hi there,
I wanna run several DHCP servers but with the same subnet over my VLANs that added to one ether, I have run hotspot server on a bridge interface and attached all my vlans to that bridge, now i want to use different ip subnets to make a relation between the ip address and the vlan tag. The problem is vlans are slave so dhcp can not run on those, is there any alternative solution plz?
192.168.1.1/16 GW
192.168.10.0/16 VLAN 10
192.168.20.0/16 VLAN 20
192.168.30.0/16 VLAN 30
.
.
.
(sorry for my english)
What’s the underlying reason for separating the 192.168.0.0/16 network into separate VLANs?
my network is really big (about 800 users), in a vast area so i have to break the broadcast to easy trubleshooting.
There are multiple ways to do this, but probably the simplest to achieve conceptually is to attach a separate DHCP server to each vlan.
I’m just going through this in my head, I’m hoping what I’m telling you is right.
I’m assuming you want a single ethernet port per vlan. If you want to trunk them all down the same physical interface, the setup will be different but the concept is the same. Also, assuming you want the MikroTik router to be the DHCP server(s).
Make a separate bridge interface for each vlan, maybe called bridge10 and bridge20.
Add vlan interfaces, maybe called vlan10 and vlan20.
Remove the master port from the physical ethernet interfaces you want to use. Add the physical interface and vlan interface to the bridge (ex: bridge10 gets vlan10 and ether4, bridge20 gets vlan20 and ether5).
Then create separate DHCP servers for each vlan interface, and create the pools for each dhcp server instance.
That should do it.
You can also use a separate DHCP server (I use the ISC DHCP server) and a dhcp-relay but it’s a different setup.
first of all thank you
in fact i want to use one physical interface for all vlans because i have one hotspot server that is run on a bridge port (all vlans are that bridge’s ports) and the main problem is routerboard wont let me run dhcp server on a vlan that is slave.it means i can not have one hotspot an several dgcp servers at the same time?
Regardless, you need to segment your layer 3 area similarly.
If you’re going to create these VLANs with the idea of creating separate broadcast domains you’ll want your IP addressing to match. A /21 would leave 5 bits for network-ids and 3 bits for additional host-ids in each network. Creating a broadcast domain that is 8 /24 wide. Something like this maybe:
192.168.16.0/21 - Create a VLAN (16) IP of 192.168.16.1/21 - Create a DHCP pool and network definition that appropriately configures your hosts.
192.168.24.0/21 - Create a VLAN (24) IP of 192.168.24.1/21 - Create a DHCP pool and network definition that appropriately configures your hosts.
192.168.32.0/21 - Create a VLAN (32) IP of 192.168.32.1/21 - Create a DHCP pool and network definition that appropriately configures your hosts.
By creating the overlapping IP space the way you are doing above you’re isolating your clients at worst and at best you’ll have to enable proxy-arp to enable hosts to reach other like they used to in the larger /16. All negative effects if you ask me.
You may need to change the way you are bridging. That said, the RouterOS folks just released a major change to bridging. It is meant to simplify configuration greatly. You could try the new method with the RC or you can use simple software bridging which “should” be fairly easy to convert to the new bridges as they stabilize in 6.40rc to it’s production release.
/interface vlan add name=eth2-vl16 interface=ether2 vlan-id=16
/interface vlan add name=eth2-vl24 interface=ether2 vlan-id=24
/interface vlan add name=eth2-vl32 interface=ether2 vlan-id=32
/interface bridge add name=br16
/interface bridge add name=br24
/interface bridge add name=br32
/interface bridge port add bridge=br16 interface=eth2-vl16
/interface bridge port add bridge=br24 interface=eth2-vl24
/interface bridge port add bridge=br32 interface=eth2-vl32
/ip address add interface=br16 address=192.168.16.1/21
/ip address add interface=br24 address=192.168.24.1/21
/ip address add interface=br32 address=192.168.32.1/21
/ip pool add name=vl16 ranges=192.168.16.10-192.168.23.249
/ip pool add name=vl24 ranges=192.168.24.10-192.168.31.249
/ip pool add name=vl32 ranges=192.168.32.10-192.168.39.249
/ip dhcp-server network add address=192.168.16.0/21 gateway=192.168.16.1 dns-server=8.8.8.8
/ip dhcp-server network add address=192.168.24.0/21 gateway=192.168.16.1 dns-server=8.8.8.8
/ip dhcp-server network add address=192.168.32.0/21 gateway=192.168.16.1 dns-server=8.8.8.8
/ip dhcp-server name=vl16 interface=br16 address-pool=vl16
/ip dhcp-server name=vl24 interface=br24 address-pool=vl24
/ip dhcp-server name=vl32 interface=br32 address-pool=vl32
let me explain more:
there is a physical interface (Trunk) and there are vlans on it and there is a bridge (with all vlans and no physical interface) that i can run a hotspot on it, i have run the DHCP server on bridge port. every thing works fine and the broadcast has broken, i just want to have a meaningful ip address per vlan (192.168.10.x for vlan 10 and …),dhcp works on a bridge port but it wont work on a vlan that is slave of a bridge, i can not forget about bridge because of one hotspot over all vlans.
GW: 192.168.1.1
NETMASK: 255.255.0.0
pool1: 192.168.10.5-192.168.10.250
pool2: 192.168.20.5-192.168.20.250
pool3: 192.168.30.5-192.168.30.250
.
.
.
Define what the hotspot is doing.
I’m not certain you understand what you are doing. If you want VLANs because you want to create separate broadcast domains you NEED to allocate IP space to them appropriately to create matching layer 3 segmentation. MikroTik not allowing you to create DHCP servers on VLAN interfaces that are slaved to a bridge is not the problem. Look at my post and hopefully you’ll get a better understanding of how to create a “trunk” (I’m guessing you’re connecting to a Cisco device) by creating VLAN interfaces that apply the VLAN “tag” on the physical interface appropriately. Read my post above this. It contains a demonstration on how this could be accomplished.
TLDR; what you’re trying to do simply isn’t smart. You need to make sure you don’t intentionally create layer 3 overlaps within layer 2. The exception being technology that can manage that overlap effectively and when it is intentionally done. Something like private VLANs in Cisco land comes to mind.
ok,then change your solution by considering one physycal interface, one hotspot server, several vlans and subnets.
(i just wanted to prevent network from an unknown dhcp server, not more. but lets do your solution.)
The example I gave above shows how to create the VLANs on a single interface in a way that will allow to create and bind 3 VLANs appropriately.
Not sure about hotspot. I’d have to look how that’s setup. I simply don’t use it. I’d imagine you can forward users to a single instance.