DHCP is offered but not bound to Brother printers only

aat · Wed Sep 04, 2024 10:57 pm

I set up a separate isolated guest WIFI on my hAP ax^3 and it seems to work. All devices connect, guests don't see the home network and vice versa, everything works BUT only two devices refuse to connect — and both of them are Brother printers. The IP acquisition status does not go beyond ‘offered’.

I'd say I'm a bit of an advanced user and after digging through many forums I'm stumped, help please

What could be the problem?

Thanks in advance.

# 2024-09-04 21:23:16 by RouterOS 7.15.3
# software id = S8WP-BR75
#
# model = C53UiG+5HPaxD2HPaxD
# serial number = HG609VNY5K8
/interface bridge
add fast-forward=no frame-types=admit-only-vlan-tagged name=bridge \
    port-cost-mode=short protocol-mode=none pvid=10 vlan-filtering=yes
/interface wireguard
add comment=back-to-home-vpn listen-port=18616 mtu=1420 name=back-to-home-vpn
/interface vlan
add interface=bridge name=guest_vlan vlan-id=20
add interface=bridge name=luogo_vlan vlan-id=10
/interface list
add name=WAN
add name=LUOGO
add name=GUEST
add name=VLAN
/interface wifi channel
add band=2ghz-ax comment=2GHz disabled=no frequency=2412,2432,2472 name=\
    2GHz_channel width=20/40mhz-Ce
add band=5ghz-ax comment=5GHz disabled=no frequency=5180,5260,5500 name=\
    5GHz_channel skip-dfs-channels=10min-cac width=20/40/80mhz
/interface wifi security
add authentication-types=wpa2-psk,wpa3-psk comment=\
    "luogo wifi authentication method" connect-priority=0 disable-pmkid=yes \
    disabled=no ft=yes ft-over-ds=yes group-key-update=10h name=luogo_auth \
    wps=disable
add authentication-types=wpa2-psk,wpa3-psk comment=\
    "guest wifi authentication method" connect-priority=0 disable-pmkid=yes \
    disabled=no ft=yes ft-over-ds=yes group-key-update=10h name=guest_auth \
    wps=disable
/ip pool
add name=luogo_pool ranges=172.17.10.2-172.17.10.100
add name=guest_pool ranges=172.17.20.2-172.17.20.10
/ip dhcp-server
add address-pool=luogo_pool interface=luogo_vlan lease-time=12h name=\
    luogo_dhcp_server
add address-pool=guest_pool interface=guest_vlan lease-time=3h name=\
    guest_dhcp_server
/ip smb users
set [ find default=yes ] disabled=yes
/interface wifi
add configuration=guest_config configuration.mode=ap disabled=no mac-address=\
    D6:01:C3:3C:DF:6B master-interface=luogo_wifi_2GHz name=guest_wifi_2GHz
set [ find default-name=wifi2 ] channel=2GHz_channel channel.frequency=\
    2412,2432,2472 configuration=luogo_config configuration.mode=ap disabled=\
    no name=luogo_wifi_2GHz security=luogo_auth security.connect-priority=0
set [ find default-name=wifi1 ] channel=5GHz_channel channel.frequency=\
    5180,5260,5500 configuration=luogo_config configuration.mode=ap disabled=\
    no name=luogo_wifi_5GHz security.connect-priority=0
/interface bridge port
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged \
    interface=ether2 pvid=10 trusted=yes
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged \
    interface=ether3 pvid=10 trusted=yes
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged \
    interface=ether4 pvid=10 trusted=yes
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged \
    interface=luogo_wifi_2GHz pvid=10 trusted=yes
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged \
    interface=luogo_wifi_5GHz pvid=10 trusted=yes
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged \
    interface=ether5 pvid=20
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged \
    interface=guest_wifi_2GHz pvid=20
/ip firewall connection tracking
set udp-timeout=10s
/ip neighbor discovery-settings
set discover-interface-list=LUOGO
/ipv6 settings
set accept-router-advertisements=yes
/interface bridge vlan
add bridge=bridge comment="luogo vlan" tagged=bridge vlan-ids=10
add bridge=bridge comment="guest vlan" tagged=bridge vlan-ids=20
/interface detect-internet
set internet-interface-list=WAN lan-interface-list=VLAN wan-interface-list=\
    WAN
/interface list member
add interface=ether1 list=WAN
add interface=luogo_vlan list=VLAN
add interface=guest_vlan list=VLAN
add interface=luogo_vlan list=LUOGO
add interface=guest_vlan list=GUEST
/interface wifi access-list
# I removed some devices
add action=accept comment="brother hl-l2350dw" disabled=no mac-address=\
    00:41:0E:DB:01:6E
add action=accept comment="brother ql-810w" disabled=no mac-address=\
    28:3A:4D:6D:91:4A
