Mikrotik Failover über anderen Router

# aug/20/2023 18:59:17 by RouterOS 6.49.8
# software id = P2ZT-4IFT
#
# model = RB760iGS
# serial number = A36A0B1496CE
/interface lte
set [ find ] name=lte1
/interface bridge
add name=bridge1 vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] name=eth1-KameraGartenhaus
set [ find default-name=ether2 ] name=eth2
set [ find default-name=ether3 ] name=eth3
set [ find default-name=ether4 ] name=eth4
set [ find default-name=ether5 ] name=eth5-WLANGartenhaus
set [ find default-name=sfp1 ] auto-negotiation=no name=sfp1-Core-Trunk
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/port
set 0 baud-rate=9600 data-bits=8 flow-control=none name=usb1 parity=none \
    stop-bits=1
/interface ppp-client
add apn=internet name=ppp-out1 port=usb1
/interface bridge port
add bridge=bridge1 interface=sfp1-Core-Trunk
add bridge=bridge1 interface=eth1-KameraGartenhaus pvid=60
add bridge=bridge1 interface=eth5-WLANGartenhaus
add bridge=bridge1 interface=eth2
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface bridge vlan
add bridge=bridge1 tagged=sfp1-Core-Trunk,bridge1 vlan-ids=10
add bridge=bridge1 tagged=sfp1-Core-Trunk,bridge1 vlan-ids=20
add bridge=bridge1 tagged=sfp1-Core-Trunk,bridge1,eth5-WLANGartenhaus \
    vlan-ids=50
add bridge=bridge1 tagged=sfp1-Core-Trunk,bridge1,eth5-WLANGartenhaus \
    untagged=eth1-KameraGartenhaus vlan-ids=60
add bridge=bridge1 tagged=sfp1-Core-Trunk,bridge1,eth5-WLANGartenhaus \
    vlan-ids=70
add bridge=bridge1 tagged=sfp1-Core-Trunk,bridge1 vlan-ids=80
/ip address
add address=192.168.1.4/24 interface=bridge1 network=192.168.1.0
/ip dns
set servers=192.168.1.1
/ip route
add disabled=yes distance=1 gateway=192.168.1.1
/system clock
set time-zone-name=Europe/Berlin
/system identity
set name=SwitchGarten

# 2023-08-20 19:00:03 by RouterOS 7.10.2
# software id = MR68-HRFI
#
# model = CRS309-1G-8S+
# serial number = D8480DD2C8C6
/caps-man channel
X
X
X
/interface bridge
add ingress-filtering=no name=Bridge1 vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] l2mtu=1592
set [ find default-name=sfp-sfpplus1 ] l2mtu=1592
set [ find default-name=sfp-sfpplus2 ] l2mtu=1592
set [ find default-name=sfp-sfpplus3 ] l2mtu=1592
set [ find default-name=sfp-sfpplus4 ] l2mtu=1592
set [ find default-name=sfp-sfpplus5 ] l2mtu=1592
set [ find default-name=sfp-sfpplus6 ] auto-negotiation=no l2mtu=1592 name=\
    sfp6-Gartenhaus
set [ find default-name=sfp-sfpplus7 ] advertise=10000M-full l2mtu=1592 name=\
    "sfp7-SwitchB\FCro"  
set [ find default-name=sfp-sfpplus8 ] l2mtu=1592 name=sfp8-SwitchKeller
/interface list
add name=VLAN
add name=WAN
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=Pool-VLAN1 ranges=192.168.1.200-192.168.1.250
add name=Pool-VLAN80 ranges=192.168.80.10-192.168.80.254
add name=Pool-VLAN20 ranges=192.168.20.50-192.168.20.254
add name=Pool-VLAN50 ranges=192.168.50.20-192.168.50.254
add name=Pool-VLAN60 ranges=192.168.60.50-192.168.60.254
add name=Pool-VLAN70 ranges=192.168.70.2-192.168.70.254
add name=Pool-VLAN10 ranges=192.168.10.50-192.168.10.254
/ip dhcp-server
add address-pool=Pool-VLAN1 interface=vlan1 lease-script=dhcp-lease-script \
    lease-time=10h name=DHCP-VLAN1
add address-pool=Pool-VLAN10 interface=vlan10 lease-script=dhcp-lease-script \
    lease-time=10h name=DHCP-VLAN10
add address-pool=Pool-VLAN20 interface=vlan20 lease-script=dhcp-lease-script \
    lease-time=10h name=DHCP-VLAN20
add address-pool=Pool-VLAN50 interface=vlan50 lease-script=dhcp-lease-script \
    lease-time=10h name=DHCP-VLAN50
add address-pool=Pool-VLAN60 interface=vlan60 lease-script=dhcp-lease-script \
    lease-time=10h name=DHCP-VLAN60
add address-pool=Pool-VLAN70 interface=vlan70 lease-script=dhcp-lease-script \
    lease-time=10h name=DHCP-VLAN70
add address-pool=Pool-VLAN80 interface=vlan80 lease-script=dhcp-lease-script \
    lease-time=10h name=DHCP-VLAN80
/port
set 0 name=serial0
/routing bgp template
set default disabled=no output.network=bgp-networks
/routing ospf instance
add disabled=no name=default-v2
/routing ospf area
