Hello. Very new to RouterOS and the world of networking and I would need some help.post 143620 and I cannot see what I did wrong.
I created 2 VLANs: VLAN with ID 10 and 20 ;
I attached them to the only created bridge (where all the other interfaces are attached);
Created addresses and DHCP servers for those 2 VLANs;
In the /interface bridge port I gave to the Wifi 2 the pvid=20 ;
The problem is that know the Wifi 2 (nor Wifi 1 , but not added a pvid to it) doesn’t give anymore an IP to the clients through DHCP.VLAN filtering on Bridge nothing work anymores.DHCP for VLAN 20 to give IP to the clients connected to Wifi 2 ?
# 2023-12-08 08:27:07 by RouterOS 7.12.1
# software id = GS32-UYFQ
#
# model = C53UiG+5HPaxD2HPaxD
/interface bridge
add name=Bridge
/interface ethernet
set [ find default-name=ether1 ] name="Ether1 Internet"
set [ find default-name=ether2 ] name="Ether2 AlexPC"
set [ find default-name=ether3 ] name="Ether3 Server"
set [ find default-name=ether4 ] name="Ether4 NAS"
set [ find default-name=ether5 ] name="Ether5 Management"
/interface vlan
add interface=Bridge name="VLAN Home" vlan-id=10
add interface=Bridge name="VLAN IoT" vlan-id=20
/interface pppoe-client
add add-default-route=yes disabled=no interface="Ether1 Internet" name=\
"PPPoE Digi" user=username
/interface wifiwave2 channel
add band=5ghz-ax disabled=no name="Home 5Ghz" width=20/40/80mhz
add band=2ghz-ax disabled=no name="Home 2.4Ghz" width=20/40mhz
/interface wifiwave2 security
add authentication-types=wpa2-psk,wpa3-psk disabled=no name="Security Home" \
wps=disable
add authentication-types=wpa2-psk,wpa3-psk disabled=no name="Security IoT" \
wps=disable
/interface wifiwave2 configuration
add country=Romania disabled=no mode=ap name="Config Home" security=\
"Security Home" security.connect-priority=0 ssid="AnD Home"
add channel="Home 2.4Ghz" country=Romania disabled=no mode=ap name=\
"Config IoT" security="Security IoT" security.connect-priority=0 ssid=\
"AnD IDIoT"
add country=Romania disabled=no mode=ap name="Config Guests" security=\
"Security Home" security.connect-priority=0 ssid="AnD Guests"
/interface wifiwave2
set [ find default-name=wifi1 ] channel="Home 5Ghz" comment=\
"Physical interface" configuration="Config Home" configuration.mode=ap \
datapath.vlan-id=10 disabled=no name="Wifi1 Home"
set [ find default-name=wifi2 ] comment="Psysical interface" configuration=\
"Config IoT" configuration.mode=ap disabled=no name="Wifi2 IoT"
/ip pool
add name=dhcp_pool0 ranges=192.168.0.40-192.168.0.254
add name=dhcp_pool1 ranges=192.168.41.40-192.168.41.254
/ip dhcp-server
add address-pool=dhcp_pool0 interface="VLAN Home" lease-time=8h name=\
"DHCP Home"
add address-pool=dhcp_pool1 interface="VLAN IoT" lease-time=8h name=\
"DHCP IoT"
/interface bridge port
add bridge=Bridge interface="Ether2 AlexPC"
add bridge=Bridge interface="Ether3 Server"
add bridge=Bridge interface="Ether4 NAS"
add bridge=Bridge interface="Wifi1 Home" trusted=yes
add bridge=Bridge frame-types=admit-only-untagged-and-priority-tagged \
interface="Wifi2 IoT" pvid=20
/interface bridge vlan
add bridge=Bridge tagged=Bridge vlan-ids=10
add bridge=Bridge tagged=Bridge vlan-ids=20
/ip address
add address=192.168.21.1/24 interface="VLAN Home" network=192.168.21.0
add address=192.168.41.1/24 interface="VLAN IoT" network=192.168.41.0
add address=192.168.31.1/24 interface="Ether5 Management" network=\
192.168.31.0
/ip dhcp-server network
add address=192.168.21.0/24 gateway=192.168.21.1
add address=192.168.41.0/24 gateway=192.168.41.1
/ip dns
set allow-remote-requests=yes servers=1.1.1.1,1.0.0.1
/ip firewall filter
add action=fasttrack-connection chain=forward connection-state=\
established,related hw-offload=yes
add action=accept chain=forward connection-state=established,related
add action=drop chain=forward connection-state=invalid
/ip firewall nat
add action=masquerade chain=srcnat out-interface="PPPoE Digi"
Hi! I bump up the topic, I have similar problem, my setup is based on hex, 2x cAP ac and hAP ax lite. I upgraded to 7.13 and replaced wireless with the new drivers on cAPs. Tried to setup VLANs as provided in the documentation, everything seems to work, but like fellow user reported, the clients try co connect to ap but do not get DHCP lease, I just see them in the registration tab trying to establish connection.