add action=accept comment="samsung tv" disabled=no interface=luogo_wifi_2GHz \
    mac-address=BC:14:17:5E:6E:5D
add action=accept comment="guest 01" disabled=yes interface=guest_wifi_2GHz \
    mac-address=E0:6D:17:54:2C:60
add action=reject comment="reject unknown" disabled=no \
    mac-address-mask=FF:FF:FF:FF:FF:FF
/interface wifi configuration
add comment="luogo wifi config" datapath=*1 disabled=no mode=ap \
    multicast-enhance=enabled name=luogo_config security=luogo_auth \
    security.connect-priority=0 ssid=luogo
add comment="guest wifi config" datapath=*2 disabled=no mode=ap \
    multicast-enhance=enabled name=guest_config security=guest_auth \
    security.connect-priority=0 ssid=isola
/interface wireguard peers
add allowed-address=192.168.216.3/32 comment="luogo" \
    interface=back-to-home-vpn name=peer2 public-key=\
    "xxx"
/ip address
add address=172.17.10.1/24 comment=luogo interface=luogo_vlan network=\
    172.17.10.0
add address=172.17.20.1/24 comment=guest interface=guest_vlan network=\
    172.17.20.0
/ip cloud
set back-to-home-vpn=enabled ddns-enabled=yes ddns-update-interval=10m
/ip dhcp-client
add interface=ether1 use-peer-dns=no
/ip dhcp-server network
add address=172.17.10.0/24 comment="luogo network" dns-server=172.17.10.1 \
    gateway=172.17.10.1 netmask=24
add address=172.17.20.0/24 comment="guest network" gateway=172.17.20.1 \
    netmask=24
/ip dns
set allow-remote-requests=yes servers=\
    1.1.1.1,1.0.0.1,2606:4700:4700::1111,2606:4700:4700::1001
/ip dns static
add address=1.1.1.1 name=cloudflare-dns.com
add address=1.0.0.1 name=cloudflare-dns.com
/ip firewall address-list
add address=0.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=172.16.0.0/12 comment=RFC6890 list=not_in_internet
add address=192.168.0.0/16 comment=RFC6890 list=not_in_internet
add address=10.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=169.254.0.0/16 comment=RFC6890 list=not_in_internet
add address=127.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=224.0.0.0/4 comment=Multicast list=not_in_internet
add address=198.18.0.0/15 comment=RFC6890 list=not_in_internet
add address=192.0.0.0/24 comment=RFC6890 list=not_in_internet
add address=192.0.2.0/24 comment=RFC6890 list=not_in_internet
add address=198.51.100.0/24 comment=RFC6890 list=not_in_internet
add address=203.0.113.0/24 comment=RFC6890 list=not_in_internet
add address=100.64.0.0/10 comment=RFC6890 list=not_in_internet
add address=240.0.0.0/4 comment=RFC6890 list=not_in_internet
add address=192.88.99.0/24 comment="6to4 relay Anycast [RFC 3068]" list=\
    not_in_internet
add address=172.17.10.2-172.17.10.254 comment=luogo list=allowed_to_router
add address=192.168.216.0/24 comment="back to home" list=allowed_to_router
add address=172.17.20.2-172.17.20.254 comment=guest list=allowed_to_router
/ip firewall filter
add action=add-src-to-address-list address-list=blacklist \
    address-list-timeout=1w chain=input comment="port scanner detect" \
    in-interface-list=WAN log=yes log-prefix="[port scanner] " protocol=tcp \
    psd=21,3s,3,1
add action=accept chain=input connection-state=new dst-port=53 \
    in-interface-list=!WAN protocol=tcp
add action=accept chain=input connection-state=new dst-port=53 \
    in-interface-list=!WAN protocol=udp
add action=accept chain=input comment="default configuration" \
    connection-state=established,related
add action=accept chain=input src-address-list=allowed_to_router
add action=accept chain=input protocol=icmp
add action=drop chain=input
add action=fasttrack-connection chain=forward comment=\
    "fast-track for established,related" connection-state=established,related \
    hw-offload=yes
add action=accept chain=forward comment="Established, Related" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "allow all VLANs to access the Internet only, NOT each other" \
    connection-state=new in-interface-list=VLAN out-interface-list=WAN
add action=drop chain=forward comment="Drop invalid" connection-state=invalid \
    log=yes log-prefix=invalid
add action=drop chain=forward comment=\
    "Drop tries to reach not public addresses from LAN" dst-address-list=\
    not_in_internet in-interface-list=VLAN log=yes log-prefix=\
    !public_from_LAN out-interface-list=!VLAN
add action=drop chain=forward comment=\
    "Drop incoming packets that are not NAT`ted" connection-nat-state=!dstnat \
    connection-state=new in-interface=ether1 log=yes log-prefix=!NAT
