Community discussions

 
8cqv
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 53
Joined: Tue Mar 06, 2018 5:25 pm

Bridge setup - two subnets/interfaces/dhcp servers

Mon Mar 26, 2018 1:04 am

I am hoping someone can put me out of my misery as I have been going round in circles with this now since last week and I am sure I am just missing something fundamental.

I have a hAP AC^2 (RBD52G-5HacD2HnD-TC), connected as follows:
ether1 - PPPoE connection to DSL modem
ether2, ether3 & ether4 - in bridge to "new" network - 192.168.88.1/24
ether5 - "old" wired network 10.10.1.1/24

(I am not really staying with 192.168.88.x, above just examples for explanation. 10.x has to stay as some hosts are static and mailserver ip's hardcoded inside my network - takes time to update)

Simple requirement:
I want the default dhcp server 192.168.88.1/24 on the main bridge for WiFi and wired ports but not ether5.
I want second dhcp server on ether5 on 10.10.1.1/24 network.
I want routing between the two networks.

Some of the wiki and forum says to create dhcp server on ether5 (which works) and take it out of the bridge, but then I loose hardware acceleration and they don't route. I can't add ether5 into the default bridge as it disables the dhcp server ("dhcp server not allowed on slave interface" - makes some sense). I keep searching the forum and wiki and some articles relate to older releases, some bridge examples on the wiki but they don't cover this simple scenario. A lot of routing is between devices, not within.

I have been going around in circles with this and I must be missing some fundamental concept.
  • add second bridge with only ether5 as member and dhcp-server2 (works, hardware acceleration, but networks don't route between each other)
  • add static routes when using above?
  • connect interfaces inside both bridges?
  • none of the above and something totally different like making ether5 vlan10 or something and putting dhcp server on the vlan interface? (reading stuff like this https://wiki.mikrotik.com/wiki/Manual:L ... figuration
)

This all seems so simple a requirement, main dhcp server on the main bridge, second dhcp server on ether5 and the networks route... but I must be missing some fundamental. I am not network expert, but I got everything else setup (external NAT, more than 1 PPPoE IP etc).

If there is a bridge 101 somewhere I missed that explains all this happy to take a link and go figure it out!

Can anyone point me in the right direction of how this should be configured with the current bridge interface?

hAP AC^2 totally great by the way, down/up speeds increased over old router and loving all the functionality, even with the steep learning curve.

Bonus related question: how would I put the guest wifi quickset created onto its own dhcp server?
 
RyperX
Frequent Visitor
Frequent Visitor
Posts: 55
Joined: Thu May 21, 2015 11:14 am

Re: Bridge setup - two subnets/interfaces/dhcp servers

Mon Mar 26, 2018 1:22 am

Some of the wiki and forum says to create dhcp server on ether5 (which works) and take it out of the bridge, but then I loose hardware acceleration and they don't route
My first thought.
When you set the DHCP Server on eth5 and disabled the bridge.
Did you also set the IP Adress on the eth5 interface?
In your case 10.10.1.1/24

You can also add an additional bridge and set the DHCP and IP Adress there, set eth5 as Slave.

Routing should work without any additional routing settings, only you have to check the firewall rules
 
anav
Forum Guru
Forum Guru
Posts: 2829
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: Bridge setup - two subnets/interfaces/dhcp servers

Mon Mar 26, 2018 3:37 am

I have two wans on ether1 and ether5 and two lans on my hex.
I assigned ether2,3,to one bridge and ether 4 to another bridge.

I assigned the IP address to the bridges not the ether........

WIFI and NORMAL LAN on FlexBridge
address 192.168.88.1/24
network 192.168.88.0
Interface: FlexBridge

HardCoded LAN on FixedBridge
address 10.10.1.1/24
network 10.10.1.0
Interface: FixedBridge

Yes by putting the two LANS on separate bridges OR one on a bridge and the other not on a bridge
your not going to get wire speeds level 2 connectivity between the LANs.
You will get routing between the interfaces according to the rules you make.
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
User avatar
WirtelPL
newbie
Posts: 34
Joined: Sat Nov 11, 2017 11:22 am
Location: Poland

