Wlan bridge DHCP server

Dindihi · October 18, 2014, 8:21am

Hello,

i configured my RB951G on my lan with range 192.168.215.0/24 an wlan 192.168.214.0/24.
What i want to do is separate both network ranges and only route some traffic ports(like http and mail).

With Bridge on wlan1/eth2 disabled, the connection works fine, and the dhcp server on if wlan1 works also (ip range 192.168.214.0 offered to clients). But no traffic is forwarded.(Maybe only a forwarding issue??)

When i enable the bridge on wlan1&eth2, traffic works fine to the internet, but the internal dhcp on my mikrotik interface bridge is ignored, and my dhcp server from my internal lan (192.168.215.0) is used, so that my wlan clients get an ip from the LAN range(192.168.215.0).

Also blocking the forward udp port 67&68 on interface “all wireless” does not help.

Internet ---- Fritzbox exposed host(192.168.216.0) to ---> Mikrotik ----> LAN (192.168.215.0)
                                                              |
                                                         WLAN (192.168.214.0)

Could someone please help me out. I’m still a beginner with mikrotik routers

THANKS

plisken · October 18, 2014, 11:40am

You must not bridged with WAN

But you must NAT with WAN
See the printscreens a made on my website
http://www.wirelessinfo.be/index.php/mikrotik/pages/nat

Do that with both /24 IP-ranges

WAN site configure a dhcp-client on it

Dindihi · October 18, 2014, 11:43am

I did not bridge with the WAN but LAN.

Lan & Wlan
eth1 = gateway = wan
eth2 = lan

plisken · October 18, 2014, 11:56am

Reset your config without default configuration

Copy and paste this configuration in new terminal

Edit wireless settings and add password

/interface bridge
add l2mtu=1598 name=bridge-lan
/interface wireless
set [ find default-name=wlan1 ] l2mtu=2290
/interface ethernet
set [ find default-name=ether1 ] name=ether1-WAN
/ip pool
add name=dhcp_pool1 ranges=192.168.215.2-192.168.215.254
add name=dhcp_pool2 ranges=192.168.214.2-192.168.214.254
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=bridge-lan name=dhcp1
add address-pool=dhcp_pool2 disabled=no interface=wlan1 name=dhcp2
/interface bridge port
add bridge=bridge-lan interface=ether2
add bridge=bridge-lan interface=ether3
add bridge=bridge-lan interface=ether4
add bridge=bridge-lan interface=ether5
/ip address
add address=192.168.215.1/24 interface=bridge-lan network=192.168.215.0
add address=192.168.214.1/24 interface=wlan1 network=192.168.214.0
/ip dhcp-client
add default-route-distance=0 dhcp-options=hostname,clientid disabled=no interface=ether1-WAN
/ip dhcp-server network
add address=192.168.214.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.214.1
add address=192.168.215.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.215.1
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1-WAN protocol=tcp src-address=192.168.215.0/24
add action=masquerade chain=srcnat out-interface=ether1-WAN protocol=tcp src-address=192.168.214.0/24
/ip upnp
set allow-disable-external-interface=no
/system leds
set 0 interface=wlan1
/system routerboard settings
set cpu-frequency=400MHz

Dindihi · October 18, 2014, 2:18pm

I tried to “mix” your config with my existent config.
I disabled the bridge (wlan ↔ lan).
Also your bridge for lan2-5 are deleted. (as i don’t need them for the moment)

I print my config. Maybe you have the time to have a look ?
Connection to wlan works fine. Also the DHCP server pushed the right settings to the client. But no traffic goes out.
192.168.216.154 = my fritzbox connected to my provider.

/interface bridge
add admin-mac=D4:CA:6D:0D:BC:5B auto-mac=no disabled=yes mtu=1500 name=bridge-local
/interface bridge port
add bridge=bridge-local disabled=yes interface=wlan1
add bridge=bridge-local disabled=yes interface=ether2-master-local
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n bridge-mode=disabled channel-width=20/40mhz-ht-above disabled=no distance=indoors hide-ssid=yes l2mtu=2290 mode=
ap-bridge mtu=2290 ssid=xxxx wireless-protocol=802.11
/interface ethernet
set [ find default-name=ether1 ] name=ether1-gateway
set [ find default-name=ether2 ] name=ether2-master-local rx-flow-control=auto tx-flow-control=auto
set [ find default-name=ether3 ] master-port=ether2-master-local name=ether3-slave-local
set [ find default-name=ether4 ] master-port=ether2-master-local name=ether4-slave-local
set [ find default-name=ether5 ] master-port=ether2-master-local name=ether5-slave-local
/ip pool
add name=wlan-dhcp ranges=192.168.214.10-192.168.214.150
/ip dhcp-server
add address-pool=wlan-dhcp disabled=no interface=wlan1 name=dhcp-bridge
/ip dhcp-server network
add address=192.168.214.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.216.154 netmask=24
/interface bridge port
add bridge=bridge-local disabled=yes interface=wlan1
add bridge=bridge-local disabled=yes interface=ether2-master-local
/ip address
add address=192.168.215.154/24 comment=“default configuration” interface=ether2-master-local network=192.168.215.0
add address=192.168.216.153/24 interface=ether1-gateway network=192.168.216.0
add address=192.168.213.154/24 interface=ether3-slave-local network=192.168.213.0
add address=192.168.214.0/24 interface=wlan1 network=192.168.214.0
/ip dhcp-client
add comment=“default configuration” dhcp-options=hostname,clientid interface=ether1-gateway
/ip dhcp-server network
add address=192.168.214.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.216.154 netmask=24
/ip firewall nat
add action=masquerade chain=srcnat comment=“default configuration” out-interface=ether1-gateway src-address=192.168.214.0/24 to-addresses=0.0.0.0
add action=masquerade chain=srcnat comment=“default configuration” out-interface=ether1-gateway src-address=192.168.215.0/24 to-addresses=0.0.0.0

Thanks!

Edit: I found the error:
IP of the wlan interface was 192.168.214.0/24 but should be 192.168.215.154/24
Also the default gateway pushed by the DHCP-server was 216.154 → changed to 214.154.
Now the traffic goes out.

plisken · October 18, 2014, 2:28pm

Great