DHCP Client and tagged or untagged access port

RouterOS Beginner Basics
1

I am still learning how to use Mikrotik devices. I am working with a CRS326-24G-2S+ and it has mainly been used for my lab network using all static IP’s using several VLAN’s that have routed internet access to from interface 1. This interface connects to an upstream router that provides Internet access.

Here is what I am trying to accomplish:

  • Interfaces 2-8 will become an extension of my home network (not lab) and I need them to receive DHCP addresses from the WAN Router connected to Interface 1.


  • My home network does not use VLAN’s as the router that most of them connect to does not support that


  • The other interfaces from this switch use a single bridge and all static IP’s and VLAN’s.

My confusion seems to be around configuring DHCP client access for interfaces 2-8 and how to use untagged or tagged interfaces and if I need another bridge or to use the existing bridge. I understand DHCP clients are best at the bridge level, but the other interfaces at this time will not use this DHCP server.

Below is a copy of my current configuration and I can supply a high level diagram if that helps. I posted a very similar question on a reddit subgroup for Mikrotik and I could not figure out all components based on the response.

Link to reddit post https://www.reddit.com/r/mikrotik/comments/obub18/simple_access_port_question/ which has the very high level diagram in it.

/interface bridge
add name=bridge vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] name=ether1-wan-dhcp-client
set [ find default-name=ether18 ] l2mtu=9216 mtu=9216
set [ find default-name=sfp-sfpplus1 ] l2mtu=9216 mtu=9216
set [ find default-name=sfp-sfpplus2 ] l2mtu=9216 mtu=9216
/interface vlan
add interface=bridge name=vlan10 vlan-id=10
add interface=bridge name=vlan11-vMotion vlan-id=11
add interface=bridge name=vlan12-vsan vlan-id=12
add interface=bridge name=vlan14-vxlan vlan-id=14
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/interface bridge port
add bridge=bridge comment=defconf frame-types=\
    admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=\
    ether9 pvid=10
add bridge=bridge comment=defconf frame-types=\
    admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=\
    ether10 pvid=10
add bridge=bridge comment=defconf frame-types=\
    admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=\
    ether11 pvid=10
add bridge=bridge comment=defconf frame-types=\
    admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=\
    ether12 pvid=10
add bridge=bridge comment=defconf frame-types=\
    admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=\
    ether13 pvid=10
add bridge=bridge comment=defconf frame-types=\
    admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=\
    ether14 pvid=10
add bridge=bridge comment=defconf frame-types=\
    admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=\
    ether15 pvid=10
add bridge=bridge comment=defconf frame-types=\
    admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=\
    ether16 pvid=10
add bridge=bridge comment=defconf interface=ether17
add bridge=bridge comment=defconf interface=ether18
add bridge=bridge comment=defconf interface=ether19
add bridge=bridge comment=defconf interface=ether20
add bridge=bridge comment=defconf interface=ether21
add bridge=bridge comment=defconf interface=ether22
add bridge=bridge comment=defconf interface=ether23
add bridge=bridge comment=defconf interface=ether24
add bridge=bridge comment=defconf interface=sfp-sfpplus1
add bridge=bridge comment=defconf interface=sfp-sfpplus2
/interface bridge vlan
add bridge=bridge tagged="ether17,ether18,ether19,ether20,ether21,ether22,ethe\
    r23,ether24,sfp-sfpplus1,sfp-sfpplus2,bridge" vlan-ids=10
add bridge=bridge tagged="ether17,ether18,ether19,ether20,ether21,ether22,ethe\
    r23,ether24,sfp-sfpplus1,sfp-sfpplus2,bridge" vlan-ids=11
add bridge=bridge tagged="ether17,ether18,ether19,ether20,ether21,ether22,ethe\
    r23,ether24,sfp-sfpplus1,sfp-sfpplus2,bridge" vlan-ids=12
add bridge=bridge tagged="ether17,ether18,ether19,ether20,ether21,ether22,ethe\
    r23,ether24,sfp-sfpplus1,sfp-sfpplus2,bridge" vlan-ids=14
/interface detect-internet
set detect-interface-list=all internet-interface-list=all lan-interface-list=\
    all wan-interface-list=all
/ip address
add address=192.168.x.1/24 interface=vlan10 network=192.168.x.0
add address=192.168.x.1/24 interface=vlan11-vMotion network=192.168.x.0
add address=192.168.x.1/24 interface=vlan12-vsan network=192.168.x.0
add address=192.168.x.1/24 interface=vlan14-vxlan network=192.168.x.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=\
    ether1-wan-dhcp-client
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1-wan-dhcp-client
/system clock
set time-zone-name=America/Los_Angeles
/system routerboard settings
set boot-os=router-os
2

Am I asking the wrong question or something? Can anyone offer some guidance?

3

Hi wickedshark.

What’s the output of this RouterOS command on your switch?