add action=jump chain=forward comment="jump to ICMP filters" jump-target=icmp \
    protocol=icmp
add action=drop chain=forward comment=\
    "Drop incoming from internet which is not public IP" in-interface=ether1 \
    log=yes log-prefix=!public src-address-list=not_in_internet
add action=drop chain=forward comment=\
    "Drop packets from LAN that do not have LAN IP" in-interface-list=VLAN \
    log=yes log-prefix=LAN_!LAN src-address-list=!allowed_to_router
add action=accept chain=icmp comment="echo reply" icmp-options=0:0 protocol=\
    icmp
add action=accept chain=icmp comment="net unreachable" icmp-options=3:0 \
    protocol=icmp
add action=accept chain=icmp comment="host unreachable" icmp-options=3:1 \
    protocol=icmp
add action=accept chain=icmp comment=\
    "host unreachable fragmentation required" icmp-options=3:4 protocol=icmp
add action=accept chain=icmp comment="allow echo request" icmp-options=8:0 \
    protocol=icmp
add action=accept chain=icmp comment="allow time exceed" icmp-options=11:0 \
    protocol=icmp
add action=accept chain=icmp comment="allow parameter bad" icmp-options=12:0 \
    protocol=icmp
add action=drop chain=icmp comment="deny all other types"
/ip firewall nat
add action=masquerade chain=srcnat comment="luogo - iliad tcp masquerade" \
    out-interface-list=WAN protocol=tcp to-ports=1-16383
add action=masquerade chain=srcnat comment="luogo - iliad udp masquerade" \
    out-interface-list=WAN protocol=udp to-ports=1-16383
add action=dst-nat chain=dstnat comment="172.17.10.10 Resilio Sync (TCP)" \
    disabled=yes dst-address=81.57.162.27 dst-port=16380 in-interface=ether1 \
    protocol=tcp to-addresses=172.17.10.10 to-ports=16380
add action=dst-nat chain=dstnat comment="172.17.10.10 Resilio Sync (UDP)" \
    disabled=yes dst-address=81.57.162.27 dst-port=16380 in-interface=ether1 \
    protocol=udp to-addresses=172.17.10.10 to-ports=16380
add action=masquerade chain=srcnat comment="portless masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
/ip firewall raw
add action=drop chain=prerouting comment="drop to blacklist list" \
    src-address-list=blacklist
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
/ipv6 route
add disabled=no distance=1 dst-address=::/0 gateway=\
    fe80::dc00:b0ff:fe68:daaf%ether1 routing-table=main scope=30 \
    suppress-hw-offload=no target-scope=10
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www address=172.17.10.0/24
set ssh address=172.17.10.0/24
set www-ssl address=172.17.10.0/24 disabled=no
set api disabled=yes
set winbox address=172.17.10.0/24
set api-ssl disabled=yes
/ip smb shares
set [ find default=yes ] directory=/pub
/ip ssh
set strong-crypto=yes
/ip upnp interfaces
add interface=bridge type=internal
add interface=ether1 type=external
/ipv6 address
add address=2a01:e11:500e:b20:d601:c3ff:fe3c:df66 eui-64=yes interface=bridge
/ipv6 firewall address-list
add address=2a01:e11:500e:b20::/64 list=allowed
add address=fe80::/16 list=allowed
add address=ff02::/16 comment=multicast list=allowed
/ipv6 firewall filter
add action=accept chain=input comment="allow established and related" \
    connection-state=established,related
add action=accept chain=input comment="accept ICMPv6" protocol=icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=\
    33434-33534 protocol=udp
add action=accept chain=input comment=\
    "accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp \
    src-address=fe80::/10
add action=accept chain=input comment="allow allowed addresses" \
    src-address-list=allowed
add action=drop chain=input
add action=accept chain=forward comment=established,related connection-state=\
    established,related
add action=drop chain=forward comment=invalid connection-state=invalid log=\
    yes log-prefix=ipv6,invalid
add action=accept chain=forward in-interface-list=VLAN
add action=drop chain=forward log-prefix=IPV6
add action=accept chain=output
/ipv6 nd
set [ find default=yes ] hop-limit=64
add dns=2606:4700:4700::1111,2606:4700:4700::1001 interface=bridge
/system clock
set time-zone-name=Europe/Rome
/system identity
set name=luogo
/system logging
set 0 disabled=yes
add topics=info,!firewall
/system note
set show-at-login=no
/system ntp client
set enabled=yes
/system ntp client servers
add address=95.216.71.38
add address=162.159.200.123
/tool mac-server
set allowed-interface-list=LUOGO
/tool mac-server mac-winbox
set allowed-interface-list=LUOGO
/user settings
set minimum-password-length=10

