Hi Guys

can you please help me to understand what i did wrong

I have an rb4011 and audience

2 vlans: 10 and 20 and there is a trunk between port 9 on rb4011 and port 1, pssing both vlans

2 dhcps servers running on rb4011 one for each vlan

Then these vlans are assigned to ssids

Clients on ssids assigned to vlan 10 can get an ip just fine
Clients on ssids assigned to vlan 20 cannot get an ip at all


[admin@MikroTik_RB4011] > export compact hide-sensitive

aug/26/2020 14:42:22 by RouterOS 6.47.2

software id = A0JA-PWUH

model = RB4011iGS+

serial number = D1260BF19E4D

/interface bridge
add name=bridge_vlan10_main
add name=bridge_vlan20_guest
/interface ethernet
set [ find default-name=ether1 ] comment=WAN
set [ find default-name=ether5 ] comment=Main_PC
set [ find default-name=ether9 ] comment=Audience_VLAN_10_20 name=ether9-trunk
set [ find default-name=sfp-sfpplus1 ] comment=QNAP_10Gb_Fibre
/interface vlan
add comment=WAN_VLAN_10 interface=ether1 name=Orcon_ISP vlan-id=10
add comment=VLAN_10_and_20_per_Trunk interface=ether9-trunk name=vlan10_main vlan-id=10
add comment=VLAN_10_and_20_per_Trunk interface=ether9-trunk name=vlan20_guest vlan-id=20
/interface ethernet switch port
set 0 default-vlan-id=0
set 1 default-vlan-id=0
set 2 default-vlan-id=0
set 3 default-vlan-id=0
set 4 default-vlan-id=0
set 5 default-vlan-id=0
set 6 default-vlan-id=0
set 7 default-vlan-id=0
set 8 default-vlan-id=0
set 9 default-vlan-id=0
set 10 default-vlan-id=0
set 11 default-vlan-id=0
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=pool_vlan10_main ranges=10.10.0.0-10.10.0.253
add name=pool_vlan20_guest ranges=10.20.0.0-10.20.0.253
/ip dhcp-server
add address-pool=pool_vlan10_main disabled=no interface=bridge_vlan10_main lease-time=23h59m59s name=dhcp_vlan10_main
add address-pool=pool_vlan20_guest disabled=no interface=bridge_vlan20_guest lease-time=23h59m59s name=dhcp_vlan20_guest
/interface bridge port
add bridge=bridge_vlan10_main interface=ether2
add bridge=bridge_vlan10_main interface=ether3
add bridge=bridge_vlan10_main interface=ether4
add bridge=bridge_vlan10_main interface=ether5
add bridge=bridge_vlan10_main interface=ether6
add bridge=bridge_vlan10_main interface=ether7
add bridge=bridge_vlan10_main interface=ether8
add bridge=bridge_vlan10_main interface=ether10
add bridge=bridge_vlan10_main interface=vlan10_main
add bridge=bridge_vlan20_guest interface=vlan20_guest
/interface list member
add interface=Orcon_ISP list=WAN
add interface=bridge_vlan10_main list=LAN
add disabled=yes interface=bridge_vlan20_guest list=LAN
/ip address
add address=10.10.0.1/24 interface=bridge_vlan10_main network=10.10.0.0
add address=10.20.0.1/24 interface=bridge_vlan20_guest network=10.20.0.0
/ip dhcp-client
add disabled=no interface=Orcon_ISP
/ip dhcp-server lease
add address=10.10.0.7 client-id=1:9c:5c:8e:20:b8:c6 comment=MainPC mac-address=9C:5C:8E:20:B8:C6 server=dhcp_vlan10_main
add address=10.10.0.14 comment=Kettle mac-address=BC:DD:C2:A8:06:52 server=dhcp_vlan10_main
add address=10.10.0.17 client-id=1:d0:73:d5:24:52:2f comment=LIFXBulb mac-address=D0:73:D5:24:52:2F server=dhcp_vlan10_main
add address=10.10.0.20 client-id=1:50:ec:50:3a:f7:c5 comment=CCTV mac-address=50:EC:50:3A:F7:C5 server=dhcp_vlan10_main
