Community discussions

MikroTik App
 
imkevinc
just joined
Topic Author
Posts: 1
Joined: Tue May 19, 2020 10:19 pm

Assign unique DHCP server to an AP?

Tue May 19, 2020 10:44 pm

I've got a hEX S (mmips) running v6.46.6, and am using Winbox. I'm pretty good about doing the legwork to figure things out but this is so out of my territory that I don't know the vocabulary to even do searching... just knowing whether it is possible or not would be helpful!

Maybe just which areas I'll need? Am I gonna need to create a virtual interface or something? Ive been able to assign different DHCP servers to different physical ports on the router, that wasn't too bad. Here's what I'm trying to do. Thank you in advance anyone that takes a look, much appreciated!

Edit: the access point is TP Link, not a MikroTik product....my searching tells me that this probably matters.
RouterOS question.png
You do not have the required permissions to view the files attached to this post.
 
User avatar
mutluit
Member
Member
Posts: 421
Joined: Wed Mar 25, 2020 4:04 am

Re: Assign unique DHCP server to an AP?

Wed May 20, 2020 10:05 pm

So, what is your exact question?
 
User avatar
pcunite
Forum Guru
Forum Guru
Posts: 1105
Joined: Sat May 25, 2013 5:13 am
Location: USA

Re: Assign unique DHCP server to an AP?

Wed May 20, 2020 10:38 pm

Study VLAN techniques as noted in my signature.
 
anav
Forum Guru
Forum Guru
Posts: 4159
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: Assign unique DHCP server to an AP?

Thu May 21, 2020 1:46 am

First as pcunite stated. READ THE REFERENCE FIRST SO THAT YOU UNDERSTAND WHAT YOU ARE DOING AND WILL MAKE THE REST UNDERSTANDABLE.
viewtopic.php?t=143620

Typically one doesn't use a dumb switch to pass vlans mainly because all vlans are broadcast to all ports which kinda defeats the purpose of and security of a managed switch. But in a home environment that may not be as important to you.

The problem is that you will have do a hybrid port, which is a bit more challenging and something we dont like to do in typicaly vlan bridge filtering but tis possible.
In general terms,
-put all the vlans onto a bridge.
- assign dhcp and addresses to the vlans (the bridge basically has no other responsibilities other than vlan filtering=yes at the end).
- for in-interface-list members, add the vlans to the LAN
- bridge ports follows normal protocol for trunk and access ports
- bridge vlan is where the magic happens.

Since the AP is supposedly a smart device it would be able to take in both vlans and then distribute them to users as per assigned SSID etc.........
IF your AP is not smart, cannot read vlan tags, then you cannot do two different vlans or outputs on the switch as far as I know. and you can ignore everything below LOL
Which model of tp link is it??

There was another thread recently that was similar.
You didnt provide enough detail for ports 3,4,5 and whether or not the AP has more than just .90 ??
So my assumption is that .88 is your home LAN and thus is the same as ports 3,4,5
.90 is guest wifi

/interface bridge
add admin-mac= :D auto-mac=no comment=defconf name=bridge vlan-filtering=yes {this would be the last step or rule to put in}

/interface vlan
add interface=bridge name=guest-vlan vlan-id=90
add interface=bridge name=homevlan vlan-id=88

/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
add name=VLAN {will be used to group all vlans that are not the home vlan}

/ip pool
as per required (2 vlans = 2 pools)

/ip dhcp-server
2 of them (interface is the vlanname)

/interface list member
add comment=defconf interface=ether1 list=WAN
add interface=guest-vlan list=LAN
add interface=homevlan list=LAN
add interface=guest-vlan list=VLAN

/ip address
2 as required interface is the name of the vlan

/ip dhcp-server network
2 as required

/ip firewall filter (default rules to start)
once you have the above working then they can be adjusted.

The most difficult part of the setup will be Bridge Port and Bridge VLAN settings.
/interface bridge port
add bridge=bridge comment=defconf ingress-filtering=yes interface=ether2 (trunk port on the surface but as you will see by the bridge vlan - its actually a hybrid port)
add bridge=bridge comment=defconf frame-types=admit-only-untagged-and-priority-tagged interface=ether3 pvid=88 (access port)
add bridge=bridge comment=defconf frame-types=admit-only-untagged-and-priority-tagged interface=ether4 pvid=88 (access port)
add bridge=bridge comment=defconf frame-types=admit-only-untagged-and-priority-tagged interface=ether5 pvid=88 (access port)

/interface bridge vlan
add bridge=bridge tagged=bridge untagged=ether2,ether3,ether4,ether5 vlan-ids=88
add bridge=bridge tagged=bridge,eth2 vlan-ids=90


Lets make it more complicated LOL
Lets say 88 was not your home network (but for specific other purpose) but .55 was a home network using ether3,45, and also you wanted the TP link carry vlan 55 as home wifi, as well as the guest wifi (only possible assuming TP link is smart)

/interface bridge port
add bridge=bridge comment=defconf ingress-filtering=yes interface=ether2 (trunk port on the surface but as you will see by the bridge vlan - its actually a hybrid port)
add bridge=bridge comment=defconf frame-types=admit-only-untagged-and-priority-tagged interface=ether3 pvid=55 (access port)
add bridge=bridge comment=defconf frame-types=admit-only-untagged-and-priority-tagged interface=ether4 pvid=55 (access port)
add bridge=bridge comment=defconf frame-types=admit-only-untagged-and-priority-tagged interface=ether5 pvid=55 (access port)

/interface bridge vlan
add bridge=bridge tagged=bridge untagged=ether2 vlan-ids=88
add bridge=bridge tagged=bridge,ether2 vlan-ids=90
add bridge=bridge tagged=bridge,ether2 untagged=ether3,ether4,ether5 vlan-ids=55
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)

Who is online

Users browsing this forum: No registered users and 38 guests