Vlan / DHCP Configuration

lukik007 · May 27, 2019, 7:29am

I have been trying to configure the below setup using Mikrotik Switches only instead of including CISCO/HP/FORTINET.

I require the mikrotik with the below requirements and to operate as a managed switch

Setup:

Hardware using HEX RB750Gr3
2 VLANS
VLAN 200
VLAN 201
DHCP on VLAN 200 using 10.0.0.1/24
DHCP on VLAN 201 using 10.0.1.1/24
Ethernet 1 - Internet
Ethernet 2 - VLAN 200
Ethernet 3 - VLAN 201

VLANS and DHCP must be configured on the same mikrotik.

Kindly guide me with the way forward

lukik007 · May 27, 2019, 9:25am

What i configured till now which did not work:
/interface bridge
add name=switch_bridge vlan-filtering=yes

/interface vlan
add interface=switch_bridge name=vlan200 vlan-id=200
add interface=switch_bridge name=vlan201 vlan-id=201

/ip pool
add name=dhcp_pool_vlan_200 ranges=10.0.0.2-10.0.0.254
add name=dhcp_pool_vlan_201 ranges=10.0.1.2-10.0.1.254

/ip dhcp-server
add add-arp=yes address-pool=dhcp_pool_vlan_200 disabled=no interface=vlan200
name=dhcp_vlan_200
add add-arp=yes address-pool=dhcp_pool_vlan_201 disabled=no interface=vlan201
name=dhcp_vlan_201

/interface bridge port
add bridge=switch_bridge frame-types=admit-only-untagged-and-priority-tagged
ingress-filtering=yes interface=vlan200 pvid=200
add bridge=switch_bridge frame-types=admit-only-untagged-and-priority-tagged
ingress-filtering=yes interface=vlan201 pvid=201

/interface bridge vlan
add bridge=switch_bridge tagged=switch_bridge untagged=ether2 vlan-ids=200
add bridge=switch_bridge tagged=switch_bridge untagged=ether3 vlan-ids=201
/ip address
add address=10.0.0.1/24 interface=switch_bridge network=10.0.0.0
add address=10.0.1.1/24 interface=switch_bridge network=10.0.1.0
/ip dhcp-server network
add address=10.0.0.0/24 dns-server=8.8.8.8 gateway=10.0.0.1 netmask=24
add address=10.0.1.0/24 dns-server=8.8.8.8 gateway=10.0.1.1 netmask=24
/system routerboard settings
set silent-boot=no

tdw · May 27, 2019, 10:04am

There are a couple of sections of that configuration where you have used the wrong interfaces, firstly /interface bridge port should refer to physical interfaces, not the VLANs

/interface bridge port
add bridge=switch_bridge frame-types=admit-only-untagged-and-priority-tagged \
ingress-filtering=yes interface=ether2 pvid=200
add bridge=switch_bridge frame-types=admit-only-untagged-and-priority-tagged \
ingress-filtering=yes interface=ether3 pvid=201

and secondly the IP addresses should be attached to the VLANs, not the bridge

/ip address
add address=10.0.0.1/24 interface=vlan200 network=10.0.0.0
add address=10.0.1.1/24 interface=vlan201 network=10.0.1.0

Presumably there is additional configuration for your internet connection (IP address, routing, NAT, etc.).

lukik007 · May 27, 2019, 11:29am

amazing.

It worked with your suggestions