Re: Bridge setup - two subnets/interfaces/dhcp servers

Mon Mar 26, 2018 12:30 pm

I have a similar problem described in post: viewtopic.php?f=13&t=131567#p646165
I created first bridge with wlan interface which broadcast (as a repeater) "main network" - clients gets IP adddresses from "main router", and second bridge with wirtual wlan interface for guests. For second bridge I configured DHCP serwer with another IP's pool. Clients joinings to guest network gets IP addresses, but doesn't going to the Internet. I added NAT rule, which natted source addresses from DHCP range for guests to bridge1, but it not working too. So I'm still fighting it.
I currently have ROS 6.41.3 on mAP.
RB951G-2HnD for home production
RBmAP2nD | RB952Ui-5ac2nD-TC for home lab
 
8cqv
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 53
Joined: Tue Mar 06, 2018 5:25 pm

Re: Bridge setup - two subnets/interfaces/dhcp servers

Mon Mar 26, 2018 11:46 pm


You will get routing between the interfaces according to the rules you make.
thanks, so firewall rules?

I just tried adding:
ip firewall filter add chain=forward action=accept src-address-list=192.168.88.1/24 dst-address-list=10.10.1.1/24
ip firewall filter add chain=forward action=accept src-address-list=10.10.1.1/24 dst-address-list=192.168.88.1/24
But while I can ping between the networks, I can't for example open a web page...

with
 ip firewall filter print
I can't see any drop rules that are not related to pppoe-out1, so I can't see firewall blocking inter-LAN connections?

This seems so simple, glad I am not the only one having issues!
 
mkx
Forum Guru
Forum Guru
Posts: 2449
Joined: Thu Mar 03, 2016 10:23 pm

Re: Bridge setup - two subnets/interfaces/dhcp servers

Tue Mar 27, 2018 12:21 pm

Which ROS version do you have on your hAP AC^2?

Can you post output of command /interface export ?

I believe there's something wrong with the way you set up ether5 (and possibly IP on top of it). My take is that if you'll only use single ethernet interface towards "old" wired network, then you should get by without using bridge for that ... all IP stuff (address, DHCP server, firewall) can work directly with ether device (or any other device for that matter, I have mine working on VLAN device).
BR,
Metod
 
8cqv
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 53
Joined: Tue Mar 06, 2018 5:25 pm

Re: Bridge setup - two subnets/interfaces/dhcp servers

Tue Mar 27, 2018 1:01 pm

ROS is latest production, 6.41.3.

I cannot access the router at the moment but I will check "interface export", that's a new command!

At the moment I am running with a bridge for eth5 and DNS server and IP assigned to the bridge. I have tried it native as well on eth5 but its possible something is not right somewhere, thanks for pointer I will check "interface export" output tonight.

EDIT: I am starting to wonder if VLAN is the answer for the legacy 10.x... but it *should* work without it really!
 
anav
Forum Guru
Forum Guru
Posts: 2829
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: Bridge setup - two subnets/interfaces/dhcp servers

Tue Mar 27, 2018 1:56 pm

In your current setup can you access the inteRnet from both LANs?
Strange that you can ping devices on opposite LAns but cannot open web page......... doesnt make sense.
have you associated both bridges as being on the LAN (interface lists)

THe firewall rules look reasonable, Im starting to wonder if one needs to make two routes....
dest 0.0.0.0/0
Gateway opposite LAN gateway IP

dest 0.0.0.0/0
Gateway opposite Lan gateway IP

That way when you type in a LANIP of the other LAN the router knows where to send it??? A stretch but cant offer much else at this point
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
8cqv
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 53
Joined: Tue Mar 06, 2018 5:25 pm

Re: Bridge setup - two subnets/interfaces/dhcp servers

Tue Mar 27, 2018 3:17 pm

Its strange right!

Both subnets can access the internet, but for example a wireless client cannot send email (email server on 10.x network) or load a webpage from a pi serving on the 10.x network.

I looked at interface lists last night, but there were none configured.

Basic setup:
- New unit
- FW upgrade to latest
- quickset to get online
- replace dhcp client default settings with ISP specific (I have more than 1 public IP)
- split of eth5 on new bridge & add DHCP

I didn't really mess around with a lot, firewall rules are default.

I have to look tonight at home again, maybe I need to add interface list LAN to the two wired networks.

Who is online

Users browsing this forum: Bing [Bot] and 18 guests