No DHCP on VLAN RB2011 UAS-IN FIXED

mvdijck · September 22, 2013, 8:31pm

Hi,
i'm new here zo i hope someone can help me with the next problem.
I am testing the RB2011 UAS-IN and cannot get the DHCP to work on a VLAN.

I'm missing / forgetting something.
I use the default config to start with. pc's get ipadres and have internet access without any changes made.
I created a VLAN2 and second DHCP. This VLAN must connect to the internet and not to the other subnet.
WAN is on ether1.

I use a managed TP-Link TL-SG3210 swith with VLAN ID 2 on port 4 trunk. Router connected to port 1 and a PC is connected to port 4 but won't get an ip adress.

When i now how to config i would like the follow setup:
RB2011 => WAN on ethernet1
LAN and on ethernet 1 =Switch to Devices
Dump switch with POE (for the Wifi AP's) on ethernet 3
1 subnet Private LAN
1 Subnet Bussiness VLAN2
1 Subnet Geust VLAN3

WifiAP with multy SISID and VALN ID support (is this possible with out a managed switch?)
Configured for Private, Guest and Bussiness.
Guest and Bussiness need internet access and are not allowed to see the Private LAN.

Here is the config:
[admin@MikroTik] > /export compact

jan/02/1970 00:15:31 by RouterOS 5.23

software id = X0L4-ZG73

/interface bridge
add admin-mac=D4:CA:6D:8E:30:02 auto-mac=no l2mtu=1598 name=bridge-local
protocol-mode=rstp
/interface ethernet
set 0 name=sfp1-gateway
set 1 name=ether1-gateway speed=1Gbps
set 6 name=ether6-master-local
set 7 master-port=ether6-master-local name=ether7-slave-local
set 8 master-port=ether6-master-local name=ether8-slave-local
set 9 master-port=ether6-master-local name=ether9-slave-local
set 10 master-port=ether6-master-local name=ether10-slave-local
/interface vlan
add interface=bridge-local l2mtu=1594 name=vlan2 vlan-id=2
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
add name=dhcp_pool1 ranges=192.168.10.2-192.168.10.254
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge-local name=default
add add-arp=yes address-pool=dhcp_pool1 always-broadcast=yes disabled=no
interface=vlan2 name=dhcp1
/interface bridge port
add bridge=bridge-local interface=ether2
add bridge=bridge-local interface=ether3
add bridge=bridge-local interface=ether4
add bridge=bridge-local interface=ether5
add bridge=bridge-local interface=ether6-master-local
/ip address
add address=192.168.88.1/24 comment="default configuration" interface=
bridge-local
add address=192.168.10.0/24 interface=vlan2
/ip dhcp-client
add comment="default configuration" disabled=no interface=sfp1-gateway
add comment="default configuration" disabled=no interface=ether1-gateway
/ip dhcp-server network
add address=192.168.10.0/24 dns-server=8.8.8.8 gateway=192.168.10.1 netmask=
24
add address=192.168.88.0/24 comment="default configuration" dns-server=
192.168.88.1 gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router
/ip firewall filter
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=established
add chain=input comment="default configuration" connection-state=related
add action=drop chain=input comment="default configuration" in-interface=
sfp1-gateway
add action=drop chain=input comment="default configuration" in-interface=
ether1-gateway
/ip firewall mangle
add chain=prerouting
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration"
out-interface=sfp1-gateway
add action=masquerade chain=srcnat comment="default configuration"
out-interface=ether1-gateway to-addresses=0.0.0.0
/ip neighbor discovery
set sfp1-gateway disabled=yes
set ether1-gateway disabled=yes
set vlan2 disabled=yes
/tool mac-server
add disabled=no interface=ether2
add disabled=no interface=ether3
add disabled=no interface=ether4
add disabled=no interface=ether5
add disabled=no interface=ether6-master-local
add disabled=no interface=ether7-slave-local
add disabled=no interface=ether8-slave-local
add disabled=no interface=ether9-slave-local
add disabled=no interface=bridge-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2
add interface=ether3
add interface=ether4
add interface=ether5
add interface=ether6-master-local
add interface=ether7-slave-local
add interface=ether8-slave-local
add interface=ether9-slave-local
add interface=bridge-local
[admin@MikroTik] >

mvdijck · September 25, 2013, 6:59am

Fixe it.
VLAN's connected to the local-bridge.

