I am trying to learn how to set up my new HEX refresh and want to set up my network so I can have two vlans with the same network mask but dhcp give them different ranges in the subnet so I can keep my IOT devices in their own area while still being able to interact with them in the same subnet.
The config on the router is the default one with ether3,ether4,ether5 in the same bridge and ether1 as my wan port, when I try to add the second range/vlan to the DHCP server it reports as invalid.
I have attached a support.rif file to help people check over my work.
The DHCP data you posted - maybe typos? - have ranges that makes no sense:
192.168.x.y-192.196.x.254 should be 192.168.x.y-192.168.x.254
Do you really-really need two /24 grouped into a /23, i.e. do you need 254 addresses for each?
Or you could do with two /25, with 126 usable ip addresses each, grouped into a “normal” /24?
I.e.:
192.168.0.1 - 192.168.0.126
and
192.168.0.129 - 192.168.0.254
First off thanks everyone for the feedback and deleting my support file I saw the files other where posting and google search said to do the support file but google was wrong, I am very new to Mikrotik and moving my network to it and learning the “flow/order” that they want you to go though in the configuration vs my old setup which was built/expanded over many the years.
A bit more about my thought process for the same subnet, a bunch of IOT items require you to be the same subnet as they use broadcast packets to discover and communicate with the management device or each other. With the two ranges in the same subnet I can connect the IOT devices to one wireless SSID and get an IP in one range that is blocking any egress traffic to the internet (unless I allow it thought the firewall) and the other SSID be used for all other normal devices while still allowing them to communicate with the IOT devices on the same subnet.
The idea of using vlan 1 was because that is the “default” vlan for untagged traffic on my switch so normal devices will “just work” and then the IOT network be a segregated vlan but that isn’t the suggested solution from the article and I will need to set my normal clients to a vlan.
Last note is I saw that someone asked about was eth2, that is reserved for my second internet connection but that is a future setup project as I don’t want to do all the changes at once.
My current plan is at follows:
wipe current config just to start fresh
Follow the “Switch with a separate router” guide that was posted but with the following changes:
Have the base/mgmt and the normal client on the same vlan (blue/10)
in the IOT vlan (green/20) setup omit setting an interface IP address (line 96 of router.rsc)
In the IOT vlan setup changing the DHCP pool to 192.168.1.2-192.168.1.254
stop on line 167 (will loop back to the security after everything is working at expected)
set my access point to tag the IOT SSID to vlan 20 and normal client ssid to vlan 10
on my switch set the physical ports to PVID 10 so they can communicate on the normal network minus ports used for wireless or connected to router as they are trucks
verify that DHCP works on both SSIDs
verify that both can access internet
set up vlan security set up firewall rule to block all outbound traffic from 192.168.1.2-192.168.1.254 then poke holes as needed
set up firewall rule to block all outbound traffic from 192.168.1.2-192.168.1.254 then poke holes as needed