Wireless and VLAN on CRS125-24G-1S-2HnD

RouterOS Wireless Networking
1

Hi all,
I’m working on a multiple vlan and wireless configuration on a CRS125-24G-1S-2HnD and I’m still have issues on LAN to WLAN bridge.

Intra-vlan and internet routing work correclty from any VLAN but I’m not able to reach the wired clinet from wireless and vice versa (for example LAPTOP1 to DESKTOP1 etc…).

I’m on version v6.42.1 and I’ve used the bridge configuration with hw=yes in place of the pre-v6.41 master-port. The name of the hardware bridge is LAN.

Any suggestion will be very apprecieted, thank you in advance!


Francesco
CRS-125-24G-1S-2HnD.jpg
Below part of my configuration:

/ip address
add address=192.168.1.1/24 comment="Local IP Address" interface=BR-vlan20 network=192.168.1.0
add address=192.168.17.1/24 interface=BR-vlan17 network=192.168.17.0
add address=192.168.50.1/24 interface=BR-vlan50 network=192.168.50.0

/interface bridge
add fast-forward=no name=BR-vlan17
add fast-forward=no name=BR-vlan20
add fast-forward=no name=BR-vlan50
add comment="L2 Hardware Switch" fast-forward=no name=LAN protocol-mode=none

/interface bridge port
add bridge=LAN comment=vlan50 interface=ether2
add bridge=LAN interface=ether12
add bridge=LAN interface=ether3
add bridge=LAN interface=ether4
add bridge=LAN interface=ether5
add bridge=LAN interface=ether6
add bridge=LAN interface=ether7
add bridge=LAN interface=ether8
add bridge=LAN interface=ether9
add bridge=LAN interface=ether10
add bridge=LAN interface=ether11
add bridge=LAN interface=ether13
add bridge=LAN interface=ether15
add bridge=LAN interface=ether16
add bridge=LAN interface=ether17
add bridge=LAN interface=ether18
add bridge=LAN interface=ether19
add bridge=LAN interface=ether20
add bridge=LAN interface=ether21
add bridge=LAN interface=ether22
add bridge=LAN interface=ether23
add bridge=LAN interface=ether24
add bridge=LAN interface=sfp1
add bridge=BR-vlan20 interface=LAN-vlan20-untagged
add bridge=BR-vlan17 interface=LAN-vlan17-untagged
add bridge=BR-vlan50 interface=LAN-vlan50-untagged
add bridge=BR-vlan20 interface=WLAN-vlan20-untagged
add bridge=BR-vlan17 interface=WLAN-vlan17-untagged
add bridge=BR-vlan50 interface=WLAN-vlan50-untagged

/interface vlan
add interface=LAN name=LAN-vlan17-untagged vlan-id=17
add interface=LAN name=LAN-vlan20-untagged vlan-id=20
add interface=LAN name=LAN-vlan50-untagged vlan-id=50
add interface=WLAN-vlan17 name=WLAN-vlan17-untagged vlan-id=17
add interface=WLAN-vlan20 name=WLAN-vlan20-untagged vlan-id=20
add interface=WLAN-vlan50 name=WLAN-vlan50-untagged vlan-id=50

/interface ethernet switch
set drop-if-invalid-or-src-port-not-member-of-vlan-on-ports="ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10,ether11,ether12,ether13,ether14,ether15,ether16,ether17,ether18,ether19,ether20,ether21,ether22,ether23,ether24" forward-unknown-vlan=no
    
/interface ethernet switch egress-vlan-tag
add tagged-ports=sfp1,switch1-cpu vlan-id=17
add tagged-ports=sfp1,switch1-cpu vlan-id=20
add tagged-ports=sfp1,switch1-cpu vlan-id=50
add tagged-ports=sfp1,switch1-cpu

/interface ethernet switch egress-vlan-translation
add new-customer-vid=0 ports="ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10,ether11,ether12,ether13,ether14,ether15,ether16,ether17,ether18,ether19,ether20,ether21,ether22,ether23,ether24"
add new-customer-vid=0 ports=ether2

/interface ethernet switch ingress-vlan-translation
add new-customer-vid=20 ports="ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10,ether11,ether12,ether13,ether14,ether15,ether16,ether17,ether18,ether19,ether20,ether21,ether22,ether23,ether24"
add new-customer-vid=50 ports=ether2

