Multiable DHCP Servers on Seperate Interfaces

ITDave · September 9, 2017, 9:50am

Hi All,

New to MikroTik and have tried creating a second DHCP server on eth5. Noticing under IP >> Routes. It shows that eth5 Route is Unreachable.

Since then i have been able to get it working after setting up a Bridge Interface with eth5. Is there something I am doing wrong is is this normal to have to create a Bridge Interface to get a Second Port running with MikroTik.

Please see a copy of my config;

/interface bridge
add arp=reply-only name="eth5-MNG (Bridge)"
/interface ethernet
set [ find default-name=ether1 ] name=eth1-WAN
set [ find default-name=ether2 ] arp=reply-only comment=\
    "LAN Interface (LACP)" name=eth2-LACP
set [ find default-name=ether3 ] mac-address=6C:3B:6B:82:93:B8 name=eth3-LACP
set [ find default-name=ether4 ] disabled=yes name=eth4-LAN
set [ find default-name=ether5 ] arp=reply-only comment="Management LAN" \
    name=eth5-MNG
/interface pppoe-client
add add-default-route=yes allow=mschap2 comment="WAN Interface" disabled=no \
    interface=eth1-WAN max-mru=1492 max-mtu=1492 name=PPPoE password=\
    ********* service-name=WAN use-peer-dns=yes user=\
   **@**.com.au
/interface bonding
add arp=reply-only comment="LAN Interface (Bonding)" mode=802.3ad name=\
    HomeLAN slaves=eth2-LACP,eth3-LACP transmit-hash-policy=layer-2-and-3
/interface vlan
add arp=reply-only comment="GuestLAN (VLAN-10)" interface=HomeLAN name=\
    GuestLAN vlan-id=10
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=HomeLAN ranges=192.168.1.52-192.168.1.254
add name=GuestLAN ranges=10.1.1.50-10.1.1.200
add name=MNG-LAN ranges=192.168.88.100-192.168.88.254
/ip dhcp-server
add add-arp=yes address-pool=HomeLAN disabled=no interface=HomeLAN \
    lease-time=1d name=HomeLAN
add add-arp=yes address-pool=GuestLAN disabled=no interface=GuestLAN \
    lease-time=30m name=GuestLAN
add add-arp=yes address-pool=MNG-LAN disabled=no interface=\
    "eth5-MNG (Bridge)" lease-time=30m name=MNG-LAN
/ppp profile
set *0 only-one=no use-compression=no use-encryption=yes
/queue type
add kind=pcq name=HomeLAN_PCQ-Download pcq-classifier=dst-address \
    pcq-dst-address6-mask=64 pcq-rate=100M pcq-src-address6-mask=64
add kind=pcq name=HomeLAN_PCQ-Upload pcq-classifier=src-address \
    pcq-dst-address6-mask=64 pcq-rate=37M pcq-src-address6-mask=64
add kind=pcq name=GuestLAN_PCQ-Download pcq-classifier=dst-address \
    pcq-dst-address6-mask=64 pcq-rate=40M pcq-src-address6-mask=64
add kind=pcq name=GuestLAN_PCQ-Upload pcq-classifier=src-address \
    pcq-dst-address6-mask=64 pcq-rate=20M pcq-src-address6-mask=64
/queue tree
add name="GuestLAN - Upload" packet-mark=GuestLAN-MP parent=PPPoE queue=\
    GuestLAN_PCQ-Upload
add name="GuestLAN - Download" packet-mark=GuestLAN-MP parent=GuestLAN queue=\
    GuestLAN_PCQ-Download
/tool traffic-generator port
add interface=eth1-WAN name=port1
/interface bridge port
add bridge="eth5-MNG (Bridge)" interface=eth5-MNG
/interface bridge settings
set allow-fast-path=no use-ip-firewall=yes use-ip-firewall-for-vlan=yes
/ip settings
set icmp-rate-limit=1 rp-filter=strict tcp-syncookies=yes
/ip address
add address=192.168.1.1/24 comment=HomeLAN interface=HomeLAN network=\
    192.168.1.0
add address=10.1.1.1/24 comment=GuestLAN interface=GuestLAN network=10.1.1.0
add address=192.168.88.1/24 comment="Management LAN (Bridge)" interface=\
    "eth5-MNG (Bridge)" network=192.168.88.0
/ip dhcp-server lease
add address=192.168.1.160 lease-time=4w2d mac-address=08:2E:5F:71:09:1E \
    server=HomeLAN
add address=192.168.1.250 comment="EPSON MFC" lease-time=4w2d mac-address=\
    B0:E8:92:11:2F:99 server=HomeLAN
add address=192.168.1.50 client-id=Gigaset comment="Gigaset VOIP" lease-time=\
    4w2d mac-address=7C:2F:80:99:A2:C1 server=HomeLAN
add address=192.168.1.45 comment=Samsung-TV lease-time=4w2d mac-address=\
    40:16:3B:CE:80:66 server=HomeLAN
add address=192.168.1.254 comment=RuckusAP lease-time=4w2d mac-address=\
    2C:C5:D3:04:4E:00 server=HomeLAN
add address=192.168.1.10 comment="HP Switch - Garage" lease-time=4w2d \
    mac-address=6C:C2:17:D0:A2:70 server=HomeLAN
add address=192.168.1.11 comment="HP Switch - Bedroom" lease-time=4w2d \
    mac-address=EC:B1:D7:EE:19:50 server=HomeLAN
add address=192.168.1.12 comment="HP Switch - Lounge" lease-time=4w2d \
    mac-address=38:63:BB:1E:9C:00 server=HomeLAN
add address=192.168.1.40 comment="Synology NAS" lease-time=4w2d mac-address=\
    00:11:32:42:F5:33 server=HomeLAN
/ip dhcp-server network
add address=10.1.1.0/24 comment=GuestLAN dns-server=\
    103.51.112.20,139.130.4.4,103.51.112.21,8.8.8.8 gateway=10.1.1.1 netmask=\
    24
add address=192.168.1.0/24 comment=HomeLAN dns-server=\
    103.51.112.20,139.130.4.4,103.51.112.21,8.8.8.8 gateway=192.168.1.1 \
    netmask=24
add address=192.168.88.0/24 comment="Management LAN" dns-server=\
