Community discussions

MikroTik App
 
olivier56
newbie
Topic Author
Posts: 43
Joined: Wed Aug 15, 2018 8:26 pm

2 dhcp on same router

Wed Aug 15, 2018 8:50 pm

Hello
sorry for my English..
i have a router with the capmanager activate.
i have two configuration 1 wifi-lan and the other wifi-home automation.
a dhcp in 192.168.2.x for my lan and wifi lan.
I wish to have a dhcp for wifi-home automation in 192.168.3.x.
I galley a little for the interface to take for the 2nd dhcp.

Thanks for your help
 
poizzon
Member Candidate
Member Candidate
Posts: 113
Joined: Fri Jun 21, 2013 12:53 pm

Re: 2 dhcp on same router

Thu Aug 16, 2018 10:00 pm

create two WiFi SSID's, and then assign with different subnet
--
poi
 
mkx
Forum Guru
Forum Guru
Posts: 4317
Joined: Thu Mar 03, 2016 10:23 pm

Re: 2 dhcp on same router

Thu Aug 16, 2018 10:20 pm

First you need to define another address pool then DHCP server network and lastly bind DHCP server with correct pool and network to desired interface:
/ip pool
add name=home_automation ranges=192.168.3.20-192.168.3.254
/ip dhcp-server network
add address=192.168.3.0/24 dns-server=<enter DNS server to be used by clients here> gateway=192.168.3.1 netmask=24
/ip dhcp-server
add address-pool=home_automation interface="wifi_home automation" name="dhcp_home automation"
Review the above commands and adjust them to your setup (IP address range, DNS server address, gateway address - this should match IP address bound to "wifi_home automation" interface ... and correct name of said interface).
BR,
Metod
 
olivier56
newbie
Topic Author
Posts: 43
Joined: Wed Aug 15, 2018 8:26 pm

Re: 2 dhcp on same router

Fri Aug 17, 2018 6:59 pm

Hello
thanks for the help.
my config for the dhcp and capsmanager and dhcp
/caps-man datapath
add bridge=bridge interface-list=all local-forwarding=yes name=datapath1
add bridge=br_domotique local-forwarding=no name=datapath2
/caps-man security
add authentication-types=wpa2-psk name=SEC-Wifi-maison passphrase=*****
add authentication-types=wpa2-psk name=Domotique passphrase=*******
/caps-man configuration
add country=france datapath=datapath1 datapath.client-to-client-forwarding=no \
datapath.local-forwarding=no distance=indoors mode=ap name=Maison security=\
SEC-Wifi-maison ssid=Wifi-Maison
add country=france datapath.bridge=br_domotique \
datapath.client-to-client-forwarding=no datapath.local-forwarding=no \
distance=indoors mode=ap name=Domotique security=Domotique ssid=Test
/caps-man manager
set enabled=yes
/caps-man provisioning
add action=create-dynamic-enabled comment=local master-configuration=Maison \
name-format=prefix-identity slave-configurations=Domotique
---dhcp---
0 192.168.2.0/24 192.168.2.1 192.168.2.1 lan and wifi lan
1 192.168.3.0/24 192.168.3.1 192.168.3.1 Domotique
------DNS---

servers:
dynamic-servers: 192.168.1.254
allow-remote-requests: yes
max-udp-packet-size: 4096
query-server-timeout: 2s
query-total-timeout: 10s
max-concurrent-queries: 100
max-concurrent-tcp-sessions: 20
cache-size: 2048KiB
cache-max-ttl: 1w
cache-used: 87KiB

i still have a problem at dns level. if i put dns 8.8.8.8 i have access to the web however if i put 192.168.3.1 no web.
I ping the IPs but not the dns names.