/interface ethernet switch vlan
add ports="ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10,ether11,ether12,ether14,ether15,ether16,ether17,ether18,ether19,ether20,ether21,ether22,ether23,ether24,sfp1,switch1-cpu" vlan-id=20
add ports=ether2,sfp1,switch1-cpu vlan-id=50
add ports=sfp1,switch1-cpu vlan-id=17
add ports=sfp1,switch1-cpu vlan-id=0

/interface vlan
add interface=LAN name=LAN-vlan17-untagged vlan-id=17
add interface=LAN name=LAN-vlan20-untagged vlan-id=20
add interface=LAN name=LAN-vlan50-untagged vlan-id=50
add interface=WLAN-vlan17 name=WLAN-vlan17-untagged vlan-id=17
add interface=WLAN-vlan20 name=WLAN-vlan20-untagged vlan-id=20
add interface=WLAN-vlan50 name=WLAN-vlan50-untagged vlan-id=50

/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n bridge-mode=disabled channel-width=20/40mhz-Ce disabled=no distance=indoors frequency=auto mode=ap-bridge name=WLAN-vlan50 ssid=MikroTik vlan-id=50 vlan-mode=use-tag wireless-protocol=802.11
add disabled=no keepalive-frames=disabled mac-address=66:D1:54:00:A8:47 master-interface=WLAN-vlan50 multicast-buffering=disabled name=WLAN-vlan17 ssid=Ospiti vlan-id=17 vlan-mode=use-tag wds-cost-range=0 wds-default-cost=0 wps-mode=disabled

/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk group-ciphers=tkip,aes-ccm mode=dynamic-keys name=AirNet_profile supplicant-identity=rt-internet unicast-ciphers=\
    tkip,aes-ccm wpa-pre-shared-key=***** wpa2-pre-shared-key=*****

/interface wireless
add disabled=no keepalive-frames=disabled mac-address=66:D1:54:00:A8:48 master-interface=WLAN-vlan50 multicast-buffering=disabled name=WLAN-vlan20 security-profile=AirNet_profile ssid=AirNet vlan-id=20 vlan-mode=use-tag wds-cost-range=0 wds-default-cost=0 wps-mode=disabled

/ip pool
add name=pool-VLAN50 ranges=192.168.50.200-192.168.50.250
add name=pool-VLAN20 ranges=192.168.1.200-192.168.1.250
add name=pool-VLAN17 ranges=192.168.17.200-192.168.17.250

/ip dhcp-server
add address-pool=pool-VLAN50 disabled=no interface=BR-vlan50 name=dhcp-vlan50
add address-pool=pool-VLAN20 disabled=no interface=BR-vlan20 name=dhcp-vlan20
add address-pool=pool-VLAN17 disabled=no interface=BR-vlan17 name=dhcp-vlan17

/ip dhcp-server network
add address=192.168.1.0/24 comment=VLAN20 dns-server=192.168.1.1 domain=porcate.org gateway=192.168.1.1 netmask=24 ntp-server=192.168.1.1 wins-server=192.168.1.1
add address=192.168.17.0/24 comment=VLAN17 dns-server=192.168.17.1 domain=porcate.org gateway=192.168.17.1 wins-server=192.168.17.1
add address=192.168.50.0/24 comment=VLAN50 dns-server=192.168.50.1 domain=porcate.org gateway=192.168.50.1 wins-server=192.168.50.1
2

Ok, I have to add one mode info: if I'm going to disable this flag something work better... Why? ... and it's correct tto remove this flag?

Fra.

Allow Fast Path.jpg
Allow Fast Path.jpg367×196 37 KB

3

This new setting “bridge settings set allow-fast-path=no” has only partialy resolved the issue, but some inter-vlan routing still:

MGT ↔ DESKTOP1, DESKTOP2,… => OK
MGT1 ↔ LAPTOP1, LAPTOP2, … => OK
GUEST1,GUEST2, .. ↔ LAPTOP1, LAPTOP2, … => OK


MGT ↔ LAPTOP1, LAPTOP2, = K.O.
DESKTOP1, DESK>TOP2, ↔ GUEST1,GUEST2, => K.O.

Do you have any ideas?

4

[message changed - configuration added]

Ok, … I’ve tried to simplify my configuration but my issue still present … do you have any suggestions?

Many thanks!


