vlan + dhcp

Clauu · March 23, 2014, 9:41pm

Hello, i have created 2 vlans, vlan1 with eth2 and vlan2 with eth3, added ip addresses for each vlans and then created dhcp servers for vlan1 and vlan2 with separate pools. Now the problem is that clients connecting to ports from vlans can’t get an ip, where is the problem?

bingo220 · March 24, 2014, 11:21am

Sample:

/interface vlan
add name=vlan1 vlan-id=1001 interface=eth2
add name=vlan2 vlan-id=1002 interface=eth3
/ip address
add address=192.168.1.1/24 interface=vlan1
add address=192.168.2.1/24 interface=vlan2
/ip pool
add name=pool1 ranges=192.168.1.10-192.168.1.254
add name=pool2 ranges=192.168.2.10-192.168.2.254
/ip dhcp-server
add authoritative=yes name=dhcp1 interface=vlan1 address-pool=pool1 disabled=no
add authoritative=yes name=dhcp2 interface=vlan2 address-pool=pool2 disabled=no
/ip dhcp-server network
add address=192.168.1.0/24 gateway=192.168.1.1 dns-server=192.168.1.1
add address=192.168.2.0/24 gateway=192.168.2.1 dns-server=192.168.2.1

Clauu · March 24, 2014, 2:57pm

Thanks for your reply, well my configuration was the same except the authoritative part, still the same issue clients do not receive ips from the dhcp server..

bingo220 · March 24, 2014, 3:15pm

I showed the part of my own configuration.
24 vlans are using the 24 dhcp servers and it works fine.

Clauu · March 24, 2014, 3:31pm

Directly to the interface is working but binding the dhcp server to vlan is not.. where could be the problem?

Clauu · March 24, 2014, 6:58pm

I’m really stuck with this since i can’t figure out where could be the problem.. any help would be appreciated

