Hi,

I've been digging through the forums trying to find an answer, but haven't had any luck so far...

I have a 5 port hEX that I'm trying to configure on my network. I am trying to configure the "LAN" ports (2,3,4,5) to have their own VLAN (ultimately there will be a 24 port switch, using VLAN tagging, sending different port groups to each interface of the router). When I first set up the router I was able to use port 2 (without VLAN configuration) to plug a laptop into, get a DHCP address, then browse the Internet. I then decided to configure ports 3,4,5 with vlans, dhcp servers, IP pools, etc. After what I thought was the correct configuration I connected a laptop to port 3 of the hEX. Unfortunately I cannot get the DHCP server to give a lease out to the laptop.

Any help would be greatly appreciated!!
Steve

Here is the configuration of my router:

oct/07/2017 21:11:32 by RouterOS 6.40.3

software id = 32WG-XHWQ

model = RouterBOARD 750G r3

serial number = 6F3906CA645C

/interface ethernet
set [ find default-name=ether2 ] name=ether2-master
/ip neighbor discovery
set ether1 discover=no
/interface vlan
add interface=ether2-master name=vlan10 vlan-id=10
add interface=ether4 name=vlan20 vlan-id=20
add interface=ether3 name=vlan30 vlan-id=30
add interface=ether4 name=vlan40 vlan-id=40
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp_poolUS ranges=192.168.88.6-192.168.88.254
add name=dhcp_pool40 ranges=192.168.40.6-192.168.40.254
add name=dhcp_pool20 ranges=192.168.20.6-192.168.20.254
add name=dhcp_pool30 ranges=192.168.30.6-192.168.30.254
/ip dhcp-server
add address-pool=dhcp_poolUS disabled=no interface=ether2-master lease-time=1d name=US
add address-pool=dhcp_pool40 disabled=no interface=vlan40 lease-time=1d name=dhcp40
add address-pool=dhcp_pool30 disabled=no interface=vlan30 lease-time=1d name=dhcp30
add address-pool=dhcp_pool20 disabled=no interface=vlan20 lease-time=1d name=dhcp20
/interface list member
add comment=defconf interface=ether2-master list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether2-master network=192.168.88.0
add address=192.168.1.2/24 interface=ether1 network=192.168.1.0
add address=192.168.40.1/24 comment="IoT VLAN" interface=vlan40 network=192.168.40.0
add address=192.168.30.1/24 comment="Server VLAN" interface=vlan30 network=192.168.30.0
add address=192.168.20.1/24 comment="Guest VLAN" interface=vlan20 network=192.168.20.0
/ip dhcp-client
add dhcp-options=hostname,clientid interface=ether1
/ip dhcp-server network
add address=192.168.20.0/24 comment="Guests and Screenwise Router" dns-server=192.168.1.1 gateway=192.168.20.1 netmask=24
add address=192.168.30.0/24 comment=Servers dns-server=192.168.1.1 gateway=192.168.30.1 netmask=24
add address=192.168.40.0/24 comment=IoT dns-server=192.168.1.1 gateway=192.168.40.1
add address=192.168.88.0/24 comment=Family dns-server=192.168.1.1 gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router.lan
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked disabled=yes
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid disabled=yes
add action=accept chain=input comment="defconf: accept ICMP" disabled=yes protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" disabled=yes in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" disabled=yes ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" disabled=yes ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related disabled=yes
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked disabled=yes
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid disabled=yes
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new disabled=yes in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" disabled=yes ipsec-policy=out,none out-interface-list=WAN
/ip route
add distance=1 gateway=192.168.1.1
/snmp
set enabled=yes
/system clock
set time-zone-name=America/New_York
/system ntp client
set enabled=yes primary-ntp=18.26.4.105 secondary-ntp=129.6.15.29
/system routerboard mode-button
set enabled=no on-event=""
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether2-master
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2-master

Hey

The hEX (RB750Gr3) with the MT7621 switch chip doesn’t support vlans at the current router os version. The a look a this and this.

What you can do is, configure one subnet per port the ship around the missing functionality or use software based vlan switching.

Greetings

Hey, thanks for those links. That’s a bummer - I was hoping for VLAN capability. Hopefully they’ll come out for it soon for this chipset.

Thanks!