How do I assign DHCP Client to Virtual WiFi Interfaces?

philan · October 30, 2022, 10:34pm

On a ‘wAP ac’, I have dual band setup that gets its IP information from an upstream firewall/router.

It works beautifully.

But, when I add guest networks by adding Virtual WiFi Interfaces, unlike their master interfaces, fail to get DHCP information from upstream firewall/router.

I tried several random things but nothing worked.

Could someone pelase help.

Here is my config.

# oct/31/2022 00:58:17 by RouterOS 7.6
# model = RBwAPG-5HacT2HnD

/interface bridge
add name=bridge1
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=\
    dynamic-keys supplicant-identity=MikroTik
add authentication-types=wpa2-psk eap-methods="" mode=dynamic-keys name=\
    Guest_Security supplicant-identity=MikroTik
add authentication-types=wpa2-psk eap-methods="" mode=dynamic-keys name=\
    Main_Security supplicant-identity=MikroTik
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-eC \
    disabled=no frequency=auto mode=ap-bridge security-profile=Main_Security \
    ssid=MAIN_2G wds-default-bridge=bridge1 wds-ignore-ssid=yes
add disabled=no keepalive-frames=disabled mac-address=CE:2D:xx:xx:xx:94 \
    master-interface=wlan1 multicast-buffering=disabled name=wlan1_guest \
    security-profile=Guest_Security ssid=GUESTS_2G wds-cost-range=0 \
    wds-default-cost=0 wps-mode=disabled
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
    20/40/80mhz-eCee disabled=no frequency=auto mode=ap-bridge \
    security-profile=Main_Security ssid=MAIN_5G wds-default-bridge=bridge1 \
    wds-ignore-ssid=yes
add disabled=no keepalive-frames=disabled mac-address=CE:2D:xx:xx:xx:95 \
    master-interface=wlan2 multicast-buffering=disabled name=wlan2_guest \
    security-profile=Guest_Security ssid=GUESTS_5G wds-cost-range=0 \
    wds-default-cost=0 wps-mode=disabled
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/interface bridge filter
add action=drop chain=output dst-mac-address=\
    01:80:C2:00:00:00/FF:FF:FF:FF:FF:FF out-interface=ether1
/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=wlan1
add bridge=bridge1 interface=wlan2
/interface detect-internet
set detect-interface-list=LAN internet-interface-list=LAN lan-interface-list=\
    LAN wan-interface-list=WAN
/interface list member
add interface=bridge1 list=WAN
add interface=ether1 list=LAN
/ip address
add address=10.0.0.99/8 interface=ether1 network=10.0.0.0
/ip dhcp-client
add dhcp-options=hostname,clientid_duid interface=bridge1

holvoetn · October 30, 2022, 10:49pm

How are those virtual interfaces supposed to get IP info if they are not part of the bridge ?
Are they supposed to participate in the same DHCP pool ? If so, add them to the bridge.
If not, is there a separate IP pool upstream or do you need to specify your own ? If your own, add a DHCP server and connect those interfaces to it (two servers, since there are 2 interfaces, can use the same pool).

bpwl · October 30, 2022, 10:55pm

Ether1,wlan1 and wlan2 are all on the bridge1, and together form just one L2 network.
The bridge will define the interface list and IP address, Because ether1, wlan1 and wlan2 are only “slave” interfaces to the bridge (with no IP address, list membership, etc etc)

What is it now for the bridge? WAN or LAN interface list? (WAN by default will activate NAT and masquerade. It probably must just be LAN)
“detect-internet” will alter your settings, what might end in an invalid configuration. Don’t use detect-internet.

philan · October 31, 2022, 11:04am

All real interfaces (ether1, wlan1, wlan2) are members of bridge1. (See attached image)

Since the virtual interfaces (wlan1_guest and wlan2_guest) are children of wlan1 and wlan2, respectively, I thought the would automagically get their DHCP information from the DHCP Client that is assigned to bridge1.

If that is not so, do I need to create a DHCP Clent for each of these virtual interfaces?

BTW, in Winbox, how can I see the members of a bridge?

holvoetn · October 31, 2022, 11:11am

Bridge, ports

philan · October 31, 2022, 11:31am

I see.
Thank you.

Can I --should I-- simple add wlan1_guest and wlan2_guest to these?

gotsprings · October 31, 2022, 12:58pm

If you want them to get an IP from the same DHCP server… yes add them to that bridge.

philan · October 31, 2022, 2:27pm

[/quote]
If you want them to get an IP from the same DHCP server… yes add them to that bridge.
[/quote]

Thank you. I did that and it worked great.

I have question, I am not sure if this is the place to ask:

If I want to limit the bandwidth for guests wlan’s, where/how can I do it?

holvoetn · October 31, 2022, 2:28pm

Queues.
Be aware though it means FastTrack will have to be disabled and it might put extra load on your cpu.