First set the devices it up with a managed switch.
The Wifi Ap with VLAN ID Support is connected directly to the Router and this works as wel.
Also a DUMP POE Switch connected tho the Router and the AP connected to the POE port works
now trying to solve a Internet access problem on the VLAN.
look at my other post!
My config!

admin@MikroTik] > export compact

sep/25/2013 01:54:19 by RouterOS 5.23

software id = X0L4-ZG73

/interface bridge
add admin-mac=D4:CA:6D:8E:30:02 auto-mac=no l2mtu=1598 name=bridge-local
protocol-mode=rstp
/interface ethernet
set 0 name=sfp1-gateway
set 1 name=ether1-gateway
set 2 speed=1Gbps
set 6 name=ether6-master-local
set 7 master-port=ether6-master-local name=ether7-slave-local
set 8 master-port=ether6-master-local name=ether8-slave-local
set 9 master-port=ether6-master-local name=ether9-slave-local
set 10 master-port=ether6-master-local name=ether10-slave-local
/interface vlan
add interface=bridge-local l2mtu=1594 name=vlan1 vlan-id=1
add interface=bridge-local l2mtu=1594 name=vlan2 vlan-id=2
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
add name=dhcp_pool1 ranges=192.168.10.2-192.168.10.254
add name=dhcp_pool2 ranges=192.168.20.2-192.168.20.254
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge-local name=default
add add-arp=yes address-pool=dhcp_pool1 disabled=no interface=vlan1 name=dhcp1
add add-arp=yes address-pool=dhcp_pool2 disabled=no interface=vlan2 name=dhcp2
/interface bridge nat
add chain=srcnat
/interface bridge port
add bridge=bridge-local interface=ether2
add bridge=bridge-local interface=ether3
add bridge=bridge-local interface=ether4
add bridge=bridge-local interface=ether5
add bridge=bridge-local interface=ether6-master-local
/interface bridge settings
set use-ip-firewall=yes use-ip-firewall-for-vlan=yes
/ip address
add address=192.168.88.1/24 comment="default configuration" interface=
bridge-local
add address=192.168.10.0/24 interface=vlan1
add address=192.168.20.0/24 interface=vlan2
/ip dhcp-client
add comment="default configuration" disabled=no interface=sfp1-gateway
add comment="default configuration" disabled=no interface=ether1-gateway
/ip dhcp-server network
add address=192.168.10.0/24 dns-server=8.8.8.8 gateway=192.168.10.1 netmask=24
add address=192.168.20.0/24 dns-server=8.8.8.8 gateway=192.168.20.1 netmask=24
add address=192.168.88.0/24 comment="default configuration" dns-server=
192.168.88.1 gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router
/ip firewall filter
add chain=input comment="default configuration" disabled=yes protocol=icmp
add chain=input comment="default configuration" connection-state=established
disabled=yes
add chain=input comment="default configuration" connection-state=related
disabled=yes
add chain=forward in-interface=vlan1 out-interface=ether1-gateway
add chain=forward disabled=yes
add action=drop chain=input comment="default configuration" disabled=yes
in-interface=sfp1-gateway
add action=drop chain=input comment="default configuration" disabled=yes
in-interface=ether1-gateway
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration"
out-interface=sfp1-gateway
add action=masquerade chain=srcnat out-interface=ether1-gateway src-address=
192.168.10.0/24
add action=masquerade chain=srcnat out-interface=ether1-gateway src-address=
192.168.20.0/24
add action=masquerade chain=srcnat comment="default configuration"
out-interface=ether1-gateway
/ip neighbor discovery
set sfp1-gateway disabled=yes
set ether1-gateway disabled=yes
set vlan1 disabled=yes
set vlan2 disabled=yes
/tool mac-server
add disabled=no interface=ether2
add disabled=no interface=ether3
add disabled=no interface=ether4
add disabled=no interface=ether5
add disabled=no interface=ether6-master-local
add disabled=no interface=ether7-slave-local
add disabled=no interface=ether8-slave-local
add disabled=no interface=ether9-slave-local
add disabled=no interface=bridge-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2
add interface=ether3
add interface=ether4
add interface=ether5
add interface=ether6-master-local
add interface=ether7-slave-local
add interface=ether8-slave-local
add interface=ether9-slave-local
add interface=bridge-local
[admin@MikroTik] >

efaden · September 25, 2013, 11:10am

So is this fixed? Do you still need help?

Also is this the same problem that your other post has? Please try to keep the number of posts limited… It’s easier to help you and fix the problems with a single config if it isn’t in multiple threads.

mvdijck · September 25, 2013, 8:32pm

it is fixed