Please help with WLAN on VLAN

tricov · June 29, 2018, 7:12pm

Hi guys, My main 951(pppoe client) has a Virtual AP that works, I get normal DHCP but when I try on my other 951, I get a random DHCP 169.254.107.164
Here’s my export of both MT-951.

951.1 (my Main):

interface bridge
add fast-forward=no name=bridge1
add fast-forward=no name=bridge2-vlan
/interface pppoe-client
add add-default-route=yes default-route-distance=0 disabled=no interface=ether1
keepalive-timeout=60 max-mru=1480 max-mtu=1480 mrru=1600 name=pppoe-out1
user=****
/interface vlan
add interface=bridge1 name=VLAN10 vlan-id=10
/interface list
add name=LAN
add name=WAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk eap-methods=“” management-protection=
allowed mode=dynamic-keys name=hobbit supplicant-identity=“”
add authentication-types=wpa2-psk eap-methods=“” management-protection=allowed
mode=dynamic-keys name=RicovApartmani supplicant-identity=“”
/interface wireless
set [ find default-name=wlan1 ] disabled=no mode=ap-bridge security-profile=
hobbit ssid=Hobbiton
add disabled=no keepalive-frames=disabled mac-address=6C:3B:6B:F1:FF:CE
master-interface=wlan1 multicast-buffering=disabled name=wlan2
security-profile=RicovApartmani ssid=RicovGuest vlan-id=10 wds-cost-range=0
wds-default-cost=0 wps-mode=disabled
/ip pool
add name=dhcp_pool0 ranges=192.168.10.50-192.168.10.254
add name=dhcp_pool1 ranges=172.16.1.2-172.16.1.254
add name=dhcp_pool2 ranges=10.0.1.2-10.0.1.254
/ip dhcp-server
add address-pool=dhcp_pool0 authoritative=after-2sec-delay disabled=no
interface=bridge1 name=dhcp1
/queue type
add kind=pcq name=PCQ_download pcq-classifier=dst-address pcq-rate=3M
add kind=pcq name=PCQ_upload pcq-classifier=src-address pcq-rate=1M
/queue simple
add limit-at=1M/3M max-limit=1M/3M name=Wlan2 queue=PCQ_upload/PCQ_download
target=bridge2-vlan
/ip dhcp-server
add address-pool=dhcp_pool2 authoritative=after-2sec-delay disabled=no
insert-queue-before=Wlan2 interface=bridge2-vlan lease-time=15m name=dhcp2
/interface bridge port
add bridge=bridge1 hw=no interface=ether2
add bridge=bridge1 hw=no interface=ether3
add bridge=bridge1 hw=no interface=ether4
add bridge=bridge1 hw=no interface=ether5
add bridge=bridge1 interface=wlan1
add bridge=bridge2-vlan interface=wlan2
/interface list member
add interface=bridge1 list=WAN
add interface=bridge2-vlan list=WAN
/ip address
add address=192.168.10.1/24 interface=bridge1 network=192.168.10.0
add address=10.0.1.1/24 interface=bridge2-vlan network=10.0.1.0
/ip dhcp-server config
set store-leases-disk=immediately
/ip dhcp-server network
add address=10.0.1.0/24 gateway=10.0.1.1
add address=172.16.1.0/24 gateway=172.16.1.1
add address=192.168.10.0/24 gateway=192.168.10.1
/ip dns
set servers=1.1.1.1
/ip firewall nat
add action=masquerade chain=srcnat out-interface=pppoe-out1
/ip route
add distance=1 gateway=pppoe-out1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/system clock
set time-zone-name=Europe/Zagreb
/system identity
set name=Glavni
/system leds
set 5 interface=wlan1
/system routerboard settings
set silent-boot=no

951.2:

/interface bridge
add fast-forward=no name=bridge1
add fast-forward=no name=bridge2-vlan
/interface vlan
add interface=bridge1 name=VLAN10 vlan-id=10
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk eap-methods=“” management-protection=allowed mode=dynamic-keys name=profile1 supplicant-identity=“”
add authentication-types=wpa2-psk eap-methods=“” management-protection=allowed mode=dynamic-keys name=ricovguest supplicant-identity=“”
/interface wireless
set [ find default-name=wlan1 ] disabled=no mode=ap-bridge security-profile=profile1 ssid=Hobbiton
add disabled=no keepalive-frames=disabled mac-address=66:D1:54:D4:00:CB master-interface=wlan1 multicast-buffering=disabled name=wlan2 security-profile=ricovguest ssid=RicovGuest vlan-id=10 wds-cost-range=0 wds-default-cost=0 wps-mode=disabled
/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=wlan1
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge2-vlan interface=wlan2
/interface list member
add interface=bridge1 list=WAN
add interface=ether2 list=LAN
add interface=ether3 list=LAN
add interface=ether4 list=LAN
add interface=ether5 list=LAN
add interface=wlan1 list=LAN
add interface=ether1 list=LAN
add interface=bridge2-vlan list=WAN
/ip address
add address=192.168.10.2/24 interface=bridge1 network=192.168.10.0
add address=10.0.1.2/24 interface=VLAN10 network=10.0.1.0
/ip dns
set servers=0.0.0.0
/ip route
add distance=1 gateway=192.168.10.1
add distance=1 gateway=bridge2-vlan
add distance=1 gateway=wlan1
add distance=1 gateway=wlan2
add distance=1 dst-address=10.0.1.0/24 gateway=bridge2-vlan
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/system clock
set time-zone-name=Europe/Zagreb
/system identity
set name=R2
/system routerboard settings
set silent-boot=no

Any help appreciated, thanks!

