Hello
sorry for my English..
i have a router with the capmanager activate.
i have two configuration 1 wifi-lan and the other wifi-home automation.
a dhcp in 192.168.2.x for my lan and wifi lan.
I wish to have a dhcp for wifi-home automation in 192.168.3.x.
I galley a little for the interface to take for the 2nd dhcp.
Thanks for your help
create two WiFi SSID’s, and then assign with different subnet
First you need to define another address pool then DHCP server network and lastly bind DHCP server with correct pool and network to desired interface:
/ip pool
add name=home_automation ranges=192.168.3.20-192.168.3.254
/ip dhcp-server network
add address=192.168.3.0/24 dns-server=<enter DNS server to be used by clients here> gateway=192.168.3.1 netmask=24
/ip dhcp-server
add address-pool=home_automation interface="wifi_home automation" name="dhcp_home automation"
Review the above commands and adjust them to your setup (IP address range, DNS server address, gateway address - this should match IP address bound to “wifi_home automation” interface … and correct name of said interface).
Hello
thanks for the help.
my config for the dhcp and capsmanager and dhcp
/caps-man datapath
add bridge=bridge interface-list=all local-forwarding=yes name=datapath1
add bridge=br_domotique local-forwarding=no name=datapath2
/caps-man security
add authentication-types=wpa2-psk name=SEC-Wifi-maison passphrase=*****
add authentication-types=wpa2-psk name=Domotique passphrase=*******
/caps-man configuration
add country=france datapath=datapath1 datapath.client-to-client-forwarding=no
datapath.local-forwarding=no distance=indoors mode=ap name=Maison security=
SEC-Wifi-maison ssid=Wifi-Maison
add country=france datapath.bridge=br_domotique
datapath.client-to-client-forwarding=no datapath.local-forwarding=no
distance=indoors mode=ap name=Domotique security=Domotique ssid=Test
/caps-man manager
set enabled=yes
/caps-man provisioning
add action=create-dynamic-enabled comment=local master-configuration=Maison
name-format=prefix-identity slave-configurations=Domotique
—dhcp—
0 192.168.2.0/24 192.168.2.1 192.168.2.1 lan and wifi lan
1 192.168.3.0/24 192.168.3.1 192.168.3.1 Domotique
------DNS—servers:
dynamic-servers: 192.168.1.254
allow-remote-requests: yes
max-udp-packet-size: 4096
query-server-timeout: 2s
query-total-timeout: 10s
max-concurrent-queries: 100
max-concurrent-tcp-sessions: 20
cache-size: 2048KiB
cache-max-ttl: 1w
cache-used: 87KiB
i still have a problem at dns level. if i put dns 8.8.8.8 i have access to the web however if i put 192.168.3.1 no web.
I ping the IPs but not the dns names.
I do not understand why
thank you
I’m not sure how DNS server is configured now. Probably you have to enable it if it’s not already. Be sure you don’t allow connections to TCP and UDP ports 53 from internet.
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
i have a dns with my first lan:
ip dns print
servers:
dynamic-servers: 192.168.1.254
allow-remote-requests: yes
max-udp-packet-size: 4096
query-server-timeout: 2s
query-total-timeout: 10s
max-concurrent-queries: 100
max-concurrent-tcp-sessions: 20
cache-size: 2048KiB
cache-max-ttl: 1w
cache-used: 298KiB
192.168.1.254 is Ip of my adsl box.
First lan: 192.168.2./24 dns 192.168.2.1 (ip router board) .
Second lan (with capsmanager) 192.168.3./24 if dns is 192.168.3.1 no resolution , i can ping ip no domain ..
if in configure dhcp for my second lan like this:
ADDRESS GATEWAY DNS-SERVER WINS-SERVER DO..
0 192.168.2.0/24 192.168.2.1 192.168.2.1 (first dhcp)
1 192.168.3.0/24 192.168.3.1 192.168.1.254 (second dhcp)
I can ping domain name like google.fr.
BR
I can think of two reasons why you can’t use RB’s DNS server from your home automation: either there’s some firewall rule blocking access to DNS service from 192.168.3.0/24 or CapsMan settings prevent it. Either way it’s just guessing until you post full configuration.