/interface bridge
add admin-mac=4C:5E:0C:43:AC:80 auto-mac=no l2mtu=1598 name=bridge-claudiu \
    protocol-mode=rstp
add admin-mac=4C:5E:0C:43:AC:86 auto-mac=no name=bridge-local protocol-mode=\
    rstp
/interface ethernet
set [ find default-name=ether1 ] name=ether1-gateway
set [ find default-name=ether6 ] name=ether6-master-local
set [ find default-name=ether7 ] master-port=ether6-master-local name=\
    ether7-slave-local
set [ find default-name=ether8 ] master-port=ether6-master-local name=\
    ether8-slave-local
set [ find default-name=ether9 ] master-port=ether6-master-local name=\
    ether9-slave-local
set [ find default-name=ether10 ] master-port=ether6-master-local name=\
    ether10-slave-local
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1-gateway name=\
    pppoe-out1 password=xxx use-peer-dns=yes user=xxx
/interface pptp-server
add disabled=yes name=pptp-in1 user=""
/ip neighbor discovery
set ether1-gateway discover=no
/interface vlan
add interface=ether2 l2mtu=1594 name=vlan1 vlan-id=1
add interface=ether3 l2mtu=1594 name=vlan2 vlan-id=2
/interface wireless security-profiles
add authentication-types=wpa2-psk eap-methods="" group-ciphers=tkip,aes-ccm \
    management-protection=allowed management-protection-key=xxx mode=\
    dynamic-keys name=xxx supplicant-identity="" unicast-ciphers=\
    tkip,aes-ccm wpa2-pre-shared-key=xxx
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n disabled=no frequency=2457 \
    l2mtu=2290 mode=ap-bridge security-profile=xxx ssid=\
    "xxx"
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \
    mac-cookie-timeout=3d
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
add name=dhcp_pppoe_pool ranges=192.168.1.100-192.168.1.200
add name=vpn_pool ranges=192.168.1.200-192.168.1.255
add name=dhcp_vlan1_pool ranges=192.168.10.100-192.168.10.200
add name=dhcp_vlan2_pool ranges=192.168.20.100-192.168.20.200
/ip dhcp-server
add address-pool=default-dhcp interface=bridge-local name=default
add address-pool=dhcp_pppoe_pool disabled=no interface=bridge-claudiu name=\
    dhcp_pppoe
add address-pool=dhcp_vlan1_pool disabled=no interface=vlan1 name=dhcp_vlan1
add address-pool=dhcp_vlan2_pool disabled=no interface=vlan2 name=dhcp_vlan2
/port
set 0 name=serial0
set 1 name=usb2
/interface ppp-client
add apn=internet name=ppp-out1 phone=*99# port=usb2
/ppp profile
set 0 dns-server=192.168.88.1
add dns-server=8.8.8.8,8.8.4.4 local-address=192.168.1.1 name=vpn \
    remote-address=vpn_pool
/routing ospf instance
add distribute-default=always-as-type-1 name=ospf1 router-id=1.1.1.1
/user group
add name=eu policy="read,web,!local,!telnet,!ssh,!ftp,!reboot,!write,!policy,!\
    test,!winbox,!password,!sniff,!sensitive,!api"
/interface bridge port
add bridge=bridge-local disabled=yes interface=ether2
add bridge=bridge-local disabled=yes interface=ether3
add bridge=bridge-local interface=ether4
add bridge=bridge-claudiu interface=ether5
add bridge=bridge-claudiu interface=ether6-master-local
add bridge=bridge-local interface=sfp1
add bridge=bridge-claudiu interface=wlan1
/interface pptp-server server
set authentication=pap,chap,mschap1,mschap2 enabled=yes
/ip address
add address=192.168.88.1/24 comment="default configuration" disabled=yes \