my configs (I share only the part from hex that refers to the config posted in the docs)
hex:
/interface bridge
add auto-mac=no comment=defconf name=bridge port-cost-mode=short vlan-filtering=yes
/interface vlan
add interface=bridge name=vlan77 vlan-id=77
add interface=bridge name=vlan99 vlan-id=99
/interface wifi datapath
add bridge=bridge disabled=no name=datapath99 vlan-id=99
add bridge=bridge disabled=no name=datapath77 vlan-id=77
add bridge=bridge disabled=no name=DP_AC
/interface wifi security
add authentication-types=wpa2-psk,wpa3-psk disabled=no encryption=ccmp ft=yes ft-over-ds=yes name=void_sec
add authentication-types=wpa2-psk disabled=no encryption=ccmp ft=yes ft-over-ds=yes name=dead_sec
add authentication-types=wpa2-psk disabled=no encryption=ccmp name=fellows_sec
/interface wifi configuration
add country=Poland disabled=no name=cfg_enter_the_void security=void_sec ssid=enter_the_void
add country=Poland datapath=DP_AC disabled=no name=cfg_dead_man security=dead_sec ssid=dead_man
add chains="" country=Poland disabled=no mode=ap name=cfg1 security=dead_sec ssid=from_dusk_till_dawn
add antenna-gain=3 country=Poland datapath=datapath77 datapath.vlan-id=77 disabled=no mode=ap name=goodfellas security=fellows_sec ssid=goodfellas
add channel=channel11 country=Poland datapath=datapath88 disabled=no name=cfg2 security=void_sec ssid=void
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
add name=dhcp_pool_vlan99 ranges=192.168.99.2-192.168.99.254
add name=dhcp_pool_vlan77 ranges=192.168.77.2-192.168.77.254
/ip dhcp-server
add address-pool=default-dhcp interface=bridge lease-time=10m name=home_network
add address-pool=dhcp_pool_vlan99 interface=vlan99 lease-time=10m name=vlan_99
add address-pool=dhcp_pool_vlan77 interface=vlan77 lease-time=10m name=vlan_77
/interface bridge port
add bridge=bridge comment=defconf ingress-filtering=no interface=ether2 internal-path-cost=10 path-cost=10
add bridge=bridge comment=defconf ingress-filtering=no interface=ether3 internal-path-cost=10 path-cost=10
add bridge=bridge comment=defconf ingress-filtering=no interface=ether4 internal-path-cost=10 path-cost=10
add bridge=bridge comment=defconf ingress-filtering=no interface=ether5 internal-path-cost=10 path-cost=10
add bridge=bridge disabled=yes interface=vlan77 internal-path-cost=10 path-cost=10
add bridge=bridge interface=ether1
/interface bridge vlan
add bridge=bridge tagged=ether2,ether3,ether4,ether5 vlan-ids=99
/interface wifi capsman
set enabled=yes interfaces=bridge package-path="" require-peer-certificate=no upgrade-policy=suggest-same-version
/interface wifi provisioning