Fra
CRS-125-24G-1S-2HnD_v3.jpg
New config:

/ip address
add address=192.168.1.1/24 comment="Local IP Address" interface=LAN-vlan20-untagged network=192.168.1.0
add address=192.168.17.1/24 interface=LAN-vlan17-untagged network=192.168.17.0
add address=192.168.50.1/24 interface=LAN-vlan50-untagged network=192.168.50.0

/interface bridge
add comment="L2 Hardware Switch" fast-forward=no name=LAN protocol-mode=none

/interface bridge port
add bridge=LAN comment=vlan50 interface=ether2
add bridge=LAN interface=ether12
add bridge=LAN interface=ether3
add bridge=LAN interface=ether4
add bridge=LAN interface=ether5
add bridge=LAN interface=ether6
add bridge=LAN interface=ether7
add bridge=LAN interface=ether8
add bridge=LAN interface=ether9
add bridge=LAN interface=ether10
add bridge=LAN interface=ether11
add bridge=LAN interface=ether13
add bridge=LAN interface=ether15
add bridge=LAN interface=ether16
add bridge=LAN interface=ether17
add bridge=LAN interface=ether18
add bridge=LAN interface=ether19
add bridge=LAN interface=ether20
add bridge=LAN interface=ether21
add bridge=LAN interface=ether22
add bridge=LAN interface=ether23
add bridge=LAN interface=ether24
add bridge=LAN interface=sfp1
add bridge=LAN interface=WLAN-vlan17
add bridge=LAN interface=WLAN-vlan20
add bridge=LAN interface=WLAN-vlan50

/interface bridge settings
set allow-fast-path=no

/interface vlan
add interface=LAN name=LAN-vlan17-untagged vlan-id=17
add interface=LAN name=LAN-vlan20-untagged vlan-id=20
add interface=LAN name=LAN-vlan50-untagged vlan-id=50

/interface ethernet switch
set drop-if-invalid-or-src-port-not-member-of-vlan-on-ports=\
    ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10,ether11,ether12,ether13,ether14,ether15,ether16,ether17,ether18,ether19,ether20,ether21,ether22,ether23,ether24 forward-unknown-vlan=no
/interface ethernet switch egress-vlan-tag
add tagged-ports=sfp1,switch1-cpu vlan-id=17
add tagged-ports=sfp1,switch1-cpu vlan-id=20
add tagged-ports=sfp1,switch1-cpu vlan-id=50
add tagged-ports=sfp1,switch1-cpu

/interface ethernet switch ingress-vlan-translation
add new-customer-vid=20 ports=ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10,ether11,ether12,ether13,ether14,ether15,ether16,ether17,ether18,ether19,ether20,ether21,ether22,ether23,ether24
add new-customer-vid=50 ports=ether2

/interface ethernet switch vlan
add ports=ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10,ether11,ether12,ether14,ether15,ether16,ether17,ether18,ether19,ether20,ether21,ether22,ether23,ether24,sfp1,switch1-cpu vlan-id=20
add ports=ether2,sfp1,switch1-cpu vlan-id=50
add ports=sfp1,switch1-cpu vlan-id=17
add ports=sfp1,switch1-cpu vlan-id=0

/interface vlan
add interface=LAN name=LAN-vlan17-untagged vlan-id=17
add interface=LAN name=LAN-vlan20-untagged vlan-id=20
add interface=LAN name=LAN-vlan50-untagged vlan-id=50

/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n bridge-mode=disabled channel-width=20/40mhz-Ce disabled=no distance=indoors frequency=auto mode=ap-bridge name=WLAN-vlan50 security-profile=MGT_profile \
    ssid=MGT vlan-id=50 vlan-mode=use-tag wireless-protocol=802.11
add disabled=no keepalive-frames=disabled mac-address=66:D1:54:00:A8:47 master-interface=WLAN-vlan50 multicast-buffering=disabled name=WLAN-vlan17 security-profile=Ospiti_profile ssid=Ospiti vlan-id=17 \
    vlan-mode=use-tag wds-cost-range=0 wds-default-cost=0 wps-mode=disabled
add disabled=no keepalive-frames=disabled mac-address=66:D1:54:00:A8:48 master-interface=WLAN-vlan50 multicast-buffering=disabled name=WLAN-vlan20 security-profile=AirNet_profile ssid=AirNet vlan-id=20 \
    vlan-mode=use-tag wds-cost-range=0 wds-default-cost=0 wps-mode=disabled

