You have assigned the address 192.168.1.3 to ether1 and no address to wlan1.
If you want to bridge ether1 and wlan1 so they are the same layer2 network then both interfaces should be added to a bridge, the IP address and DHCP server should specify the bridge as the interface, not any of the members. N.B. the DHCP server will serve any requests from both ether1 and wlan1 interfaces.
If you want to route traffic between ether1 and wlan1 then add IP addresses in different subnets to both interfaces, check the DHCP server, network and IP pool addresses are in the same subnet as the address on wlan1.
It didn’t occur to me that every interface need to have an ip address assigned. In my mind I only needed one to target the device (routeros) but the other one was just like a port on a switch, which don’t usually have their own addresses.
So I added an address to wlan0 and that seems to have got the dhcp server working properly. For now, I only want it assigned to wlan, rather than bridge, as there is another dhcp server on the eth side on my current network.
However, when I enable the bridge I still have the same problem I mentioned in another thread – that I loose all access to the router, via webfig or ssh. So I can no longer make any changes without doing a hard reset and starting again… I tried assigned an ip address to the bridge interface as well, but that didn’t seem to help. Any ideas?
You need IP address on all interfaces which take part in L3 (IP) communication. DHCP address assignment is an IP communication, hence DHCP server needs IP address in the interface where DHCP server is running. In addition to that, your RB is right now acting as a router between wired and wireless LANs and for that it clearly needs IP addresses on both involved interfaces.
So you would like to actually make ethernet and wifi interfaces part of same LAN, sharing same IP address space? Post your complete configuration (/export hide-sensitive) and we might get some idea …
This is my current setup. DHCP server is working on the wlan side ok. However, as soon as I enable the bridge, wireless clients can access the lan side (so the bridge is working), but the router ceases to be available over network via any port (a port scan shows nothing open) so the webfig and ssh connections, and ping, all die.
It’s anecdotal, but I have had the router disappear like this a lot over the last few days, and not just when I enable a bridge. Sometime it has been when updating various simple settings, that don’t make any major change to things, but suddenly all is lot. Sometimes, if I reboot the metal then I can access it again, but other times I need to do a hard reset and reload my last working config. Sadly, rebooting with the bridge enabled does not make the router accessible again.
# jan/02/1970 00:02:32 by RouterOS 6.43.8
# software id = 1K4A-AQNN
#
# model = Metal G-52SHPacn
# serial number = A80809E0DBD5
/interface bridge
add disabled=yes fast-forward=no name=bridge1
/interface ethernet
set [ find default-name=ether1 ] speed=100Mbps
/interface list
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk management-protection=allowed mode=dynamic-keys name=blue_planet \
supplicant-identity=MikroTik
/interface wireless
set [ find default-name=wlan1 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-Ceee disabled=no \
frequency=auto mode=ap-bridge security-profile=blue_planet ssid="Video World"
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=default-dhcp ranges=192.168.1.101-192.168.1.199
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=wlan1 name=server1
/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=wlan1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=ether1 list=LAN
add interface=wlan1 list=LAN
/ip address
add address=192.168.1.3/24 comment=sph interface=ether1 network=192.168.1.0
add address=192.168.1.4/24 interface=wlan1 network=192.168.1.0
add address=192.168.1.9/24 interface=bridge1 network=192.168.1.0
/ip dhcp-server network
add address=192.168.1.0/24 comment=defconf dns-server=192.168.1.1 gateway=192.168.1.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.1.1 name=router.lan
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" \
connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=\
established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" \
connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" \
connection-nat-state=!dstnat connection-state=new in-interface-list=*2000010
/system leds
set 1 leds=led2,led3,led4,led5
add interface=wlan1 leds=led1 type=interface-activity
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
Inaccessibility of your RB right after you enable bridge is caused by FW rule
/ip firewall filter
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
Because suddenly firewall sees incoming packets not from ether1 but from bridge1. The very same omission breaks MAC WinBox access as well:
/tool mac-server mac-winbox
set allowed-interface-list=LAN
Cure is to add bridge1 to appropriate interface list before enabling bridge again:
/interface list member
add interface=bridge1 list=LAN
Next time, before trying to enable bridge again, enable safe mode (I’ve heard that there exists an icon somewhere in NE corner of Winbox app … using CLI, CTRL-X toggles it) and in case that change really breaks connectivity of current management session, changes will get reverted after 10 or 20 seconds.
After you successfully enable bridge, you’ll have to re-work L3 configuration of your RB.
If the role of this device is bridge between wireless and wired LAN, then the only reason to keep IP address is for management access. If you plan to use Winbox for management, IP setup is not needed even for that as you can use MAC connection.
If you decide to keep IP address, bind it to bridge1 (wlan and ether ports don’t need their own IP addresses). You might want to add a default route with your main router as gateway … so you can perform ROS upgrades etc.