    interface=wlan1 network=192.168.88.0
add address=192.168.1.1/24 interface=bridge-claudiu network=192.168.1.0
add address=192.168.10.1/24 interface=vlan1 network=192.168.10.0
add address=192.168.20.1/24 interface=vlan2 network=192.168.20.0
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid interface=\
    ether1-gateway
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.1.1
add address=192.168.10.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.10.1
add address=192.168.20.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.20.1
add address=192.168.88.0/24 comment="default configuration" dns-server=\
    8.8.8.8,8.8.4.4 gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router
/ip firewall filter
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=established
add chain=input comment="default configuration" connection-state=related
add action=drop chain=input comment="default configuration" in-interface=\
    ether1-gateway
add chain=forward comment="default configuration" connection-state=\
    established
add chain=forward comment="default configuration" connection-state=related
add action=drop chain=forward comment="default configuration" \
    connection-state=invalid
add action=drop chain=input dst-port=22 in-interface=pppoe-out1 protocol=tcp
add action=drop chain=input dst-port=23 in-interface=pppoe-out1 protocol=tcp
add action=drop chain=input dst-port=21 in-interface=pppoe-out1 protocol=tcp
add action=drop chain=input dst-port=80 in-interface=pppoe-out1 protocol=tcp
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" disabled=\
    yes out-interface=ether1-gateway
add action=masquerade chain=srcnat out-interface=pppoe-out1
/ip traffic-flow
set enabled=yes
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=bridge-claudiu type=external
add interface=vlan1 type=internal
add interface=vlan2 type=internal
/lcd
set time-interval=daily
/lcd interface
set sfp1 interface=sfp1
set ether1-gateway interface=ether1-gateway
set ether2 interface=ether2
set ether3 interface=ether3
set ether4 interface=ether4
set ether5 interface=ether5
set ether6-master-local interface=ether6-master-local
set ether7-slave-local interface=ether7-slave-local
set ether8-slave-local interface=ether8-slave-local
set ether9-slave-local interface=ether9-slave-local
set ether10-slave-local interface=ether10-slave-local
set wlan1 interface=wlan1
/ppp secret
add name=xxx password=xxx profile=vpn service=pptp
/routing ospf network
add area=backbone network=192.168.10.0/24
add area=backbone
add area=backbone network=192.168.20.0/24
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether2
add interface=ether3
add interface=ether4
add interface=ether5
add interface=ether6-master-local
add interface=ether7-slave-local
add interface=ether8-slave-local
add interface=ether9-slave-local
add interface=sfp1
add interface=wlan1
add interface=bridge-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2
add interface=ether3
add interface=ether4
add interface=ether5
add interface=ether6-master-local
add interface=ether7-slave-local
add interface=ether8-slave-local
add interface=ether9-slave-local
add interface=sfp1
add interface=wlan1
add interface=bridge-local