add disabled=yes instance=default-v2 name=backbone-v2
/system logging action
set 1 disk-file-count=4
/caps-man access-list
add action=accept allow-signal-out-of-range=10s disabled=no mac-address=\
    48:A9:8A:E3:24:FC signal-range=-120..120 ssid-regexp="" time=\  
    0s-1d,sun,mon,tue,wed,thu,fri,sat
/caps-man manager
set ca-certificate=auto certificate=auto enabled=yes
/interface bridge port
add bridge=Bridge1 ingress-filtering=no interface=sfp8-SwitchKeller
add bridge=Bridge1 ingress-filtering=no interface="sfp7-SwitchB\FCro"  
add bridge=Bridge1 ingress-filtering=no interface=sfp6-Gartenhaus
add bridge=Bridge1 frame-types=admit-only-vlan-tagged ingress-filtering=no \
    interface=AP_gh_2 pvid=50
add bridge=Bridge1 frame-types=admit-only-vlan-tagged ingress-filtering=no \
    interface=AP_gh_5 pvid=50
add bridge=Bridge1 frame-types=admit-only-vlan-tagged ingress-filtering=no \
    interface=AP_gh_2.1 pvid=70
add bridge=Bridge1 frame-types=admit-only-vlan-tagged ingress-filtering=no \
    interface=AP_gh_2.2 pvid=60
/ip neighbor discovery-settings
set discover-interface-list=!dynamic lldp-med-net-policy-vlan=1
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes
/interface bridge vlan
add bridge=Bridge1 tagged="Bridge1,sfp8-SwitchKeller,sfp7-SwitchB\FCro" \  
    vlan-ids=10
add bridge=Bridge1 tagged="Bridge1,sfp8-SwitchKeller,sfp7-SwitchB\FCro" \  
    vlan-ids=20
add bridge=Bridge1 tagged="Bridge1,sfp8-SwitchKeller,sfp7-SwitchB\FCro,sfp6-Gart\  
    enhaus,AP_gh_2,AP_gh_2.1,AP_gh_2.2,AP_gh_5" vlan-ids=50  
add bridge=Bridge1 tagged="Bridge1,sfp8-SwitchKeller,sfp7-SwitchB\FCro,sfp6-Gart\  
    enhaus,AP_gh_2,AP_gh_2.1,AP_gh_2.2,AP_gh_5" vlan-ids=60  
add bridge=Bridge1 tagged="Bridge1,sfp8-SwitchKeller,sfp7-SwitchB\FCro,sfp6-Gart\  
    enhaus,AP_gh_2,AP_gh_2.1,AP_gh_2.2,AP_gh_5" vlan-ids=70  
add bridge=Bridge1 tagged="Bridge1,sfp8-SwitchKeller,sfp7-SwitchB\FCro" \  
    vlan-ids=80
add bridge=Bridge1 tagged=\
    "Bridge1,sfp8-SwitchKeller,sfp7-SwitchB\FCro,sfp6-Gartenhaus" vlan-ids=1  
/interface detect-internet
set detect-interface-list=all
/interface list member
add interface=vlan1 list=VLAN
add interface=vlan10 list=VLAN
add interface=vlan20 list=VLAN
add interface=vlan50 list=VLAN
add interface=vlan60 list=VLAN
add interface=vlan70 list=VLAN
add interface=vlan80 list=VLAN
add interface=NetCologne list=WAN
/interface ovpn-server server
set auth=sha1,md5
/ip address
add address=192.168.1.1/24 interface=vlan1 network=192.168.1.0
add address=192.168.10.1/24 interface=vlan10 network=192.168.10.0
add address=192.168.20.1/24 interface=vlan20 network=192.168.20.0
add address=192.168.50.1/24 interface=vlan50 network=192.168.50.0
add address=192.168.60.1/24 interface=vlan60 network=192.168.60.0
add address=192.168.70.1/24 interface=vlan70 network=192.168.70.0
add address=192.168.80.1/24 interface=vlan80 network=192.168.80.0
/ip dhcp-server alert
add interface=Bridge1
/ip dhcp-server lease
add address=192.168.10.92 client-id=1:78:28:ca:e1:70:a0 mac-address=\
    78:28:CA:E1:70:A0 server=DHCP-VLAN10
add address=192.168.10.91 client-id=1:78:28:ca:e1:5f:34 mac-address=\
    78:28:CA:E1:5F:34 server=DHCP-VLAN10
add address=192.168.60.254 mac-address=54:48:E6:C1:AA:A2 server=DHCP-VLAN60
add address=192.168.60.248 mac-address=7C:49:EB:9F:89:47 server=DHCP-VLAN60
add address=192.168.60.250 mac-address=00:1D:63:46:85:AB server=DHCP-VLAN60
add address=192.168.50.75 mac-address=CC:50:E3:67:E9:DD server=DHCP-VLAN50
add address=192.168.60.238 mac-address=40:A3:6B:C8:F3:0C server=DHCP-VLAN60
add address=192.168.60.222 mac-address=C8:F0:9E:A7:06:AC server=DHCP-VLAN60
add address=192.168.60.213 client-id=1:e8:fd:f8:11:5f:48 mac-address=\
    E8:FD:F8:11:5F:48 server=DHCP-VLAN60
add address=192.168.60.212 client-id=1:b0:4a:39:72:56:c8 mac-address=\
    B0:4A:39:72:56:C8 server=DHCP-VLAN60
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=192.168.1.1 domain=home.net gateway=\
    192.168.1.1 netmask=24
add address=192.168.10.0/24 dns-server=192.168.1.1 domain=services.net gateway=\
    192.168.10.1 netmask=24
