Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

networking and ip services  [SOLVED]

Post Reply
 
CSteve
newbie
Topic Author
Posts: 33
Joined: Wed Feb 10, 2016 4:52 pm

networking and ip services

Tue Mar 26, 2024 11:08 am

Hi.

I m trying to set up a new hex router. On Ethernet1 i set up my wan port with fix ip from my provider. On Ethernet 2 i want to set up an admin vlan , and on ethernet 3 a guest vlan. A simple setup. My problem is that i don t get a local ip on the mentioned vlan ports. Even if i assign a fixed ip from the correct subnet, i can t connect to the router with winbox. The interface it appears as it doesn t has an ip. I can only connect using the mac address of the device with the winbox.

Code: Select all
# jan/02/1970 01:52:29 by RouterOS 6.49.10
# software id = AJSM-L12M
#
# model = RB750Gr3
# serial number = HFE09AJGCJF
/interface vlan
add interface=ether2 name=vlan1 vlan-id=1
add interface=ether3 name=vlan4 vlan-id=4
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/ip pool
add name=P-VL1-Admin ranges=172.29.1.30-172.29.1.240
add name=P-VL4-Guest ranges=172.29.4.30-172.29.4.240
/ip dhcp-server
add address-pool=P-VL1-Admin authoritative=after-2sec-delay disabled=no \
    interface=vlan1 lease-time=1h name=dhcp1
add address-pool=P-VL4-Guest disabled=no interface=vlan4 lease-time=30m name=\
    dhc4
/ip address
add address=145.xxx.xxx.xxx interface=ether1 network=255.255.255.252
add address=172.29.1.1/24 interface=vlan1 network=172.29.1.0
add address=172.29.4.1/24 interface=vlan4 network=172.29.4.0
/ip dhcp-client
add comment=defconf disabled=no
/ip dhcp-server network
add address=172.29.1.0/24 dns-server=31.46.19.238,84.1.102.178 gateway=\
    172.29.1.1 netmask=24
add address=172.29.4.0/24 dns-server=31.46.19.238,84.1.102.178 gateway=\
    172.29.4.1 netmask=24
/ip firewall address-list
add address=145.xxx.xxx.xxx list=WAN-IP
add address=172.29.1.0/24 list=local-admin-network
add address=172.29.4.0/24 list=local-networks
add address=172.29.4.0/24 list=local-guest-network
add address=172.29.1.0/24 list=local-networks
/ip firewall filter
add action=drop chain=input comment="drop invalid" connection-state=invalid
add action=accept chain=input comment="allow established,related" \
    connection-state=established,related
add action=accept chain=input comment="allow ping" icmp-options=8:0-255 \
    ipv4-options=strict-source-routing limit=5,5:packet protocol=icmp
add action=accept chain=input comment=Dhcp dst-port=67-68 protocol=udp \
    src-address-list=local-networks
add action=accept chain=input comment="management accept - MAC winbox GUI" \
    dst-port=20561 protocol=udp src-address-list=local-networks
add action=accept chain=input comment="management accept -  winbox GUI" \
    dst-port=8291 log=yes protocol=tcp src-address-list=local-networks
add action=accept chain=input dst-port=53 protocol=tcp src-address-list=\
    local-networks
add action=drop chain=input comment="DEFAULT INPUT DROP" log-prefix=\
    "default drop" src-address-list=local-networks
add action=accept chain=forward comment="forward rel-established" \
    connection-state=established,related
add action=accept chain=forward comment="forward networks to wap ip" \
    dst-address-list=WAN-IP src-address-list=local-networks
add action=accept chain=forward comment="Allow dns req" dst-port=53 protocol=\
    tcp src-address-list=local-networks
add action=accept chain=forward dst-port=53 protocol=udp src-address-list=\
    local-networks
add action=accept chain=forward comment="Allow Dhcp req/repl" dst-port=67-68 \
    protocol=udp src-address-list=local-networks
add action=drop chain=forward comment="DEFAULT FORWARD DROP" log-prefix=\
    "default drop"
add action=accept chain=output
/ip firewall nat
add action=src-nat chain=srcnat out-interface=ether1 src-address=172.29.1.0/24 \
    to-addresses=145.xxx.xxx.xxx
add action=src-nat chain=srcnat out-interface=ether1 src-address=172.29.4.0/24 \
    to-addresses=145.xxx.xxx.xxx
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/system logging
add topics=dhcp,debug


https://imgur.com/8Xkyl78



Any insight would be appreciated.
Last edited by CSteve on Tue Mar 26, 2024 11:56 am, edited 2 times in total.
Top
 
erlinden
Forum Guru
Forum Guru
Posts: 1975
Joined: Wed Jun 12, 2013 1:59 pm
Location: Netherlands

Re: Dhcp not working

Tue Mar 26, 2024 11:11 am

I prefer to work with VLAN filtering on the bridge. Please read this great topic befor continuing:
viewtopic.php?t=143620
Top
 
CSteve
newbie
Topic Author
Posts: 33
Joined: Wed Feb 10, 2016 4:52 pm

Re: networking and ip services

Tue Mar 26, 2024 12:28 pm

@erlinden I can only do it using the bridge method?
Top
 
User avatar
Buckeye
Forum Veteran
Forum Veteran
Posts: 896
Joined: Tue Sep 11, 2018 2:03 am
Location: Ohio, USA

Re: Dhcp not working  [SOLVED]

Tue Mar 26, 2024 12:32 pm

On Ethernet 2 i want to set up an admin vlan , and on ethernet 3 a guest vlan. A simple setup. My problem is that i don t get a local ip on the mentioned vlan ports. Even if i assign a fixed ip from the correct subnet, i can t connect to the router with winbox. The interface it appears that it doesn t has an ip. I can only connect using the mac address of the device with the winbox.
Code: Select all
/interface vlan
add interface=ether2 name=vlan1 vlan-id=1
add interface=ether3 name=vlan4 vlan-id=4
The /interface vlan section is creating two new virtual "interfaces" that are connected to the parent (sometimes called base) interfaces ether2 and ether3.

This is my understanding:

An interface and a port are two different things. And ether2 here is ambiguous, it can be either an interface (what you can attach an ip address to), or a port specifier.

Said another way, the ether2 port has two interfaces using it, the base interface ether2 is the one that sends and receives "standard" untagged ethernet frames via the ether2 port. The vlan1 interface uses the ether2 port, but sends and receives IEEE802.1Q tagged frames, in this case tagged with vlan1. Some routers use the interface naming convention port.vlanid, e.g. instead of the name being vlan1 as you have named then interface, it would be called ether3.1

If you have devices that are not vlan-aware, and they don't know what to do with ethernet frames that have ethertype 0x8100 (the ethertype associated with standard tagging, i.e. Tag protocol identifier), then they will just ignore the tagged ethernet frames, the same as they will for any other ethertype they don't recognize.

Given what you stated, I don't see a need for vlans. Just use ether2 and ether3 and make sure they are not bridge ports. Then they can have an ip address associated with the interface with the same name.

But if you are going to use vlans, using the vlan-filtering bridge as suggested by @erlinden is much more flexible.

For ethernet frame info the Wikipedia IEEE 802.1Q page is good.
Top
Post Reply

Who is online

Users browsing this forum: broderick, Qanon and 21 guests
  4. RouterOS
  5. Beginner Basics