bingo220 · March 24, 2014, 7:26pm

/ip dhcp-server
add authoritative=yes address-pool=dhcp_vlan1_pool disabled=no interface=vlan1 name=dhcp_vlan1
add authoritative=yes address-pool=dhcp_vlan2_pool disabled=no interface=vlan2 name=dhcp_vlan2

Clauu · March 24, 2014, 7:41pm

After your first message i have added that option but since the issue was still the same i have change it back..is this a bug or what?

bingo220 · March 24, 2014, 9:04pm

I’m not sure but try to delete those bridges:

/interface bridge port
add bridge=bridge-local disabled=yes interface=ether2
add bridge=bridge-local disabled=yes interface=ether3

then add “authoritative” options to dhcp servers and reboot router.

Clauu · March 24, 2014, 9:23pm

Just tried that and same problem what on earth..

bingo220 · March 24, 2014, 10:00pm

Maybe it’s really bug.
I found this question http://forum.mikrotik.com/t/v6-11-released/75450/1

Try to downgrade routerboard to ROS 6.7

mpreissner · March 25, 2014, 2:05am

Have you configured the ports as Access ports? You need to set the VLAN mode to strict, VLAN header to always strip, and configure the Default VLAN ID appropriately.

Clauu · March 25, 2014, 5:05am

Well i don’t have such a strict option in the vlan mode, only check,disabled,fallback,secure. And what do you mean with access ports?

mpreissner · March 25, 2014, 11:07am

Ok, what you probably are going to want to do is pass switching tasks down to the switch chip. It seems like you’re trying to do everything through the RouterOS instead of leveraging the switch chip. Check your port configuration. You’ll probably want to slave eth3 to eth2. Then you assign all your VLANs to eth2, and bind your DHCP servers to the VLAN interfaces. You’ll find the port configuration options I mentioned under the Switch > Port menu.

For example:
/interface ethernet
set [ find default-name=ether1 ] name=ether1-gateway
set [ find default-name=ether2 ] name=ether2-master-local
set [ find default-name=ether3 ] master-port=ether2-master-local name=ether3-slave-local
set [ find default-name=ether4 ] master-port=ether2-master-local name=ether4-slave-local
set [ find default-name=ether5 ] master-port=ether2-master-local name=ether5-slave-local
/interface vlan
add interface=ether2-master-local l2mtu=1594 name=DMZ vlan-id=300
add interface=ether2-master-local l2mtu=1594 name=GuestWireless vlan-id=901
add interface=ether2-master-local l2mtu=1594 name=InternalWireless vlan-id=801
add interface=ether2-master-local l2mtu=1594 name=MediaLAN vlan-id=501
add interface=ether2-master-local l2mtu=1594 name=Mgmt vlan-id=1
add interface=ether2-master-local l2mtu=1594 name=Phones vlan-id=400
add interface=ether2-master-local l2mtu=1594 name=Servers vlan-id=200
/interface ethernet switch port
set 1 vlan-mode=secure
set 2 default-vlan-id=200 vlan-header=always-strip vlan-mode=secure
set 3 default-vlan-id=1 vlan-header=always-strip vlan-mode=secure
set 4 default-vlan-id=501 vlan-header=always-strip vlan-mode=secure
set 5 vlan-mode=secure
/interface ethernet switch vlan
add independent-learning=no ports=ether2-master-local,switch1-cpu,ether5-slave-local,ether4-slave-local switch=
switch1 vlan-id=501
add independent-learning=no ports=ether3-slave-local,switch1-cpu,ether4-slave-local switch=switch1 vlan-id=200
add independent-learning=no ports=switch1-cpu,ether4-slave-local switch=switch1 vlan-id=801
add independent-learning=no ports=switch1-cpu,ether4-slave-local switch=switch1 vlan-id=901
add independent-learning=no ports=
ether2-master-local,ether3-slave-local,ether4-slave-local,ether5-slave-local,switch1-cpu switch=switch1 vlan-id=1
/ip address
add address=172.16.0.14/28 comment=“default configuration” interface=ether2-master-local network=172.16.0.0
add address=172.16.0.14/28 interface=Mgmt network=172.16.0.0
add address=10.1.150.254/24 interface=Servers network=10.1.150.0
add address=10.1.168.14/28 interface=InternalWireless network=10.1.168.0
add address=192.168.15.30/27 interface=GuestWireless network=192.168.15.0
add address=172.18.0.30/28 interface=MediaLAN network=172.18.0.16If you can’t figure it out using my config as an example, let me know and I’ll try to put it into context for you based on the config you’ve posted.

