Hello,
I live in Norway and have a fiber internet connection with a crappy Zyxel box which i want to replace with a CCR1009 and a couple of RB951s (already have the hardware). I dont have the correct SFP so i have changed the mac address of the CCR and can ping hte outside world on eth1 connected to the small fiber box that the ISP provided. The ISP provides internet on VLAN 102 which i have managed, incredibly to make work. However this is where it stops for me, and I need some help…
I suspect something easy is going on, as I can get everything to work if the RB951 is connected to eth2 with its own DHCP server. On CCR I have:
eth1 to ISP
VLAN102 on eth1
Bridge1 porting vlan102 and eth2
dhcp client on vlan102 (works)
dhcp server on bridge 1 (does not seem to work)
NAT masquerading on bridge 1
Default routes as provided by dhcp client only. Maybe this is where the problem lies.
I hope I´m stupid and you all smart people can help me
Do you get access to the Inernet, when ether1 on CCR is configured without VLAN?
If answer is yes, configure private IP address on Ether2, setup masquerading on CCR.
As there is RB951 and I assume there might another network, configure additional route,
/ip route add dst-address=x.x.x.x/24 gateway=IP_of_951
x.x.x.x/24 is subnet behind RB951.
If I’m understanding your post correctly, it looks like you have vlan102 bound to ether1, as your WAN port, receiving an IP dynamically from your ISP. You then are bridging the WAN port with ether2 (your LAN port).
That’s certainly not going to behave the way you want it to. Without more specifics about your config (especially on the 951s), I can’t really help you further than that, but I suspect you may see progress simply by removing the bridge. Also, you should only have 1 DHCP server total on your LAN network (unless you’re using the 951s to create multiple separate networks, in which case devices connecting to the 951s should never receive DHCP from the CCR, since they’re not connected to the CCR’s network – they’re connected to one of the 951 networks).
HI and thanks for your answers. First: without a VLAN interface on eth1 there is no internet.
Second I have made a bridge between vlan 102 and eth2 (which is connected to a switch and the 951s set up in AP mode without DHCP server), and with the DHCP server on that bridge. However this is where im obviously doing something very wrong as the 951s or whicever device that connects first gets an IP from my ISP and not my DHCP server on bridge 1. If i set 951s IPs to static i can access the internet on one PC, but only one as that gets assigned the IP from my ISP…
I do want just one network (to sttart) with one DHCP on the CCR. But that´s what im struggling with.
You should NOT be bridging vlan102 (the WAN port, AKA the Internet port) with eth2 (your LAN port, AKA the inside network port).
Eth2 should be configured with a private IP address, DHCP server, all the standard setup of a home router. You then need to use a IP > Firewall > NAT rule (a masquerade rule) in order to ensure traffic can travel from your LAN out through the WAN port to the internet. There are articles on the wiki (such as this one) that can provide you with beginning information about how to set up your CCR as a router.
