DHCP from internal network on WAN port (for only one device)

e5i0vrgl · December 13, 2015, 7:01pm

Hello community,

I have the following situation: I have my MikroTik connected with an LTE router on the WAN port and my internal network is all connected to one LAN port, additionally I have a WLAN configured. DHCP Server is also running on the MikroTik. Everything behind the LAN port and every device connected via WLAN can connect to the internet without problems.

Due to the distribution of my apartment rooms I had to put my LTE router into the living room because I have the best connection there. In the same room there is also my media center. Therefore I put an additional switch behind the WAN port to connect my media center (I didn’t want a second cable running through all the rooms). The problem now is that my media center doesn’t get an IP address from the DHCP server via ethernet. What do I need to do now that this device gets an IP address and can connect to the internet?

I can’t put the MikroTik router in the living room because then my WLAN connectivity in other rooms is not good enough.

Thanks in advance,
regards Christoph

jarda · December 14, 2015, 9:31am

Use the smart switch and configure vlan to split the networks over one trunking cable.

e5i0vrgl · February 6, 2016, 4:43pm

Sorry for my late answer, but I just had little time to play around with your solution. Unfortunately I can not seem to get it running. In my opinion the problem is that I just use unmanaged switches to solve the problem. Is it even possible then?

Here is an overview over my network for further explanation:

So everything connected to the LAN-Port and via WLAN on the Mikrotik is working fine but the devices “Media Center” and “Raspberry Pi” on the WAN port, which are connected via this 100Mbit Switch, are not receiving an IP address from the DHCP server and can not access the internet (only via WLAN).

Here is also my (cleaned) configuration:

# feb/06/2016 16:31:25 by RouterOS 6.33.3
# software id = BPL1-8134
#

/interface bridge
add admin-mac=E4:8D:8C:89:18:9E auto-mac=no name=bridge-local

/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \
    country=austria disabled=no distance=indoors frequency=auto mode=\
    ap-bridge name=LordOfThePings ssid=LordOfThePings wireless-protocol=\
    802.11

/interface ethernet
set [ find default-name=ether2 ] name=LAN
set [ find default-name=ether1 ] name=WAN
set [ find default-name=ether3 ] disabled=yes name=ether3-slave-local
set [ find default-name=ether4 ] disabled=yes master-port=LAN name=ether4-slave-local

/ip neighbor discovery
set WAN discover=no

/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=\
    dynamic-keys wpa-pre-shared-key=<mypassword> wpa2-pre-shared-key=\
    <mypassword>

/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-128-cbc

/ip pool
add name=dhcp ranges=10.0.0.100-10.0.0.254

/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge-local name=default

/interface bridge port
add bridge=bridge-local interface=LAN
add bridge=bridge-local interface=LordOfThePings

/interface l2tp-server server
set enabled=yes ipsec-secret=dra3up8apwr3c0 use-ipsec=yes

/interface pptp-server server
set enabled=yes

/interface sstp-server server
set default-profile=default-encryption enabled=yes

/ip address
add address=10.0.0.99/24 comment="default configuration" interface=LAN \
    network=10.0.0.0

/ip cloud
set ddns-enabled=yes

/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid disabled=\
    no interface=WAN

/ip dhcp-server lease
add address=10.0.0.5 client-id=1:f4:ce:46:d6:60:f1 comment=printer \
    mac-address=F4:CE:46:D6:60:F1 server=default
add address=10.0.0.2 client-id=monstaOfLochNAS comment=NAS mac-address=\
    00:D0:B8:1E:39:FF server=default
add address=10.0.0.101 mac-address=9C:4E:36:34:B1:98 server=default
add address=10.0.0.116 client-id=1:0:1a:73:7b:bd:9d mac-address=\
    00:1A:73:7B:BD:9D server=default

/ip dhcp-server network
add address=10.0.0.0/24 comment="default configuration" gateway=10.0.0.99 \
    netmask=24

/ip dns
set allow-remote-requests=yes

/ip dns static
add address=192.168.88.1 name=router

/ip firewall filter
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=\
    established,related
add chain=input comment="allow l2tp" dst-port=1701 protocol=udp
add chain=input comment="allow pptp" dst-port=1723 protocol=tcp
add chain=input comment="allow sstp" dst-port=443 protocol=tcp
add action=drop chain=input comment="default configuration" disabled=yes \
    in-interface=WAN
add chain=forward comment="default configuration" connection-state=\
    established,related
add action=drop chain=forward comment="default configuration" \
    connection-state=invalid
add action=drop chain=forward comment="default configuration" \
    connection-nat-state=!dstnat connection-state=new in-interface=WAN
add chain=input dst-port=80 in-interface=WAN protocol=tcp
add action=drop chain=input in-interface=WAN protocol=tcp

/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" \
    out-interface=WAN
add action=masquerade chain=srcnat comment="masq. vpn traffic" src-address=\
    192.168.89.0/24

/ip ipsec policy
set 0 disabled=yes


/ip upnp
set enabled=yes

/ip upnp interfaces
add interface=bridge-local type=internal
add interface=WAN type=external

/ppp profile
set *FFFFFFFE local-address=192.168.89.1 remote-address=*2

/ppp secret
add name=vpn password=dra3up8apwr3c0

/system clock
set time-zone-autodetect=no

/system routerboard settings
set cpu-frequency=650MHz protected-routerboot=disabled

/tool graphing interface
add

/tool mac-server
set [ find default=yes ] disabled=yes
add interface=LAN
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=LordOfThePings
add interface=bridge-local

/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=LAN
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=LordOfThePings
add interface=bridge-local

I hope someone can help me with this problem. Thanks, Christoph