Clauu · March 25, 2014, 12:33pm

Thanks for the example, i will try out after i get home
PS is that the hole code for what i need to know?

Clauu · March 25, 2014, 3:31pm

Tried again but still the same behavior.. is there something wrong here? vlan3 192.168.30.1/24
/interface bridge
add admin-mac=4C:5E:0C:43:AC:80 auto-mac=no l2mtu=1598 name=bridge-claudiu
protocol-mode=rstp
add admin-mac=4C:5E:0C:43:AC:86 auto-mac=no name=bridge-local protocol-mode=
rstp
/interface ethernet
set [ find default-name=ether1 ] name=ether1-gateway
set [ find default-name=ether3 ] master-port=ether2
set [ find default-name=ether6 ] name=ether6-master-local
set [ find default-name=ether7 ] master-port=ether6-master-local name=
ether7-slave-local
set [ find default-name=ether8 ] master-port=ether6-master-local name=
ether8-slave-local
set [ find default-name=ether9 ] master-port=ether6-master-local name=
ether9-slave-local
set [ find default-name=ether10 ] master-port=ether6-master-local name=
ether10-slave-local
/interface pptp-server
add disabled=yes name=pptp-in1 user=“”
/ip neighbor discovery
set ether1-gateway discover=no
/interface vlan
add disabled=yes interface=ether2 name=vlan1 vlan-id=1
add interface=ether3 l2mtu=1594 name=vlan2 vlan-id=2
add interface=ether2 l2mtu=1594 name=vlan3 vlan-id=3
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
add name=dhcp_pppoe_pool ranges=192.168.1.100-192.168.1.200
add name=vpn_pool ranges=192.168.1.200-192.168.1.255
add name=dhcp_vlan1_pool ranges=192.168.10.100-192.168.10.200
add name=dhcp_vlan2_pool ranges=192.168.20.100-192.168.20.200
add name=dhcp_vlan3_pool ranges=192.168.30.100-192.168.30.200
/ip dhcp-server
add address-pool=default-dhcp interface=bridge-local name=default
add address-pool=dhcp_pppoe_pool disabled=no interface=bridge-claudiu name=
dhcp_pppoe
add address-pool=dhcp_vlan1_pool authoritative=yes interface=vlan1 name=
dhcp_vlan1
add address-pool=dhcp_vlan2_pool authoritative=yes disabled=no interface=
vlan2 name=dhcp_vlan2
add address-pool=dhcp_vlan3_pool disabled=no interface=vlan3 name=dhcp_vlan3
/port
set 0 name=serial0
set 1 name=usb2
/interface ppp-client
add apn=internet name=ppp-out1 phone=*99# port=usb2
/ppp profile
set 0 dns-server=192.168.88.1
add dns-server=8.8.8.8,8.8.4.4 local-address=192.168.1.1 name=vpn
remote-address=vpn_pool
/routing ospf instance
add distribute-default=always-as-type-1 name=ospf1 router-id=1.1.1.1
/interface bridge port
add bridge=bridge-local disabled=yes interface=ether3
add bridge=bridge-claudiu interface=ether4
add bridge=bridge-claudiu interface=ether5
add bridge=bridge-claudiu interface=ether6-master-local
add bridge=bridge-local interface=sfp1
add bridge=bridge-claudiu interface=wlan1
add bridge=bridge-local disabled=yes interface=ether2
/interface ethernet switch port
set 2 default-vlan-id=3 vlan-header=always-strip vlan-mode=secure
/interface ethernet switch vlan
add independent-learning=no ports=ether2 switch=switch1 vlan-id=3
/interface pptp-server server
set authentication=pap,chap,mschap1,mschap2 enabled=yes
/ip address
add address=192.168.88.1/24 comment=“default configuration” disabled=yes
interface=wlan1 network=192.168.88.0
add address=192.168.1.1/24 interface=bridge-claudiu network=192.168.1.0
add address=192.168.10.1/24 disabled=yes interface=vlan1 network=192.168.10.0
add address=192.168.20.1/24 interface=vlan2 network=192.168.20.0
add address=192.168.30.1/24 interface=vlan3 network=192.168.30.0
/ip dhcp-client
add comment=“default configuration” dhcp-options=hostname,clientid interface=
ether1-gateway
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.1.1
add address=192.168.10.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.10.1
add address=192.168.20.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.20.1
add address=192.168.30.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.30.1
add address=192.168.88.0/24 comment=“default configuration” dns-server=
8.8.8.8,8.8.4.4 gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip dns static
add address=192.168.88.1 name=router
add address=192.168.1.1 name=gw
/ip firewall filter
add chain=input comment=“default configuration” protocol=icmp
add chain=input comment=“default configuration” connection-state=established
add chain=input comment=“default configuration” connection-state=related
add action=drop chain=input comment=“default configuration” in-interface=
ether1-gateway
add chain=forward comment=“default configuration” connection-state=
established
add chain=forward comment=“default configuration” connection-state=related
add action=drop chain=forward comment=“default configuration”
connection-state=invalid
add action=drop chain=input dst-port=22 in-interface=pppoe-out1 protocol=tcp
add action=drop chain=input dst-port=23 in-interface=pppoe-out1 protocol=tcp
add action=drop chain=input dst-port=21 in-interface=pppoe-out1 protocol=tcp
add action=drop chain=input dst-port=80 in-interface=pppoe-out1 protocol=tcp
/ip firewall nat
add action=masquerade chain=srcnat comment=“default configuration” disabled=
yes out-interface=ether1-gateway
add action=masquerade chain=srcnat out-interface=pppoe-out1
/ip traffic-flow
set enabled=yes
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=bridge-claudiu type=external
add interface=vlan1 type=external
add interface=vlan2 type=external
/routing ospf network
add area=backbone network=192.168.10.0/24
add area=backbone
add area=backbone network=192.168.20.0/24