I do not understand why
thank you
 
mkx
Forum Guru
Forum Guru
Posts: 4317
Joined: Thu Mar 03, 2016 10:23 pm

Re: 2 dhcp on same router

Fri Aug 17, 2018 8:49 pm

I'm not sure how DNS server is configured now. Probably you have to enable it if it's not already. Be sure you don't allow connections to TCP and UDP ports 53 from internet.
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
BR,
Metod
 
olivier56
newbie
Topic Author
Posts: 43
Joined: Wed Aug 15, 2018 8:26 pm

Re: 2 dhcp on same router

Sat Aug 18, 2018 6:48 pm

i have a dns with my first lan:
ip dns print
servers:
dynamic-servers: 192.168.1.254
allow-remote-requests: yes
max-udp-packet-size: 4096
query-server-timeout: 2s
query-total-timeout: 10s
max-concurrent-queries: 100
max-concurrent-tcp-sessions: 20
cache-size: 2048KiB
cache-max-ttl: 1w
cache-used: 298KiB

192.168.1.254 is Ip of my adsl box.
First lan: 192.168.2.*/24 dns 192.168.2.1 (ip router board) .
Second lan (with capsmanager) 192.168.3.*/24 if dns is 192.168.3.1 no resolution , i can ping ip no domain ..
if in configure dhcp for my second lan like this:
# ADDRESS GATEWAY DNS-SERVER WINS-SERVER DO..
0 192.168.2.0/24 192.168.2.1 192.168.2.1 (first dhcp)
1 192.168.3.0/24 192.168.3.1 192.168.1.254 (second dhcp)
I can ping domain name like google.fr.
BR
 
mkx
Forum Guru
Forum Guru
Posts: 4317
Joined: Thu Mar 03, 2016 10:23 pm

Re: 2 dhcp on same router

Sat Aug 18, 2018 11:17 pm

I can think of two reasons why you can't use RB's DNS server from your home automation: either there's some firewall rule blocking access to DNS service from 192.168.3.0/24 or CapsMan settings prevent it. Either way it's just guessing until you post full configuration.
BR,
Metod
 
olivier56
newbie
Topic Author
Posts: 43
Joined: Wed Aug 15, 2018 8:26 pm

Re: 2 dhcp on same router

Sun Aug 19, 2018 8:15 pm

hi

my configuration
MMM MMM KKK TTTTTTTTTTT KKK
MMMM MMMM KKK TTTTTTTTTTT KKK
MMM MMMM MMM III KKK KKK RRRRRR OOOOOO TTT III KKK KKK
MMM MM MMM III KKKKK RRR RRR OOO OOO TTT III KKKKK
MMM MMM III KKK KKK RRRRRR OOO OOO TTT III KKK KKK
MMM MMM III KKK KKK RRR RRR OOOOOO TTT III KKK KKK

MikroTik RouterOS 6.42.6 (c) 1999-2018 http://www.mikrotik.com/

[?] Gives the list of available commands
command [?] Gives help on the command and list of arguments

[Tab] Completes the command/word. If the input is ambiguous,
a second [Tab] gives possible options