PS. Before I configured the guest network and VLANs, the printers were successfully connecting and working.

Coughy · Wed Sep 04, 2024 11:50 pm

my first guess would be have you tried turning off wpa3 and rebooted? i have a few devices that wont connect when it is enabled?
also i wouldnt be sharing your key
add allowed-address=192.168.216.3/32 comment="luogo" \
interface=back-to-home-vpn name=peer2 public-key=\
"<edit>"
or your ip <edit>

aat · Thu Sep 05, 2024 12:28 am

Thanks for the reply.
Previously, before the guest network and VLAN configuration, printers connected without problems. So WPA3 can't be a problem.

As for the public key, I had the foresight to litter it. However, you are right, it would probably be better to remove it altogether

Thu Sep 05, 2024 6:37 am

Previously, before the guest network and VLAN configuration, printers connected without problems. So WPA3 can't be a problem.

And yet ... try it.
Plenty of problems with AX wifi which all of a sudden disappear when not using WPA3.

If all other devices can connect on the new setting, there is no issue with VLAN nor guest network.

aat · Thu Sep 05, 2024 11:09 am

And yet ... try it.
Plenty of problems with AX wifi which all of a sudden disappear when not using WPA3.

If all other devices can connect on the new setting, there is no issue with VLAN nor guest network.

Done. Tried it.
Unfortunately, it didn't work.

Thu Sep 05, 2024 11:34 am

Maybe there is a reason why I actively swap out Brother for HP printers with my client

(really, I do ...)

kleshki · Thu Sep 05, 2024 12:04 pm

DHCP offer but not accepted I've usually seen with incorrect VLAN configuration (so traffic goes out but doesn't return back). Haven't check yet the config, but maybe you will find it yourself, or probably there's a misconfigured switch in-between.

Edit: my assumption is that you have pvid=10 on both bridge and ports. Set pvid=1 on bridge and try again.

