hAP ac^2 | Clients on Switch-Port do not get IP via DHCP

coliflower · Thu Jul 09, 2020 4:45 pm

Dear all,

I already read so much - but I am still not possible to solve my topic by my self

I have an external Router (L3) --> L2-Switch HP manageable --> hAP ac^2 (I also own other wAP what works fine - no switch included).

The hAP ac^2 is new, I resetted it without default confiuguration.
Added a bridge, to this I added ether1 to 5 + wlan1 and 2 (on wlan1/2 I added some vAP).

Wlan1/2 + all vAP work fine and getting their IPs from Router (with DHCP, DNS, NTP, ...).
Ether1 is TRUNK from HP to hAP ac^2

I configured ether2 to 5 to only works with VLAN90 --> to talks with Clients (un-tagged) ... hopefulle correct.

The problem is, contratry to WLAN (works), if I connect the same Client via cable (LAN) to ether2 by 5, I do not receive the expected IP from DHCP server (external Router)

If I setup the same Client with manual IP, SUBNET, GW and DNS, it works ... so where in between did I something wrong or miss to do someting ??

Thank you very much for your help in advance !!

# jul/09/2020 15:59:51 by RouterOS 6.47
# software id = DE73-UYRN
#
# model = RBD52G-5HacD2HnD


/interface bridge
add admin-mac=48:8F:5A:24:7A:D6 auto-mac=no name=bridge.hAP3 vlan-filtering=yes

/interface ethernet
set [ find default-name=ether1 ] name=ether-1.uplink.hAP3
set [ find default-name=ether2 ] name=ether-2.hAP3
set [ find default-name=ether3 ] name=ether-3.hAP3
set [ find default-name=ether4 ] name=ether-4.hAP3
set [ find default-name=ether5 ] name=ether-5.hAP3

/interface ethernet switch
set 0 name=switch.hAP3

/interface ethernet switch port
set 1 vlan-header=leave-as-is
set 2 vlan-header=leave-as-is
set 3 vlan-header=leave-as-is
set 4 vlan-header=leave-as-is

/interface bridge port
add bridge=bridge.hAP3 comment=interface=ether-1.uplink.hAP3
add bridge=bridge.hAP3 frame-types=admit-only-untagged-and-priority-tagged interface=ether-2.hAP3 pvid=90
add bridge=bridge.hAP3 frame-types=admit-only-untagged-and-priority-tagged interface=ether-3.hAP3 pvid=90
add bridge=bridge.hAP3 frame-types=admit-only-untagged-and-priority-tagged interface=ether-4.hAP3 pvid=90
add bridge=bridge.hAP3 frame-types=admit-only-untagged-and-priority-tagged interface=ether-5.hAP3 pvid=90
add bridge=bridge.hAP3  interface=hAP3-2GHz
add bridge=bridge.hAP3 interface=hAP3-5GHz
add bridge=bridge.hAP3 frame-types=admit-only-vlan-tagged interface=vAP3-10-KNX2 pvid=10
add bridge=bridge.hAP3 frame-types=admit-only-vlan-tagged interface=vAP3-10-KNX5 pvid=10
add bridge=bridge.hAP3 frame-types=admit-only-vlan-tagged interface=vAP3-20-HIFI2 pvid=20
add bridge=bridge.hAP3 frame-types=admit-only-vlan-tagged interface=vAP3-20-HIFI5 pvid=20
add bridge=bridge.hAP3 frame-types=admit-only-vlan-tagged interface=vAP3-30-DOM2 pvid=30
add bridge=bridge.hAP3 frame-types=admit-only-vlan-tagged interface=vAP3-30-DOM5 pvid=30
add bridge=bridge.hAP3 frame-types=admit-only-vlan-tagged interface=vAP3-40-NAS2 pvid=40
add bridge=bridge.hAP3 frame-types=admit-only-vlan-tagged interface=vAP3-40-NAS5 pvid=40
add bridge=bridge.hAP3 frame-types=admit-only-vlan-tagged interface=vAP3-50-MBP2 pvid=50
add bridge=bridge.hAP3 frame-types=admit-only-vlan-tagged interface=vAP3-50-MBP5 pvid=50
add bridge=bridge.hAP3 frame-types=admit-only-vlan-tagged interface=vAP3-60-CAM2 pvid=60
add bridge=bridge.hAP3 frame-types=admit-only-vlan-tagged interface=vAP3-60-CAM5 pvid=60
add bridge=bridge.hAP3 frame-types=admit-only-vlan-tagged interface=vAP3-70-KIND2 pvid=70
add bridge=bridge.hAP3 frame-types=admit-only-vlan-tagged interface=vAP3-70-KIND5 pvid=70
add bridge=bridge.hAP3 frame-types=admit-only-vlan-tagged interface=vAP3-80-GAST2 pvid=80
add bridge=bridge.hAP3 frame-types=admit-only-vlan-tagged interface=vAP3-80-GAST5 pvid=80
add bridge=bridge.hAP3 frame-types=admit-only-vlan-tagged interface=vAP3-90-EXT2 pvid=90
add bridge=bridge.hAP3 frame-types=admit-only-vlan-tagged interface=vAP3-90-EXT5 pvid=90