/interface bridge port print
4

Here is the output of /interface bridge port print

[admin@MikroTik] > /interface bridge port print                   
Flags: X - disabled, I - inactive, D - dynamic, H - hw-offload 
 #     INTERFACE                                                  BRIDGE                                                 HW  PVID PRIORITY  PATH-COST INTERNAL-PATH-COST    HORIZON
 0   H ;;; defconf
       ether9                                                     bridge                                                 yes   10     0x80         10                 10       none
 1 I H ;;; defconf
       ether10                                                    bridge                                                 yes   10     0x80         10                 10       none
 2 I H ;;; defconf
       ether11                                                    bridge                                                 yes   10     0x80         10                 10       none
 3 I H ;;; defconf
       ether12                                                    bridge                                                 yes   10     0x80         10                 10       none
 4 I H ;;; defconf
       ether13                                                    bridge                                                 yes   10     0x80         10                 10       none
 5 I H ;;; defconf
       ether14                                                    bridge                                                 yes   10     0x80         10                 10       none
 6 I H ;;; defconf
       ether15                                                    bridge                                                 yes   10     0x80         10                 10       none
 7 I H ;;; defconf
       ether16                                                    bridge                                                 yes   10     0x80         10                 10       none
 8   H ;;; defconf
       ether17                                                    bridge                                                 yes    1     0x80         10                 10       none
 9 I H ;;; defconf
       ether18                                                    bridge                                                 yes    1     0x80         10                 10       none
10 I H ;;; defconf
       ether19                                                    bridge                                                 yes    1     0x80         10                 10       none
11 I H ;;; defconf
       ether20                                                    bridge                                                 yes    1     0x80         10                 10       none
12 I H ;;; defconf
       ether21                                                    bridge                                                 yes    1     0x80         10                 10       none
13 I H ;;; defconf
       ether22                                                    bridge                                                 yes    1     0x80         10                 10       none
14 I H ;;; defconf
       ether23                                                    bridge                                                 yes    1     0x80         10                 10       none
15 I H ;;; defconf
       ether24                                                    bridge                                                 yes    1     0x80         10                 10       none
16 I H ;;; defconf
       sfp-sfpplus1                                               bridge                                                 yes    1     0x80         10                 10       none
17 I H ;;; defconf
       sfp-sfpplus2                                               bridge                                                 yes    1     0x80         10                 10       none
[admin@MikroTik] >>
5

Here is the output.

[admin@MikroTik] > /interface bridge port print                   
Flags: X - disabled, I - inactive, D - dynamic, H - hw-offload 
 #     INTERFACE                                                  BRIDGE                                                 HW  PVID PRIORITY  PATH-COST INTERNAL-PATH-COST    HORIZON
 0   H ;;; defconf
       ether9                                                     bridge                                                 yes   10     0x80         10                 10       none
 1 I H ;;; defconf
       ether10                                                    bridge                                                 yes   10     0x80         10                 10       none
 2 I H ;;; defconf
       ether11                                                    bridge                                                 yes   10     0x80         10                 10       none
 3 I H ;;; defconf
       ether12                                                    bridge                                                 yes   10     0x80         10                 10       none
 4 I H ;;; defconf
       ether13                                                    bridge                                                 yes   10     0x80         10                 10       none
 5 I H ;;; defconf
       ether14                                                    bridge                                                 yes   10     0x80         10                 10       none
 6 I H ;;; defconf
       ether15                                                    bridge                                                 yes   10     0x80         10                 10       none
 7 I H ;;; defconf
       ether16                                                    bridge                                                 yes   10     0x80         10                 10       none
 8   H ;;; defconf
       ether17                                                    bridge                                                 yes    1     0x80         10                 10       none
 9 I H ;;; defconf
       ether18                                                    bridge                                                 yes    1     0x80         10                 10       none
10 I H ;;; defconf
       ether19                                                    bridge                                                 yes    1     0x80         10                 10       none
11 I H ;;; defconf
       ether20                                                    bridge                                                 yes    1     0x80         10                 10       none
12 I H ;;; defconf
       ether21                                                    bridge                                                 yes    1     0x80         10                 10       none
13 I H ;;; defconf
       ether22                                                    bridge                                                 yes    1     0x80         10                 10       none
14 I H ;;; defconf
       ether23                                                    bridge                                                 yes    1     0x80         10                 10       none
15 I H ;;; defconf
       ether24                                                    bridge                                                 yes    1     0x80         10                 10       none
16 I H ;;; defconf
       sfp-sfpplus1                                               bridge                                                 yes    1     0x80         10                 10       none
17 I H ;;; defconf
       sfp-sfpplus2                                               bridge                                                 yes    1     0x80         10                 10       none
[admin@MikroTik] >>
6

CRS3xx only support hardware offload on a single bridge. You can use the bridge for both your ‘WAN’ and ‘VLAN’ traffic.

Under /interface bridge port
add new entries add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=etherX for ether1-8
include frame-types=admit-only-vlan-tagged ingress-filtering=yes for the existing ether17-24 & sfp-sfpplus1-2 entries

Change the interface used by /ip dhcp-client and /ip firewall nat from ether1-wan-dhcp-client to bridge

This assumes ether17-24 & sfp-sfpplus1-2 are used tagged only, usual caveats about cutting yourself off whilst changing the configuration apply.

Also set all of the /interface detect-internet entries to none, this feature often creates more problems than it solves.

7

Thanks I will give this a try today.