New subnets unable to route

cin · October 23, 2024, 7:38am

Hey everyone,

I’m trying to set up separate IP pools for my wired, wireless, and IoT devices. I’ve created the pools via ip/pool but if I manually assign an IP outside of 192.168.88.0/24 the client receives the IP and becomes unable to reach the router.

Obviously I’m missing a step in the setup here, can someone let me know what I’m overlooking?

I’ve attached my router configuration.
config.rsc (8.1 KB)

holvoetn · October 23, 2024, 7:45am

/ip dhcp-server network
add address=192.168.40.0/24 comment=Wireless dns-server=192.168.88.1 gateway=\
    192.168.88.1
add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 gateway=\
    192.168.88.1

Your dhcp-server network settings need to correspond to the used subnet.
So something like:

/ip dhcp-server network
add address=192.168.40.0/24 comment=Wireless dns-server=192.168.40.1 gateway=\
    192.168.40.1
add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 gateway=\
    192.168.88.1

erlinden · October 23, 2024, 7:46am

Rule 1: don’t use VLAN ID 1
If you want to seperate networks (at least, I think that is the main reason for having multiple subnets), you might want to consider using VLAN’s. Especially in the correct way, as described in the “Bible on VLAN”:
http://forum.mikrotik.com/t/using-routeros-to-vlan-your-network/126489/1

mkx · October 23, 2024, 8:44am

Just a small (but not unimportant) detail: the only IP address in DHCP server network config, which absolutely must correspond to network address and mask, is gateway IP address (which should be within client’s network address and mask because client has to be able to access it directly via L2). Other IP addresses (e.g. DNS server address, NTP server address, etc.) can be outside client’s subnet … but then configuration of router(s) and firewall(s) have to allow connection from client to those servers.

cin · October 24, 2024, 2:45pm

Thanks for the replies.

I’ll keep it in mind. I’ve deleted it for now.

I’ve been chipping away at VLANs for the past couple of days but kept breaking things, hence why I asked this instead. I’ll read some more and have another go.

I’ve fixed this up so hopefully once I have the VLANs up and running I’ll be able to get DHCP working as well.

Thanks again.

aesmith · October 25, 2024, 7:24am

Not stated but in case it’s not obvious, the gateway address for your new subnet 192.168.40.0/24, for example 192.168.40.1, needs to be assigned to something. In a simple network it would be the bridge or VLAN serving that subnet. Or possibly the address of a different router, reachable at L2 from the new subnet.