add address=10.10.0.18 client-id=1:a:aa:7:69:c5:a5 comment=GalaxyS9 mac-address=0A:AA:07:69:C5:A5 server=dhcp_vlan10_main
add address=10.10.0.13 comment=NestMini_Living_Room mac-address=D4:F5:47:2B:BB:D7 server=dhcp_vlan10_main
add address=10.10.0.8 client-id=1:c0:b5:d7:5b:d7:4e comment=Printer mac-address=C0:B5:D7:5B:D7:4E server=dhcp_vlan10_main
add address=10.10.0.21 comment=NestMini_Bed_Room mac-address=D4:F5:47:12:EE:02 server=dhcp_vlan10_main
add address=10.10.0.16 comment=LIFXBulb mac-address=D0:73:D5:12:25:E9 server=dhcp_vlan10_main
add address=10.10.0.5 comment=VoipPhone mac-address=00:0B:82:EA:D2:C4 server=dhcp_vlan10_main
add address=10.10.0.15 client-id=1:ac:d5:64:94:db:dd comment=SonyTV mac-address=AC:D5:64:94:DB:DD server=dhcp_vlan10_main
add address=10.10.0.22 client-id=1:cc:f9:e4:9c:0:e0 comment=DellXPS_Laptop mac-address=CC:F9:E4:9C:00:E0 server=dhcp_vlan10_main
add address=10.10.0.11 client-id=1:88:19:8:ac:12:35 comment=MacbookAir mac-address=88:19:08:AC:12:35 server=dhcp_vlan10_main
add address=10.20.0.2 client-id=1:76:4d:28:f4:f7:f3 comment=MikroTik_Audience_VLAN_20 mac-address=76:4D:28:F4:F7:F3 server=dhcp_vlan20_guest
add address=10.10.0.2 client-id=1:74:4d:28:f4:f7:f2 comment=MikroTik_Audience_VLAN_10 mac-address=74:4D:28:F4:F7:F2 server=dhcp_vlan10_main
/ip dhcp-server network
add address=10.10.0.0/24 dns-server=1.1.1.1,1.0.0.1 gateway=10.10.0.1 netmask=24
add address=10.20.0.0/24 dns-server=1.1.1.1,1.0.0.1 gateway=10.20.0.1 netmask=24
/ip firewall filter
add action=accept chain=input comment=“defconf: accept established,related,untracked” connection-state=established,related,untracked
add action=drop chain=input comment=“defconf: drop invalid” connection-state=invalid
add action=accept chain=input comment=“defconf: accept ICMP” protocol=icmp
add action=drop chain=input comment=“defconf: drop all not coming from LAN” in-interface-list=!LAN
add action=accept chain=forward comment=“defconf: accept in ipsec policy” ipsec-policy=in,ipsec
add action=accept chain=forward comment=“defconf: accept out ipsec policy” ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment=“defconf: fasttrack” connection-state=established,related
add action=accept chain=forward comment=“defconf: accept established,related, untracked” connection-state=established,related,untracked
add action=drop chain=forward comment=“defconf: drop invalid” connection-state=invalid
add action=drop chain=forward comment=“defconf: drop all from WAN not DSTNATed” connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat out-interface=Orcon_ISP
add action=dst-nat chain=dstnat dst-port=33445 in-interface-list=WAN protocol=udp to-addresses=10.10.0.6
/ip route rule
add action=unreachable dst-address=10.20.0.0/24 src-address=10.10.0.0/24
add action=unreachable dst-address=10.10.0.0/24 src-address=10.20.0.0/24
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set www-ssl disabled=no
set api disabled=yes
set api-ssl disabled=yes
/system clock
set time-zone-name=Pacific/Auckland
/system identity
set name=MikroTik_RB4011
/system scheduler
add interval=4w2d name=monthly_reboot on-event=“/system reboot” policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=
aug/27/2020 start-time=03:00:00
[admin@MikroTik_RB4011] >

