Hi Everyone, I hope someone can help me, I have been trying to figure this out for two days. I have dhcp running on two ports for two networks. But they need to be able to see each other for server purposes. They unfortunately have to have seperate ip ranges for security reasons. How can I get interface 3 and 5 to talk?
Here is my current setup: Internet access is not a problem or needed here,the first network is on its own and working fine. Its the other two I need to get working together.
Your netmasks in the two networks don’t match.
Your address on the interface states that it’s a /24 network, the DHCP is telling the clients, it’s a /22 network. In a /22 both are in the same subnet, so they won’t use a gateway.
Adjust it in /ip dhcp-server network to be /24 and it should work.
An aside:
From the amount of interfaces I assume you have a CRS-series Switch.
You don’t need to add all the interfaces to the admin bridge seperately - this will reliably max out your CPU when there’s significant traffic.
It’s enough to add one ethernet interface and set all the others to this as master port, so you have a hardware switch for this network.
Additionally, if you want the two networks to be fully routed, you don’t need the icmp accept rules in the forward chain.
Thanks I will make the changes and test it now. I was hoping that the server would be able to see all the pc’s of the network if it uses subnet /22. AND for the pc’s to be able to access the server using the dns name (MyServer.local) instead of using the ip address. That is the reason I used subnet 22…is there a way to use subnet 22 on both interfaces and have the pc’s be able to see each other? I can limit their interaction with other drop rules if that is possible.
Thanks for your help so far
OK, here is my new config: But the only thing that has changed is that I can now ping the mikrotik from both sides to both mikrotik addresses…49.254 and 50.254 from either network. I cannot acces the server from 49.0/24 or ping either networks pc’s…
dec/22/2016 12:44:17 by RouterOS 6.37.3
software id = ZYPM-RMMD
/interface ethernet
set [ find default-name=ether3 ] comment=Klas35
set [ find default-name=ether5 ] comment=Klas26
set [ find default-name=sfp1 ] comment=“MasterPort To Admin Network”
/ip neighbor discovery
set ether3 comment=Klas35
set ether5 comment=Klas26
set sfp1 comment=“MasterPort To Admin Network”
/interface ethernet
set [ find default-name=ether1 ] master-port=sfp1
set [ find default-name=ether2 ] comment=“Replica Server” master-port=sfp1
set [ find default-name=ether4 ] master-port=sfp1
set [ find default-name=ether6 ] master-port=sfp1
set [ find default-name=ether7 ] master-port=sfp1
set [ find default-name=ether8 ] master-port=sfp1
set [ find default-name=ether9 ] master-port=sfp1
set [ find default-name=ether10 ] master-port=sfp1
set [ find default-name=ether11 ] master-port=sfp1
set [ find default-name=ether12 ] master-port=sfp1
set [ find default-name=ether13 ] master-port=sfp1
set [ find default-name=ether14 ] master-port=sfp1
set [ find default-name=ether15 ] master-port=sfp1
set [ find default-name=ether16 ] master-port=sfp1
set [ find default-name=ether17 ] master-port=sfp1
set [ find default-name=ether18 ] master-port=sfp1
set [ find default-name=ether19 ] master-port=sfp1
set [ find default-name=ether20 ] master-port=sfp1
set [ find default-name=ether21 ] master-port=sfp1
set [ find default-name=ether22 ] master-port=sfp1
set [ find default-name=ether23 ] master-port=sfp1
set [ find default-name=ether24 ] master-port=sfp1
/ip neighbor discovery
set ether2 comment=“Replica Server”
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=Klas35_pool ranges=192.168.50.100-192.168.50.200
add name=Klas26_pool ranges=192.168.49.100-192.168.49.200
/ip dhcp-server
add add-arp=yes address-pool=Klas35_pool always-broadcast=yes disabled=no
interface=ether3 lease-time=2d name=Klas35_DHCP
add add-arp=yes address-pool=Klas26_pool always-broadcast=yes disabled=no
interface=ether5 lease-time=2d name=Klas26_DHCP
/tool user-manager customer
set admin access=
own-routers,own-users,own-profiles,own-limits,config-payment-gw
/ip address
add address=10.80.8.8/24 interface=sfp1 network=10.80.8.0
add address=192.168.50.254/24 interface=ether3 network=192.168.50.0
add address=192.168.49.254/24 interface=ether5 network=192.168.49.0
/ip dhcp-server network
add address=192.168.49.0/24 dns-server=192.168.50.1,192.168.49.254 gateway=
192.168.49.254
add address=192.168.50.0/24 dns-server=192.168.50.1,192.168.50.254 gateway=
192.168.50.254
/ip dns
set allow-remote-requests=yes
/ip firewall filter
add action=accept chain=forward dst-address=192.168.49.0/24 src-address=
192.168.50.0/24
add action=accept chain=forward dst-address=192.168.50.0/24 src-address=
192.168.49.0/24
/ip route
add distance=1 gateway=10.80.8.1
/lcd interface pages
set 1 interfaces=ether13,ether14,ether15,ether16
/system clock
set time-zone-name=Africa/Johannesburg
/system identity
set name=“K18 C Brink”
I see you have 10.80.8.1 configured as default gateway.
Is it possible that all the machines in the 10.80.8.0/24 network have 10.80.8.1 configured as default gateway?
In this case, they are sending their replies to requests from your 192.168.49.0/24 and 192.168.50.0/24 networks to their default gateway whicch seems to be unaware of those.
Either add static routes to 10.80.8.1 pointing for those two networks to 10.80.8.8 or give all machines these static routes.
-Chris
Hi Chris, sorry for only getting back to you now. Holiday season and all keeping me busy.
The 10.80.8.1 gateway is another mikrotik with its own network. No physical pc’s on the network has a 10.80…address. Only the mikrotiks.
Also the 10.80.8.1 network will not be accessed from my 192.168.49/50… range. That gateway is set for the other ports on the mikrotik that are mastered to sfp1.