Subnet change /24 to /23, no navigation second range

RouterOS Beginner Basics
1

Hi, as the title says, I changed the segmentation from /24 to /23 because I was running out of IPs. That's a dedicated range for cell phones and laptops. The problem is that the second range, in this case 10.1.11.1-10.1.11.253, isn't working. It can ping between LAN devices, but not browse the internet. I've attached a screenshot of the configuration. Thanks.

model = RB1100x4

/interface bridge
add name=Colectores
/interface ethernet
set [ find default-name=ether1 ] comment="SWITCH-"100.254""
set [ find default-name=ether2 ] comment="MK-ISP-"50.156""
set [ find default-name=ether3 ] comment=
"AP-COLECTORES-"50.254" DHCP-SWPLANTA"
/interface vlan
add interface=ether1 name=VLAN-Colectores vlan-id=20
add interface=ether1 name=VLAN-Planta vlan-id=10
/interface ethernet switch port
set 0 default-vlan-id=0
set 1 default-vlan-id=0
set 2 default-vlan-id=0
set 3 default-vlan-id=0
set 4 default-vlan-id=0
set 5 default-vlan-id=0
set 6 default-vlan-id=0
set 7 default-vlan-id=0
set 8 default-vlan-id=0
set 9 default-vlan-id=0
set 10 default-vlan-id=0
set 11 default-vlan-id=0
set 12 default-vlan-id=0
set 13 default-vlan-id=0
set 14 default-vlan-id=0
set 15 default-vlan-id=0
/interface list
add name=WAN
add name=LAN
/ip pool
add comment=VLAN1 name=dhcp_pool0 ranges=192.168.100.60-192.168.100.253
add comment=VLAN10-11 name=dhcp_pool2 ranges=10.1.11.1-10.1.11.253
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=ether1 name=DHCP-LAN
/ip pool
add comment=VLAN10 name=dhcp_pool1 next-pool=dhcp_pool2 ranges=
10.1.10.1-10.1.10.253
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=VLAN-Planta lease-time=5m
name=dhcp1
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas
sword,web,sniff,sensitive,api,romon,dude,tikapp"
/interface bridge port
add bridge=Colectores interface=ether3 multicast-router=disabled
add bridge=Colectores interface=VLAN-Colectores multicast-router=disabled
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface detect-internet
set detect-interface-list=all
/interface list member
add interface=ether1 list=WAN
add interface=Colectores list=LAN
/ip address
add address=192.168.100.254/24 comment="LAN SW ARUBA" interface=ether1
network=192.168.100.0
add address=10.11.11.2/30 comment="De MK a MK" interface=Colectores network=
10.11.11.0
add address=10.1.10.254/23 comment=AP-Planta-DHCP interface=VLAN-Planta
network=10.1.10.0
/ip dhcp-server network
add address=10.1.10.0/23 dns-server=1.1.1.1,8.8.8.8 gateway=10.1.10.254
add address=192.168.100.0/24 dns-server=1.1.1.1,8.8.8.8 gateway=
192.168.100.254
/ip dns
set servers=1.1.1.1,8.8.8.8
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether2 src-address=
192.168.100.0/24
add action=masquerade chain=srcnat log=yes out-interface=ether2 src-address=
10.1.10.0/23
/ip route
add distance=1 gateway=10.11.11.1

2

Probably this part is not correct:

/ip address
add address=192.168.100.254/24 comment="LAN SW ARUBA" interface=ether1
network=192.168.100.0
add address=10.11.11.2/30 comment="De MK a MK" interface=Colectores network=
10.11.11.0
add address=10.1.10.254/23 comment=AP-Planta-DHCP interface=VLAN-Planta
network=10.1.10.0

You are using equal network segments for bridge and VLAN-Planta.

Apart from that, your VLAN setup is incorrect. As you haven't activated VLAN filtering on the bridge, it is a bit messy at the moment.

Please have a look at this great tutorial/topic:
Using RouterOS to VLAN your network - MikroTik

I assume there is an ISP router in between you MikroTik and the Internet?

3

It's unclear what address ether2 has. It looks like your rule
action=masquerade chain=srcnat log=yes out-interface=ether2 src-address=
10.1.10.0/23
doesn't work, but the rule
action=masquerade chain=srcnat log=yes out-interface=ether2 src-address=
10.1.10.0/24 works on the router behind ether2.

is ether2 is wan port?

4

Excellent material, thank you.

5

I checked the main MK signal coming to ether2, there was a rule in the Route List that was set to 10.1.10.0/24, I changed it to /23 and that fixed it. Thanks.

1 Like
6

Good :slightly_smiling_face:,
that solved the connection problem, but still allow me to doubt that your VLANs are working correctly without bridge filtering on.

7

I don't think that VLANs are a problem. ether1 is off bridge, instead it has two VLAN interfaces attached. One is used as proper interface (with IP address and DHCP server attached) and the other one is bridge port ... which is then ordinary non-VLAN bridge. The bridge has two ports, so yes, if device is running ROSv7 it could offload traffic between VLAN 20 on ether1 and untagged ether3 to the switch. But I guess that even as is it is able to bridge that traffic at wirespeed without maxing CPU load. With ROSv6 HW offload was not possible (device has Realtek switch chips) and shown config was "the" config.