Mikrotik VLan DHCP NTP Probleme

# oct/10/2022 10:22:55 by RouterOS 7.5
# software id = 7C9J-AUUG
#
# model = 2011UiAS
# serial number = 771E059C7C5A
/caps-man channel
add band=5ghz-onlyac control-channel-width=20mhz extension-channel=XXXX \
    frequency=\
    5180,5200,5220,5240,5260,5280,5300,5320,5500,5520,5540,5560,5580 name=\
    capsman-channel-list-5GHz skip-dfs-channels=no
add band=2ghz-onlyn extension-channel=disabled frequency=\
    2412,2417,2422,2427,2432,2437,2442,2447,2452,2457,2462,2467,2472 name=\
    capsman-channel-list-2GHz reselect-interval=1h skip-dfs-channels=no
/interface bridge
add igmp-snooping=yes ingress-filtering=no name=bridge vlan-filtering=yes
/interface ethernet
set [ find default-name=ether7 ] disabled=yes
/interface vlan
add interface=bridge name=Arbeit vlan-id=10
add interface=bridge name=Gast vlan-id=20
add interface=bridge name=IOT vlan-id=30
add interface=bridge name=Privat vlan-id=1
/caps-man datapath
add arp=enabled bridge=bridge client-to-client-forwarding=yes \
    local-forwarding=yes name=Gast vlan-id=20 vlan-mode=use-tag
add arp=enabled bridge=bridge client-to-client-forwarding=yes \
    local-forwarding=yes name=IOT vlan-id=30 vlan-mode=use-tag
add arp=enabled bridge=bridge client-to-client-forwarding=yes \
    local-forwarding=yes name=Arbeit vlan-id=10 vlan-mode=use-tag
/caps-man rates
add basic=12Mbps ht-basic-mcs=mcs-0 ht-supported-mcs="mcs-0,mcs-1,mcs-2,mcs-3,\  
    mcs-4,mcs-5,mcs-6,mcs-7,mcs-8,mcs-9,mcs-10,mcs-11,mcs-12,mcs-13,mcs-14,mcs\
    -15,mcs-16,mcs-17,mcs-18,mcs-19,mcs-20,mcs-21,mcs-22,mcs-23" name=\  
    default-rate supported=12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps \
    vht-basic-mcs="" vht-supported-mcs=""  
/caps-man security
add authentication-types="" encryption="" name=Privat  
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm \
    name=IoT
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm \
    name=Arbeit
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm \
    name=Gast
/caps-man configuration
add channel=capsman-channel-list-2GHz channel.band=2ghz-onlyn country=germany \
    datapath=Gast datapath.bridge=bridge .client-to-client-forwarding=yes \
    .local-forwarding=yes .vlan-id=20 .vlan-mode=use-tag distance=dynamic \
    installation=any mode=ap multicast-helper=full name=Gast2G security=Gast \
    ssid=Dante-Gast
add channel=capsman-channel-list-2GHz channel.band=2ghz-onlyn country=germany \
    datapath=IOT datapath.bridge=bridge .client-to-client-forwarding=yes \
    .local-forwarding=yes .vlan-id=30 .vlan-mode=use-tag distance=dynamic \
    installation=any mode=ap multicast-helper=full name=IOT2G security=IoT \
    ssid=Dante-IOT
add channel=capsman-channel-list-5GHz channel.band=5ghz-onlyac \
    .control-channel-width=20mhz .extension-channel=XXXX country=germany \
    datapath=Gast datapath.bridge=bridge .client-to-client-forwarding=yes \
    .local-forwarding=yes .vlan-id=20 .vlan-mode=use-tag distance=indoors \
    guard-interval=any installation=any mode=ap multicast-helper=full name=\
    Gast5G rates=default-rate rx-chains=0,1,2,3 security=Gast ssid=Dante-Gast \
    tx-chains=0,1,2,3
add channel=capsman-channel-list-2GHz channel.band=2ghz-onlyn country=germany \
    datapath=Arbeit datapath.bridge=bridge .client-to-client-forwarding=yes \
    .local-forwarding=yes .vlan-id=10 .vlan-mode=use-tag distance=dynamic \
    installation=any mode=ap multicast-helper=full name=Arbeit2G security=\