hi
my configuration
MMM MMM KKK TTTTTTTTTTT KKK
MMMM MMMM KKK TTTTTTTTTTT KKK
MMM MMMM MMM III KKK KKK RRRRRR OOOOOO TTT III KKK KKK
MMM MM MMM III KKKKK RRR RRR OOO OOO TTT III KKKKK
MMM MMM III KKK KKK RRRRRR OOO OOO TTT III KKK KKK
MMM MMM III KKK KKK RRR RRR OOOOOO TTT III KKK KKKMikroTik RouterOS 6.42.6 (c) 1999-2018 > http://www.mikrotik.com/
[?] Gives the list of available commands
command [?] Gives help on the command and list of arguments[Tab] Completes the command/word. If the input is ambiguous,
a second [Tab] gives possible options/ Move up to base level
.. Move up one level
/command Use command at the base level
[admin@Capman-garage] > exportaug/19/2018 19:10:36 by RouterOS 6.42.6
software id = V4XF-HAYV
model = CRS125-24G-1S-2HnD
serial number = 786F083D7C15
/interface bridge
add fast-forward=no name=br_domotique
add admin-mac=CC:2D:E0:0B:47:95 auto-mac=no comment=defconf name=bridge
add fast-forward=no name=fplayer
add fast-forward=no name=freebox
/interface wirelessmanaged by CAPsMAN
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce
distance=indoors frequency=auto mode=ap-bridge ssid=MikroTik-0B47AD
wireless-protocol=802.11
/interface vlan
add interface=ether1 name=ETHER1_VLAN100 vlan-id=100
add interface=ether5 name=ETHER5_VLAN100 vlan-id=100
/caps-man datapath
add bridge=br_domotique local-forwarding=no name=datapath2
/caps-man security
add authentication-types=wpa2-psk name=SEC-Wifi-maison passphrase=…
add authentication-types=wpa2-psk name=Domotique passphrase=P…
/caps-man configuration
add country=france datapath.bridge=br_domotique
datapath.client-to-client-forwarding=no datapath.local-forwarding=no
distance=indoors mode=ap name=Domotique security=Domotique ssid=Test
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
add name=domotique
/caps-man datapath
add bridge=bridge interface-list=all local-forwarding=yes name=datapath1
/caps-man configuration
add country=france datapath=datapath1 datapath.client-to-client-forwarding=no
datapath.local-forwarding=no distance=indoors mode=ap name=Maison security=
SEC-Wifi-maison ssid=Wifi-Maison
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip kid-control
add disabled=yes fri=“” mon=“” name=kid1 sat=“” sun=20h-20h30m thu=“” tue=“”
wed=“”
/ip pool
add name=dhcp_pool1 ranges=192.168.2.100-192.168.2.150
add name=Domotique ranges=192.168.3.1-192.168.3.15
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=bridge lease-time=1h10m name=
dhcp1
add address-pool=Domotique disabled=no interface=br_domotique name=Domotique
/port
set 1 baud-rate=115200 data-bits=8 flow-control=none name=usb2 parity=none
stop-bits=1
/caps-man manager
set enabled=yes
/caps-man provisioning
add action=create-dynamic-enabled comment=local master-configuration=Maison
name-format=prefix-identity slave-configurations=Domotique
/interface bridge port
add bridge=fplayer comment=“lan Freebox capsman” interface=ether2
add bridge=freebox comment=“lan Freebox” interface=ether4
add bridge=bridge comment=“lan Freebox” interface=ether5
add bridge=freebox comment=“lan Freebox” interface=ether6
add bridge=freebox comment=“lan Freebox” interface=ether7
add bridge=freebox comment=“lan Freebox” interface=ether8
add bridge=bridge comment=“lan Maison” interface=ether20
add bridge=bridge comment=“lan Maison” interface=ether21
add bridge=bridge comment=“lan Maison” interface=ether22
add bridge=bridge comment=“lan Maison” interface=ether23
add bridge=bridge comment=“lan Maison” interface=ether24
add bridge=bridge comment=“lan Maison” interface=sfp1
add bridge=bridge comment=“lan Maison” interface=wlan1
add bridge=freebox comment=“lan Freebox” interface=ether1
add bridge=freebox comment=“lan Freebox” interface=ether3
add bridge=bridge comment=“lan Maison” interface=ether15
add bridge=bridge comment=“lan Maison” interface=ether12
add bridge=bridge comment=“lan Maison” interface=ether13
add bridge=bridge comment=“lan Maison” interface=ether14
add bridge=bridge comment=“lan Maison” interface=ether16
add bridge=bridge comment=“lan Maison” interface=ether17
add bridge=bridge comment=“lan Maison” interface=ether18
add bridge=bridge comment=“Lan maison” interface=ether19
add bridge=fplayer comment=“Lan FreePlayer” interface=ETHER5_VLAN100
add bridge=bridge comment=“Lan Maison” interface=ether11
add bridge=fplayer interface=ETHER1_VLAN100
add bridge=bridge interface=ether9
add bridge=bridge interface=ether10
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=freebox list=WAN
add interface=br_domotique list=domotique
/interface wireless capset caps-man-addresses=192.168.2.1,192.168.2.254 discovery-interfaces=bridge
enabled=yes interfaces=wlan1
/ip address
add address=192.168.2.1/24 interface=bridge network=192.168.2.0
