I am doing the best I can -- and will continue to try as hard as possible to make it easier for you to help me. I am grateful.
"what role the GS3100 plays."
The G3100 is the Verizon router. It provides data (such as TV listings) to the set top boxes. It connects using TCP/IP to the STBs via coax. It needs to have Internet access to get the data needed by the STBs, and therefore has an ethernet connection on one of its switch ports (not a WAN port). I gave it a static IP of 192.168.2.1 (for the LAN or switch side).
It does not need to be on the same subnet, nor does it need any communication with any other device on my LAN (except for management purposes which would be nice). It only needs Internet access.
"So what problem are you trying to fix?"
With the G3100 on the same subnet as all my other devices (and no VLANs set up), all broadcast/multicast traffic is heard by all devices. Further, all traffic between the G3100 and the Internet is going through the same CSS326 switch as all other Internet-bound traffic. My thinking is that isolating the broadcast/multicast traffic, and removing from the CSS326 the traffic between the G3100 and the Internet might improve performance a little.
On the back burner is still creating VLANs for media/entertainment devices such as TVs, Rokus, etc. in order to reduce the broadcast/multicast traffic and improve security.
"I also don't generally recommend using your primary router to learn with."
That makes perfect sense. I actually bought the Hex as an interim router until the RB5009s are available.
I was thinking about buying a HAP ax3 to experiment with and then deploy as an AP (I'm not clear if it also runs RouterOS and functions as a router).
I understand how it looks like I haven't tried to learn this, but I have. I've watched a ton of videos.
"Since I am evidently not communicating clearly, perhaps there is someone else that is a better mind reader than I am that can assist you."
I apologize for it feeling like you have to read my mind. I will work harder to be clearer.
I attach the hex export and various CSS326 screen shots, as well as a current diagram.
Code: Select all
# oct/28/2022 07:56:11 by RouterOS 6.49.7# software id = C3RH-692B## model = RB750Gr3# serial number = /interface bridgeadd name=Bridge-Port3add admin-mac=111111111 auto-mac=no comment=defconf name=bridge/interface listadd comment=defconf name=WANadd comment=defconf name=LAN/interface wireless security-profilesset [ find default=yes ] supplicant-identity=MikroTik/ip pooladd name=dhcp ranges=192.168.2.100-192.168.2.200/ip dhcp-serveradd address-pool=dhcp disabled=no interface=bridge lease-time=1w3d name=\ defconf/ppp profileset *FFFFFFFE bridge-learning=no/interface bridge portadd bridge=bridge comment=defconf interface=ether2add bridge=bridge comment=defconf interface=ether3add bridge=bridge comment=defconf interface=ether4add bridge=bridge comment=defconf interface=ether5/ip neighbor discovery-settingsset discover-interface-list=LAN/interface l2tp-server serverset use-ipsec=yes/interface list memberadd comment=defconf interface=bridge list=LANadd comment=defconf interface=ether1 list=WAN/interface sstp-server serverset default-profile=default-encryption/ip addressadd address=192.168.2.2/24 comment=defconf interface=bridge network=\ 192.168.2.0add address=192.168.30.2/24 interface=ether3 network=192.168.30.0/ip cloudset ddns-enabled=yes ddns-update-interval=1h/ip dhcp-clientadd comment=defconf disabled=no interface=ether1/ip dhcp-server networkadd address=192.168.2.0/24 comment=defconf gateway=192.168.2.2 netmask=24/ip dnsset allow-remote-requests=yes servers=8.8.8.8,1.1.1.1/ip dns staticadd address=192.168.2.2 comment=defconf name=router.lan/ip firewall address-listadd address=11111.dyndns.org list=WANadd address=192.168.2.0/24 list=LAN/ip firewall filteradd action=accept chain=input comment=\ "NEW defconf: accept established,related,untracked" connection-state=\ established,related,untrackedadd action=accept chain=input comment="NEW defconf: accept ICMP" protocol=\ icmpadd action=drop chain=input comment="NEW defconf: drop invalid" \ connection-state=invalidadd action=accept chain=input comment=NEW in-interface-list=LANadd action=drop chain=input comment="NEW drop all else"add action=fasttrack-connection chain=forward comment=\ "NEW defconf: fasttrack" connection-state=established,relatedadd action=accept