    Arbeit ssid=Dante-Arbeit
add channel=capsman-channel-list-5GHz channel.band=5ghz-onlyac \
    .control-channel-width=20mhz .extension-channel=XXXX country=germany \
    datapath=Arbeit datapath.bridge=bridge .client-to-client-forwarding=yes \
    .local-forwarding=yes .vlan-id=10 .vlan-mode=use-tag distance=indoors \
    guard-interval=any installation=any mode=ap multicast-helper=full name=\
    Arbeit5G rates=default-rate rx-chains=0,1,2,3 security=Arbeit ssid=\
    Dante-Arbeit tx-chains=0,1,2,3
/interface list
add name=WAN
add name=LAN
/caps-man datapath
add bridge=bridge client-to-client-forwarding=yes interface-list=LAN \
    local-forwarding=yes name=Privat vlan-id=1 vlan-mode=no-tag
/caps-man configuration
add channel=capsman-channel-list-5GHz channel.band=5ghz-onlyac \
    .control-channel-width=20mhz .extension-channel=XXXX country=germany \
    datapath=Privat datapath.bridge=bridge .client-to-client-forwarding=yes \
    .interface-list=LAN .local-forwarding=yes .vlan-id=1 .vlan-mode=use-tag \
    distance=indoors guard-interval=any installation=any mode=ap \
    multicast-helper=full name=Privat5G rates=default-rate rx-chains=0,1,2,3 \
    security=Privat ssid=Dante tx-chains=0,1,2,3
add channel=capsman-channel-list-2GHz channel.band=2ghz-onlyn country=germany \
    datapath=Privat datapath.bridge=bridge .client-to-client-forwarding=yes \
    .interface-list=LAN .local-forwarding=yes .vlan-id=1 .vlan-mode=use-tag \
    distance=dynamic installation=any mode=ap multicast-helper=full name=\
    Privat2G security=Privat ssid=Dante
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip dhcp-server option
add code=42 name=NTP value="'130.149.17.21'"  
/ip dhcp-server option sets
add name=NTP options=NTP
/ip kid-control
add fri=0s-1d mon=0s-1d name=system-dummy sat=0s-1d sun=0s-1d thu=0s-1d tue=\
    0s-1d tur-fri=0s-1d tur-mon=0s-1d tur-sat=0s-1d tur-sun=0s-1d tur-thu=\
    0s-1d tur-tue=0s-1d tur-wed=0s-1d wed=0s-1d
/ip pool
add name=Privat ranges=192.168.88.30-192.168.88.254
add name=Arbeit ranges=192.168.10.2-192.168.10.254
add name=Gast ranges=192.168.20.2-192.168.20.254
add name=IOT ranges=192.168.30.2-192.168.30.254
/ip dhcp-server

/routing bgp template
set default disabled=no output.network=bgp-networks
/routing ospf instance
add disabled=no name=default-v2
add disabled=no name=default-v3 version=3
/routing ospf area
add disabled=yes instance=default-v2 name=backbone-v2
add disabled=yes instance=default-v3 name=backbone-v3
/routing table
add fib name=to_ISP1
add fib name=to_ISP2
/caps-man manager
set ca-certificate=auto certificate=auto enabled=yes
/caps-man provisioning
add action=create-dynamic-enabled comment=Regulaer hw-supported-modes=gn \
    master-configuration=Privat2G name-format=prefix-identity name-prefix=2G \
    slave-configurations=Gast2G,IOT2G,Arbeit2G
add action=create-dynamic-enabled hw-supported-modes=ac master-configuration=\
    Privat5G name-format=prefix-identity name-prefix=5G slave-configurations=\
    Gast5G,Arbeit5G
/interface bridge port
add bridge=bridge interface=sfp1
add bridge=bridge interface=ether1
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged \
    interface=ether2 pvid=10
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged \
    interface=ether3 pvid=20
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged \
    interface=ether4 pvid=30
add bridge=bridge interface=ether5
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged \
    ingress-filtering=no interface=ether8 pvid=10
add bridge=bridge interface=ether9
add bridge=bridge ingress-filtering=no interface=ether10
/ip neighbor discovery-settings
set discover-interface-list=!WAN
/interface bridge vlan
add bridge=bridge tagged=bridge,ether9 vlan-ids=1
add bridge=bridge tagged=bridge,ether10 vlan-ids=10
add bridge=bridge tagged=bridge,ether10 vlan-ids=20
add bridge=bridge tagged=bridge vlan-ids=30
/interface list member
add interface=ether6 list=WAN
add interface=ether7 list=WAN
add interface=Arbeit list=LAN
add interface=Gast list=LAN
add interface=IOT list=LAN
add interface=Privat list=LAN
/ip address
add address=192.168.88.1/24 interface=Privat network=192.168.88.0
add address=192.168.10.1/24 interface=Arbeit network=192.168.10.0
add address=192.168.20.1/24 interface=Gast network=192.168.20.0
add address=192.168.30.1/24 interface=IOT network=192.168.30.0
/ip dhcp-client
add interface=ether6
add interface=ether7
/ip dhcp-server network
add address=192.168.10.0/24 dns-server=1.1.1.1 gateway=192.168.10.1 \
    ntp-server=192.168.88.1
add address=192.168.20.0/24 dns-server=1.1.1.1 gateway=192.168.20.1 \
    ntp-server=192.168.88.1
add address=192.168.30.0/24 dns-server=1.1.1.1 gateway=192.168.30.1 \
    ntp-server=192.168.88.1
add address=192.168.88.0/24 dhcp-option=NTP dns-server=1.1.1.1 gateway=\
    192.168.88.1 ntp-server=192.168.88.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip firewall address-list
add address=0.0.0.0/8 list=bogons
add address=10.0.0.0/8 list=bogons
add address=100.64.0.0/10 list=bogons
add address=127.0.0.0/8 list=bogons
add address=169.254.0.0/16 list=bogons
add address=172.16.0.0/12 list=bogons
add address=192.0.0.0/24 list=bogons
add address=192.0.2.0/24 list=bogons
add address=192.168.0.0/16 list=bogons
add address=198.18.0.0/15 list=bogons
add address=198.51.100.0/24 list=bogons
add address=203.0.113.0/24 list=bogons
add address=240.0.0.0/4 list=bogons
add address=192.168.88.2-192.168.88.254 list=allowed_to_router
/ip firewall filter
add action=accept chain=input comment="accept established,related" \  
    connection-state=established,related disabled=yes
add action=accept chain=input comment=\
    "Chain: Input. Rule #3 \"ICMP\": accept icmp packets." disabled=yes \  
    protocol=icmp
add action=fasttrack-connection chain=forward comment=\
    "fasttrack established,related" connection-state=established,related \  
    disabled=yes hw-offload=yes
add action=accept chain=forward comment="accept established,related" \  
    connection-state=established,related disabled=yes
add action=drop chain=input comment="drop invalid" connection-state=invalid \  
    disabled=yes
/ip firewall mangle
add action=mark-connection chain=output connection-mark=no-mark \
    connection-state=new disabled=yes new-connection-mark=isp1_conn \
    out-interface=ether6 passthrough=yes
add action=mark-routing chain=output connection-mark=ISP1_conn disabled=yes \
    new-routing-mark=to_ISP1 out-interface=ether6 passthrough=yes
add action=mark-connection chain=output connection-mark=no-mark \
    connection-state=new disabled=yes new-connection-mark=ISP2_conn \
    out-interface=ether7 passthrough=yes
add action=mark-routing chain=output connection-mark=ISP2_conn disabled=yes \
    new-routing-mark=to_ISP2 out-interface=ether7 passthrough=yes
add action=mark-packet chain=prerouting disabled=yes new-packet-mark=AAA nth=\
    2,1 passthrough=yes
