Hi, I have a problem with one configuration. RB2011U is main router and to one of the Ethernet ports is connected RB951. The first three ports of RB951 should be configured as a switch that gets DHCP from RB2001U in range 192.168.130.0/24. Ports 4-5 and WLAN should be in the second range with address 192.168.133.0/24 and its own DHCP server. But output should be through port 1, to the RB2011U and out to the Internet.
I made two bridges added 3 ports into one bridge, two plus wlan1 to another.
IP → addresses added 192.168.130.1/24 and 192.168.133.1/24.
IP → Routes → two routes 192.168.130.0/24, GW first bridge, pref.source 192.168.130.1 and 192.168.133.0/24, GW first bridge, pref.source 192.168.133.1
DHCP server–> interface: second bridge, addressPool: pool1 (192.168.133.2-192.168.133.254), DNS Servers 192.168.133.1 and 8.8.8.8
What IP address is the 2011 on the 130 network? (both routers can’t be 192.168.130.1)
As galaxynet stated, your nat/filter rules could be mis-configured.
For your type of setup, I’d recommend simple routing and do all NAT (masquerade) in the 2011.
In the 2011, create a route for 192.168.131.0/24 → gw=192.168.130.1
Then make sure the srcnat rule which masquerades for 192.168.130.0/24 also masquerades for 131.x also.
e.g. on the 2011, the srcnat rule should probably just say action=masquerade, out-interface=ether1-gateway (or pppoe-out, or whatever your WAN interface is) and not use the internal IP addresses as criteria.
Also make sure to set the default gateway on the 951
0.0.0.0/0 → gw=192.168.130.X (where X is the IP of the 2011 on that vlan)
Thank you for your reply.
I think it is no problem in settings of RB2011. Other devices which are connected to the of RB2011 work as expected. The problem occurs only with the settings of this one where I have to have two networks. One that gets DHCP from RB2011 and the separate network 192.168.131.0 which has access to the Internet via a network 192.168.130.0.
I did not mention any other settings because I did not have the initial configuration of the device and put only the settings that I wrote in the question.
I hope the pictures helps in understanding.
phoenixdreamer -
Well looking at your diagram above, specifically the highlighted RB951-4:
You said ether ports 1, 4, & 5 are in bridge1
You also say that ether ports 2-5 and WLan are in bridge2…
You can’t have multiple ports has p/o two different bridges and expect it to work properly, in fact I am pretty sure you can’t actually do that…
I think you meant ether ports 2 & 3 and WLan are in bridge2 - is that correct?
If so, then I would (on all 951’s) set the IP address on ether port 1 to a static IP instead of a DHCP client. On 951-4 specifically, set the IP to 192.168.130.5 on Bridge1 (not the ether1 port). Be sure to set DNS, and Default Route 0.0.0.0/0 GW=192.168.130.1 in each RB951 manually. This can be ‘avoided’ if you set in the 2011 ‘static’ DHCP for each of your RB951s - this is under DHCP-Server, just double click on the client and then click on ‘Make Static’ button…
Next, In the 2011, a static route must be entered to point 192.168.131.0/24 to 192.168.130.5 (RB951-4), no NAT required in RB951-4. Otherwise the only way NOT to add a static route is to SRC-NAT out-interface bridge1 - that way all the clients behind 951-4 will appear as 192.168.130.5 to the 2011.
