MikroTik

Hi,

We run two Lans on our router, a Vlan ( for public WiFi use ) and Management LAN ( for our hardware ) with no Vlan Tag. Each LAN has its own DHCP scope which uses different subnets.

Within the DHCP settings for each LAN we use a different DNS Server. The tagged Vlan uses a DNS address for a web filtering service and the non tagged ( our hardware ) uses google.

Up until recently, when i upgraded from a fairly old firmware version ( i know i should keep up to date more ) everything worked fine. However following the upgrade the required DNS address is being ignored on the tagged Vlan and instead it is using the DNS address of the management LAN instead which is Google. It also doesn't make any different if the management LAN has the DNS IP address directly listed within the DHCP scope of if we point it back to the local DNS server which in turns forward to Google.

Does anyone have any idea's, i believe our build is fairly straight forward and we have some basic firewall rules other than one which is supposed to reirect all vlan DNS traffic to our filtered DNS address ( just in case someone tried to override the DHCP one ) but that isn't even working.

Thanks



.

Post an export of your config and we can have a look at it - everything else will be guessing.
-Chris

Hi Chris,
Thanks for taking a look at this, config attached. Obviously changed the security info and some our our IP address

your config is confusing and not correct............ suggest drawing a diagram with boxes and where traffic is going and how dhcp is being assigned and dns allotted and i think you will see the errors.

Overall I recommend this thread (the examples) for anyone using vlans. Finally suggest put all subnets as vlans and dont use bridge for anything else than hosting vlans.
viewtopic.php?f=13&t=143620

@Anav, I dont understand why you think the config is confusing.I'm obviously no guru at this or it would be working correctly but looking at the config myself i think its easy to follow.

I am not a network engineer and to be fair dont want to be either. I appreciate there is an element of self help with regards to forums to which you rely on guidance from others but knowing the config doesn't work and then someone telling me it doesn't work isn't overly helpful.

What i want is a single ppoe connection providing a gateway for two LANs, one of which needs to be tagged with Vlan id 101. Each LAN needs a DHCP scope of /24 and each LAN needs a different DNS address. That's about it, I'm not worried about any additional firewall rules at this stage as i can add them in later on.

I have a small working understanding of networks, gateways, subnets etc but obviously not enough to build the type of config i need when it comes to working with Vlans. So if someone can help i'm happy to throw some beers in to say thanks, as i said, i'm no network engineer and I dont want to be, but i do need a working config.

Thanks

Any one want a beer ?

Hey

Do you ship to Belgium?

Looks like your mgmt network and guest vlan are hosted by same bridge. Only difference is that vlan is tagged. Question: is that vlan untagged somewhere and offered through access port?

Note: mgmt ip is linked to interface ether5 instead of parent bridge

Hey Sabastia,

Now why would i want to ship you some English beer when you have the best beers locally... Maybe a cash donation would suffice to get some local amber nectar...

Thanks for the heads up, I'll see if i can work out if thats the problem but i may be back for more pointers.

Thanks

Use vlans for all LANs, assign them to the bridge, attach subnets to vlans, dont use vlan1, thats it in a nutshell.
Apply the logic using the examples in the vlan link provided and you should be off and running.......... to the pub for fish and chips vice monkeying with your MT.........