add address=192.168.20.0/24 dns-server=192.168.1.1 domain=server.net gateway=\
    192.168.20.1 netmask=24
add address=192.168.50.0/24 dns-server=192.168.1.1 domain=private.net gateway=\
    192.168.50.1 netmask=24
add address=192.168.60.0/24 dns-server=192.168.1.1 domain=iot.net gateway=\
    192.168.60.1 netmask=24
add address=192.168.70.0/24 dns-server=192.168.1.1 domain=guest.net gateway=\
    192.168.70.1 netmask=24
add address=192.168.80.0/24 dns-server=192.168.1.1 domain=astro.net gateway=\
    192.168.80.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,9.9.9.9
/ip firewall filter
add action=fasttrack-connection chain=forward connection-state=\
    established,related hw-offload=yes
add action=accept chain=input comment="Allow established connections" \  
    connection-state=established,related
add action=accept chain=forward comment=\
    "accept established, related, untracked" connection-state=\  
    established,related,untracked
add action=accept chain=input comment="allow VLAN" in-interface-list=VLAN  
add action=accept chain=input comment="allow LAN" in-interface=Bridge1  
add action=accept chain=forward comment="allow established und related" \  
    connection-state=established,related
add action=accept chain=forward comment="VLAN darf ins Internet" \  
    connection-state=established,new in-interface-list=VLAN out-interface-list=\
    WAN
add action=accept chain=forward comment=\
    "allow inter VLAN Access for all except VLAN70" connection-state=\  
    established,related,new in-interface=!vlan70 in-interface-list=VLAN \
    out-interface=!vlan70 out-interface-list=VLAN
add action=accept chain=input comment="Winbox Zugriff nur aus LAN" dst-port=\  
    8291 in-interface-list=!WAN protocol=tcp
add action=reject chain=input dst-port=22 in-interface-list=WAN log=yes \
    protocol=tcp reject-with=tcp-reset
add action=drop chain=forward dst-port=22 in-interface-list=WAN log=yes \
    protocol=tcp
add action=accept chain=input comment="https Zugriff Router" dst-port=4443 \  
    protocol=tcp
add action=accept chain=input comment="http Zugriff Router" dst-port=88 \  
    protocol=tcp
add action=jump chain=forward jump-target=tcp protocol=tcp
add action=jump chain=forward jump-target=udp protocol=udp
add action=jump chain=forward jump-target=icmp protocol=icmp
add action=drop chain=forward comment="drop invalid connections" \  
    connection-state=invalid protocol=tcp
add action=accept chain=input dst-port=53 in-interface-list=!WAN protocol=tcp
add action=accept chain=input dst-port=53 in-interface-list=!WAN protocol=udp
add action=drop chain=input dst-port=53 in-interface-list=WAN protocol=tcp
add action=drop chain=input dst-port=53 in-interface-list=WAN protocol=udp
add action=drop chain=input comment="drop winbox from wan" dst-port=8291 \  
    in-interface-list=WAN protocol=tcp
add action=drop chain=input comment="block everything else"  
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
add action=accept chain=srcnat
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www address=192.168.1.0/24,192.168.50.0/24
set ssh disabled=yes
set www-ssl address=192.168.1.0/24,192.168.50.0/24 disabled=no
set winbox address=192.168.1.0/24,192.168.50.0/24
/routing bfd configuration
add disabled=no interfaces=all min-rx=200us min-tx=200us multiplier=5
/system clock
set time-zone-name=Europe/Berlin
/system identity
set name=Core
/system logging
add action=disk topics=pppoe,info
add disabled=yes topics=debug,pppoe
/system note
set show-at-login=no
/system routerboard settings
set boot-os=router-os

/ip route add dst-address=192.168.1.0/17 gateway=192.168.1.1
value of dst-address must have all host bits zero, as in 192.168.0.0/17

[admin@SwitchGarten] > ping 8.8.8.8
  SEQ HOST                                     SIZE TTL TIME  STATUS                                      
    0 8.8.8.8                                    56 112 82ms 
    1 8.8.8.8                                    56 112 50ms 
    2 8.8.8.8                                    56 112 57ms 
    sent=3 received=3 packet-loss=0% min-rtt=50ms avg-rtt=63ms max-rtt=82ms