Thu Sep 05, 2024 1:43 pm

From The unofficial official VLAN bible:
viewtopic.php?t=143620

A word of caution if you are thinking of using VLAN 1 in your network design. Most vendors use VLAN 1 as the native VLAN for their hardware. MikroTik uses VLAN 0. If you try to create a VLAN 1 scenario with MikroTik, and expecting tagged frames, it will be incompatible with other vendors who default VLAN 1 as untagged. Therefore, unless you are prepared to change the default behavior in MikroTik and/or other vendors, it is simpler to use VLAN 2 and higher.

Summary:
don't use VLAN=1 at all. Use proper access ports and life will be good.

Something relevant I saw passing by today:
Rule 1 for Mikrotik: never use VLAN=1
Rule 2 for Mikrotik: NEVER use VLAN=1
Rule 3 = see above

aat · Thu Sep 05, 2024 2:02 pm

Thanks for the reply.

...
Summary:
don't use VLAN=1 at all. Use proper access ports and life will be good.
…

Thank you! Got it. Set the VLAN ID to 2.

…
Edit: my assumption is that you have pvid=10 on both bridge and ports. Set pvid=1 on bridge and try again.

And unfortunately it didn't work

Thanks for your willingness to help

Collective intelligence will win out!

kleshki · Thu Sep 05, 2024 2:06 pm

From The unofficial official VLAN bible:
viewtopic.php?t=143620

A word of caution if you are thinking of using VLAN 1 in your network design. Most vendors use VLAN 1 as the native VLAN for their hardware. MikroTik uses VLAN 0. If you try to create a VLAN 1 scenario with MikroTik, and expecting tagged frames, it will be incompatible with other vendors who default VLAN 1 as untagged. Therefore, unless you are prepared to change the default behavior in MikroTik and/or other vendors, it is simpler to use VLAN 2 and higher.
Summary:
don't use VLAN=1 at all. Use proper access ports and life will be good.

Something relevant I saw passing by today:
Rule 1 for Mikrotik: never use VLAN=1
Rule 2 for Mikrotik: NEVER use VLAN=1
Rule 3 = see above

There's something that has to fill PVID field on interfaces, what's wrong with leaving it to 1 (which is default btw). What I've noticed was that config has tagged vlan 10 and PVID 10 set on a bridge, which seemed odd to me. I've never offered to create access port with vlan tag 1 or make a trunk for it

Thu Sep 05, 2024 2:17 pm

Once you set a port as trunk default can remain at 1, true, since the setting "Admit only VLAN tagged" overrules that anyhow.
Access ports should be set to the pvid for the VLAN they are supposed to handle and "Only admit untagged ...".
Nowhere else (besides trunk ports) I have pvid=1. Not even on bridge.

With Mikrotik it's best to use VLAN all the way (which means pvid=2 or higher on access ports and bridge) or no VLAN at all.

kleshki · Thu Sep 05, 2024 2:20 pm

Once you set a port as trunk, default remains at 1, true, since the setting "Admit only VLAN tagged" obsoletes that anyhow.
Access ports should be set to the pvid for the VLAN they are supposed to handle and "Only admit untagged ...".
Nowhere else (besides trunk ports) I have pvid=1. Not even on bridge.

Then what do you have as PVID on a bridge in VLAN tab?

Thu Sep 05, 2024 2:24 pm

Nothing.

/interface bridge
add admin-mac=48:A9:8A:XX:YY:ZZ auto-mac=no comment=defconf frame-types=admit-only-vlan-tagged name=bridge vlan-filtering=yes

kleshki · Thu Sep 05, 2024 2:30 pm

Nothing.

