Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

DHCP Server Invalid for Guest VLAN  [SOLVED]

Post Reply
 
User avatar
gazingbazooka
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 93
Joined: Mon Feb 10, 2020 7:10 pm
Location: Toronto, Canada

DHCP Server Invalid for Guest VLAN

Fri Apr 03, 2020 11:12 pm

I'm totally green on the VLAN but taking my first stab at creating a VLAN from scratch for my Ubiquiti AP. I had the VLAN working semi-correctly when added to a specific interface but when I add the VLAN on the Bridge and follow the same steps the DHCP Server comes out as Invalid. I prefer for the VLAN to be on the bridge instead of a specific port so there is no dependency on the AP to be plugged into a specific port.
Code: Select all
 #    NAME                                 INTERFACE                                RELAY           ADDRESS-POOL                                LEASE-TIME ADD-ARP
 0    defconf                              bridge                                                   dhcp                                        10m       
 1  I dhcp1                                VLAN_Guest                               10.1.200.1      VLAN_Guest_Pool                             10m
Is there something simple I'm missing here, it's extremely vanilla:
Code: Select all
/interface bridge
add admin-mac=B8:69:F4:AB:32:8A auto-mac=no comment=defconf name=bridge
/interface vlan
add interface=bridge name=VLAN_Guest vlan-id=200
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
add name=VLAN_Guest_Pool ranges=10.1.200.100-10.1.200.199
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
add address-pool=VLAN_Guest_Pool disabled=no interface=VLAN_Guest name=dhcp1 relay=10.1.200.1
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether2 network=192.168.88.0
/ip dhcp-client
add comment=defconf disabled=no interface=ether1
/ip dhcp-server network
add address=10.1.200.0/24 dns-server=192.168.88.1 gateway=10.1.200.1
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
Top
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 12982
Joined: Thu Mar 03, 2016 10:23 pm

Re: DHCP Server Invalid for Guest VLAN  [SOLVED]

Fri Apr 03, 2020 11:27 pm

You can't run DHCP server off an interface without IP address ... and according to posted config interface VLAN_Guest doesn't have IP address.

BTW, to avoid some possible odd problems, move LAN address from interface ether2 to interface bridge (IP settings should be done on bridge interface, not on bridge member ports).
Top
 
User avatar
gazingbazooka
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 93
Joined: Mon Feb 10, 2020 7:10 pm
Location: Toronto, Canada

Re: DHCP Server Invalid for Guest VLAN

Fri Apr 03, 2020 11:54 pm

Good catch. I knew a second set of eyes would help. Also moved the IP to the bridge as you suggested. Now I'm not getting an IP when hitting VLAN 200. Anything obvious?
Code: Select all
/interface bridge
add admin-mac=B8:69:F4:AB:32:8A auto-mac=no comment=defconf name=bridge
/interface vlan
add interface=bridge name=VLAN_Guest vlan-id=200
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
add name=VLAN_Guest_Pool ranges=10.1.200.100-10.1.200.199
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
add address-pool=VLAN_Guest_Pool disabled=no interface=VLAN_Guest name=dhcp1 relay=10.1.200.1
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=192.168.88.0
add address=10.1.200.1/24 interface=VLAN_Guest network=10.1.200.0
/ip dhcp-client
add comment=defconf disabled=no interface=ether1
/ip dhcp-server network
add address=10.1.200.0/24 dns-server=192.168.88.1 gateway=10.1.200.1
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
Top
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 12982
Joined: Thu Mar 03, 2016 10:23 pm

Re: DHCP Server Invalid for Guest VLAN

Sat Apr 04, 2020 12:28 am

The VLAN setup is missing a lot. You might want to go through this tutorial, I believe it'll make things more clear to you.
Top
 
User avatar
gazingbazooka
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 93
Joined: Mon Feb 10, 2020 7:10 pm
Location: Toronto, Canada

Re: DHCP Server Invalid for Guest VLAN

Sat Apr 04, 2020 1:09 am

Thanks for the link. That's literally where I started but I was trying to run those rsc files and it didn't really leave the router in a happy state. I have a previous post about that.

I'll try to diff those files against what I have. Oddly enough these steps seemed to suffice when I linked it to ether5.
Top
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 12982
Joined: Thu Mar 03, 2016 10:23 pm

Re: DHCP Server Invalid for Guest VLAN

Sat Apr 04, 2020 10:59 pm

The thing is that in your last posted config, the whole vlan config which should be under /interface bridge is missing ... and if you want your RB to work with VLANs, there should be some.
Top
 
User avatar
chuckt
just joined
Posts: 13
Joined: Sun Jan 12, 2020 5:11 pm

Re: DHCP Server Invalid for Guest VLAN

Sun Apr 05, 2020 5:47 am

/interface bridge vlan
I think that section is missing...at least.
Code: Select all
/interface bridge vlan add bridge=bridge tagged=bridge,ether2,ether3,ether4,ether5 vlan-ids=200
Top
 
User avatar
gazingbazooka
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 93
Joined: Mon Feb 10, 2020 7:10 pm
Location: Toronto, Canada

Re: DHCP Server Invalid for Guest VLAN

Sun Apr 05, 2020 7:01 am

Thanks. I’ll try to compare this against the golden reference in the other thread. Much appreciated.
Top
Post Reply

Who is online

Users browsing this forum: anav and 9 guests
  4. RouterOS
  5. Beginner Basics