Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

WAN and LAN passthrough to second MT - VLAN Question  [SOLVED]

Post Reply
 
User avatar
petardo
newbie
Topic Author
Posts: 30
Joined: Fri Sep 25, 2015 4:06 pm

WAN and LAN passthrough to second MT - VLAN Question

Sun Mar 31, 2024 1:06 am

I want to make available my router's WAN and LAN on a second router as well.
I want to use a single vlan bridge for best performance.
ETH1 is the WAN port, ETH3 is the trunk port to the next MT router.
WAN traffic is VLAN100, LAN traffic is VLAN200 on the trunk.
Both VLANS are defined on the bridge interface.
ETH1 and ETH3 are connected to the bridge (with pvid 100 and 200 resp.).
LAN network is configured by adding a DHCP server on VLAN200.
WAN IP should be got through DHCP Client of VLAN100.
But it doesn't get IP unless I set the bridge itself as the DHCP client interface but this is not what I want to achieve.
The config:
Code: Select all
/interface vlan add interface=bridge name=vlan100 vlan-id=100
add interface=bridge name=vlan200 vlan-id=200
/interface bridge add disabled=yes name=WAN-bridge
add admin-mac=... auto-mac=no comment=defconf name=bridge port-cost-mode=short
/interface bridge port add bridge=bridge comment=defconf ingress-filtering=no interface=ether2 internal-path-cost=10 path-cost=10 pvid=200
add bridge=bridge comment=defconf ingress-filtering=no interface=ether4 internal-path-cost=10 path-cost=10 pvid=200
add bridge=bridge interface=ether3
add bridge=bridge interface=ether1 pvid=100
/interface bridge vlan add bridge=bridge tagged=ether3,bridge vlan-ids=100,200
/ip dhcp-server add address-pool=dhcp interface=vlan200 name=dhcp
/ip dhcp-server network add address=192.168.128.0/24 comment=defconf dns-server=192.168.128.1 gateway=192.168.128.1 netmask=24
/ip dhcp-client add interface=vlan100
If I change the last vlan100 to bridge it works bit I need vlan100
What am I doing wrong?
Top
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19473
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:
Contact anav

Re: WAN and LAN passthrough to second MT - VLAN Question

Sun Mar 31, 2024 1:11 am

To be clear you have a block of IPs from your provider and you want to use one for the first router and another for the second router??
Top
 
User avatar
petardo
newbie
Topic Author
Posts: 30
Joined: Fri Sep 25, 2015 4:06 pm

Re: WAN and LAN passthrough to second MT - VLAN Question

Sun Mar 31, 2024 1:26 am

No. I want to be able to get an ip from both the service provider˙s dhcp and the first mt routers˙s dhcp on two different port on the second mt. Actually it worked already with two bridges but now i want to learn vlan bridging and solve it with one multivlan bridge. In praxis the service provider˙s ip serves as a gest network as well (as an alternative to the two dhcp server modell)
Top
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19473
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:
Contact anav

Re: WAN and LAN passthrough to second MT - VLAN Question

Sun Mar 31, 2024 7:24 am

Again, not clear.
Do you mean the ISP has a modem router and has a lan subnet, and thus gives the first MT router a private IP on that subnet and you wish to also have that subnet reach a second MT device.?
Meaning the First MT device is acting as a router with some of its own DHCP subnet but also on some ports maybe have the ISP LAN subnet and certainly pass both First MT router subnets and ISP router modem subnet to the second MT device??
Top
 
User avatar
petardo
newbie
Topic Author
Posts: 30
Joined: Fri Sep 25, 2015 4:06 pm

Re: WAN and LAN passthrough to second MT - VLAN Question

Sun Mar 31, 2024 8:15 am

Yes exactly (except that the first mt router doesn´t have to have on some of its own ports the isp´s subnet but yes it has to pass both subnets to the second mt router)
Top
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19473
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:
Contact anav

Re: WAN and LAN passthrough to second MT - VLAN Question

Sun Mar 31, 2024 3:46 pm

Would need to see both MT FULL configs............ the first and second MTs.
Do you have a management vlan organized on the First Router ( or trusted subnet) where all ( both MTs should get their Ip address from ).

