Hello all,
I’m new to Mikrotik and got my hands on an RB5009 and have been trying to set up my local network with VLANs (I followed the popular “Using RouterOS to VLAN your network” guide. I am trying to set up ROAS between my RB5009 and CSS326 with a trunk link over a LACP aggregation group. Essentially it looks like this and then all my hosts are connected to other ports on the CSS:
RB5009-eth5 =====trunk===== CSS-port21
RB5009-eth6 =====trunk===== CSS-port22
RB5009-eth7 =====trunk===== CSS-port23
RB5009-eth8 =====trunk===== CSS-port24
I’ve gotten the VLANs working properly and can successfully use static IPs on clients attached to the switch. My issue lies in running DHCP. I have multiple VLANs: trusted, guest, servers, and IoT and want to have a separate DHCP server for each VLAN. However, I cannot get dynamic IPs on my devices.
I plugged in a laptop to CSS-port 1 (trusted VLAN) and ran a PCAP. The RB5009 did not see the Discover messages at all. When I have this same laptop set with a static IP, no issues.
Here is the config:
[admin@MikroTik] > export hide-sensitive
# nov/19/2023 21:37:18 by RouterOS 7.8
# software id = VDV6-JBV3
#
# model = RB5009UG+S+
# serial number = HEK08JZ9PAW
/interface bridge
add admin-mac=48:A9:8A:E7:20:22 auto-mac=no comment=defconf name=bridgeLocal
add name=trunkBridge protocol-mode=none pvid=99 vlan-filtering=yes
/interface vlan
add interface=trunkBridge name=MGMT_VLAN vlan-id=99
/interface bonding
add mode=802.3ad name=trunkLAG slaves=ether5,ether6,ether7,ether8
/interface vlan
add interface=trunkLAG name=guestVLAN20 vlan-id=20
add interface=trunkLAG name=iotVLAN100 vlan-id=100
add interface=trunkLAG name=serverVLAN50 vlan-id=50
add interface=trunkLAG name=trustedVLAN16 vlan-id=16
/interface list
add name=WAN
add name=LAN
add name=MGMT
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=trustedPool ranges=10.0.16.5-10.0.16.254
add name=guestPool ranges=10.0.20.2-10.0.20.254
add name=serverPool ranges=10.0.50.100-10.0.50.254
add name=iotPool ranges=10.0.100.2-10.0.101.254
/ip dhcp-server
add address-pool=trustedPool interface=trustedVLAN16 lease-time=1d name=\
trustedDHCP
add address-pool=guestPool interface=guestVLAN20 name=guestDHCP
add address-pool=serverPool interface=serverVLAN50 name=serverDHCP
add address-pool=iotPool interface=iotVLAN100 name=iotDHCP
/interface bridge port
add bridge=bridgeLocal comment=defconf interface=ether1
add bridge=bridgeLocal comment=defconf interface=ether2
add bridge=bridgeLocal comment=defconf interface=ether3
add bridge=bridgeLocal comment=defconf interface=ether4
add bridge=bridgeLocal comment=defconf interface=sfp-sfpplus1
add bridge=trunkBridge frame-types=admit-only-vlan-tagged interface=trunkLAG
/ip neighbor discovery-settings
set discover-interface-list=all
/interface bridge vlan
add bridge=trunkBridge tagged=trunkLAG,trunkBridge vlan-ids=16,20,50,99,100
/interface list member
add interface=ether1 list=WAN
add interface=trustedVLAN16 list=LAN
add interface=guestVLAN20 list=LAN
add interface=serverVLAN50 list=LAN
add interface=iotVLAN100 list=LAN
add interface=MGMT_VLAN list=MGMT
/ip address
add address=10.0.16.1/24 interface=*D network=10.0.16.0
add address=10.0.20.1/24 interface=*E network=10.0.20.0
add address=10.0.50.1/24 interface=*F network=10.0.50.0
add address=10.0.100.1/23 interface=*10 network=10.0.100.0
add address=10.0.99.1/24 interface=MGMT_VLAN network=10.0.99.0
add address=10.0.16.1/24 interface=trustedVLAN16 network=10.0.16.0
add address=10.0.20.1/24 interface=guestVLAN20 network=10.0.20.0
add address=10.0.50.1/24 interface=serverVLAN50 network=10.0.50.0
add address=10.0.100.1/23 interface=iotVLAN100 network=10.0.100.0
/ip dhcp-client
add comment=defconf disabled=yes interface=bridgeLocal
/ip dhcp-server alert
add disabled=no interface=trustedVLAN16
/ip dhcp-server network
add address=10.0.16.0/24 dns-server=192.168.0.1,1.1.1.1 gateway=10.0.16.1 \
netmask=24
add address=10.0.20.0/24 dns-server=1.1.1.1,8.8.8.8 gateway=10.0.20.1
add address=10.0.50.0/24 dns-server=192.168.0.1,1.1.1.1 gateway=10.0.16.1
add address=10.0.100.0/23 gateway=10.0.100.1
/ip dns
set allow-remote-requests=yes servers=1.1.1.1,8.8.8.8
I’m wondering if the issue lies in me trying to have a LAG as my trunk link or in the interaction between the LAG and the bridge (I am still a bit confused about bridges as Cisco does not have the explicit concept).
My RB5009 is running version 7.8 and CSS is running 2.13 if that helps.
Anybody have any idea what I’m doing wrong?
Cheers.