DHCP server not responding in VLAN

RouterOS Beginner Basics
1

Hi,

my setup is RB4011:

  • an access point connected to its ethernet port
  • a PC connected to its ethernet port
  • a printer connected to its ethernet port
  • unmanaged switch connected to its ethernet port

Unmanaged switch has:

  • several PCs connected to its ethernet ports
  • a secondary access point connected to its ethernet port

All of the devices mentioned so far are on LAN network (10.1.1.0). The goal is to isolate Wi-Fi traffic from LAN by using VLAN (network 10.1.30.0). Therefore both access points are configured to tag packets with VLAN ID 30. I get no response from DHCP server from requests that are tagged with VLAN ID 30. DHCP server on untagged LAN works fine.

What I tried so far:

  1. I enabled DHCP debug logs. All I see are lines like: received discover from 52:54:00:81:02:D2 with unknown giaddr 0.0.0.0
  2. I captured traffic on Mikrotik and confirmed it receives DHCP requests and they are tagged with VLAN ID 30.
  3. I configured one of the PCs manually to have a static IP address in 10.1.30.0 network and to tag packets with VLAN ID 30. Internet access works on this PC.
  4. If I configure the PC to use DHCP it receives no response from RB4011.

I have no further ideas and am kind of lost at the moment. Any help is greatly appreciated.

My config is:

# oct/08/2023 11:35:19 by RouterOS 6.44.3
# model = RB4011iGS+5HacQ2HnD
#
/interface ethernet
set [ find default-name=ether1 ] name=ether1-WAN

/interface bridge
add admin-mac=74:4D:28:54:9E:39 auto-mac=no comment=defconf name=bridge-lan

/interface vlan
add interface=bridge-lan name=vlan30-wifi vlan-id=30

/interface ethernet switch port
set 0 default-vlan-id=0
set 1 default-vlan-id=0
set 2 default-vlan-id=0
set 3 default-vlan-id=0
set 4 default-vlan-id=0
set 5 default-vlan-id=0
set 6 default-vlan-id=0
set 7 default-vlan-id=0
set 8 default-vlan-id=0
set 9 default-vlan-id=0
set 10 default-vlan-id=0
set 11 default-vlan-id=0

/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN

/ip pool
add name=pool-lan ranges=10.1.1.201-10.1.1.240
add name=pool-vlan30-wifi ranges=10.1.30.128-10.1.30.254

/ip dhcp-server
add address-pool=pool-lan disabled=no interface=bridge-lan lease-time=12h \
    name=dhcp-lan
add address-pool=pool-vlan30-wifi disabled=no interface=vlan30-wifi \
    lease-time=30m name=dhcp-vlan30-wifi relay=10.1.30.10

/interface bridge port
add bridge=bridge-lan comment=defconf interface=ether2
add bridge=bridge-lan comment=defconf interface=ether3
add bridge=bridge-lan comment=defconf interface=ether4
add bridge=bridge-lan comment=defconf interface=ether5
add bridge=bridge-lan comment=defconf interface=ether6
add bridge=bridge-lan comment=defconf interface=ether7
add bridge=bridge-lan comment=defconf interface=ether8
add bridge=bridge-lan comment=defconf interface=ether9
add bridge=bridge-lan comment=defconf interface=ether10
add interface=*16
add interface=vlan30-wifi

/ip neighbor discovery-settings
set discover-interface-list=none

/interface list member
add comment=defconf interface=bridge-lan list=LAN
add comment=defconf interface=ether1-WAN list=WAN
add interface=vlan30-wifi list=LAN

/ip address
add address=10.1.1.10/24 comment=defconf interface=bridge-lan network=\
    10.1.1.0
add address=10.1.30.10/24 interface=vlan30-wifi network=10.1.30.0

/ip dhcp-server network
add address=10.1.1.0/24 comment=defconf dns-server=10.1.1.10 gateway=\
    10.1.1.10 netmask=24 ntp-server=10.1.1.10
add address=10.1.30.0/24 dns-server=10.1.30.10 gateway=10.1.30.10
2

When going for VLAN, do VLAN all the way:
http://forum.mikrotik.com/t/using-routeros-to-vlan-your-network/126489/1

You created a VLAN (vlan30-wifi) but nothing is configured to it.

6.44.3??? 6.49.10 is the latest LTS at this moment, you might want to upgrade. Any reason for not having a firewall? I assume (at least hope) that this device is not directly available from the Internet?

3

First of all thanks for replying. Yes, the device has firewall configuration but I omited it from the config because it is not responsible for my DHCP issue. I am aware I am running old version of RouterOS but it worked flawlessly so far and I am hesitant to upgrade for the sake of upgrade.

I will check the thread you linked.

When you say “You created a VLAN (vlan30-wifi) but nothing is configured to it.”. I assigned the interface vlan30-wifi to DHCP server. Is that not enough?

4

What is missing (and what I would expect):

/interface bridge vlan
add bridge=bridge-lan tagged=bridge-lan untagged=[hardware wifi interface],sfp1 vlan-ids=30

And afterwards activate vlan filtering on the bridge

In regards to either or not upgrading…you must have seen the security updates because of some vulnerabilities? And that is far from “the sake of upgrade”…

5

Thanks, I was reading the linked thread and followed steps from one of the configs and managed to fix DHCP server issue. I will upgrade the router as soon as I setup VLANs properly. Thank you for your help.