/interface bridge vlan
add bridge=bridge.hAP3 tagged=bridge.hAP3,ether-1.uplink.hAP3,vAP3-10-KNX2,vAP3-10-KNX5 vlan-ids=10
add bridge=bridge.hAP3 tagged=bridge.hAP3,ether-1.uplink.hAP3,vAP3-20-HIFI2,vAP3-20-HIFI5 vlan-ids=20
add bridge=bridge.hAP3 tagged=bridge.hAP3,ether-1.uplink.hAP3,vAP3-30-DOM2,vAP3-30-DOM5 vlan-ids=30
add bridge=bridge.hAP3 tagged=bridge.hAP3,ether-1.uplink.hAP3,vAP3-40-NAS2,vAP3-40-NAS5 vlan-ids=40
add bridge=bridge.hAP3 tagged=bridge.hAP3,ether-1.uplink.hAP3,vAP3-50-MBP2,vAP3-50-MBP5 vlan-ids=50
add bridge=bridge.hAP3 tagged=bridge.hAP3,ether-1.uplink.hAP3,vAP3-60-CAM2,vAP3-60-CAM5 vlan-ids=60
add bridge=bridge.hAP3 tagged=bridge.hAP3,ether-1.uplink.hAP3,vAP3-70-KIND2,vAP3-70-KIND5 vlan-ids=70
add bridge=bridge.hAP3 tagged=bridge.hAP3,ether-1.uplink.hAP3,vAP3-80-GAST2,vAP3-80-GAST5 vlan-ids=80
add bridge=bridge.hAP3 tagged=bridge.hAP3,ether-1.uplink.hAP3,vAP3-90-EXT2,vAP3-90-EXT5 vlan-ids=90

/interface wireless cap
set bridge=bridge.hAP3 discovery-interfaces=bridge.hAP3 interfaces=hAP3-2GHz,hAP3-5GHz

floaty · Fri Jul 10, 2020 9:38 pm

... your snipped configuration does not contain a hint to which interface you're configured dhcp-server is connected to ?!
.
if you want a common network over multiple (hardware-)interfaces there should be a bridge, where all your intented (hardeware-)interfaces are "a port" [personally not so happy with that term] to.
Your dhcp-server should be connected to that bridge-interface and only that bridge-interface should have an ip-address in the intended AND in the dhcp-server-network configured ip-net.
.
if this is not enlightening ... ... give us:
.

interface bridge export
interface bridge port export
ip address export
ip dhcp-server export

.

coliflower · Fri Jul 10, 2020 11:00 pm

Thanks ! Here the missing information, please.

My target in short ...
ether1 = trunk with vlan1 un-tagged (10.0.100.0/24) and other VLAN10-90 tagged (10.0.x.0/24) should be OK.
ether2 by 5 = need to be only VLAN90 network where Clients with only access to VLAN90 will connect.