/ip pool
add name=pool-VLAN50 ranges=192.168.50.200-192.168.50.250
add name=pool-VLAN20 ranges=192.168.1.200-192.168.1.250
add name=pool-VLAN17 ranges=192.168.17.200-192.168.17.250

/ip dhcp-server
add address-pool=pool-VLAN50 disabled=no interface=LAN-vlan50-untagged name=dhcp-vlan50
add address-pool=pool-VLAN20 disabled=no interface=LAN-vlan20-untagged name=dhcp-vlan20
add address-pool=pool-VLAN17 disabled=no interface=LAN-vlan17-untagged name=dhcp-vlan17

/ip dhcp-server network
add address=192.168.1.0/24 comment=VLAN20 dns-server=192.168.1.1 domain=porcate.org gateway=192.168.1.1 netmask=24 ntp-server=192.168.1.1 wins-server=192.168.1.1
add address=192.168.17.0/24 comment=VLAN17 dns-server=192.168.17.1 domain=porcate.org gateway=192.168.17.1 wins-server=192.168.17.1
add address=192.168.50.0/24 comment=VLAN50 dns-server=192.168.50.1 domain=porcate.org gateway=192.168.50.1 wins-server=192.168.50.1
5

Today I’ve changed again my configuration (as very-last-try) … same issue: I still not able to reach the MGT wired from wireless (or other vlans) and vice-versa.

I reach the wired networks on same vlan without any problem.

Now I moved all wireless to CAPsMAN so all wireless network intefaces are managed directly by te cAP manager itself but nothing else is changes.
CAPsMAN1.jpg
Here my last setup:
CRS-125-24G-1S-2HnD_v5.jpg
configuration:

/caps-man channel
add band=2ghz-b/g/n comment="Auto-detect frequency" control-channel-width=20mhz name=auto
add band=2ghz-b/g/n comment="Force freq. 2412 channel1" control-channel-width=20mhz frequency=2412 name=channel1
add band=2ghz-b/g/n comment="Force freq. 2437 channel2" control-channel-width=20mhz frequency=2437 name=channel2
add band=2ghz-b/g/n comment="Force freq. 2462 channel3" control-channel-width=20mhz frequency=2462 name=channel3

/caps-man datapath
add bridge=LAN name=datapath-vlan17 vlan-id=17 vlan-mode=use-tag
add bridge=LAN name=datapath-vlan20 vlan-id=20 vlan-mode=use-tag
add bridge=LAN name=datapath-vlan50 vlan-id=50 vlan-mode=use-tag

/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm,tkip name=security_Guest passphrase=****
add authentication-types=wpa2-psk encryption=aes-ccm,tkip name=security_AirNet passphrase=****
add authentication-types=wpa2-psk encryption=aes-ccm,tkip name=security_MGT passphrase=****

/caps-man configuration
add channel=auto datapath=datapath-vlan17 mode=ap name=cfg_Guest_auto security=security_Guest ssid=Ospiti
add channel=auto datapath=datapath-vlan50 hide-ssid=yes name=cfg_MGT_auto security=security_MGT ssid=MGT
add channel=auto datapath=datapath-vlan20 name=cfg_AirNet_auto security=security_AirNet ssid=AirNet
add channel=channel1 datapath=datapath-vlan20 name=cfg_AirNet_channel1 security=security_AirNet ssid=AirNet
add channel=channel1 datapath=datapath-vlan17 mode=ap name=cfg_Guest_channel1 security=security_Guest ssid=Ospiti
add channel=channel1 datapath=datapath-vlan50 hide-ssid=yes name=cfg_MGT_channel1 security=security_MGT ssid=MGT
add channel=channel2 datapath=datapath-vlan20 name=cfg_AirNet_channel2 security=security_AirNet ssid=AirNet
add channel=channel3 datapath=datapath-vlan20 name=cfg_AirNet_channel3 security=security_AirNet ssid=AirNet
add channel=channel2 datapath=datapath-vlan17 mode=ap name=cfg_Guest_channel2 security=security_Guest ssid=Ospiti
add channel=channel3 datapath=datapath-vlan17 mode=ap name=cfg_Guest_channel3 security=security_Guest ssid=Ospiti
add channel=channel2 datapath=datapath-vlan50 hide-ssid=yes name=cfg_MGT_channel2 security=security_MGT ssid=MGT
add channel=channel3 datapath=datapath-vlan50 hide-ssid=yes name=cfg_MGT_channel3 security=security_MGT ssid=MGT