mpreissner · March 26, 2014, 2:54pm

Ok, in the /interface vlan section, you need to assign vlans 3 and 2 to eth2, your Master port. Then bind their respective IP’s and DHCP servers to the VLAN interfaces. In /interface ethernet switch port, you need to configure port 2 with VLAN-mode=secure and VLAN-header=always-strip, with Default-vlan-id=3. On the same note, configure port 3 the same but with Default-vlan-id=2. This will turn them into Access ports. The final step is to configure the /interface ethernet switch vlan section. In here, you need map the ports to the vlans. Use “ports=ether2,switch1-cpu switch=switch1 vlan-id=3” and “ports=ether3,switch1-cpu vlan-id=2”, assuming switch1 is the “switch” that is assigned to those ports. I saw that you also have ether6 designated as a Master port, so you may need to change the switch id. I also noticed that you disabled VLAN 1 and are using VLAN 3 instead. Good move, as VLAN 1 is usually reserved for management purposes - you generally don’t want to use it for production networks.

Clauu · March 27, 2014, 5:01am

Thank you for the example, changed the confguration but still the same issue clients won’t get an ip
/interface bridge
add admin-mac=4C:5E:0C:43:AC:80 auto-mac=no l2mtu=1598 name=bridge-claudiu
add admin-mac=4C:5E:0C:43:AC:86 auto-mac=no l2mtu=1598 name=bridge-local
/interface ethernet
set [ find default-name=ether1 ] name=ether1-gateway
set [ find default-name=ether3 ] master-port=ether2
set [ find default-name=ether6 ] name=ether6-master-local
set [ find default-name=ether7 ] master-port=ether6-master-local name=
ether7-slave-local
set [ find default-name=ether8 ] master-port=ether6-master-local name=
ether8-slave-local
set [ find default-name=ether9 ] master-port=ether6-master-local name=
ether9-slave-local
set [ find default-name=ether10 ] master-port=ether6-master-local name=
ether10-slave-local
/interface pptp-server
add name=pptp-in1 user=“”
/ip neighbor discovery
set ether1-gateway discover=no
/interface vlan
add interface=ether2 l2mtu=1594 name=vlan1 vlan-id=3
add interface=ether3 l2mtu=1594 name=vlan2 vlan-id=2
/interface ethernet switch port
set 2 default-vlan-id=3 vlan-header=always-strip vlan-mode=secure
set 3 default-vlan-id=2 vlan-header=always-strip vlan-mode=secure
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m
mac-cookie-timeout=3d
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
add name=dhcp_pppoe_pool ranges=192.168.1.100-192.168.1.200
add name=vpn_pool ranges=192.168.1.200-192.168.1.255
add name=dhcp_vlan1_pool ranges=192.168.10.100-192.168.10.200
add name=dhcp_vlan2_pool ranges=192.168.20.100-192.168.20.200
/ip dhcp-server
add address-pool=default-dhcp interface=bridge-local name=default
add address-pool=dhcp_pppoe_pool disabled=no interface=bridge-claudiu name=
dhcp_pppoe
add address-pool=dhcp_vlan1_pool authoritative=yes disabled=no interface=
vlan1 name=dhcp_vlan1
add address-pool=dhcp_vlan2_pool authoritative=yes disabled=no interface=
vlan2 name=dhcp_vlan2
/port
set 0 name=serial0
set 1 name=usb2
/ppp profile
set 0 dns-server=192.168.88.1
add dns-server=8.8.8.8,8.8.4.4 local-address=192.168.1.1 name=vpn
remote-address=vpn_pool
/queue simple
add disabled=yes max-limit=512k/512k name=queue1 target=ppp-out1
/routing ospf instance
add distribute-default=always-as-type-1 name=ospf1 router-id=1.1.1.1
/interface bridge port
add bridge=bridge-local disabled=yes interface=ether3
add bridge=bridge-claudiu interface=ether4
add bridge=bridge-claudiu interface=ether5
add bridge=bridge-claudiu interface=ether6-master-local
add bridge=bridge-local interface=sfp1
add bridge=bridge-claudiu interface=wlan1
add bridge=bridge-local disabled=yes interface=ether2
/interface ethernet switch vlan
add independent-learning=no ports=ether2,switch1-cpu switch=switch1 vlan-id=3
add independent-learning=no ports=ether3,switch1-cpu switch=switch1 vlan-id=2
/interface pptp-server server
set authentication=pap,chap,mschap1,mschap2 enabled=yes
/ip address
add address=192.168.88.1/24 comment=“default configuration” disabled=yes
interface=wlan1 network=192.168.88.0
add address=192.168.1.1/24 interface=bridge-claudiu network=192.168.1.0
add address=192.168.10.1/24 interface=vlan1 network=192.168.10.0
add address=192.168.20.1/24 interface=vlan2 network=192.168.20.0
/ip dhcp-client
add comment=“default configuration” dhcp-options=hostname,clientid interface=
ether1-gateway
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.1.1
add address=192.168.10.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.10.1
add address=192.168.20.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.20.1
add address=192.168.88.0/24 comment=“default configuration” dns-server=
8.8.8.8,8.8.4.4 gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router
add address=192.168.1.1 name=gw
/ip firewall filter
add chain=input comment=“default configuration” protocol=icmp
add chain=input comment=“default configuration” connection-state=established
add chain=input comment=“default configuration” connection-state=related
add action=drop chain=input comment=“default configuration” in-interface=
ether1-gateway
add chain=forward comment=“default configuration” connection-state=
established
add chain=forward comment=“default configuration” connection-state=related
add action=drop chain=forward comment=“default configuration”
connection-state=invalid
add action=drop chain=input dst-port=22 in-interface=pppoe-out1 protocol=tcp
add action=drop chain=input dst-port=23 in-interface=pppoe-out1 protocol=tcp
add action=drop chain=input dst-port=21 in-interface=pppoe-out1 protocol=tcp
add action=drop chain=input dst-port=80 in-interface=pppoe-out1 protocol=tcp
/ip firewall nat
add action=masquerade chain=srcnat comment=“default configuration” disabled=
yes out-interface=ether1-gateway
add action=masquerade chain=srcnat out-interface=pppoe-out1
add action=masquerade chain=srcnat out-interface=ppp-out1
/ip traffic-flow
set enabled=yes
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=bridge-claudiu type=external
add interface=vlan1 type=external
add interface=vlan2 type=external
/routing ospf network
add area=backbone network=192.168.10.0/24
add area=backbone
add area=backbone network=192.168.20.0/24Also what has mikrotik said