Sob · June 29, 2018, 11:35pm

The 169.254.x.x is automatic address chosen by device when there’s no dhcp server.

First config has wlan2 added as the only port of bridge2-vlan (not connected anywhere else). There’s dhcp server configured on bridge2-vlan.
Second config has wlan2 added as the only port of bridge2-vlan (not connected anywhere else). There’s no dhcp server on bridge2-vlan.

Isn’t it clear? You can’t get address from dhcp, when there isn’t any. If you hope to get it from first RB, it can’t happen like this, because you don’t have virtual APs on both connected at all. You’d have to add wlan2 to bridge1 on both routers and move dhcp server and ip address from bridge2-vlan to vlan10.

tricov · June 30, 2018, 11:36pm

That actually makes a lot of sense. Thanks man, that clears up the mess I’ve been having.
Understand it now, thanks for the good explanation

tricov · July 1, 2018, 12:16am

Oh, forgot to mention, how would I setup this part?
Because I also have a lot of LAN connections, PC, mining rig, couple of Smart TV’s that are connected wired.
I want bridge1 to be 192.168.x.x (so LAN and my wireless network - with no limit) and bridge2 10.0.x.x (wireless for guests with limitation on speed).

Sob · July 1, 2018, 9:27am

That’s what the unfinished vlan config is for. For wlan2 on both RBs, add also vlan-mode=use-tag. Together with already set vlan-id=10, it will turn wlan2 into untagged access port. Now when you move it to bridge1, it will connect with configured VLAN10 interface. Actually, you only need vlan interface on first RB, you can remove it from the other and it will still work. Last step is moving dhcp server on first RB from bridge2-vlan to VLAN10.

tricov · July 2, 2018, 12:19pm

Do you have a config perhaps, someone with a similar configuration?
I really cannot get this to work around.
Sorry for annoying you, if you can find something, would love it!

Sob · July 2, 2018, 10:13pm

Here you go. I didn’t replicate your config 100%, but I’m sure you’ll understand it.

Main router:

/interface wireless
set [ find default-name=wlan1 ] mode=ap-bridge ssid=Test1 ...
add master-interface=wlan1 name=wlan2 ssid=Test2 ...
/interface bridge
add name=bridge1 vlan-filtering=yes
/interface vlan
add interface=bridge1 name=vlan10 vlan-id=10
/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=wlan1
add bridge=bridge1 interface=wlan2 pvid=10
/interface bridge vlan
add bridge=bridge1 untagged=bridge1,ether2,ether3,wlan1 vlan-ids=1
add bridge=bridge1 tagged=bridge1,ether2,ether3 untagged=wlan2 vlan-ids=10
/ip address
add address=192.168.99.1/24 interface=bridge1
add address=10.0.1.1/24 interface=vlan10
/ip pool
add name=dhcp_pool0 ranges=192.168.99.100-192.168.99.254
add name=dhcp_pool1 ranges=10.0.1.2-10.0.1.254
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=bridge1 name=dhcp1
add address-pool=dhcp_pool1 disabled=no interface=vlan10 name=dhcp2
/ip dhcp-server network
add address=10.0.1.0/24 dns-server=10.0.1.1 gateway=10.0.1.1
add address=192.168.99.0/24 dns-server=192.168.99.1 gateway=192.168.99.1

Second router:

/interface wireless
set [ find default-name=wlan1 ] mode=ap-bridge ssid=Test1 ...
add master-interface=wlan1 name=wlan2 ssid=Test2 ...
/interface bridge
add name=bridge1 vlan-filtering=yes
/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=wlan1
add bridge=bridge1 interface=wlan2 pvid=10
/interface bridge vlan
add bridge=bridge1 untagged=bridge1,ether1,wlan1 vlan-ids=1
add bridge=bridge1 tagged=ether1 untagged=wlan2 vlan-ids=10
/ip address
add address=192.168.99.2/24 interface=bridge1

Or there’s another possible way (applies to both routers), use “vlan-id=10 vlan-mode=use-tag” for wlan2, pvid=1 for wlan2 as bridge port, and then in “/interface bridge vlan” add wlan2 for vlan 10 as tagged, instead of untagged. And be careful with vlan-filtering=yes, it can bite, enable it only after you configured everything else, and rather use safe mode.