add action=create-dynamic-enabled disabled=yes master-configuration=cfg_enter_the_void name-format=5ghz-%I-enter_the_void supported-bands=5ghz-ac
add action=create-dynamic-enabled disabled=yes master-configuration=cfg_dead_man name-format=2ghz-%I-dead_man supported-bands=2ghz-n
add action=create-disabled disabled=yes name-format=%I-cap
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=192.168.88.0
add address=192.168.99.1/24 comment=dead_man interface=vlan99 network=192.168.99.0
add address=192.168.77.1/24 comment=good_fellas interface=vlan77 network=192.168.77.0
add address=192.168.66.1/24 comment=vpn interface=wireguard2 network=192.168.66.0
add address=192.168.77.1/24 comment=good_fellas disabled=yes interface=vlan99 network=192.168.77.0
/ip dhcp-server network
add address=192.168.77.0/24 gateway=192.168.77.1
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
add address=192.168.99.0/24 gateway=192.168.99.1
/system identity
set name=hex
cap:
/interface bridge
add name=bridgeLocal vlan-filtering=yes
/interface wifi
set [ find default-name=wifi1 ] configuration.manager=capsman disabled=no
set [ find default-name=wifi2 ] configuration.manager=capsman disabled=no
add disabled=no master-interface=wifi1 name=wifi21
add disabled=no master-interface=wifi2 name=wifi22
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/interface bridge port
add bridge=bridgeLocal comment=defconf interface=ether1
add bridge=bridgeLocal interface=wifi1 pvid=99
/interface bridge vlan
add bridge=bridgeLocal tagged=ether1 untagged=wifi1 vlan-ids=99
/interface wifi cap
set discovery-interfaces=bridgeLocal enabled=yes slaves-static=yes
/ip dhcp-client
add interface=bridgeLocal
/system clock
set time-zone-name=Europe/Warsaw
/system note
set show-at-login=no
Please advise.
@Aykelith
Do the configuring off bridge from your separate subnet.
Only thing to change is bridge port settings, ( mainly adding pvids to all the access ports ) then change vlan-filtering=yes on the bridge.
/interface bridgevlan-filtering=yes Note: Do this as a last step!
/interface ethernet " Note: Good idea configure from this port off the bridge.
/interface vlan
/interface wifiwave2
/interface bridge portpvid=10 ingress-filtering=yes frame-types=admit-priority-and-untagged
/interface bridge vlan
/ip address
Hi! I bump up the topic, I have similar problem, my setup is based on hex, 2x cAP ac and hAP ax lite. I upgraded to 7.13 and replaced wireless with the new drivers on cAPs. Tried to setup VLANs as provided in the documentation, everything seems to work, but like fellow user reported, the clients try co connect to ap but do not get DHCP lease, I just see them in the registration tab trying to establish connection.