If you have not configured to accept specific VLAN id packets in laptop and phone
network settings, example:
http://www.mytechfetish.com/2010/11/set-vlan-id-on-network-adapter-in.html
you need to use a switch with VLAN features between router and end devices to
untag packets before they reach laptop, phone, etc. It is called
"router-on-a-stick" configuration, otherwise DHCP server from VLAN interface will
not work.

mpreissner · March 27, 2014, 11:42am

Ok, the first problem is that you still have your /interface vlan section off a bit. Since ether2 is a Master port for a switch chip, you need to assign ALL VLANs that the switch chip will handle to the Master port. It also looks like you have a DHCP server assigned to VLAN 1, but you had changed 1 to 3 elsewhere in your config, so that DHCP server isn’t going to do you any good. You also have an IP address assigned to VLAN 1, but nothing to VLAN 3. Try fixing those issues and retest.

Clauu · March 27, 2014, 3:57pm

Thank you now it’s partial done dhcp from vlan2 will assign an ip if i will connect through ether4 but not the same for ether3(dhcp from vlan1 to assign an ip when i will connect through ether3).. where could be the problem?
/interface bridge
add admin-mac=4C:5E:0C:43:AC:80 auto-mac=no l2mtu=1598 name=bridge-claudiu
add admin-mac=4C:5E:0C:43:AC:86 auto-mac=no l2mtu=1598 name=bridge-local
/interface ethernet
set [ find default-name=ether1 ] name=ether1-gateway
set [ find default-name=ether3 ] master-port=ether2
set [ find default-name=ether4 ] master-port=ether2
set [ find default-name=ether6 ] name=ether6-master-local
set [ find default-name=ether7 ] master-port=ether6-master-local name=
ether7-slave-local
set [ find default-name=ether8 ] master-port=ether6-master-local name=
ether8-slave-local
set [ find default-name=ether9 ] master-port=ether6-master-local name=
ether9-slave-local
set [ find default-name=ether10 ] master-port=ether6-master-local name=
ether10-slave-local
/interface pptp-server
add name=pptp-in1 user=“”
/ip neighbor discovery
set ether1-gateway discover=no
/interface vlan
add interface=ether2 l2mtu=1594 name=vlan1 vlan-id=1
add interface=ether2 l2mtu=1594 name=vlan2 vlan-id=2
/interface ethernet switch port
set 3 default-vlan-id=1 vlan-header=always-strip vlan-mode=secure
set 4 default-vlan-id=2 vlan-header=always-strip vlan-mode=secure
set 11 vlan-mode=secure
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m
mac-cookie-timeout=3d
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
add name=dhcp_pppoe_pool ranges=192.168.1.100-192.168.1.200
add name=vpn_pool ranges=192.168.1.200-192.168.1.255
add name=dhcp_vlan1_pool ranges=192.168.10.100-192.168.10.200
add name=dhcp_vlan2_pool ranges=192.168.20.100-192.168.20.200
/ip dhcp-server
add address-pool=default-dhcp interface=bridge-local name=default
add address-pool=dhcp_pppoe_pool disabled=no interface=bridge-claudiu name=
dhcp_pppoe
add address-pool=dhcp_vlan1_pool disabled=no interface=vlan1 name=dhcp_vlan1
add address-pool=dhcp_vlan2_pool disabled=no interface=vlan2 name=dhcp_vlan2
/port
set 0 name=serial0
set 1 name=usb2
/ppp profile
set 0 dns-server=192.168.88.1