/interface bridge
add admin-mac=48:8F:5A:24:7A:D6 auto-mac=no name=bridge.hAP3 protocol-mode=none vlan-filtering=yes

/interface bridge port
add bridge=bridge.hAP3 interface=ether-1.uplink.hAP3
add bridge=bridge.hAP3 frame-types=admit-only-untagged-and-priority-tagged interface=ether-2.hAP3 pvid=90
add bridge=bridge.hAP3 frame-types=admit-only-untagged-and-priority-tagged interface=ether-3.hAP3 pvid=90
add bridge=bridge.hAP3 frame-types=admit-only-untagged-and-priority-tagged interface=ether-4.hAP3 pvid=90
add bridge=bridge.hAP3 frame-types=admit-only-untagged-and-priority-tagged interface=ether-5.hAP3 pvid=90
add bridge=bridge.hAP3 interface=hAP3-2GHz
add bridge=bridge.hAP3 interface=hAP3-5GHz
add bridge=bridge.hAP3 frame-types=admit-only-vlan-tagged interface=vAP3-10-KNX2 pvid=10
add bridge=bridge.hAP3 frame-types=admit-only-vlan-tagged interface=vAP3-10-KNX5 pvid=10
add bridge=bridge.hAP3 frame-types=admit-only-vlan-tagged interface=vAP3-20-HIFI2 pvid=20
add bridge=bridge.hAP3 frame-types=admit-only-vlan-tagged interface=vAP3-20-HIFI5 pvid=20
add bridge=bridge.hAP3 frame-types=admit-only-vlan-tagged interface=vAP3-30-DOM2 pvid=30
add bridge=bridge.hAP3 frame-types=admit-only-vlan-tagged interface=vAP3-30-DOM5 pvid=30
add bridge=bridge.hAP3 frame-types=admit-only-vlan-tagged interface=vAP3-40-NAS2 pvid=40
add bridge=bridge.hAP3 frame-types=admit-only-vlan-tagged interface=vAP3-40-NAS5 pvid=40
add bridge=bridge.hAP3 frame-types=admit-only-vlan-tagged interface=vAP3-50-MBP2 pvid=50
add bridge=bridge.hAP3 frame-types=admit-only-vlan-tagged interface=vAP3-50-MBP5 pvid=50
add bridge=bridge.hAP3 frame-types=admit-only-vlan-tagged interface=vAP3-60-CAM2 pvid=60
add bridge=bridge.hAP3 frame-types=admit-only-vlan-tagged interface=vAP3-60-CAM5 pvid=60
add bridge=bridge.hAP3 frame-types=admit-only-vlan-tagged interface=vAP3-70-KIND2 pvid=70
add bridge=bridge.hAP3 frame-types=admit-only-vlan-tagged interface=vAP3-70-KIND5 pvid=70
add bridge=bridge.hAP3 frame-types=admit-only-vlan-tagged interface=vAP3-80-GAST2 pvid=80
add bridge=bridge.hAP3 frame-types=admit-only-vlan-tagged interface=vAP3-80-GAST5 pvid=80
add bridge=bridge.hAP3 frame-types=admit-only-vlan-tagged interface=vAP3-90-EXT2 pvid=90
add bridge=bridge.hAP3 frame-types=admit-only-vlan-tagged interface=vAP3-90-EXT5 pvid=90

/interface bridge vlan
add bridge=bridge.hAP3 tagged=bridge.hAP3,ether-1.uplink.hAP3,vAP3-10-KNX2,vAP3-10-KNX5 vlan-ids=10
add bridge=bridge.hAP3 tagged=bridge.hAP3,ether-1.uplink.hAP3,vAP3-20-HIFI2,vAP3-20-HIFI5 vlan-ids=20
add bridge=bridge.hAP3 tagged=bridge.hAP3,ether-1.uplink.hAP3,vAP3-30-DOM2,vAP3-30-DOM5 vlan-ids=30
add bridge=bridge.hAP3 tagged=bridge.hAP3,ether-1.uplink.hAP3,vAP3-40-NAS2,vAP3-40-NAS5 vlan-ids=40
add bridge=bridge.hAP3 tagged=bridge.hAP3,ether-1.uplink.hAP3,vAP3-50-MBP2,vAP3-50-MBP5 vlan-ids=50
add bridge=bridge.hAP3 tagged=bridge.hAP3,ether-1.uplink.hAP3,vAP3-60-CAM2,vAP3-60-CAM5 vlan-ids=60
add bridge=bridge.hAP3 tagged=bridge.hAP3,ether-1.uplink.hAP3,vAP3-70-KIND2,vAP3-70-KIND5 vlan-ids=70
add bridge=bridge.hAP3 tagged=bridge.hAP3,ether-1.uplink.hAP3,vAP3-80-GAST2,vAP3-80-GAST5 vlan-ids=80
add bridge=bridge.hAP3 tagged=bridge.hAP3,ether-1.uplink.hAP3,vAP3-90-EXT2,vAP3-90-EXT5 vlan-ids=90

ip address export as well as dhcp does not bring a result, instead "print":

