Hi,
I've been slowly replacing our Cisco Small Business devices with Mikrotik devices, mainly for VPN of sites. I need to replace our main office router and we currently use some VLans to access different networks. I may be over complicating things, as right now, I basically have a standard default network and a active vlan and a test vlan. I have the active vlan on one interface and change an interface to be untagged based on what network I need to be on. I'm thinking I may not actually need vlans but was trying to get it working similar to how the Cisco device did.
I've been reading up and trying to learn RouterOS vlans and I've had some progress, but I am having issues with anyone but my default network giving out DHCP addresses. My goal is to have 3 10vlan access ports and 1 20vlan access port and the rest trunk ports. When I connect to any of my 10vlan ports, I can get an IP, as well as when I connect to a trunk ports. When I connect to my 20vlan port, I get a 169 address. I removed the pvid from port 7, and I tagged my ethernet port with vlan10 and was able to get a vlan10 address but when I tag my ethernet port for vlan20 I get the 169 address.
Could someone help me figure this out?
Thanks,
Chris
Here is the config I'm using -
/system identity set name="Router"
/interface bridge add name=bridge protocol-mode=none vlan-filtering=no
/interface bridge port
add bridge=bridge interface=ether2 pvid=172
add bridge=bridge interface=ether3 pvid=10
add bridge=bridge interface=ether4 pvid=10
add bridge=bridge interface=ether5 pvid=10
add bridge=bridge interface=ether6 pvid=10
add bridge=bridge interface=ether7 pvid=10
add bridge=bridge interface=sfp1
/interface bridge vlan
add bridge=bridge tagged=bridge,ether5,ether7,sfp1 untagged=ether3,ether4,ether6 vlan-ids=10
add bridge=bridge tagged=bridge,ether5,ether7,sfp1 untagged=ether2 vlan-ids=172
/ip dns set allow-remote-requests=yes servers="9.9.9.9"
/interface enable ether1
/ip dhcp-client add interface=ether1 disabled=no
/interface vlan add interface=bridge name=10_VLAN vlan-id=10
/ip address add interface=10_VLAN address=10.0.0.40/24
/ip pool add name=10_POOL ranges=10.0.0.200-10.0.0.254
/ip dhcp-server add address-pool=10_POOL interface=10_VLAN name=10_DHCP disabled=no
/ip dhcp-server network add address=10.0.0.0/24 dns-server=10.0.0.40 gateway=10.0.0.40
/interface vlan add interface=bridge name=172_VLAN vlan-id=20
/ip address add interface=172_VLAN address=172.16.0.5/24
/ip pool add name=172_POOL ranges=172.16.0.15-172.16.0.16
/ip dhcp-server add address-pool=172_POOL interface=172_VLAN name=172_DHCP disabled=no
/ip dhcp-server network add address=172.16.0.0/24 dns-server=10.0.0.40 gateway=172.16.0.5
/interface list add name=WAN
/interface list add name=VLAN
/interface list member
add interface=ether1 list=WAN
add interface=10_VLAN list=VLAN
add interface=172_VLAN list=VLAN
/ip firewall filter
add chain=input action=accept connection-state=established,related comment="Allow Estab & Related"
add chain=input action=accept in-interface-list=VLAN comment="Allow VLAN"
add chain=input action=drop comment="Drop"
add chain=forward action=accept connection-state=established,related comment="Allow Estab & Related"
add chain=forward action=accept connection-state=new in-interface-list=VLAN out-interface-list=WAN comment="VLAN Internet Access only"
add chain=forward action=drop comment="Drop"
/ip firewall nat add chain=srcnat action=masquerade out-interface-list=WAN comment="Default masquerade"
/interface bridge set bridge vlan-filtering=yes
Re: VLan Setup DHCP issues
/export file=anynameyouwish ( miinus router serial number, any public WANIP information, keys etc....)
dont work with snippets, and
this.
/interface bridge port
add bridge=bridge interface=ether2 pvid=172
add bridge=bridge interface=ether3 pvid=10
add bridge=bridge interface=ether4 pvid=10
add bridge=bridge interface=ether5 pvid=10
add bridge=bridge interface=ether6 pvid=10
add bridge=bridge interface=ether7 pvid=10
add bridge=bridge interface=sfp1
/interface bridge vlan
add bridge=bridge tagged=bridge,ether5,ether7,sfp1 untagged=ether3,ether4,ether6 vlan-ids=10
add bridge=bridge tagged=bridge,ether5,ether7,sfp1 untagged=ether2 vlan-ids=172
HOSED --> Tells me that you have not read and understood the bible on it yet. ........... start there--- viewtopic.php?t=143620
dont work with snippets, and
this.
/interface bridge port
add bridge=bridge interface=ether2 pvid=172
add bridge=bridge interface=ether3 pvid=10
add bridge=bridge interface=ether4 pvid=10
add bridge=bridge interface=ether5 pvid=10
add bridge=bridge interface=ether6 pvid=10
add bridge=bridge interface=ether7 pvid=10
add bridge=bridge interface=sfp1
/interface bridge vlan
add bridge=bridge tagged=bridge,ether5,ether7,sfp1 untagged=ether3,ether4,ether6 vlan-ids=10
add bridge=bridge tagged=bridge,ether5,ether7,sfp1 untagged=ether2 vlan-ids=172
HOSED --> Tells me that you have not read and understood the bible on it yet. ........... start there--- viewtopic.php?t=143620
Re: VLan Setup DHCP issues
Your VLAN 20 issue seems related to DHCP or incorrect tagging/untagging. Here's what to check:
1. **DHCP Scope:** Ensure the `172_POOL` has enough IPs (currently only two: `172.16.0.15-172.16.0.16`). Expand the range.
2. **Tagged/Untagged Ports:** Confirm VLAN 20 (ID 172) is correctly tagged on the trunk ports and untagged on the access port (`ether2`).
3. **Bridge VLAN Filtering:** Make sure `vlan-filtering=yes` is set on the bridge, and verify the `interface bridge vlan` entries align with your access/trunk ports.
4. **Firewall Rules:** Ensure no firewall rules block DHCP traffic on VLAN 20. Tiblor
Expand your DHCP pool and double-check tagging configurations for VLAN 20 on both router and connected devices. Let me know if more help is needed!
1. **DHCP Scope:** Ensure the `172_POOL` has enough IPs (currently only two: `172.16.0.15-172.16.0.16`). Expand the range.
2. **Tagged/Untagged Ports:** Confirm VLAN 20 (ID 172) is correctly tagged on the trunk ports and untagged on the access port (`ether2`).
3. **Bridge VLAN Filtering:** Make sure `vlan-filtering=yes` is set on the bridge, and verify the `interface bridge vlan` entries align with your access/trunk ports.
4. **Firewall Rules:** Ensure no firewall rules block DHCP traffic on VLAN 20. Tiblor
Expand your DHCP pool and double-check tagging configurations for VLAN 20 on both router and connected devices. Let me know if more help is needed!