add dns-server=8.8.8.8,8.8.4.4 local-address=192.168.1.1 name=vpn
remote-address=vpn_pool
/queue simple
add disabled=yes max-limit=512k/512k name=queue1 target=ppp-out1
add disabled=yes max-limit=2M/2M name=queue2 target=
/routing ospf instance
add distribute-default=always-as-type-1 name=ospf1 router-id=1.1.1.1
/interface bridge port
add bridge=bridge-local disabled=yes interface=ether3
add bridge=bridge-claudiu disabled=yes interface=ether4
add bridge=bridge-claudiu interface=ether5
add bridge=bridge-claudiu interface=ether6-master-local
add bridge=bridge-local interface=sfp1
add bridge=bridge-claudiu interface=wlan1
add bridge=bridge-local disabled=yes interface=ether2
/interface ethernet switch vlan
add independent-learning=no ports=ether3,switch1-cpu switch=switch1 vlan-id=1
add independent-learning=no ports=ether4,switch1-cpu switch=switch1 vlan-id=2
/interface pptp-server server
set authentication=pap,chap,mschap1,mschap2 enabled=yes
/ip address
add address=192.168.88.1/24 comment=“default configuration” disabled=yes
interface=wlan1 network=192.168.88.0
add address=192.168.1.1/24 interface=bridge-claudiu network=192.168.1.0
add address=192.168.10.1/24 interface=vlan1 network=192.168.10.0
add address=192.168.20.1/24 interface=vlan2 network=192.168.20.0
/ip dhcp-client
add comment=“default configuration” dhcp-options=hostname,clientid interface=
ether1-gateway
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.1.1
add address=192.168.10.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.10.1
add address=192.168.20.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.20.1
add address=192.168.88.0/24 comment=“default configuration” dns-server=
8.8.8.8,8.8.4.4 gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router
add address=192.168.1.1 name=gw
/ip firewall filter
add chain=input comment=“default configuration” protocol=icmp
add chain=input comment=“default configuration” connection-state=established
add chain=input comment=“default configuration” connection-state=related
add action=drop chain=input comment=“default configuration” in-interface=
ether1-gateway
add chain=forward comment=“default configuration” connection-state=
established
add chain=forward comment=“default configuration” connection-state=related
add action=drop chain=forward comment=“default configuration”
connection-state=invalid
add action=drop chain=input dst-port=22 in-interface=pppoe-out1 protocol=tcp
add action=drop chain=input dst-port=23 in-interface=pppoe-out1 protocol=tcp
add action=drop chain=input dst-port=21 in-interface=pppoe-out1 protocol=tcp
add action=drop chain=input dst-port=80 in-interface=pppoe-out1 protocol=tcp
/ip firewall nat
add action=masquerade chain=srcnat comment=“default configuration” disabled=
yes out-interface=ether1-gateway
add action=masquerade chain=srcnat out-interface=pppoe-out1
add action=masquerade chain=srcnat out-interface=ppp-out1
/ip traffic-flow
set enabled=yes
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=bridge-claudiu type=external
add interface=vlan1 type=external
add interface=vlan2 type=external
/routing ospf network
add area=backbone network=192.168.10.0/24
add area=backbone
add area=backbone network=192.168.20.0/24