add address=192.168.3.1/24 interface=br_domotique network=192.168.3.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=freebox
add dhcp-options=hostname,clientid
/ip dhcp-server lease
add address=192.168.2.253 client-id=1:0:fd:45:fc:6e:18 mac-address=
00:FD:45:FC:6E:18 server=dhcp1
add address=192.168.2.252 client-id=1:90:b1:1c:6f:3:f0 mac-address=
90:B1:1C:6F:03:F0 server=dhcp1
add address=192.168.2.3 client-id=1:0:1d:73:a3:d:1c mac-address=
00:1D:73:A3:0D:1C server=dhcp1
add address=192.168.2.5 mac-address=00:24:D4:71:72:BD server=dhcp1
add address=192.168.2.4 client-id=1:d8:fe:e3:5c:14:68 mac-address=
D8:FE:E3:5C:14:68 server=dhcp1
add address=192.168.2.11 client-id=Domotique comment=Alexa mac-address=
B0:FC:0D:06:FD:69 server=dhcp1
add address=192.168.2.12 client-id=Domotique comment=“Alexa bureau”
mac-address=C4:95:00:2C:89:83 server=dhcp1
add address=192.168.2.15 client-id=Domotique comment=“Chambre EVA” mac-address=
84:F3:EB:14:C5:7C server=dhcp1
add address=192.168.2.16 client-id=Domotique comment=“Chambre angel”
mac-address=84:F3:EB:14:C6:32 server=dhcp1
add address=192.168.2.10 client-id=1:b8:27:eb:5d:63:88 comment=
“serveur domotique” mac-address=B8:27:EB:5D:63:88 server=dhcp1
add address=192.168.2.14 client-id=1:50:c7:bf:b6:c4:27 mac-address=
50:C7:BF:B6:C4:27 server=dhcp1
add address=192.168.2.254 client-id=1:6c:3b:6b:3c:23:16 mac-address=
6C:3B:6B:3C:23:16 server=dhcp1
add address=192.168.2.251 client-id=1:64:d1:54:f8:69:b8 mac-address=
64:D1:54:F8:69:B8 server=dhcp1
add address=192.168.2.104 mac-address=B0:E1:7E:20:1A:F7 server=dhcp1
/ip dhcp-server network
add address=192.168.2.0/24 caps-manager=192.168.2.1 dns-server=192.168.2.1
gateway=192.168.2.1
add address=192.168.3.0/24 dns-server=192.168.3.1,8.8.8.8 gateway=192.168.3.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 disabled=yes name=router.lan
add address=192.168.2.253 name=toto.lan
/ip firewall filter
add action=drop chain=forward comment=“prise tplink” log=yes out-interface=
bridge src-address=192.168.2.14
add action=accept chain=input comment=
“defconf: accept established,related,untracked” connection-state=
established,related,untracked
add action=drop chain=input comment=“defconf: drop invalid” connection-state=
invalid
add action=drop chain=input comment=“defconf: drop all not coming from LAN”
in-interface-list=!LAN
add action=accept chain=forward comment=“defconf: accept in ipsec policy”
ipsec-policy=in,ipsec
add action=accept chain=forward comment=“defconf: accept out ipsec policy”
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment=“defconf: fasttrack”
connection-state=established,related
add action=accept chain=forward comment=
“defconf: accept established,related, untracked” connection-state=
established,related,untracked
add action=drop chain=forward comment=“defconf: drop invalid” connection-state=
invalid
add action=drop chain=forward comment=
“defconf: drop all from WAN not DSTNATed” connection-nat-state=!dstnat
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment=“defconf: masquerade” ipsec-policy=
out,none out-interface-list=WAN
add action=dst-nat chain=dstnat comment=
“Port Forward rdp verserveur hyperv2016” disabled=yes dst-port=124568
protocol=tcp to-addresses=192.168.2.252 to-ports=123456
/ip kid-control device
add mac-address=B0:E1:7E:20:1A:F7 name=eva user=kid1
add mac-address=C8:14:79:A3:A9:A7 name=test user=kid1
/ip route
add check-gateway=ping disabled=yes distance=1 dst-address=172.16.0.0/23
gateway=192.168.2.106
/lcd
set time-interval=hour
/lcd interface pages
set 0 interfaces=wlan1
/system clock
set time-zone-name=Europe/Paris
/system console
add disabled=no port=usb2
/system identity
set name=Capman-garage
/system routerboard settings
set silent-boot=no
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool netwatch
add disabled=yes host=192.168.2.150
/tool sniffer
set filter-interface=*C88thank you for you help
BR
If I got it right the problem is that you have 3 interface lists: LAN, WAN and domotique. You have firewall rule
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
which doesnt allow to use RB’s DNS service (among other things) from devices connecting through domotique interface list. As you probably don’t want to allow full connectivity from home automation to router, it is probabky better to construct specific allow filters for DNS only
add action=accept chain=input comment="allow DNS from domotique" \
in-interface-list=domotique protocol=udp port=53
add action=accept chain=input comment="allow DNS from domotique" \
in-interface-list=domotique protocol=tcp port=53
You should place these two rules before the one quoted above which drops all on input chain.
hi,
you got right 
“Chapeau bas Monsieur” french exprission to says thank you an respect.
br