[91@MikroTik3] /ip address> print 
Flags: X - disabled, I - invalid, D - dynamic 
#   ADDRESS            NETWORK         INTERFACE                                                                                                                                                                                           
0 D 10.0.100.5/24      10.0.100.0      bridge.hAP3

Empty as there is an external DHCP-server ... This hAP ac^2 is a DHCP-Client

[91@MikroTik3] /ip dhcp-server> print 
Flags: D - dynamic, X - disabled, I - invalid 
#    NAME                                                          INTERFACE                                                        RELAY           ADDRESS-POOL                                                        LEASE-TIME ADD-ARP

Client ...

/ip dhcp-client
add dhcp-options=hostname,clientid_duid,clientid disabled=no interface=bridge.hAP3


[91@MikroTik3] /ip dhcp-client> print 
Flags: X - disabled, I - invalid, D - dynamic 
 #   INTERFACE                                                                                                                                                              USE-PEER-DNS ADD-DEFAULT-ROUTE STATUS        ADDRESS            
 0   bridge.hAP3                                                                                                                                                            yes          yes               bound         10.0.100.5/24

floaty · Fri Jul 10, 2020 11:44 pm

booh ... thats rich ... if you have winbox, can you post a screenshot from your "interfaces list"
.
if made a sketch before you started to configure all these ... ? ... can you share ... I'm a picture man.
I can't figure what's the purpose of all this ! : |

coliflower · Fri Jul 10, 2020 11:53 pm

There is only ...

1x bridge
5x ether
2x wlan (chip of 2- and 5GHz) and on that
9x vAP, means 9x VLAN via radio on wlan1 2GHz and
9x vAP, menas 9x VLAN via radio on wlan2 5GHz

Here some pic of interfaceces ...

PastedGraphic-2.png

floaty · Sat Jul 11, 2020 12:02 am

revisited ...
.
in your very well populated bridge:

I configured ether2 to 5 to only works with VLAN90 --> to talks with Clients (un-tagged) ... hopefulle correct.

you've configured a PVID=90 for eth2-5 but (it seems to me() these ports are intended to be just ethernet -access-port for your clients ... change back to PVID1 and try again.
Your Clients are not VLAN-aware so just use eth2-5 as bridged (default-vlan1-) ports to the "bridge"-interface you've allready defined.

floaty · Sat Jul 11, 2020 12:11 am

...
and I cannot be tired of repeating: "do not bridge so effin much!"
bridging is advanced pharmacy ... you do to much ... it turns to poison !
.
the most wellknown traffic-catastrophes happended in conjunction to bridges and tunnels

NO JOKE !

coliflower · Sat Jul 11, 2020 3:11 pm

you've configured a PVID=90 for eth2-5 but (it seems to me() these ports are intended to be just ethernet -access-port for your clients ... change back to PVID1 and try again.
Your Clients are not VLAN-aware so just use eth2-5 as bridged (default-vlan1-) ports to the "bridge"-interface you've allready defined.

I tried but it not help to solve my target ...

BTW ... if I change the PVID1 under Bridge > Ports (INGRESS) than I will stay in VLAN1 / 10.0.100.0/24 network (DHCP), but my target is to only stay in VLAN90 / 10.0.90.0/24 network as it works via WLAN (here I get the correct IP e.g. 10.0.90.100 from DHCP (10.0.90.1) ...)

Regarding INGRESS / EGRESS ... PVID90 / VLAN-ID90 ... isn't it the reason to tag/untag to remove the 90er tag for egress so the client is able to read and if client send untagged to the switchport, the port adds the 90er tag so the can be forwarded to the V(LAN) ...?

