VLAN/DHCP configuration

ablane · November 13, 2021, 5:50pm

Hi all,
I’m trying to configure my first VLAN on Mikrotik, I’m facing this issue for several days but I’m still having trouble with it.
I have followed a lot of guides, including the VLAN bible, and tried many different configs but nothing happened: the client on VLAN 103 doesn’t get the IP address from my DHCP server.
I just would like to set one DHCP on one of the interfaces.

Please help!

This is my config:

/interface bridge
add name=trunk vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] disable-running-check=no name=LAN
set [ find default-name=ether2 ] disable-running-check=no name=WAN
set [ find default-name=ether3 ] disable-running-check=no
/interface vlan
add interface=WAN name=vlan-80 vlan-id=80
add interface=trunk name=vlan-103 vlan-id=103
/ip pool
add name=dhcp_pool1 ranges=192.168.103.2-192.168.103.254
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=vlan-103 name=dhcp1
/interface bridge port
add bridge=trunk interface=ether3
/interface bridge vlan
add bridge=trunk vlan-ids=1
add bridge=trunk tagged=ether3,trunk vlan-ids=103
/interface detect-internet
set lan-interface-list=all wan-interface-list=all
/ip address
add address=192.168.103.1/24 interface=vlan-103 network=192.168.103.0
/ip dhcp-client
add disabled=no interface=LAN
add disabled=no interface=vlan-80
/ip dhcp-server network
add address=192.168.103.0/24 gateway=192.168.103.1
/ip dns
set allow-remote-requests=yes servers=192.168.103.1
/ip firewall filter
add action=accept chain=input comment="Allow Estab & Related" \
    connection-state=established,related in-interface=all-ethernet
add action=accept chain=forward comment="Allow Estab & Related" \
    connection-state=established,related in-interface=all-ethernet
/ip firewall nat
add action=masquerade chain=srcnat comment="Default masquerade" \
    out-interface-list=all

anav · November 16, 2021, 12:05am

This is the best link to explain vlans…
http://forum.mikrotik.com/t/using-routeros-to-vlan-your-network/126489/1

You may have forgotten to add ether1 to the bridge port settings.
/interface bridge port
add bridge=trunk interface=ether3
add bridge=trunk interface=ether1

Bridge vlan settings seem off
so fixing it…
/interface bridge vlan
add bridge=bridge tagged=bridge, ether3, ether1 vlan-ids=103

This supposed that ether1 and ether 3 are going to smart devices (like vlan aware switches or access points).
If instead they were going to dumb devices iike PCs or printers…
then
/interface bridge port
add bridge=trunk interface=ether3 pvid=103
add bridge=trunk interface=ether1 pvid=103
/interface bridge vlan
add bridge=bridge tagged=bridge untagged=ether3,ether1 vlan-ids=103

So what we need is a network diagram to show what devices and ports are in play.

What the heck is LAN doing under dhcp client, REMOVE!!
/ip dhcp-client
add disabled=no interface=LAN
add disabled=no interface=vlan-80

You have almost no firewall rules, I am assuming this device is not connected to the ISP modem but is connected to a router??
And if so, why do you have vlan80 on the wan Side.

This rule makes no sense whatsoever.
/ip firewall nat
add action=masquerade chain=srcnat comment=“Default masquerade”
out-interface-list=all

Are you trying to be a clown on purpose LOL, its a horrible config.
Stick to defaults and all will work.

ablane · November 16, 2021, 4:42pm

Thanks for your useful tips anav.
I’m sorry, I was hasty to post my config, I should have given a more detailed explanation.

I’m working in a virtual environment and this is just a test config to learn VLAN with Mikrotik devices.

The LAN interface is only to reach Mikrotik CHR from my network.

This is a diagram of the environment.

Mikrotik is a CHR version running as a virtual machine, like the VM, both running on a Proxmox system.

I hope I haven’t made too much confusion

anav · November 16, 2021, 5:43pm

Nope but please clarify if you are trying to mimick an MT device as a router attached to an ISP modem.
Or if you are simply mimicking an MT device as a smart switch in a network.

ablane · November 16, 2021, 8:29pm

I would like to mimic an MT device as a router

Thanks!

anav · November 16, 2021, 11:37pm

So the WLAN you are mimicking comes in on vlan80

Okay dont know what you mean by dhcp on only one of the interfaces, that is not a use case description, that is an assumption of a configuration change based on an uncommunicated use case.
What do you have for users/devices or groups of users/devices,
what should they be able to do OR not do…

interface bridge
add name=trunk vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] disable-running-check=no name=LAN
set [ find default-name=ether2 ] disable-running-check=no name=WAN
set [ find default-name=ether3 ] disable-running-check=no
/interface vlan
add interface=WAN name=vlan-80 vlan-id=80
add interface=trunk name=vlan-103 vlan-id=103
/ip pool
add name=dhcp_pool1 ranges=192.168.103.2-192.168.103.254
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=vlan-103 name=dhcp1
/interface bridge port
add bridge=trunk interface=ether3 (assuming trunk port to smart devices)
add bridge=trunk interface=ether1 (assuming trunk port to smart devices)
/interface bridge vlan
add bridge=trunk tagged=trunk,ether3,ether1 vlan-ids=103
/interface detect-internet
set lan-interface-list=NONE wan-interface-list=NONE
/ip address
add address=192.168.103.1/24 interface=vlan-103 network=192.168.103.0
/ip dhcp-client
add disabled=no interface=vlan-80
/ip dhcp-server network
add address=192.168.103.0/24 gateway=192.168.103.1 DNS=192.168.103.1
/ip dns
set allow-remote-requests=yes servers=192.168.103.1
/ip firewall filter
add action=accept chain=input comment=“accept established,related,untracked” connection-state=established,related,untracked
add action=drop chain=input comment=“drop invalid” connection-state=invalid
add action=accept chain=input comment=“accept ICMP” protocol=icmp
add action=drop chain=input comment=“drop all not coming from LAN” in-interface-list=!LAN
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
add chain=forward action=fasttrack-connection connection-state=established,related
comment=“fast-track for established,related”;
add action=accept chain=forward comment=“accept established,related, untracked” connection-state=established,related,untracked
add action=drop chain=forward comment=“drop invalid” connection-state=invalid
add action=drop chain=forward comment=“drop all from WAN not DSTNATed” connection-nat-state=!dstnat in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment=“Default masquerade”
out-interface-list=WAN
/interface list
add name=WAN
add name=LAN
/interface list members
add interface=ether2 list=WAN
add interface=vlan-80 list=WAN
add interface=vlan-103 list=LAN
/tool mac-server
set allowed-interface-list=none
/tool mac-server mac-winbox
set allowed-interface-list=LAN

ablane · November 23, 2021, 10:12am

I configured a RB760iGS and it’s working like a charm.
I don’t know why on Proxmox system there is no IP assignment, however, it was only a test environment.

Thanks a lot for your help!