chain=forward comment=\ "NEW defconf: accept established,related, untracked" connection-state=\ established,related,untrackedadd action=accept chain=forward comment="NEW allow port forwarding" \ connection-nat-state=dstnat log=yesadd action=accept chain=forward in-interface-list=LAN out-interface-list=WANadd action=drop chain=forward comment="NEW defconf: drop invalid" \ connection-state=invalidadd action=drop chain=forward comment=NEW/ip firewall mangleadd action=mark-connection chain=prerouting comment=\ "Mark connection for hairpin NAT" dst-address-list=WAN \ new-connection-mark="Hairpin NAT" passthrough=yes src-address-list=LAN/ip firewall natadd action=masquerade chain=srcnat comment="Hairpin NAT" connection-mark=\ "Hairpin NAT"add action=masquerade chain=srcnat comment="NEW defconf: masquerade" \ out-interface-list=WANadd action=dst-nat chain=dstnat dst-address=192.168.2.176 dst-port=8123 log=\ yes protocol=tcp to-addresses=192.168.2.176add action=src-nat chain=srcnat comment="new 8123" disabled=yes dst-address=\ 192.168.2.176 dst-port=8123 protocol=tcp to-addresses=192.168.2.176add action=src-nat chain=srcnat comment="new 5800" disabled=yes dst-port=5800 \ protocol=tcp to-addresses=192.168.2.22add action=src-nat chain=srcnat comment="new 5900" disabled=yes dst-port=5900 \ protocol=tcp to-addresses=192.168.2.22add action=dst-nat chain=dstnat comment="PORT FWD: 8123" dst-address-list=\ WAN dst-port=8123 protocol=tcp to-addresses=192.168.2.176 to-ports=8123/ip routeadd disabled=yes distance=1 gateway=192.168.2.1/system clockset time-zone-name=America/New_York/system identityset name=RouterOS/system ntp clientset enabled=yes primary-ntp=216.239.35.4 secondary-ntp=104.16.132.229/system scheduleradd interval=1h name=Daily on-event=dyndns policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \ start-date=oct/18/2022 start-time=02:00:00/system scriptadd dont-require-permissions=no name=DynDNS owner=admin policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="#\ \_Set needed variables\r\ \n\t:local username \"11111r\"\r\ \n\t:local clientkey \"111118bc3\"\r\ \n\t:local hostname \"11111.dyndns.org\"\r\ \n\r\ \n\t:global dyndnsForce\r\ \n\t:global previousIP\r\ \n\r\ \n# get the current IP address from the internet (in case of double-nat)\r\ \n\t/tool fetch mode=http address=\"checkip.dyndns.org\" src-path=\"/\" ds\ t-path=\"/dyndns.checkip.html\"\r\ \n\t:delay 1\r\ \n\t:local result [/file get dyndns.checkip.html contents]\r\ \n\r\ \n# parse the current IP result\r\ \n\t:local resultLen [:len \$result]\r\ \n\t:local startLoc [:find \$result \": \" -1]\r\ \n\t:set startLoc (\$startLoc + 2)\r\ \n\t:local endLoc [:find \$result \"</body>\" -1]\r\ \n\t:local currentIP [:pick \$result \$startLoc \$endLoc]\r\ \n\t:log info \"UpdateDynDNS: currentIP = \$currentIP\"\r\ \n\r\ \n# Remove the # on next line to force an update every single time - usefu\ l for debugging,\r\ \n# but you could end up getting blacklisted by DynDNS!\r\ \n\r\ \n#:set dyndnsForce true\r\ \n\r\ \n# Determine if dyndns update is needed\r\ \n# more dyndns updater request details https://help.dyn.com/remote-access\ -api/perform-update/\r\ \n\t:log info \"UpdateDynDNS: previousIP = \$previousIP\"\r\ \n\t:if (\$dyndnsForce = true) do={ :log warning \"UpdateDynDNS: Forced up\ date on\" }\r\ \n\r\ \n\t:if ((\$currentIP != \$previousIP) || (\$dyndnsForce = true)) do={\r\ \n\t\t:set dyndnsForce false\r\ \n\t\t:set previousIP \$currentIP\r\ \n\r\ \n\t\t/tool fetch mode=https \\\r\ \n\t\turl=\"https://\$username:\$clientkey@members.dyndns.org/v3/update\?h\ ostname=\$hostname&myip=\$currentIP\" \\ \r\ \n\t\tdst-path=\"/dyndns.txt\"\r\ \n\r\ \n\t\t:delay 1\r\ \n\t\t:local result [/file get dyndns.txt contents]\r\ \n\t\t:log info (\"UpdateDynDNS: Dyndns update needed\")\r\ \n\t\t:log info (\"UpdateDynDNS: Dyndns Update Result: \".\$result)\r\ \n\t\t:put (\"Dyndns Update Result: \".\$result)\r\ \n\t} else={\r\ \n\t\t:log info (\"UpdateDynDNS: No dyndns update needed\")\r\ \n\t}"/tool graphing interfaceadd interface=bridgeadd interface=bridge/tool graphing resourceadd/tool mac-serverset allowed-interface-list=LAN/tool mac-server mac-winboxset allowed-interface-list=LAN/tool traffic-monitoradd interface=ether1 name=tmon1network-diagram.jpg
css326-link.jpg
css326-igmp.jpg
You do not have the required permissions to view the files attached to this post.