/ Move up to base level
.. Move up one level
/command Use command at the base level
[admin@Capman-garage] > export
# aug/19/2018 19:10:36 by RouterOS 6.42.6
# software id = V4XF-HAYV
#
# model = CRS125-24G-1S-2HnD
# serial number = 786F083D7C15
/interface bridge
add fast-forward=no name=br_domotique
add admin-mac=CC:2D:E0:0B:47:95 auto-mac=no comment=defconf name=bridge
add fast-forward=no name=fplayer
add fast-forward=no name=freebox
/interface wireless
# managed by CAPsMAN
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \
distance=indoors frequency=auto mode=ap-bridge ssid=MikroTik-0B47AD \
wireless-protocol=802.11
/interface vlan
add interface=ether1 name=ETHER1_VLAN100 vlan-id=100
add interface=ether5 name=ETHER5_VLAN100 vlan-id=100
/caps-man datapath
add bridge=br_domotique local-forwarding=no name=datapath2
/caps-man security
add authentication-types=wpa2-psk name=SEC-Wifi-maison passphrase=..................
add authentication-types=wpa2-psk name=Domotique passphrase=P.........................
/caps-man configuration
add country=france datapath.bridge=br_domotique \
datapath.client-to-client-forwarding=no datapath.local-forwarding=no \
distance=indoors mode=ap name=Domotique security=Domotique ssid=Test
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
add name=domotique
/caps-man datapath
add bridge=bridge interface-list=all local-forwarding=yes name=datapath1
/caps-man configuration
add country=france datapath=datapath1 datapath.client-to-client-forwarding=no \
datapath.local-forwarding=no distance=indoors mode=ap name=Maison security=\
SEC-Wifi-maison ssid=Wifi-Maison
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip kid-control
add disabled=yes fri="" mon="" name=kid1 sat="" sun=20h-20h30m thu="" tue="" \
wed=""
/ip pool
add name=dhcp_pool1 ranges=192.168.2.100-192.168.2.150
add name=Domotique ranges=192.168.3.1-192.168.3.15
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=bridge lease-time=1h10m name=\
dhcp1
add address-pool=Domotique disabled=no interface=br_domotique name=Domotique
/port
set 1 baud-rate=115200 data-bits=8 flow-control=none name=usb2 parity=none \
stop-bits=1
/caps-man manager
set enabled=yes
/caps-man provisioning
add action=create-dynamic-enabled comment=local master-configuration=Maison \
name-format=prefix-identity slave-configurations=Domotique
/interface bridge port
add bridge=fplayer comment="lan Freebox capsman" interface=ether2
add bridge=freebox comment="lan Freebox" interface=ether4
add bridge=bridge comment="lan Freebox" interface=ether5
add bridge=freebox comment="lan Freebox" interface=ether6
add bridge=freebox comment="lan Freebox" interface=ether7
add bridge=freebox comment="lan Freebox" interface=ether8
add bridge=bridge comment="lan Maison" interface=ether20
add bridge=bridge comment="lan Maison" interface=ether21
add bridge=bridge comment="lan Maison" interface=ether22
add bridge=bridge comment="lan Maison" interface=ether23
add bridge=bridge comment="lan Maison" interface=ether24
add bridge=bridge comment="lan Maison" interface=sfp1
add bridge=bridge comment="lan Maison" interface=wlan1
add bridge=freebox comment="lan Freebox" interface=ether1
add bridge=freebox comment="lan Freebox" interface=ether3
add bridge=bridge comment="lan Maison" interface=ether15
add bridge=bridge comment="lan Maison" interface=ether12
add bridge=bridge comment="lan Maison" interface=ether13
add bridge=bridge comment="lan Maison" interface=ether14
add bridge=bridge comment="lan Maison" interface=ether16
add bridge=bridge comment="lan Maison" interface=ether17
add bridge=bridge comment="lan Maison" interface=ether18
add bridge=bridge comment="Lan maison" interface=ether19
add bridge=fplayer comment="Lan FreePlayer" interface=ETHER5_VLAN100
add bridge=bridge comment="Lan Maison" interface=ether11
add bridge=fplayer interface=ETHER1_VLAN100
add bridge=bridge interface=ether9
add bridge=bridge interface=ether10
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=freebox list=WAN
add interface=br_domotique list=domotique
/interface wireless cap
#
set caps-man-addresses=192.168.2.1,192.168.2.254 discovery-interfaces=bridge \
enabled=yes interfaces=wlan1
/ip address
add address=192.168.2.1/24 interface=bridge network=192.168.2.0