Anyway, via WLAN it works perfekt (IP address via DHCP), via LAN, not (on the hAP switch-ports ether 2 to 5)

Any other ideas ?

anav · Sat Jul 11, 2020 3:47 pm

YES POSTING THE EFFING CONFIG
/export hide-sensitive file=anynameyouwish

Posting bits and pieces makes it harder and more guesswork.
This is an easy straight foward functionality that should simply work.

PS. the answer may already be in the bits and pieces, but I dont review bits and pieces most of the time,
I skip to threads where the poster has laid all the facts on the table.

coliflower · Sat Jul 11, 2020 3:52 pm

I skip to threads where the poster has laid all the facts on the table.

Sorry, what relevant information did I miss to post, please ? Do you need the whole export ?
Do you need it as plain text or in a file attached ?

anav · Sat Jul 11, 2020 4:51 pm

Hi there, yes complete config,
Typically most use notepadd++ to open the file and paste it here but using the code tags above.
Thanks!

coliflower · Sat Jul 11, 2020 5:08 pm

Thanks in advance !

Here the export (I had to delete the wireless security profiles) as the command "export hide-sensitive" doesn't.

[91@MikroTik3] > export hide-sensitive 

# jul/11/2020 15:57:25 by RouterOS 6.47
# software id = DE73-UYRN
#
# model = RBD52G-5HacD2HnD

/interface bridge
add admin-mac=48:8F:5A:24:7A:D6 auto-mac=no name=bridge.hAP3 protocol-mode=none vlan-filtering=yes

/interface ethernet
set [ find default-name=ether1 ] name=ether-1.uplink.hAP3
set [ find default-name=ether2 ] name=ether-2.hAP3
set [ find default-name=ether3 ] name=ether-3.hAP3
set [ find default-name=ether4 ] name=ether-4.hAP3
set [ find default-name=ether5 ] name=ether-5.hAP3

/interface wireless
set [ find default-name=wlan1 ] band=2ghz-g/n country=austria disabled=no frequency=auto installation=indoor l2mtu=1598 mode=ap-bridge name=hAP3-2GHz ssid=MikroTik3-2GHz wps-mode=disabled
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-Ceee country=austria disabled=no frequency=auto installation=indoor l2mtu=1598 mode=ap-bridge name=hAP3-5GHz ssid=MikroTik3-5GHz wps-mode=disabled
add disabled=no l2mtu=1598 mac-address=4A:8F:5A:24:7A:12 master-interface=hAP3-2GHz name=vAP3-10-KNX2 ssid=WBC-KNX2 vlan-id=10 vlan-mode=use-tag wps-mode=disabled
add disabled=no l2mtu=1598 mac-address=4A:8F:5A:24:7A:15 master-interface=hAP3-5GHz name=vAP3-10-KNX5 ssid=WBC-KNX5 vlan-id=10 vlan-mode=use-tag wps-mode=disabled
add l2mtu=1598 mac-address=4A:8F:5A:24:7A:22 master-interface=hAP3-2GHz name=vAP3-20-HIFI2 ssid=WBC-HiFi2 vlan-id=20 vlan-mode=use-tag wps-mode=disabled
add l2mtu=1598 mac-address=4A:8F:5A:24:7A:25 master-interface=hAP3-5GHz name=vAP3-20-HIFI5 ssid=WBC-HiFi5 vlan-id=20 vlan-mode=use-tag wps-mode=disabled
add l2mtu=1598 mac-address=4A:8F:5A:24:7A:32 master-interface=hAP3-2GHz name=vAP3-30-DOM2 ssid=WBC-DOM2 vlan-id=30 vlan-mode=use-tag wps-mode=disabled
add l2mtu=1598 mac-address=4A:8F:5A:24:7A:35 master-interface=hAP3-5GHz name=vAP3-30-DOM5 ssid=WBC-DOM5 vlan-id=30 vlan-mode=use-tag wps-mode=disabled
add l2mtu=1598 mac-address=4A:8F:5A:24:7A:42 master-interface=hAP3-2GHz name=vAP3-40-NAS2 ssid=WBC-NAS2 vlan-id=40 vlan-mode=use-tag wps-mode=disabled
add l2mtu=1598 mac-address=4A:8F:5A:24:7A:45 master-interface=hAP3-5GHz name=vAP3-40-NAS5 ssid=WBC-NAS5 vlan-id=40 vlan-mode=use-tag wps-mode=disabled
add l2mtu=1598 mac-address=4A:8F:5A:24:7A:62 master-interface=hAP3-2GHz name=vAP3-60-CAM2 ssid=WBC-CAM2 vlan-id=60 vlan-mode=use-tag wps-mode=disabled
add l2mtu=1598 mac-address=4A:8F:5A:24:7A:65 master-interface=hAP3-5GHz name=vAP3-60-CAM5 ssid=WBC-CAM5 vlan-id=60 vlan-mode=use-tag wps-mode=disabled
add l2mtu=1598 mac-address=4A:8F:5A:24:7A:72 master-interface=hAP3-2GHz name=vAP3-70-KIND2 ssid=WBC-KIND2 vlan-id=70 vlan-mode=use-tag wps-mode=disabled
add l2mtu=1598 mac-address=4A:8F:5A:24:7A:75 master-interface=hAP3-5GHz name=vAP3-70-KIND5 ssid=WBC-KIND5 vlan-id=70 vlan-mode=use-tag wps-mode=disabled

