vlan clients are not getting dhcp addresses

RouterOS Beginner Basics
1

Hi ,

I have a problem with my RB2011UiAS-2HnD which I configured for a very basic vlan setup,
the clients connected to the ports for vlan 10 are not getting IP addresses thru DHCP.

Is this a bug ? the default firmware for the RB2011UiAS-2HnD I got was 6.12 and I started to see that issue there,
I upgraded to 6.15 but the same issue.

Here is my setup "Mikrotik RB2011UiAS-2HnD Vlan + DHCP server"

RouterOS firmware 6.15
Bios - 3.16

RB2011UiAS-2HND
|
+--------eth2(trunk vlan10)
|
+-------eth3(access vlan10) +--------- laptopA (dhcp) (not getting ip)
|
+------eth4(access vlan10) +--------- laptopB (dhcp) (not getting ip)

vlan10 = 192.168.10.1
pool = 192.168.10.111-192.168.10.254

eth2 - Master = none
eth3 - Master = eth2
eth4 - Master = eth2

Issue:

  • Laptop Clients (eth3 and eth4) cannot get IP from dhcp server pointed to vlan10

  • laptopA can ping laptopB when static IP is configured on both of them.

  • Why I cannot ping vlan10 interface IP address too?

Below is my configuration , please let me know if I am missing something here. I just want to make this work first before I proceed with other plans on my list.


++++++++++++++++++++++++++++++++++++++++++++++++

[admin@MikroTik] > export

jan/02/1970 02:08:30 by RouterOS 6.15

software id = IDQ7-U9MS

/interface ethernet
set [ find default-name=ether1 ] comment=WAN
set [ find default-name=ether3 ] master-port=ether2
set [ find default-name=ether4 ] master-port=ether2
set [ find default-name=ether5 ] master-port=ether2
set [ find default-name=ether7 ] master-port=ether6
set [ find default-name=ether8 ] master-port=ether6
set [ find default-name=ether9 ] master-port=ether6
/interface wireless
set [ find default-name=wlan1 ] l2mtu=2290
/ip neighbor discovery
set ether1 comment=WAN
/interface vlan
add interface=ether2 l2mtu=1594 name=vlan10 vlan-id=10
/interface ethernet switch port
set 2 default-vlan-id=10 vlan-header=add-if-missing vlan-mode=secure
set 3 default-vlan-id=10 vlan-header=always-strip vlan-mode=secure
set 4 default-vlan-id=10 vlan-header=always-strip vlan-mode=secure
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m mac-cookie-timeout=3d
/ip pool
add name=vlan10-dhcpsvrpool ranges=192.168.10.111-192.168.10.254
/ip dhcp-server
add address-pool=vlan10-dhcpsvrpool disabled=no interface=vlan10 name=vlan10-dhcpserver
/port
set 0 name=serial0
/interface ethernet switch vlan
add independent-learning=no ports=ether3,ether2,ether4,switch1-cpu switch=switch1 vlan-id=10
/ip address
add address=192.168.10.1/24 interface=vlan10 network=192.168.10.0
/ip dhcp-client
add default-route-distance=0 dhcp-options=hostname,clientid disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.10.0/24 dns-server=8.8.8.8 gateway=192.168.10.1 netmask=24
/ip upnp
set allow-disable-external-interface=no
/lcd interface
set sfp1 interface=sfp1
set ether1 interface=ether1
set ether2 interface=ether2
set ether3 interface=ether3
set ether4 interface=ether4
set ether5 interface=ether5
set ether6 interface=ether6
set ether7 interface=ether7
set ether8 interface=ether8
set ether9 interface=ether9
set ether10 interface=ether10
set wlan1 interface=wlan1
/system logging
add topics=dhcp,debug
[admin@MikroTik] >


/leio

2

Same here, checked everything, still not working. I upgraded from 6.6 to 6.15 and the dhcp issue appeared. Hoping for a fix !

3

Hi I just want to update my post and I got the solution from the mikrotik support.

Here’s their support answer :

++++++++++++++++++++++++++++++++

Switch1-cpu port also should be a VLAN trunk like ether2, because it has DHCP
server on VLAN interface.
Try to set this command:
/interface ethernet switch port
set switch1-cpu vlan-header=add-if-missing vlan-mode=secure

+++++++++++++++++++++++++++++++

4

Thanks for sharing leio! You just saved me a ton of grief :smiley:

==EDIT==
Now, can't ping my WAN port (ether1).
Here's my config.

RB2011-----TRUNK-----RB750G (Pod3)----PC

jan/01/2002 01:42:34 by RouterOS 6.22

software id = E76V-SSW8

/interface ethernet
set [ find default-name=ether3 ] master-port=ether2
set [ find default-name=ether4 ] master-port=ether2
set [ find default-name=ether5 ] master-port=ether2

/interface vlan
add interface=ether2 l2mtu=1516 name=vlan1 vlan-id=1
add interface=ether2 l2mtu=1516 name=vlan2 vlan-id=2

/interface ethernet switch port
set 1 default-vlan-id=1 vlan-header=always-strip vlan-mode=secure
set 2 default-vlan-id=2 vlan-header=always-strip vlan-mode=secure
set 4 vlan-header=add-if-missing vlan-mode=secure
set 5 vlan-header=add-if-missing vlan-mode=secure

/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik

/ip pool
add name=dhcp_pool1 ranges=172.26.3.2-172.26.3.254

/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=vlan2 lease-time=3d name=
dhcp1

/system logging action
set 2 remember=yes

/interface ethernet switch vlan
add ports=ether5,ether2,switch1-cpu switch=switch1 vlan-id=1
add ports=ether5,ether3,switch1-cpu switch=switch1 vlan-id=2

/ip address
add address=172.26.3.1/24 interface=vlan2 network=172.26.3.0

/ip dhcp-client
add default-route-distance=0 dhcp-options=hostname,clientid disabled=no
interface=ether1

/ip dhcp-server network
add address=172.26.3.0/24 dns-server=172.26.3.1 gateway=172.26.3.1

/ip dns
set allow-remote-requests=yes

/system identity
set name=Pod3

I have only the default route that my dhcp-client gets.
Internaly, I can ping all, even WAN on E1. From the RB2011, I can't ping the RB750G (Pod3).
If switch1-cpu is leave-as-is, all pings well but my PC can't get an IP address from local DHCP-server on Pod3.
Ideas anyone??
:open_mouth:

5

did you ever find a proper solution?
I got the same when setting the switch-cpu interface to vlan-mode=secure/strip. Everything just stops