 interface=IOT_VLAN network=10.20.60.0add address=10.20.50.1/24 interface=GUEST_VLAN network=10.20.50.0/ip dhcp-clientadd interface=WAN_VLAN/ip dhcp-server leaseadd address=10.20.30.228 client-id=1:40:b8:9a:c0:b8:20 mac-address=\    40:B8:9A:C0:B8:20 server=LAN_DHCPadd address=10.20.30.133 client-id=1:b8:27:eb:78:b4:49 mac-address=\    B8:27:EB:78:B4:49 server=LAN_DHCP/ip dhcp-server networkadd address=10.20.30.0/24 dns-server=10.20.30.40 gateway=10.20.30.1add address=10.20.40.0/24 dns-server=1.1.1.1 gateway=10.20.40.1add address=10.20.50.0/24 dns-server=1.1.1.1,1.0.0.1 gateway=10.20.50.1add address=10.20.60.0/24 dns-server=1.1.1.1,1.0.0.1 gateway=10.20.60.1/ip firewall filteradd action=accept chain=input comment=\    "defconf: accept established,related,untracked" connection-state=\    established,related,untrackedadd action=drop chain=input comment="defconf: drop invalid" connection-state=\    invalidadd action=accept chain=input comment="defconf: accept ICMP" protocol=icmpadd action=accept chain=input comment=\    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1add action=accept chain=input comment="Allow LAN DNS queries-UDP" dst-port=53 \    in-interface-list=LAN protocol=udpadd action=accept chain=input comment="Allow LAN DNS queries - TCP" dst-port=\    53 in-interface-list=LAN protocol=tcpadd action=accept chain=input comment="Allow SSH from management" \    dst-address=10.20.30.1 dst-port=22 in-interface-list=MANAGE protocol=tcpadd action=accept chain=input comment="Allow WinBox from management" \    dst-address=10.20.30.1 dst-port=8291 in-interface-list=MANAGE protocol=\    tcpadd action=accept chain=input comment="Allow SNMP from LAN" dst-address=\    10.20.30.1 dst-port=161 in-interface-list=MANAGE protocol=udpadd action=drop chain=input comment="drop all else"add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \    connection-state=established,related hw-offload=yesadd action=accept chain=forward comment=\    "defconf: accept established,related, untracked" connection-state=\    established,related,untrackedadd action=accept chain=forward comment="Kids access Plex" \    connection-nat-state="" connection-state="" connection-type="" \    dst-address=10.20.30.21 dst-port=443 in-interface=KID_VLAN out-interface=\    LAN_VLAN protocol=tcpadd action=drop chain=forward comment="defconf: drop invalid" \    connection-state=invalidadd action=accept chain=forward comment="allow internet traffic" \    in-interface-list=LAN out-interface-list=WANadd action=drop chain=forward comment="drop all else"/ip firewall natadd action=masquerade chain=srcnat comment="Default masquerade" \    out-interface-list=WAN/ip serviceset telnet disabled=yesset ftp disabled=yesset www disabled=yesset ssh address=10.20.30.0/24set api disabled=yesset api-ssl address=10.20.30.0/24/snmpset enabled=yes/system clockset time-zone-name=America/New_York/system identityset name=red/system noteset show-at-login=no/system routerboard settingsset enter-setup-on=delete-key/tool bandwidth-serverset enabled=no/tool mac-serverset allowed-interface-list=none/tool mac-server mac-winboxset allowed-interface-list=MANAGE