VLAN and DHCP works but no internet on VLANs

sheshman · July 25, 2023, 10:36am

Hi,

I’m a newbie on Mikrotik devices and trying to learn, started with mikrotik router board / 4 Port.

I’m working on VLANs on my device, created vlan10, assigned ip and dhcp, when i tag my virtual machine as 10 it gets ip from VLAN10 dhcp but there is no internet access or can not ping the router or reach to web interface. During my searches i’ve found bridges but it makes me confuse because some says “bridging is not right way for vlans” but some says “you can’t vlan without bridges”, i couldn’t be able to fix it so wanted to ask here, most probably i’m doing a very obivous rookie mistake but what could cause the internet problem on my config.

MikroTik RouterOS 6.49.8 (c) 1999-2023       http://www.mikrotik.com/

[?]             Gives the list of available commands
command [?]     Gives help on the command and list of arguments

[Tab]           Completes the command/word. If the input is ambiguous,
                a second [Tab] gives possible options

/               Move up to base level
..              Move up one level
/command        Use command at the base level
[admin@MikroTik] > /export hide-sensitive
# jan/01/2002 01:37:54 by RouterOS 6.49.8
# software id = WREN-K22N
#
# model = RB750Gr3
# serial number = HCM07MR932A
/interface vlan
add interface=ether2 name=vlan10 vlan-id=10
/interface list
add name=WAN
add name=LAN
/ip pool
add name=dhcp_pool0 ranges=192.168.10.1-192.168.10.253
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=vlan10 name=dhcp1
/lora servers
add address=eu.mikrotik.thethings.industries down-port=1700 name=TTN-EU up-port=1700
add address=us.mikrotik.thethings.industries down-port=1700 name=TTN-US up-port=1700
add address=eu1.cloud.thethings.industries down-port=1700 name="TTS Cloud (eu1)" up-port=1700
add address=nam1.cloud.thethings.industries down-port=1700 name="TTS Cloud (nam1)" up-port=1700
add address=au1.cloud.thethings.industries down-port=1700 name="TTS Cloud (au1)" up-port=1700
add address=eu1.cloud.thethings.network down-port=1700 name="TTN V3 (eu1)" up-port=1700
add address=nam1.cloud.thethings.network down-port=1700 name="TTN V3 (nam1)" up-port=1700
add address=au1.cloud.thethings.network down-port=1700 name="TTN V3 (au1)" up-port=1700
/tool user-manager customer
set admin access=own-routers,own-users,own-profiles,own-limits,config-payment-gw
/interface list member
add interface=ether1 list=WAN
add list=LAN
/ip address
add address=192.168.88.254/24 interface=ether2 network=192.168.88.0
add address=192.168.10.254/24 interface=vlan10 network=192.168.10.0
/ip dhcp-client
add disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.10.0/24 dns-server=192.168.1.1,208.67.220.220,208.67.222.222 gateway=192.168.10.254
/system gps
set set-system-time=yes
/system routerboard settings
set auto-upgrade=yes
/tool user-manager database
set db-path=flash/user-manager

holvoetn · July 25, 2023, 10:45am

You may want to start with this excellent post from pcunite:
http://forum.mikrotik.com/t/using-routeros-to-vlan-your-network/126489/1

Router config.

anav · July 25, 2023, 12:52pm

You have no firewall rules, why?

sheshman · July 25, 2023, 1:04pm

Just resetted the device without default config and i thought when i create vlan it will be created automatically, should i create a firewall rule which will allow traffic from WAN to VLAN10?

sheshman · July 25, 2023, 1:04pm

Thanks, i’m working on it

anav · July 25, 2023, 2:07pm

No firewall rules means that all traffic is permitted which is a dangerous way to connect the MT to the internet.
Also its much easier and better to state known traffic flows to allow, and then block all else.
So yes its a good exercise in defining what traffic is allowed, to the Router, to the LAN, etc…