/interface bridge
add admin-mac=48:A9:8A:XX:YY:ZZ auto-mac=no comment=defconf frame-types=admit-only-vlan-tagged name=bridge vlan-filtering=yes

You can check it with either UI or by typing

/interface bridge export verbose

There is pvid=1 which is not exported since it's default value, but it is still set

Now we have to return from offtop and try to help the topic author

aat · Thu Sep 05, 2024 6:25 pm

Tried connecting an older Brother printer — got the IP with no problem, connected.

kleshki · Thu Sep 05, 2024 7:24 pm

Can you post some kind of your connection scheme, like are those printers wireless or wired and what ports/networks do they use, is there a switch (managed or dumb) in-between and so on

mkx · Thu Sep 05, 2024 7:31 pm

/interface bridge
add admin-mac=48:A9:8A:XX:YY:ZZ auto-mac=no comment=defconf frame-types=admit-only-vlan-tagged name=bridge vlan-filtering=yes
You can check it with either UI or by typing
Code: Select all
/interface bridge export verbose
There is pvid=1 which is not exported since it's default value, but it is still set

True. But if frame-types is set as what @holvoetn wrote in quoted quote, then bridge doesn't appear as untagged member of VLAN 1 if you execute /interface/bridge/vlan/print and that's what counts (this is simillar to setting speed on ethernet port to anything while auto-negotiation is set to yes - it gets ignored).

aat · Thu Sep 05, 2024 8:33 pm

Can you post some kind of your connection scheme, like are those printers wireless or wired and what ports/networks do they use, is there a switch (managed or dumb) in-between and so on

Sure.
Here is it.

scheme.png

vingjfg · Thu Sep 05, 2024 10:04 pm

The older printer, wired or wifi?

aat · Thu Sep 05, 2024 10:16 pm

The older printer, wired or wifi?

WiFi

Yes, I didn't write that at the beginning, sorry — all Brother printers are WIFI only.

Amm0 · Thu Sep 05, 2024 10:41 pm

It might be worth it (or at least simple) to try 7.16rc, as there were DHCP fixes in the release notes.

Cannot say your problem is what's fixed, but if it does then it's a bug in 7.15.3. If not, then running the sniffer might help figure out what/if anything the printer is sending.

kleshki · Thu Sep 05, 2024 11:56 pm

I suggest you change admit frame type to "admit all" on wireless interfaces and try it out. I can't explain, but I remember I had issues with wifi and vlans on 7.x, but now I look at my own config and see that wifi interfaces are actually shown under "Current tagged" in /interface/bridge/vlan, while pvid is set to the desired VLAN for this particular wireless interface.

You now have it set to "only untagged and priority tagged" which seems to prevent tagged traffic passing through

aat · Fri Sep 06, 2024 12:26 am

I suggest you change admit frame type to "admit all" on wireless interfaces and try it out. I can't explain, but I remember I had issues with wifi and vlans on 7.x, but now I look at my own config and see that wifi interfaces are actually shown under "Current tagged" in /interface/bridge/vlan, while pvid is set to the desired VLAN for this particular wireless interface.

You now have it set to "only untagged and priority tagged" which seems to prevent tagged traffic passing through

Thank you kleshki.
Done. Still ‘offered’.

kleshki · Fri Sep 06, 2024 12:42 am

I suggest you change admit frame type to "admit all" on wireless interfaces and try it out. I can't explain, but I remember I had issues with wifi and vlans on 7.x, but now I look at my own config and see that wifi interfaces are actually shown under "Current tagged" in /interface/bridge/vlan, while pvid is set to the desired VLAN for this particular wireless interface.

You now have it set to "only untagged and priority tagged" which seems to prevent tagged traffic passing through
Thank you kleshki.
Done. Still ‘offered’.

Do you have your wireless interfaces correctly shown in /interface/bridge/vlan? It should be dynamic if you have any device connected or you can add them manually

aat · Fri Sep 06, 2024 11:05 am

...
Do you have your wireless interfaces correctly shown in /interface/bridge/vlan? It should be dynamic if you have any device connected or you can add them manually

Yes. It is Dynamic.

Screenshot 2024-09-06 at 10.03.34.png

kleshki · Fri Sep 06, 2024 12:31 pm

Can you manually add wireless interfaces to the ;;;luogo vlan as Tagged?
After that, restart your wireless interfaces, so they are removed from untagged

aat · Fri Sep 06, 2024 4:32 pm

Can you manually add wireless interfaces to the ;;;luogo vlan as Tagged?
After that, restart your wireless interfaces, so they are removed from untagged

Thanks for your willingness to help! - It's very much appreciated.

