ISP wifi included into VLAN configuration

RouterOS Beginner Basics
1

Hi,

I am pretty new to Mikrotik and I need some suggestions about my setup in mind. Currently I have a CRS125 which is a layer3 switch as you may know. Since I am living in a two floor house, I'd like to take advantage of the basic ISP WIFI router configured in the first floor (actually because of the wifi)

This is pretty much my very basic setup which includes one VLAN configured (VLAN20 - 192.168.20.0/24).

internet -------| ISP router 192.168.254.1 | ------(eth1) | 192.168.254.254 - mikrotik - (VLAN20 - 192.168.20.1) | ----- | (192.168.20.2) 2nd floor Cisco AP |

More information:

  • The ISP router has DHCP disabled since the DHCP leases are managed by the Mikrotik at port ether1.
  • The Mikrotik has configured a DHCP for VLAN 20 which is working OK. All ports assigned to VLAN 20 got an IP from the range specified (192.168.20.0/24)
  • The Cisco AP in the 2nd floor is in VLAN20, so all clients gets an IP from that VLAN. However the ISP router wifi is giving IPs from the 192.168.254.0/24.
  • The mikrotik is configured as NAT in ether1 (which I believe is wrong)

[admin@MirRouter] > /ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat action=masquerade out-interface=ether1


Objective:

  • I'd like to create a VLAN254 which includes ISP wifi + AP 2nd floor + plug in using cable a couple of servers. (ether2 to ether4 for example)

My plan:

  • Create a VLAN254
  • I need to remove the NAT configuration in ether1 and add this port to the VLAN254. Do I need then to setup the 192.168.254.254 IP to VLAN254 interface?
  • Move the AP 2nd floor from VLAN20 to VLAN254

This is my status so far, I have created the VLAN254 but I am not sure:

  • how to routes will be created since eth1er is no longer nated and the default gateway will be removed as well
  • As you can see there are two IPs assigned to Mikrotik (192.168.254.254 in ether1) and (192.168.254.2 in VLAN20). How should I handle this? Configure in someway VLAN20 as WAN interface?
  • If I connect a computer to ether2 (VLAN254) it does not get a DHCP lease... the DHCP leases you can see in the configuration are requested by the wireless devices connected to ISP router wifi.
  • Is this setup overcomplicated and will be easier just to buy another AP, place it in first floor and deactivated ISP router wifi?

[admin@MirRouter] > /export hide-sensitive

may/13/2020 09:49:25 by RouterOS 6.46.5

model = CRS125-24G-1S

/interface bridge
add name=bridge1
/interface vlan
add interface=bridge1 name=VLAN20 vlan-id=20
add interface=bridge1 name=VLAN254 vlan-id=254
/interface ethernet switch
set drop-if-invalid-or-src-port-not-member-of-vlan-on-ports=ether18,ether19,ether20,ether17,ether21,ether22,ether23,ether24,ether2,ether3,ether4
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=POOL20 ranges=192.168.20.100-192.168.20.254
add name=dhcp_pool3 ranges=192.168.254.50-192.168.254.200
/ip dhcp-server
add address-pool=POOL20 disabled=no interface=VLAN20 name=DHCP20
add address-pool=dhcp_pool3 disabled=no interface=ether1 name=dhcp1
/user group
set full policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,tikapp
/interface bridge port
add bridge=bridge1 interface=ether21
add bridge=bridge1 interface=ether22
add bridge=bridge1 interface=ether23
add bridge=bridge1 interface=ether24
add bridge=bridge1 interface=ether20
add bridge=bridge1 interface=ether19
add bridge=bridge1 interface=ether18
add bridge=bridge1 interface=ether17
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
/interface ethernet switch egress-vlan-tag
add tagged-ports=switch1-cpu vlan-id=20
add tagged-ports=switch1-cpu vlan-id=254
/interface ethernet switch ingress-vlan-translation
add customer-vid=0 new-customer-vid=20 ports=ether21
add customer-vid=0 new-customer-vid=20 ports=ether22
add customer-vid=0 new-customer-vid=20 ports=ether23
add customer-vid=0 new-customer-vid=20 ports=ether24
add customer-vid=0 new-customer-vid=20 ports=ether20
add customer-vid=0 new-customer-vid=20 ports=ether19
add customer-vid=0 new-customer-vid=20 ports=ether18
add customer-vid=0 new-customer-vid=20 ports=ether17
add customer-vid=0 new-customer-vid=20 ports=ether20
add customer-vid=0 new-customer-vid=254 ports=ether2
add customer-vid=0 new-customer-vid=254 ports=ether3
add customer-vid=0 new-customer-vid=254 ports=ether4
/interface ethernet switch vlan
add ports=ether17,ether19,ether20,ether21,ether22,ether23,ether24,switch1-cpu vlan-id=20
add ports=ether2,ether3,ether4,switch1-cpu vlan-id=254
/interface list member
add interface=ether1 list=WAN
add list=LAN
/ip address
add address=192.168.254.254/24 interface=ether1 network=192.168.254.0
add address=192.168.20.1/24 interface=VLAN20 network=192.168.20.0
add address=192.168.254.2 interface=VLAN254 network=192.168.254.2
/ip dhcp-client
add interface=ether1
/ip dhcp-server lease
add address=192.168.20.4 client-id=1:b8:27:eb:b2:9a:94 mac-address=B8:27:EB:B2:9A:94 server=DHCP20 use-src-mac=yes
add address=192.168.254.95 mac-address=78:11:DC:F7:87:0A server=dhcp1
add address=192.168.254.94 comment="Yeelight strip light entrada" mac-address=04:CF:8C:AE:5E:77 server=dhcp1
add address=192.168.254.91 mac-address=6C:AD:F8:9E:17:EE server=dhcp1
add address=192.168.254.93 comment="strip light salon" mac-address=04:CF:8C:B1:EB:72 server=dhcp1
add address=192.168.254.90 mac-address=34:CE:00:92:22:69 server=dhcp1
/ip dhcp-server network
add address=192.168.20.0/24 dns-server=8.8.8.8 domain=mirhome.local gateway=192.168.20.1
add address=192.168.254.0/24 gateway=192.168.254.1
/ip dns
set servers=192.168.254.1,8.8.8.8
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
/ip route
add distance=1 gateway=192.168.254.1

Thanks in advance! Let me know if you need further info.