\

Audience

[admin@Mikrotik_Audience] > export compact hide-sensitive

aug/26/2020 13:47:05 by RouterOS 6.47.2

software id = M0L0-MR8G

model = RBD25G-5HPacQD2HPnD

serial number = B6BE0A6C03AF

/interface bridge
add comment=“Ports: Ethernet, WLAN, VirtualAP, VLAN per bridge” name=
bridge_vlan10_main
add comment=“Ports: Ethernet, WLAN, VirtualAP, VLAN per bridge” name=
bridge_vlan20_guest
/interface ethernet
set [ find default-name=ether1 ] name=ether1-trunk
set [ find default-name=ether2 ] comment=NOT_IN_USE disabled=yes
/interface vlan
add comment=vlan10_ethernet1 interface=ether1-trunk name=vlan10_main vlan-id=10
add comment=vlan20_ethernet1 interface=ether1-trunk name=vlan20_guest vlan-id=
20
/interface list
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk,wpa2-eap management-protection=allowed mode=
dynamic-keys name=wlan_10_main supplicant-identity=“”
add authentication-types=wpa2-psk eap-methods=“” management-protection=allowed
mode=dynamic-keys name=wlan_20_guest supplicant-identity=“”
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX
comment=RealAP_VirtualAP_and_VLAN_per_each country=“new zealand”
default-authentication=no disabled=no frequency=2447 mode=ap-bridge name=
wlan10_main_2.4GHz security-profile=wlan_10_main ssid=wifi vlan-id=10
vlan-mode=use-tag
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-XXXX
comment=RealAP_VirtualAP_and_VLAN_per_each country=“new zealand” mode=
ap-bridge name=wlan10_main_5.0GHz security-profile=wlan_10_main ssid=wifi
vlan-id=10 vlan-mode=use-tag
set [ find default-name=wlan3 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-XXXX
comment=RealAP_VirtualAP_and_VLAN_per_each country=“new zealand” disabled=
no mode=ap-bridge name=wlan10_main_5.0GHz+ security-profile=wlan_10_main
ssid=wifi vlan-id=10 vlan-mode=use-tag
add disabled=no keepalive-frames=disabled mac-address=76:4D:28:F4:F7:F3
master-interface=wlan10_main_2.4GHz multicast-buffering=disabled name=
wlan20_guest_2.4GHz security-profile=wlan_20_guest ssid=wifi_guest vlan-id=
20 vlan-mode=use-tag wds-cost-range=0 wds-default-cost=0 wps-mode=disabled
add keepalive-frames=disabled mac-address=76:4D:28:F4:F7:F5 master-interface=
wlan10_main_5.0GHz multicast-buffering=disabled name=wlan20_guest_5.0GHz
security-profile=wlan_20_guest ssid=wifi_guest vlan-id=20 vlan-mode=use-tag
wds-cost-range=0 wds-default-cost=0 wps-mode=disabled
add disabled=no keepalive-frames=disabled mac-address=76:4D:28:F4:F7:F7
master-interface=wlan10_main_5.0GHz+ multicast-buffering=disabled name=
wlan20_guest_5.0GHz+ security-profile=wlan_20_guest ssid=wifi_guest
vlan-id=20 vlan-mode=use-tag wds-cost-range=0 wds-default-cost=0 wps-mode=
disabled
/interface wireless manual-tx-power-table
set wlan10_main_2.4GHz comment=RealAP_VirtualAP_and_VLAN_per_each
set wlan10_main_5.0GHz comment=RealAP_VirtualAP_and_VLAN_per_each
set wlan10_main_5.0GHz+ comment=RealAP_VirtualAP_and_VLAN_per_each
/interface wireless nstreme
set wlan10_main_2.4GHz comment=RealAP_VirtualAP_and_VLAN_per_each
set wlan10_main_5.0GHz comment=RealAP_VirtualAP_and_VLAN_per_each
set wlan10_main_5.0GHz+ comment=RealAP_VirtualAP_and_VLAN_per_each
/interface vlan
add interface=wlan10_main_2.4GHz name=vlan10_main_2.4GHz vlan-id=10