add action=accept chain=prerouting disabled=yes dst-address=192.168.179.0/24 \
    in-interface=bridge
add action=accept chain=prerouting disabled=yes dst-address=192.168.179.0/24 \
    in-interface=bridge
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=\
    yes in-interface=ether6 new-connection-mark=ISP1_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=\
    yes in-interface=ether7 new-connection-mark=ISP2_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=\
    yes dst-address-type=!local in-interface=bridge new-connection-mark=\
    ISP1_conn passthrough=yes per-connection-classifier=both-addresses:2/0
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=\
    yes dst-address-type=!local in-interface=bridge new-connection-mark=\
    ISP2_conn passthrough=yes per-connection-classifier=both-addresses:2/1
add action=mark-routing chain=prerouting connection-mark=ISP1_conn disabled=\
    yes in-interface=bridge new-routing-mark=to_ISP1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=ISP2_conn disabled=\
    yes in-interface=bridge new-routing-mark=to_ISP2 passthrough=yes
add action=mark-routing chain=output connection-mark=ISP1_conn disabled=yes \
    new-routing-mark=to_ISP1 passthrough=yes
add action=mark-routing chain=output connection-mark=ISP2_conn disabled=yes \
    new-routing-mark=to_ISP2 passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat disabled=yes ipsec-policy=out,none \
    out-interface-list=WAN
add action=masquerade chain=srcnat disabled=yes ipsec-policy=out,none \
    out-interface=ether6
add action=masquerade chain=srcnat disabled=yes ipsec-policy=out,none \
    out-interface=ether7
/snmp
set enabled=yes
/system clock
set time-zone-name=Europe/Berlin
/system identity
set name=MikroTik2011
/system ntp client
set enabled=yes

# jan/02/1970 02:51:43 by RouterOS 7.5
# software id = ZSMG-HYRW
#
# model = RBcAPL-2nD
# serial number = F0FA0F35D215
/interface bridge
add admin-mac=DC:2C:6E:50:94:0C auto-mac=no comment=defconf igmp-snooping=yes \
    ingress-filtering=no name=bridgeLocal vlan-filtering=yes
/interface wireless
# managed by CAPsMAN
# channel: 2442/20/gn(18dBm), SSID: Dante, local forwarding
set [ find default-name=wlan1 ] disabled=no ssid=MikroTik
# managed by CAPsMAN
# SSID: Dante-Gast, local forwarding
add disabled=no mac-address=DE:2C:6E:50:94:0D master-interface=wlan1 mode=\
    station name=wlan2
# managed by CAPsMAN
# SSID: Dante-IOT, local forwarding
add disabled=no mac-address=DE:2C:6E:50:94:0E master-interface=wlan1 mode=\
    station name=wlan3
# managed by CAPsMAN
# SSID: Dante-Arbeit, local forwarding
add disabled=no mac-address=DE:2C:6E:50:94:0F master-interface=wlan1 mode=\
    station name=wlan4
/interface vlan
add interface=bridgeLocal name=Arbeit vlan-id=10
add interface=bridgeLocal name=Gast vlan-id=20
add interface=bridgeLocal name=IOT vlan-id=30
add interface=bridgeLocal name=Privat vlan-id=1
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/interface bridge port
add bridge=bridgeLocal comment=defconf ingress-filtering=no interface=ether1
add bridge=bridgeLocal interface=wlan1
/interface bridge vlan
add bridge=bridgeLocal tagged=ether1 vlan-ids=1
/interface wireless cap
# 
set bridge=bridgeLocal discovery-interfaces=bridgeLocal enabled=yes \
    interfaces=wlan1 static-virtual=yes
/ip address
add address=192.168.88.1/24 disabled=yes interface=Privat network=\
    192.168.88.0
/ip dhcp-client
add comment=defconf interface=Privat