Hi all
My setup, in short: CCR1016-12G, ROS 6.11, ports occupied by two WANs, 1 LAN, 2 WLANs and link to SIP phone system
- ether1, WAN 1
- ether2, WAN 2
- ether8, SIP (192.168.4.0/24)
- ether9, WLAN2 - Free (192.168.3.0/24)
- ether10, WLAN1 - Encrypted, locked (192.168.2.0/24)
- ether11, LAN (192.168.1.0/24)
WLAN configuration - still being tested: APs in multi SSID mode, using two separate VLANs (being transmitted by all 3 test APs)
APs (DHCP clients) connected to switch, switch connected to ether10.
Separate DHCP servers/scopes defined on MT for VLANs.
I’m having problems with DHCP on the encrypted/protected WLAN. 2 scenarios:
-
ether10/VLAN1 bridged (config 1 below): erratic things with DHCP clients. Some (mainly older laptops) work ok, newer machines get IP address but have no connectivity with the gateway and the rest display “bridge offering lease 192.168.2.* to XX:XX:XX:XX:XX:XX without success”. APs pingable/connectable via LAN (from other segments)
-
ether10/VLAN1 separate, but with the same DHCP server/address pool (bridge disabled, (config 2 below): all DHCP clients get their addresses either on ether or WLAN, but sometimes cannot communicate between themselves (laptop connected to wlan, has 192.168.1.0/24 access, can see Internet, but cannot ping its own AP!? or any other device connected via ether10). Enabling bridge, then disabling it after a few moment, corrects everything, but later things return to state as described
I’ve found few posts with people reporting DHCP issues when going via bridges/VLANs but no solution as far as I can see.
My issue is, I think, with DHCP through bridge, configured in this manner. Anyone else encountered this? Or, even better, resolved it.
Or am I doing something wrong?
Cheers
Config 1
/interface ethernet
set comment=“ether10 - LAN interface 192.168.2.* (WLAN)” name=INT-B
/interface vlan
add comment=“WiFi VLAN - Locked” interface=INT-B name=VLAN_w1 vlan-id=10
/interface bridge
add comment=“WiFi Locked - INT-B + VLAN_w1” disabled=no name=wlan_1_bridge
/interface bridge port
add bridge=wlan_1_bridge interface=INT-B
add bridge=wlan_1_bridge interface=VLAN_w1
/interface bridge settings
set use-ip-firewall=yes use-ip-firewall-for-vlan=yes
/ip address
add address=192.168.2.1/24 comment=“Bridge 1, VLAN_w1+INT-B, LAN - 192.168.2.* (Locked WLAN)” disabled=no
interface=wlan_1_bridge network=192.168.2.0
/ip dhcp-server
add address-pool=wlan_pool_1 interface=wlan_1_bridge name=wlan_dhcp_1
/ip dhcp-server network
add address=192.168.2.0/24 dns-server=192.168.1.10,192.168.2.1 domain=domain.local gateway=
192.168.2.1 netmask=24 ntp-server=192.168.2.1 wins-server=192.168.1.10
Config 2
/interface ethernet
set comment=“ether10 - LAN interface 192.168.2.* (WLAN)” name=INT-B
/interface vlan
add comment=“WiFi VLAN - Locked” interface=INT-B name=VLAN_w1 vlan-id=10
/ip address
add address=192.168.2.1/24 comment=“port ETH 10, INT-B, LAN - 192.168.2.* (WLANs)” interface=INT-B network=
192.168.2.0
add address=192.168.2.1/24 comment=“VLAN 1, INT-B, LAN - 192.168.2.* (Locked WLAN)” interface=VLAN_w1 network=
192.168.2.0
/ip dhcp-server
add address-pool=wlan_pool_1 disabled=no interface=VLAN_w1 name=wlan_dhcp_1_wifi
add address-pool=wlan_pool_1 disabled=no interface=INT-B name=wlan_dhcp_1_eth
/ip dhcp-server network
add address=192.168.2.0/24 dns-server=192.168.1.10,192.168.2.1 domain=domain.local gateway=
192.168.2.1 netmask=24 ntp-server=192.168.2.1 wins-server=192.168.1.10