add disabled=yes interface=wlan10_main_5.0GHz name=vlan10_main_5.0GHz vlan-id=
10
add interface=wlan10_main_5.0GHz+ name=vlan10_main_5.0GHz+ vlan-id=10
add interface=wlan20_guest_2.4GHz name=vlan20_guest_2.4GHz vlan-id=20
add disabled=yes interface=wlan20_guest_5.0GHz name=vlan20_guest_5.0GHz
vlan-id=20
add interface=wlan20_guest_5.0GHz+ name=vlan20_guest_5.0GHz+ vlan-id=10
/interface bridge port
add bridge=bridge_vlan10_main interface=vlan10_main
add bridge=bridge_vlan20_guest interface=wlan20_guest_2.4GHz
add bridge=bridge_vlan20_guest interface=vlan20_guest_2.4GHz
add bridge=bridge_vlan20_guest interface=wlan20_guest_5.0GHz
add bridge=bridge_vlan20_guest interface=vlan20_guest_5.0GHz
add bridge=bridge_vlan20_guest interface=wlan20_guest_5.0GHz+
add bridge=bridge_vlan20_guest interface=vlan20_guest_5.0GHz+
add bridge=bridge_vlan10_main interface=wlan10_main_2.4GHz
add bridge=bridge_vlan10_main interface=vlan10_main_2.4GHz
add bridge=bridge_vlan10_main interface=wlan10_main_5.0GHz
add bridge=bridge_vlan10_main interface=vlan10_main_5.0GHz
add bridge=bridge_vlan10_main interface=wlan10_main_5.0GHz+
add bridge=bridge_vlan10_main interface=vlan10_main_5.0GHz+
add bridge=bridge_vlan20_guest interface=vlan20_guest
/interface list member
add interface=bridge_vlan10_main list=LAN
add disabled=yes interface=bridge_vlan20_guest list=LAN
/interface wireless access-list
add comment=LIFX interface=wlan10_main_2.4GHz mac-address=D0:73:D5:12:25:E9
vlan-id=10 vlan-mode=use-tag
add comment=LIFX interface=wlan10_main_2.4GHz mac-address=D0:73:D5:24:52:2F
vlan-id=10 vlan-mode=use-tag
add comment=Kettle interface=wlan10_main_2.4GHz mac-address=BC:DD:C2:A8:06:52
vlan-id=10 vlan-mode=use-tag
add comment=CCTV interface=wlan10_main_2.4GHz mac-address=50:EC:50:3A:F7:C5
vlan-id=10 vlan-mode=use-tag
add comment=Printer interface=wlan10_main_2.4GHz mac-address=C0:B5:D7:5B:D7:4E
vlan-id=10 vlan-mode=use-tag
/ip dhcp-client
add disabled=no interface=bridge_vlan20_guest
add disabled=no interface=bridge_vlan10_main
/ip firewall filter
add action=drop chain=input comment=“defconf: drop all not coming from LAN”
in-interface-list=!LAN
/ip route rule
add action=unreachable dst-address=10.20.0.0/24 src-address=10.10.0.0/24
add action=unreachable dst-address=10.10.0.0/24 src-address=10.20.0.0/24
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set www-ssl disabled=no
set api disabled=yes
set api-ssl disabled=yes
/system clock
set time-zone-name=Pacific/Auckland
/system identity
set name=Mikrotik_Audience
/system scheduler
add interval=4w2d name=monthly_reboot on-event=“/system reboot” policy=
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon
start-date=aug/27/2020 start-time=03:10:00
[admin@Mikrotik_Audience] >

I assinged an ethernet port on the rb4011 to vlan20 for testing and the ip ws issues immidiatelly, so I guess the issue can be on the audience?

I think you should have a single bridge and add vlan filtering to that. See also:
http://forum.mikrotik.com/t/using-routeros-to-vlan-your-network/126489/1

Found what the problem was, made a typo, too man vlans hahaha

add interface=wlan20_guest_5.0GHz+ name=vlan20_guest_5.0GHz+ vlan-id=10
/interface bridge port