/interface ethernet switch
set 0 name=switch.hAP3

/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk management-protection=allowed mode=dynamic-keys supplicant-identity=password
add authentication-types=wpa2-psk,wpa2-eap eap-methods="" management-protection=allowed mode=dynamic-keys name=WPA2-PSK-EAP_AES-CCM supplicant-identity=password
add authentication-types=wpa2-psk eap-methods="" management-protection=allowed mode=dynamic-keys name=SoSe supplicant-identity=password
add authentication-types=wpa2-psk,wpa2-eap management-protection=allowed mode=dynamic-keys name=gast supplicant-identity=password

/interface wireless
add disabled=no l2mtu=1598 mac-address=4A:8F:5A:24:7A:52 master-interface=hAP3-2GHz name=vAP3-50-MBP2 security-profile=WPA2-PSK-EAP_AES-CCM ssid=WBC-MBP2 vlan-id=50 vlan-mode=use-tag wps-mode=disabled
add disabled=no l2mtu=1598 mac-address=4A:8F:5A:24:7A:55 master-interface=hAP3-5GHz name=vAP3-50-MBP5 security-profile=WPA2-PSK-EAP_AES-CCM ssid=WBC-MBP5 vlan-id=50 vlan-mode=use-tag wps-mode=disabled
add disabled=no l2mtu=1598 mac-address=4A:8F:5A:24:7A:82 master-interface=hAP3-2GHz name=vAP3-80-GAST2 security-profile=gast ssid=WBC-GAST2 vlan-id=80 vlan-mode=use-tag wps-mode=disabled
add disabled=no l2mtu=1598 mac-address=4A:8F:5A:24:7A:85 master-interface=hAP3-5GHz name=vAP3-80-GAST5 security-profile=gast ssid=WBC-GAST5 vlan-id=80 vlan-mode=use-tag wps-mode=disabled
add disabled=no l2mtu=1598 mac-address=4A:8F:5A:24:7A:92 master-interface=hAP3-2GHz name=vAP3-90-EXT2 security-profile=SoSe ssid=WBC-SoSe-2 vlan-id=90 vlan-mode=use-tag wps-mode=disabled
add disabled=no l2mtu=1598 mac-address=4A:8F:5A:24:7A:95 master-interface=hAP3-5GHz name=vAP3-90-EXT5 security-profile=SoSe ssid=WBC-SoSe-5 vlan-id=90 vlan-mode=use-tag wps-mode=disabled

/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot

/ip kid-control
add fri="" mon="" name=kid1 sat="" sun="" thu="" tue="" wed=""
add fri="" mon="" name=kid2 sat="" sun="" thu="" tue="" wed=""

/user group
set full policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,tikapp