/export file=anynameyouwish ( minus router serial#, any public WANIP information, keys, long dhcp lease lists)
Top
 
User avatar
petardo
newbie
Topic Author
Posts: 30
Joined: Fri Sep 25, 2015 4:06 pm

Re: WAN and LAN passthrough to second MT - VLAN Question  [SOLVED]

Sun Mar 31, 2024 5:02 pm

Thanks for your effort.
In the mean time the problem has been solved :)
I was afraid to switch on vlan filtering because of losing connectivity.
After switching on everything started to work like charm :)
Top
 
User avatar
petardo
newbie
Topic Author
Posts: 30
Joined: Fri Sep 25, 2015 4:06 pm

Re: WAN and LAN passthrough to second MT - VLAN Question

Sun Mar 31, 2024 10:22 pm

Maybe a last question for the future: i shouldn´t really worry about not accessing the router because of missconfiguration of vlan filtering until i have mac address winbox acces to the device, should i?
Top
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11672
Joined: Thu Mar 03, 2016 10:23 pm

Re: WAN and LAN passthrough to second MT - VLAN Question

Sun Mar 31, 2024 11:38 pm

With incorrect VLAN filtering setup you can easily loose MAC access to device ... so if doing something you're not comfortable with, it's smart to take one port off bridge and add it to the list with allowed MAC access ... that port would then be immune to whatever errors one might do in bridge config and let MAC access to the device (that port doesn't even need IP setup).
Top
 
User avatar
petardo
newbie
Topic Author
Posts: 30
Joined: Fri Sep 25, 2015 4:06 pm

Re: WAN and LAN passthrough to second MT - VLAN Question

Mon Apr 01, 2024 11:08 am

:D Thanks, I experienced it, i had to reset
I noticed also that if I don't add the bridge port to the 'tagged' list of the respective vlan in the vlan table it not only stops working (ip services like dhcp server or client) but I also lose MAC access despite the respective VLAN was added to the MAC server's allow list.
It is not totally clear to me hence the MT documentation tells about adding the bridge to the untagged list.
I was searching the Internet for a detailed clarification about that but didn't find.
I can take it as is i.e. I'll always add the bridge to the tagged list for each and every vlan but it would be nice to understand why.
Top
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19473
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:
Contact anav

Re: WAN and LAN passthrough to second MT - VLAN Question

Mon Apr 01, 2024 5:30 pm

viewtopic.php?t=143620
viewtopic.php?f=2&t=173692
Top
 
User avatar
petardo
newbie
Topic Author
Posts: 30
Joined: Fri Sep 25, 2015 4:06 pm

Re: WAN and LAN passthrough to second MT - VLAN Question

Mon Apr 01, 2024 9:17 pm

Thanks, the second link contained a lot of useful info (I couldn't read it all yet).

For me the essence is that my approach is right:
I add the bridge port to the 'tagged' list of all vlan rows.

What I still don't understand is why dhcp client on a vlan interface of a bridge only works with vlan filtering turned on.
(That was my original problem / question)
Contrary dhcp server on a vlan interface of a bridge (after adding this interface to the address list) works both with filtering turned on and off.

If anyone has an explanation for that, thanks.
Top
 
User avatar
petardo
newbie
Topic Author
Posts: 30
Joined: Fri Sep 25, 2015 4:06 pm

Re: WAN and LAN passthrough to second MT - VLAN Question

Tue Apr 02, 2024 4:08 am

I think I found the answer myself:
DHCP server and client must exist on the same vlan.
With vlan filtering turned off no PVID tagging on the ETH1 port (the port the ISP is connected to) is taking place hence the DHCP client on the bridge's vlan1 interface doesn't get reply to it's broadcasting from the ISP's DHCP server.
Top
Post Reply

Who is online

Users browsing this forum: AMU321 and 29 guests
  4. RouterOS
  5. Beginner Basics