Default VLAN (1) hosts picking up DHCP addresses from router DHCP server running on VLAN (19)

datajerk · July 8, 2017, 11:21pm

Hi.

I created the following config:

/interface vlan add interface=bridge name=vlan19 vlan-id=19 comment=“untrusted IoT”
/ip address add address=192.168.19.1/24 interface=vlan19 network=192.168.19.0
/ip pool add name=untrusted_iot ranges=192.168.19.100-192.168.19.199
/ip dhcp-server add address-pool=untrusted_iot disabled=no interface=vlan19 name=dhcp19
/ip dhcp-server network add address=192.168.19.0/24 gateway=192.168.19.1 dns-server=192.168.19.1
/interface list member add interface=vlan19 list=nofasttrack
/ip firewall nat add action=masquerade chain=srcnat out-interface=vlan19
/ip firewall filter add action=drop chain=forward in-interface=vlan19 out-interface-list=!external

I’m trying to create a VLAN for IoT devices and only give them Internet access. The above works as intended, however, other devices outside of VLAN 19 on the default or untagged VLAN (1), randomly get an address from this pool, and since they are not in VLAN 19, well they stop communicating.

I’ve got other VLANs on this router where the default gateway is not the router, but a different device all together. These function without issue, no DHCP issues at all.

What and I missing here?

Thanks.

acruhl · July 9, 2017, 2:37am

What does /interface bridge port print show?

For the heck of it, did you try creating a new bridge device? Seems like the default vlan could be tied into the default bridge device somehow, although if this was the case you should probably see every device in vlan 1 getting dhcp addresses from 19. Maybe it’s just flaky.

EDIT: Is it somehow related to master/slave relationships on the physical interface?