Goldbro
November 25, 2023, 3:25am
1
Hi,
I have a MicroTik Hex Router & a TP link AP.
I have 3 Vlans, one for my network, one for my neighbor, and one for my IOT devices.
However my laptop is having issues with the DHCP server. I’m going to leave this overnight and see if anyone responds, I’ll post more info tomorrow.
And yes the TP-Link AC1200 Wireless Gigabit Access Point is set up for each vlan and has worked flawlessly for the past 5 months. Only now do I have problems. I also have fing installed, and it’s stating that I have problems with multi dhcp.
mkx
November 25, 2023, 8:29am
2
Without seeing (non-working) hEX config and more detailed description of wanted setup we can only respond with: it should work.
And you may want to start to read this excellent reference material from member pcunite:http://forum.mikrotik.com/t/using-routeros-to-vlan-your-network/126489/1
(read it a couple of times, it will take some time to digest)
Goldbro
November 25, 2023, 2:19pm
4
# nov/25/2023 09:11:44 by RouterOS 6.49.7
# software id = JSAK-TA29
#
# model = RB750Gr3
# serial number = HEC08JNVRCK
/interface bridge
add admin-mac=48:A9:8A:AF:26:10 auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=ether1 ] name=NetIn
set [ find default-name=ether4 ] name=PS5
set [ find default-name=ether3 ] name=Wifi1
/interface vlan
add interface=Wifi1 name=EvilDevice vlan-id=20
add interface=Wifi1 name=PrivateHome vlan-id=10
add interface=Wifi1 name=SSHomePrivate vlan-id=30
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
add name=dhcp_pool1 ranges=192.168.40.2-192.168.40.254
add name=dhcp_pool2 ranges=192.168.50.2-192.168.50.254
add name=dhcp_pool3 ranges=192.168.30.2-192.168.30.254
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge name=defconf
add address-pool=dhcp_pool1 disabled=no interface=EvilDevice name=dhcp1
add address-pool=dhcp_pool2 disabled=no interface=SSHomePrivate name=dhcp2
add address-pool=dhcp_pool3 disabled=no interface=PrivateHome name=dhcp3
/queue simple
add max-limit=10M/10M name=queue1 target=EvilDevice
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=Wifi1
add bridge=bridge comment=defconf interface=PS5
add bridge=bridge comment=defconf interface=ether5
/ip neighbor discovery-settings
set discover-interface-list=!all
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=NetIn list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=192.168.88.0
add address=192.168.30.1/24 interface=PrivateHome network=192.168.30.0
add address=192.168.40.1/24 interface=EvilDevice network=192.168.40.0
add address=192.168.50.1/24 interface=SSHomePrivate network=192.168.50.0
/ip dhcp-client
add comment=defconf disabled=no interface=NetIn
/ip dhcp-server network
add address=192.168.30.0/24 gateway=192.168.30.1
add address=192.168.40.0/24 gateway=192.168.40.1
add address=192.168.50.0/24 gateway=192.168.50.1
add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=\
established,related disabled=yes
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
/system clock
set time-zone-name=America/New_York
/system routerboard mode-button
set enabled=yes on-event=script_reboot
/system script
add dont-require-permissions=no name=script_reboot owner=admin policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/system reboot"
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
is my current config.
also the error coming from the router
Detected conflict by ARP response for 192.168.30.17 from 70:F0:: ::
anav
November 25, 2023, 3:04pm
5
You didnt read that article very closely, where the EFF does it show the bridge doing any DHPC…
So take your bridge subnet and assign it to a vlan.
None of your bridge ports are assigned properly for access ports or trunk ports…
No vlans indicated on interface list members.
Try harder…