Community discussions

MikroTik App
 
hgabor1989
just joined
Topic Author
Posts: 2
Joined: Sun Jan 06, 2019 9:39 pm

VLAN+DHCP

Wed Jan 09, 2019 9:26 pm

Hi,

I am new in Mikrotik world and I have some problem with switching at the beginning.

I would like to configure 2 switches. Both has 3 VLANs(10,20,30) with 2 access ports and a trunk(port 1) to connect them together.
Both should have VLAN interface for all the VLANs and the one whoch has the default gateways configured(Core) acts as a DHCP server for VLAN 10 and 20.

Now almost all of this are working only one thing is missing.
I cannot get addresses when I am connecting to the an access port on the "Core" only if I am connection to the other device(Access).
The VLANs are working well. Whe I am configuring a static IP on my PC I can ping others connected to the Access router.
I cannot even see the router as neighbour when I am opening Winbox only the Access router can be seen.
The Core is an RB450G the Access is an RB750G and both rund ROS 6.43.7

Could you please help me to solve this problem?

I have attached the configs too.
You do not have the required permissions to view the files attached to this post.
 
User avatar
pcunite
Forum Guru
Forum Guru
Posts: 1345
Joined: Sat May 25, 2013 5:13 am
Location: USA

Re: VLAN+DHCP

Thu Jan 10, 2019 9:44 pm

I'm really only familiar with using the newer technique for doing this. There is a lot to getting this right. I don't see vlan-filtering set but you're probably not going down that road if you're using the /interface ethernet switch vlan menu anyways.

You might try to diagram things out and maybe someone can help.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: VLAN+DHCP

Thu Jan 10, 2019 10:11 pm

There are two things to improve:
  • I highly doubt that you need to run DHCP relay on core switch as you're running DHCP server on the same unit as well
  • VLAN 99 only runs between both switches, so both management interfaces are not L2 accesible by any other device. And winbox uses broadcast for discovery, which is constrained to L2 domain.
  • both units will gladly route packets (that is forward packets between different L3 internal interfaces). Which opens some routing loops. You will have to decide which one will do inter-VLAN routing (probably that'll be core switch) and remove IP addresses from the other one (only keep address on MGMT interface, remove surplus vlan interfaces and remove switch1-cpu port from the list of vlan member ports)
  • if you want to allow the access switch zo accese internet (e.g. for ROS upgrades), you'll have to add a dedault route using core switch's MGMT address
Keep in mind that for switching, device's CPU doesn't have to be part of that VLAN. If you want to bridge ethernet and wlan on certain VLAN, then switch1-cpu has to be member port of that vlan, but you don't need vlan interface with that vlan-id.
 
hgabor1989
just joined
Topic Author
Posts: 2
Joined: Sun Jan 06, 2019 9:39 pm

Re: VLAN+DHCP

Sat Jan 12, 2019 3:20 pm

There are two things to improve:
  • I highly doubt that you need to run DHCP relay on core switch as you're running DHCP server on the same unit as well
  • VLAN 99 only runs between both switches, so both management interfaces are not L2 accesible by any other device. And winbox uses broadcast for discovery, which is constrained to L2 domain.
  • both units will gladly route packets (that is forward packets between different L3 internal interfaces). Which opens some routing loops. You will have to decide which one will do inter-VLAN routing (probably that'll be core switch) and remove IP addresses from the other one (only keep address on MGMT interface, remove surplus vlan interfaces and remove switch1-cpu port from the list of vlan member ports)
  • if you want to allow the access switch zo accese internet (e.g. for ROS upgrades), you'll have to add a dedault route using core switch's MGMT address
Keep in mind that for switching, device's CPU doesn't have to be part of that VLAN. If you want to bridge ethernet and wlan on certain VLAN, then switch1-cpu has to be member port of that vlan, but you don't need vlan interface with that vlan-id.

Many thanks for the answer. I have removed the DHCP helper.
Now I would like to test only with the Core switch so I have disconnected the Access switch.
I think I cannot remove the switch1-cpu port on the Core from VLANs because I need the routing between VLANs and the users need defautl GW.I still cannot get IP.
What could be the problem in this case?
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: VLAN+DHCP

Sat Jan 12, 2019 3:37 pm

It is right to keep vlan10 and vlan20 interfaces on core switch, just remember to remove them from the access switch.

The DHCP server setup is slightly incomplete (you probably want to add dns-server setting to it), but it should work (just as it worked when device was connected to access switch). So it could be that RB replies a tad too quickly for the client device (and using another switch helps as introduces slight delay). I'm sorry, but I don't have any other idea.

Who is online

Users browsing this forum: Ahrefs [Bot], sybadi and 40 guests