    103.51.112.20,139.130.4.4,103.51.112.21,8.8.8.8 gateway=192.168.88.1 \
    netmask=24
/ip firewall address-list
add address=0.0.0.0/8 comment="Self-Identification [RFC 3330]" list=Bogons
add address=10.0.0.0/8 comment="Private[RFC 1918] - CLASS A # Check if you nee\
    d this subnet before enable it" list=Bogons
add address=127.0.0.0/8 comment="Loopback [RFC 3330]" list=Bogons
add address=169.254.0.0/16 comment="Link Local [RFC 3330]" list=Bogons
add address=172.16.0.0/12 comment="Private[RFC 1918] - CLASS B # Check if you \
    need this subnet before enable it" list=Bogons
add address=192.0.2.0/24 comment="Reserved - IANA - TestNet1" list=Bogons
add address=192.88.99.0/24 comment="6to4 Relay Anycast [RFC 3068]" list=\
    Bogons
add address=198.18.0.0/15 comment="NIDB Testing" list=Bogons
add address=198.51.100.0/24 comment="Reserved - IANA - TestNet2" list=Bogons
add address=203.0.113.0/24 comment="Reserved - IANA - TestNet3" list=Bogons
add address=224.0.0.0/4 comment=\
    "MC, Class D, IANA # Check if you need this subnet before enable it" \
    list=Bogons
add address=192.168.1.0/24 comment=HomeLAN list=local
add address=10.1.1.0/24 comment=GuestLAN list=local
add address=192.168.88.0/24 comment="Management LAN" list=local
/ip firewall filter
add action=drop chain=forward comment="Block GuestLAN Access to HomeLAN" \
    in-interface=GuestLAN out-interface=HomeLAN
add action=fasttrack-connection chain=forward comment=\
    "Fasttrack HomeLAN Established & Related Packets" connection-state=\
    established,related dst-address=192.168.1.0/24
add action=accept chain=forward comment=\
    "Accept Established & Related Packets" connection-state=\
    established,related
add action=drop chain=forward comment="Drop Invalid Packets" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "Drop All Packets From PPPoE With No DSTNAT Header" connection-nat-state=\
    !dstnat connection-state=new in-interface=PPPoE
add action=accept chain=input comment="Accept ICMP Packets" protocol=icmp
add action=accept chain=input comment="Allow Router Access From LAN" \
    src-address-list=local
add action=accept chain=input comment="Accept Established & Related Packets" \
    connection-state=established,related
add action=drop chain=forward comment="Drop Bogons Address List" \
    dst-address-list=Bogons
add action=drop chain=input comment="Drop All Other Packets" in-interface=\
    PPPoE
/ip firewall mangle
add action=mark-connection chain=forward comment="HomeLAN - Mark Packets" \
    disabled=yes new-connection-mark=HomeLAN-MC passthrough=yes src-address=\
    192.168.1.0/24
add action=mark-packet chain=forward connection-mark=HomeLAN-MC disabled=yes \
    new-packet-mark=HomeLAN-MP passthrough=yes
add action=mark-connection chain=forward comment="GuestLAN - Mark Packets" \
    new-connection-mark=GuestLAN-MC passthrough=yes src-address=10.1.1.0/24
add action=mark-packet chain=forward connection-mark=GuestLAN-MC \
    new-packet-mark=GuestLAN-MP passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat comment="Masquerade WAN Traffic" \
    out-interface=PPPoE src-address-list=local
/ip firewall service-port
set sip disabled=yes
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www address=192.168.1.0/24 port=8060
set ssh address=192.168.1.0/24 port=2222
set api address=192.168.1.0/24 disabled=yes
set winbox address=192.168.1.0/24
set api-ssl address=192.168.1.0/24 disabled=yes
/ip ssh
set strong-crypto=yes
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=GuestLAN type=internal
add interface=PPPoE type=external
add interface=HomeLAN type=internal
add interface=eth5-MNG type=internal
/system clock
set time-zone-autodetect=no time-zone-name=Australia/Adelaide
/system ntp client
set enabled=yes primary-ntp=130.194.10.150 secondary-ntp=203.14.0.250
/system routerboard settings
set silent-boot=yes
/system routerboard mode-button
set enabled=no on-event=""
/tool graphing interface
add allow-address=192.168.1.0/24
/tool graphing queue
add
/tool graphing resource
add
/tool mac-server
set [ find default=yes ] disabled=yes interface=eth2-LACP
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=eth2-LACP
add interface=HomeLAN
/tool sniffer
set file-limit=2000KiB file-name=packetcap memory-limit=500KiB
/tool traffic-generator
set test-id=1
/tool traffic-generator packet-template
add header-stack="" name=packet-template1
/tool traffic-generator stream
add name=str1 packet-size=1500 tx-template=packet-template1

Sob · September 9, 2017, 12:03pm

If you have independent interface (not bridged or switched), you can setup DHCP server on it and no “bridge wrappping” is necessary.

ITDave · September 9, 2017, 1:59pm

Still getting the same unreachable route showing up in routes when removing the bridge.

Looks very similar to my issue. Btw I am using a RB750gr3.
http://forum.mikrotik.com/t/v6-35-4-current-is-released/98998/1

Anybody else had this same issue on 6.40.3??