/caps-man manager
set ca-certificate=auto certificate=auto enabled=yes require-peer-certificate=yes

/caps-man provisioning
add action=create-dynamic-enabled comment="Default Configuration Provisioning" disabled=yes master-configuration=cfg_MGT_auto name-format=prefix name-prefix=wireless slave-configurations=cfg_AirNet_auto,cfg_Guest_auto
add action=create-dynamic-enabled comment="Default Configuration Provisioning" master-configuration=cfg_MGT_channel3 name-format=prefix name-prefix=ap radio-mac=64:D1:54:F6:43:F2 slave-configurations=\
    cfg_AirNet_channel3,cfg_Guest_channel3
add action=create-dynamic-enabled comment="Default Configuration Provisioning" master-configuration=cfg_MGT_channel1 name-format=prefix name-prefix=crs radio-mac=64:D1:54:00:A8:47 slave-configurations=\
    cfg_AirNet_channel1,cfg_Guest_channel1

/ip address
add address=192.168.1.1/24 comment=Data interface=LAN-vlan20 network=192.168.1.0
add address=192.168.17.1/24 comment=Guest interface=LAN-vlan17 network=192.168.17.0
add address=192.168.50.1/24 comment=Management interface=LAN-vlan50 network=192.168.50.0
add address=192.168.80.1/24 comment=CAPsMAN interface=LAN-vlan80 network=192.168.80.0

/interface bridge
add comment="LAN - L2 Hardware Switch" fast-forward=no name=LAN protocol-mode=none

/interface bridge port
add bridge=LAN comment=MGT interface=ether2-MGT
add bridge=LAN interface=ether12
add bridge=LAN interface=ether3
add bridge=LAN comment=AP interface=ether4-AP
add bridge=LAN interface=ether5
add bridge=LAN interface=ether6
add bridge=LAN interface=ether7-NAS1
add bridge=LAN interface=ether8-NAS2
add bridge=LAN interface=ether9
add bridge=LAN interface=ether10
add bridge=LAN interface=ether11
add bridge=LAN interface=ether13
add bridge=LAN interface=ether15
add bridge=LAN interface=ether16
add bridge=LAN interface=ether17
add bridge=LAN interface=ether18
add bridge=LAN interface=ether19
add bridge=LAN interface=ether20
add bridge=LAN interface=ether21
add bridge=LAN interface=ether22
add bridge=LAN interface=ether23
add bridge=LAN interface=ether24
add bridge=LAN comment="SFP Slot" interface=sfp-slot
add bridge=LAN interface=ether14
/interface bridge settings
set allow-fast-path=no
/interface bridge vlan
add bridge=LAN comment="Used if VLAN Filtering enabled" untagged=\
    ether3,ether5,ether6,ether7-NAS1,ether8-NAS2,ether9,ether10,ether11,ether12,ether13,ether14,ether15,ether16,ether17,ether18,ether19,ether20,ether21,ether22,ether23,ether24 vlan-ids=20
add bridge=LAN comment="Used if VLAN Filtering enabled" vlan-ids=17
add bridge=LAN comment="Used if VLAN Filtering enabled" untagged=ether2-MGT vlan-ids=50
add bridge=LAN comment="Used if VLAN Filtering enabled" untagged=\
    ether2-MGT,ether3,ether4-AP,ether5,ether6,ether7-NAS1,ether8-NAS2,ether9,ether10,ether11,ether12,ether13,ether14,ether15,ether16,ether17,ether18,ether19,ether20,ether21,ether22,ether23,ether24 vlan-ids=1
add bridge=LAN comment="Used if VLAN Filtering enabled" untagged=ether4-AP vlan-ids=80

/interface vlan
add comment=Guest interface=LAN name=LAN-vlan17 vlan-id=17
add comment=Data interface=LAN name=LAN-vlan20 vlan-id=20
add comment=Management interface=LAN name=LAN-vlan50 vlan-id=50
add comment=CAPsMAN interface=LAN name=LAN-vlan80 vlan-id=80

/interface ethernet switch
set drop-if-invalid-or-src-port-not-member-of-vlan-on-ports=\
    ether2-MGT,ether3,ether4-AP,ether5,ether6,ether7-NAS1,ether8-NAS2,ether9,ether10,ether11,ether12,ether13,ether14,ether15,ether16,ether17,ether18,ether19,ether20,ether21,ether22,ether23,ether24 forward-unknown-vlan=no

