RB2011UiAS-2HnD-IN; configuring VLAN10 802.1Q tagging with DHCP?

RouterOS Beginner Basics
1

Greetings,

I am trying to learn the MikroTik router and to do so I thought I’d configure it on my home network; an ORCON (New Zealand) network using VLan10 Tagging with a DHCP server (not pppoe).

I’m trying to achieve Ethernet 1 with a VLAN10 tagging with DHCP so I can connect to my ISP. The rest of the ports to have boring old internet.

I have attempted the following with the router configured at its base as Home AP (router):

Add a VLAN on Ethernet 1
Set up DHCP Client on the New VLAN
Chain: SRCNAT, Out Interface (VLAN10), Action, Masquerade

The first issue I have is when I set the DHCP client on the VLAN; the Ethernet 1 seems to go into ‘Static IP’. When I apply a DHCP client to both Ethernet 1 and VLAN10 I have the problem of Ethernet 1 stuck on ‘searching’ and VLAN10 stuck on ‘Requesting’.

I’d love some help understanding what exactly I am doing wrong. I’d also love any information on how I should best set up a firewall; however I’d really love to get the internet running through the device so I can export the settings before drilling down (read learning and screwing up) the security.

I have to be able to revert it so my wife doesn’t assault me with the router for not having internet over long periods of time .. :laughing:

2

You might try starting with the most simple config, starting from scratch (not starting from some wizard config):

/system reset no-defaults=yes

/interface vlan add name=e10-v10-WAN interface=ether10 vlan-id=10 disabled=no
/interface bridge add name=br-lan
/interface ethernet set ether2,ether3,ether4,ether5 master-port=ether1
/interface ethernet set ether7,ether8,ether9 master-port=ether6
/interface bridge port add bridge=br-lan interface=ether1
/interface bridge port add bridge=br-lan interface=ether6
/interface bridge port add bridge=br-lan interface=wlan1
/ip dhcp-client add interface=e10-v10-WAN disabled=no
/ip address add address=192.168.1.1/24 interface=br-lan
/ip pool add name=lan ranges=192.168.1.100-192.168.1.254
/ip dhcp-server network add address=192.168.1.0/24 dns-server=8.8.8.8 gateway=192.168.1.1
/ip dhcp-server add address-pool=lan authoritative=yes disabled=no interface=br-lan lease-time=3d name=lan
/ip firewall nat add chain=srcnat action=masquerade src-address=192.168.1.0/24 out-interface=e10-v10-WAN

Some notes on what I did here:

  1. I put the VLAN on ether10 since it’s 10/100 port, leaving the gigabit ports for your LAN use. If your ISP speeds are > 100Mbps, then use a Gb port.
  2. I switched together the gigabit ports and the 10/100 ports using the switch chips and then put the two master ports into a bridge for the LAN. This allows you to take advantage of the switch chips for full wire-speeds on the LAN.
  3. I didn’t configure your WiFi interface to make it an AP.
  4. The router is NOT protected from attack on the Internet. There are no firewall rules on the Input chain to prevent it. Password protect with a strong password it will be attacked, usually, within 15 minutes of putting it on the public Internet.
  5. I whipped this up from memory and didn’t test the above configuration – YMMV.

Hopefully the simple config will allow you to see that something works and then you can build from there or go back to the “Home AP” config and then change to use a VLAN.

3

Thank you; this is a great basis for my configuration in future. Unfortunately I’m stuck with the same issue; the DHCP-Client stuck on requesting. At this point I’m starting to think my Fiber provider is doing something to the network that I simply can’t figure out …