I manually added both networks and a few more wireless devices went to ‘offered’ status. Those wireless clients that have received an IP do not have Internet access.

kleshki · Fri Sep 06, 2024 5:19 pm

/interface wifi datapath
add bridge=bridge disabled=no name=home-private-datapath vlan-id=100
add bridge=bridge disabled=no name=home-guest-datapath vlan-id=10
add bridge=bridge disabled=no name=iot-datapath vlan-id=50


/interface bridge vlan
add bridge=bridge tagged=bridge,wifi-5ghz-guest vlan-ids=10
add bridge=bridge tagged=bridge,wifi-5ghz vlan-ids=100
add bridge=bridge tagged=bridge,wifi-2.4ghz-iot vlan-ids=50

/interface bridge port
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged interface=ether4 pvid=100
add bridge=bridge interface=wifi-5ghz pvid=100

I'm using such configuration, that works for all devices. Noticed you don't have datapath specified

aat · Fri Sep 06, 2024 6:18 pm

...
I'm using such configuration, that works for all devices. Noticed you don't have datapath specified

/interface wifi datapath
add bridge=bridge disabled=no name=guest_datapath vlan-id=20
add bridge=bridge disabled=no name=luogo_datapath vlan-id=10

/interface wifi configuration
add comment="luogo wifi config" datapath=luogo_datapath disabled=no mode=ap \
	multicast-enhance=enabled name=luogo_config security=luogo_auth \
	security.connect-priority=0 ssid=luogo
add comment="guest wifi config" datapath=guest_datapath disabled=no mode=ap \
	multicast-enhance=enabled name=guest_config security=guest_auth \
	security.connect-priority=0 ssid=isola

/interface wifi
set [ find default-name=wifi2 ] channel=2GHz_channel channel.frequency=\
	2412,2432,2472 configuration=luogo_config configuration.mode=ap disabled=\
	no name=luogo_wifi_2GHz security=luogo_auth security.connect-priority=0
set [ find default-name=wifi1 ] channel=5GHz_channel channel.frequency=\
	5180,5260,5500 configuration=luogo_config configuration.mode=ap disabled=\
	no name=luogo_wifi_5GHz security.connect-priority=0
add configuration=guest_config configuration.mode=ap disabled=no mac-address=\
	D6:01:C3:3C:DF:6B master-interface=luogo_wifi_2GHz name=guest_wifi_2GHz

/interface bridge
add fast-forward=no frame-types=admit-only-vlan-tagged name=bridge \
	port-cost-mode=short protocol-mode=none pvid=2 vlan-filtering=yes

/interface vlan
add interface=bridge name=guest_vlan vlan-id=20
add interface=bridge name=luogo_vlan vlan-id=10

/interface bridge port
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged \
	interface=ether2 pvid=10 trusted=yes
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged \
	interface=ether3 pvid=10 trusted=yes
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged \
	interface=ether4 pvid=10 trusted=yes
add bridge=bridge interface=luogo_wifi_2GHz pvid=10 trusted=yes
add bridge=bridge interface=luogo_wifi_5GHz pvid=10 trusted=yes
add bridge=bridge interface=guest_wifi_2GHz pvid=20

/interface bridge vlan
add bridge=bridge comment="luogo vlan" tagged=\
	bridge,luogo_wifi_2GHz,luogo_wifi_5GHz vlan-ids=10
add bridge=bridge comment="guest vlan" tagged=bridge,guest_wifi_2GHz \
	vlan-ids=20

Done, thank you.
All clients except printers are connected, get an IP and can access the internet. Printers are still in ‘offered’ status

Screenshot 2024-09-06 at 17.16.07.png

kleshki · Fri Sep 06, 2024 7:29 pm

Printers tend to be kinda dumb with wireless and can keep their address longer. If you can access printer's network stack through its physical panel, you can check out if maybe an address is stuck and should be reset, my suggestion is this now

patrikg · Fri Sep 06, 2024 8:35 pm

Maybe the printer needs/requests some dhcp options, that not the offers have.
I don't know if you can enable more debug logs, for the dhcp server, to see what the printer requests.