add address=192.168.3.1/24 interface=br_domotique network=192.168.3.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=freebox
add dhcp-options=hostname,clientid
/ip dhcp-server lease
add address=192.168.2.253 client-id=1:0:fd:45:fc:6e:18 mac-address=\
00:FD:45:FC:6E:18 server=dhcp1
add address=192.168.2.252 client-id=1:90:b1:1c:6f:3:f0 mac-address=\
90:B1:1C:6F:03:F0 server=dhcp1
add address=192.168.2.3 client-id=1:0:1d:73:a3:d:1c mac-address=\
00:1D:73:A3:0D:1C server=dhcp1
add address=192.168.2.5 mac-address=00:24:D4:71:72:BD server=dhcp1
add address=192.168.2.4 client-id=1:d8:fe:e3:5c:14:68 mac-address=\
D8:FE:E3:5C:14:68 server=dhcp1
add address=192.168.2.11 client-id=Domotique comment=Alexa mac-address=\
B0:FC:0D:06:FD:69 server=dhcp1
add address=192.168.2.12 client-id=Domotique comment="Alexa bureau" \
mac-address=C4:95:00:2C:89:83 server=dhcp1
add address=192.168.2.15 client-id=Domotique comment="Chambre EVA" mac-address=\
84:F3:EB:14:C5:7C server=dhcp1
add address=192.168.2.16 client-id=Domotique comment="Chambre angel" \
mac-address=84:F3:EB:14:C6:32 server=dhcp1
add address=192.168.2.10 client-id=1:b8:27:eb:5d:63:88 comment=\
"serveur domotique" mac-address=B8:27:EB:5D:63:88 server=dhcp1
add address=192.168.2.14 client-id=1:50:c7:bf:b6:c4:27 mac-address=\
50:C7:BF:B6:C4:27 server=dhcp1
add address=192.168.2.254 client-id=1:6c:3b:6b:3c:23:16 mac-address=\
6C:3B:6B:3C:23:16 server=dhcp1
add address=192.168.2.251 client-id=1:64:d1:54:f8:69:b8 mac-address=\
64:D1:54:F8:69:B8 server=dhcp1
add address=192.168.2.104 mac-address=B0:E1:7E:20:1A:F7 server=dhcp1
/ip dhcp-server network
add address=192.168.2.0/24 caps-manager=192.168.2.1 dns-server=192.168.2.1 \
gateway=192.168.2.1
add address=192.168.3.0/24 dns-server=192.168.3.1,8.8.8.8 gateway=192.168.3.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 disabled=yes name=router.lan
add address=192.168.2.253 name=toto.lan
/ip firewall filter
add action=drop chain=forward comment="prise tplink" log=yes out-interface=\
bridge src-address=192.168.2.14
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=\
invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=\
out,none out-interface-list=WAN
add action=dst-nat chain=dstnat comment=\
"Port Forward rdp verserveur hyperv2016" disabled=yes dst-port=124568 \
protocol=tcp to-addresses=192.168.2.252 to-ports=123456
/ip kid-control device
add mac-address=B0:E1:7E:20:1A:F7 name=eva user=kid1
add mac-address=C8:14:79:A3:A9:A7 name=test user=kid1
/ip route
add check-gateway=ping disabled=yes distance=1 dst-address=172.16.0.0/23 \
gateway=192.168.2.106
/lcd
set time-interval=hour
/lcd interface pages
set 0 interfaces=wlan1
/system clock
set time-zone-name=Europe/Paris
/system console
add disabled=no port=usb2
/system identity
set name=Capman-garage
/system routerboard settings
set silent-boot=no
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool netwatch
add disabled=yes host=192.168.2.150
/tool sniffer
set filter-interface=*C88

thank you for you help

BR
 
mkx
Forum Guru
Forum Guru
Posts: 4317
Joined: Thu Mar 03, 2016 10:23 pm

Re: 2 dhcp on same router  [SOLVED]

Sun Aug 19, 2018 9:21 pm

If I got it right the problem is that you have 3 interface lists: LAN, WAN and domotique. You have firewall rule
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
which doesnt allow to use RB's DNS service (among other things) from devices connecting through domotique interface list. As you probably don't want to allow full connectivity from home automation to router, it is probabky better to construct specific allow filters for DNS only
add action=accept chain=input comment="allow DNS from domotique" \
     in-interface-list=domotique protocol=udp port=53
add action=accept chain=input comment="allow DNS from domotique" \
     in-interface-list=domotique protocol=tcp port=53
You should place these two rules before the one quoted above which drops all on input chain.
BR,
Metod
 
olivier56
newbie
Topic Author
Posts: 43
Joined: Wed Aug 15, 2018 8:26 pm

Re: 2 dhcp on same router

Sun Aug 19, 2018 9:59 pm

hi,
you got right :)

"Chapeau bas Monsieur" french exprission to says thank you an respect.

br

Who is online

Users browsing this forum: No registered users and 48 guests