/interface ethernet switch egress-vlan-tag
add tagged-ports=switch1-cpu vlan-id=17
add tagged-ports=switch1-cpu vlan-id=20
add tagged-ports=switch1-cpu vlan-id=50
add tagged-ports=switch1-cpu vlan-id=80
add tagged-ports=switch1-cpu vlan-id=1

/interface ethernet switch egress-vlan-translation
add new-customer-vid=0 ports=ether3,ether5,ether6,ether7-NAS1,ether8-NAS2,ether9,ether10,ether11,ether12,ether13,ether14,ether15,ether16,ether17,ether18,ether19,ether20,ether21,ether22,ether23,ether24
add new-customer-vid=0 ports=ether2-MGT
add new-customer-vid=0 ports=ether4-AP

/interface ethernet switch ingress-vlan-translation
add new-customer-vid=20 ports=ether3,ether5,ether6,ether7-NAS1,ether8-NAS2,ether9,ether10,ether11,ether12,ether13,ether14,ether15,ether16,ether17,ether18,ether19,ether20,ether21,ether22,ether23,ether24
add new-customer-vid=50 ports=ether2-MGT
add new-customer-vid=80 ports=ether4-AP

/interface ethernet switch vlan
add comment="Used if VLAN Filtering disabled" ports=ether3,ether5,ether6,ether7-NAS1,ether8-NAS2,ether9,ether10,ether11,ether12,ether13,ether14,ether15,ether16,ether17,ether18,ether19,ether20,ether21,ether22,ether23,ether24,switch1-cpu \
    vlan-id=20
add comment="Used if VLAN Filtering disabled" ports=ether2-MGT,switch1-cpu vlan-id=50
add comment="Used if VLAN Filtering disabled" ports=switch1-cpu vlan-id=17
add comment="Used if VLAN Filtering disabled" ports=switch1-cpu vlan-id=0
add comment="Used if VLAN Filtering disabled" ports=switch1-cpu vlan-id=1
add comment="Used if VLAN Filtering disabled" ports=ether4-AP,switch1-cpu vlan-id=80

/interface wireless
# managed by CAPsMAN
# channel: 2412/20-Ce/gn(30dBm), SSID: MGT, CAPsMAN forwarding
set [ find default-name=wlan1 ] band=2ghz-b/g/n bridge-mode=disabled channel-width=20/40mhz-Ce distance=indoors frequency=auto hide-ssid=yes mode=ap-bridge ssid=MikroTik-F643F2 wireless-protocol=802.11

/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik

/interface wireless cap
set certificate=request discovery-interfaces=LAN enabled=yes interfaces=wlan1 lock-to-caps-man=yes

/ip pool
add comment=Management name=pool-VLAN50 ranges=192.168.50.200-192.168.50.250
add comment=Data name=pool-VLAN20 ranges=192.168.1.200-192.168.1.250
add comment=Guest name=pool-VLAN17 ranges=192.168.17.200-192.168.17.250
add comment=CAPsMAN name=pool-VLAN80 ranges=192.168.80.200-192.168.80.250

/ip dhcp-server
add address-pool=pool-VLAN50 disabled=no interface=LAN-vlan50 name=dhcp-vlan50
add address-pool=pool-VLAN20 disabled=no interface=LAN-vlan20 name=dhcp-vlan20
add address-pool=pool-VLAN17 disabled=no interface=LAN-vlan17 name=dhcp-vlan17
add address-pool=pool-VLAN80 disabled=no interface=LAN-vlan80 name=dhcp-vlan80

/ip dhcp-server network
add address=192.168.1.0/24 comment=Data dns-server=192.168.1.1 domain=porcate.org gateway=192.168.1.1 netmask=24 ntp-server=192.168.1.1 wins-server=192.168.1.1
add address=192.168.17.0/24 comment=Guest dns-server=192.168.17.1 domain=porcate.org gateway=192.168.17.1 wins-server=192.168.17.1
add address=192.168.50.0/24 comment=Management dns-server=192.168.50.1 domain=porcate.org gateway=192.168.50.1 wins-server=192.168.50.1
add address=192.168.80.0/24 comment=CAPsMAN dns-server=192.168.80.1 domain=porcate.org gateway=192.168.80.1 wins-server=192.168.80.1

… at the end I’ve also decided do not spent more time on this issue and I moved all devices from MGT to data vlan fuck.


Ciao!
Fra