aat · Fri Sep 06, 2024 9:13 pm

Printers tend to be kinda dumb with wireless and can keep their address longer. If you can access printer's network stack through its physical panel, you can check out if maybe an address is stuck and should be reset, my suggestion is this now

Everything connected smoothly! Thank you very much kleshki!
I made a mistake in the last step — datapath configuration. I fixed it and it worked

I reset the printers network settings after each our step anyway.

kleshki · Fri Sep 06, 2024 9:16 pm

Printers tend to be kinda dumb with wireless and can keep their address longer. If you can access printer's network stack through its physical panel, you can check out if maybe an address is stuck and should be reset, my suggestion is this now
Everything connected smoothly! Thank you very much kleshki!
I made a mistake in the last step — datapath configuration. I fixed it and it worked

I reset the printers network settings after each our step anyway.

Glad to hear you got this

jaclaz · Fri Sep 06, 2024 11:26 pm

I made a mistake in the last step — datapath configuration. I fixed it and it worked

It would be nice if you could describe exactly what the error(s) and the correction(s) were, so that this thread may become useful as a reference for similar issues.

aat · Fri Sep 06, 2024 11:46 pm

…
It would be nice if you could describe exactly what the error(s) and the correction(s) were, so that this thread may become useful as a reference for similar issues.

Usual inattention

When making changes to the configuration according to kleshki's advice (post #28) — adding WiFi Datapath I made a typo, instead of VLAN ID 10, I specified 20 for the home network ‘luogo’.

jaclaz · Sat Sep 07, 2024 11:13 am

Good, so kleshlki's example in post #28 or your reported adaptation in post #29 (minus typos/errors) are the right references "as they are".

aat · Sat Sep 07, 2024 12:44 pm

Good, so kleshlki's example in post #28 or your reported adaptation in post #29 (minus typos/errors) are the right references "as they are".

That's right. In post #29 I corrected the typo almost immediately.

DHCP is offered but not bound to Brother printers only [SOLVED]

DHCP is offered but not bound to Brother printers only

Re: DHCP is offered but not bound to Brother printers only

Re: DHCP is offered but not bound to Brother printers only

Re: DHCP is offered but not bound to Brother printers only

Re: DHCP is offered but not bound to Brother printers only

Re: DHCP is offered but not bound to Brother printers only

Re: DHCP is offered but not bound to Brother printers only

Re: DHCP is offered but not bound to Brother printers only

Re: DHCP is offered but not bound to Brother printers only

Re: DHCP is offered but not bound to Brother printers only

Re: DHCP is offered but not bound to Brother printers only

Re: DHCP is offered but not bound to Brother printers only

Re: DHCP is offered but not bound to Brother printers only

Re: DHCP is offered but not bound to Brother printers only

Re: DHCP is offered but not bound to Brother printers only

Re: DHCP is offered but not bound to Brother printers only

Re: DHCP is offered but not bound to Brother printers only

Re: DHCP is offered but not bound to Brother printers only

Re: DHCP is offered but not bound to Brother printers only

Re: DHCP is offered but not bound to Brother printers only

Re: DHCP is offered but not bound to Brother printers only

Re: DHCP is offered but not bound to Brother printers only

Re: DHCP is offered but not bound to Brother printers only

Re: DHCP is offered but not bound to Brother printers only

Re: DHCP is offered but not bound to Brother printers only

Re: DHCP is offered but not bound to Brother printers only

Re: DHCP is offered but not bound to Brother printers only

Re: DHCP is offered but not bound to Brother printers only

Re: DHCP is offered but not bound to Brother printers only [SOLVED]

Re: DHCP is offered but not bound to Brother printers only

Re: DHCP is offered but not bound to Brother printers only

Re: DHCP is offered but not bound to Brother printers only

Re: DHCP is offered but not bound to Brother printers only

Re: DHCP is offered but not bound to Brother printers only

Re: DHCP is offered but not bound to Brother printers only

Re: DHCP is offered but not bound to Brother printers only

Re: DHCP is offered but not bound to Brother printers only