my configs (I share only the part from hex that refers to the config posted in the docs)
hex:
/interface bridge
add auto-mac=no comment=defconf name=bridge port-cost-mode=short vlan-filtering=yes
/interface vlan
add interface=bridge name=vlan77 vlan-id=77
add interface=bridge name=vlan99 vlan-id=99
/interface wifi datapath
add bridge=bridge disabled=no name=datapath99 vlan-id=99
add bridge=bridge disabled=no name=datapath77 vlan-id=77
add bridge=bridge disabled=no name=DP_AC
/interface wifi security
add authentication-types=wpa2-psk,wpa3-psk disabled=no encryption=ccmp ft=yes ft-over-ds=yes name=void_sec
add authentication-types=wpa2-psk disabled=no encryption=ccmp ft=yes ft-over-ds=yes name=dead_sec
add authentication-types=wpa2-psk disabled=no encryption=ccmp name=fellows_sec
/interface wifi configuration
add country=Poland disabled=no name=cfg_enter_the_void security=void_sec ssid=enter_the_void
add country=Poland datapath=DP_AC disabled=no name=cfg_dead_man security=dead_sec ssid=dead_man
add chains="" country=Poland disabled=no mode=ap name=cfg1 security=dead_sec ssid=from_dusk_till_dawn
add antenna-gain=3 country=Poland datapath=datapath77 datapath.vlan-id=77 disabled=no mode=ap name=goodfellas security=fellows_sec ssid=goodfellas
add channel=channel11 country=Poland datapath=datapath88 disabled=no name=cfg2 security=void_sec ssid=void
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
add name=dhcp_pool_vlan99 ranges=192.168.99.2-192.168.99.254
add name=dhcp_pool_vlan77 ranges=192.168.77.2-192.168.77.254
/ip dhcp-server
add address-pool=default-dhcp interface=bridge lease-time=10m name=home_network
add address-pool=dhcp_pool_vlan99 interface=vlan99 lease-time=10m name=vlan_99
add address-pool=dhcp_pool_vlan77 interface=vlan77 lease-time=10m name=vlan_77
/interface bridge port
add bridge=bridge comment=defconf ingress-filtering=no interface=ether2 internal-path-cost=10 path-cost=10
add bridge=bridge comment=defconf ingress-filtering=no interface=ether3 internal-path-cost=10 path-cost=10
add bridge=bridge comment=defconf ingress-filtering=no interface=ether4 internal-path-cost=10 path-cost=10
add bridge=bridge comment=defconf ingress-filtering=no interface=ether5 internal-path-cost=10 path-cost=10
add bridge=bridge disabled=yes interface=vlan77 internal-path-cost=10 path-cost=10
add bridge=bridge interface=ether1
/interface bridge vlan
add bridge=bridge tagged=ether2,ether3,ether4,ether5 vlan-ids=99
/interface wifi capsman
set enabled=yes interfaces=bridge package-path="" require-peer-certificate=no upgrade-policy=suggest-same-version
/interface wifi provisioning
add action=create-dynamic-enabled disabled=yes master-configuration=cfg_enter_the_void name-format=5ghz-%I-enter_the_void supported-bands=5ghz-ac
add action=create-dynamic-enabled disabled=yes master-configuration=cfg_dead_man name-format=2ghz-%I-dead_man supported-bands=2ghz-n
add action=create-disabled disabled=yes name-format=%I-cap
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=192.168.88.0
add address=192.168.99.1/24 comment=dead_man interface=vlan99 network=192.168.99.0
add address=192.168.77.1/24 comment=good_fellas interface=vlan77 network=192.168.77.0
add address=192.168.66.1/24 comment=vpn interface=wireguard2 network=192.168.66.0
add address=192.168.77.1/24 comment=good_fellas disabled=yes interface=vlan99 network=192.168.77.0
/ip dhcp-server network
add address=192.168.77.0/24 gateway=192.168.77.1
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
add address=192.168.99.0/24 gateway=192.168.99.1
/system identity
set name=hex
cap:
/interface bridge
add name=bridgeLocal vlan-filtering=yes
/interface wifi
set [ find default-name=wifi1 ] configuration.manager=capsman disabled=no
set [ find default-name=wifi2 ] configuration.manager=capsman disabled=no
add disabled=no master-interface=wifi1 name=wifi21
add disabled=no master-interface=wifi2 name=wifi22
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/interface bridge port
add bridge=bridgeLocal comment=defconf interface=ether1
add bridge=bridgeLocal interface=wifi1 pvid=99
/interface bridge vlan
add bridge=bridgeLocal tagged=ether1 untagged=wifi1 vlan-ids=99
/interface wifi cap
set discovery-interfaces=bridgeLocal enabled=yes slaves-static=yes
/ip dhcp-client
add interface=bridgeLocal
/system clock
set time-zone-name=Europe/Warsaw
/system note
set show-at-login=no
Please advise.
I have found the problem - bridge was not added to the /interface bridge vlan