/interface bridge port
add bridge=bridge.hAP3 interface=ether-1.uplink.hAP3
add bridge=bridge.hAP3 frame-types=admit-only-untagged-and-priority-tagged interface=ether-2.hAP3 pvid=90
add bridge=bridge.hAP3 frame-types=admit-only-untagged-and-priority-tagged interface=ether-3.hAP3 pvid=90
add bridge=bridge.hAP3 frame-types=admit-only-untagged-and-priority-tagged interface=ether-4.hAP3 pvid=90
add bridge=bridge.hAP3 frame-types=admit-only-untagged-and-priority-tagged interface=ether-5.hAP3 pvid=90
add bridge=bridge.hAP3 interface=hAP3-2GHz
add bridge=bridge.hAP3 interface=hAP3-5GHz
add bridge=bridge.hAP3 frame-types=admit-only-vlan-tagged interface=vAP3-10-KNX2 pvid=10
add bridge=bridge.hAP3 frame-types=admit-only-vlan-tagged interface=vAP3-10-KNX5 pvid=10
add bridge=bridge.hAP3 frame-types=admit-only-vlan-tagged interface=vAP3-20-HIFI2 pvid=20
add bridge=bridge.hAP3 frame-types=admit-only-vlan-tagged interface=vAP3-20-HIFI5 pvid=20
add bridge=bridge.hAP3 frame-types=admit-only-vlan-tagged interface=vAP3-30-DOM2 pvid=30
add bridge=bridge.hAP3 frame-types=admit-only-vlan-tagged interface=vAP3-30-DOM5 pvid=30
add bridge=bridge.hAP3 frame-types=admit-only-vlan-tagged interface=vAP3-40-NAS2 pvid=40
add bridge=bridge.hAP3 frame-types=admit-only-vlan-tagged interface=vAP3-40-NAS5 pvid=40
add bridge=bridge.hAP3 frame-types=admit-only-vlan-tagged interface=vAP3-50-MBP2 pvid=50
add bridge=bridge.hAP3 frame-types=admit-only-vlan-tagged interface=vAP3-50-MBP5 pvid=50
add bridge=bridge.hAP3 frame-types=admit-only-vlan-tagged interface=vAP3-60-CAM2 pvid=60
add bridge=bridge.hAP3 frame-types=admit-only-vlan-tagged interface=vAP3-60-CAM5 pvid=60
add bridge=bridge.hAP3 frame-types=admit-only-vlan-tagged interface=vAP3-70-KIND2 pvid=70
add bridge=bridge.hAP3 frame-types=admit-only-vlan-tagged interface=vAP3-70-KIND5 pvid=70
add bridge=bridge.hAP3 frame-types=admit-only-vlan-tagged interface=vAP3-80-GAST2 pvid=80
add bridge=bridge.hAP3 frame-types=admit-only-vlan-tagged interface=vAP3-80-GAST5 pvid=80
add bridge=bridge.hAP3 frame-types=admit-only-vlan-tagged interface=vAP3-90-EXT2 pvid=90
add bridge=bridge.hAP3 frame-types=admit-only-vlan-tagged interface=vAP3-90-EXT5 pvid=90

/interface bridge vlan
add bridge=bridge.hAP3 tagged=bridge.hAP3,ether-1.uplink.hAP3,vAP3-10-KNX2,vAP3-10-KNX5 vlan-ids=10
add bridge=bridge.hAP3 tagged=bridge.hAP3,ether-1.uplink.hAP3,vAP3-20-HIFI2,vAP3-20-HIFI5 vlan-ids=20
add bridge=bridge.hAP3 tagged=bridge.hAP3,ether-1.uplink.hAP3,vAP3-30-DOM2,vAP3-30-DOM5 vlan-ids=30
add bridge=bridge.hAP3 tagged=bridge.hAP3,ether-1.uplink.hAP3,vAP3-40-NAS2,vAP3-40-NAS5 vlan-ids=40
add bridge=bridge.hAP3 tagged=bridge.hAP3,ether-1.uplink.hAP3,vAP3-50-MBP2,vAP3-50-MBP5 vlan-ids=50
add bridge=bridge.hAP3 tagged=bridge.hAP3,ether-1.uplink.hAP3,vAP3-60-CAM2,vAP3-60-CAM5 vlan-ids=60
add bridge=bridge.hAP3 tagged=bridge.hAP3,ether-1.uplink.hAP3,vAP3-70-KIND2,vAP3-70-KIND5 vlan-ids=70
add bridge=bridge.hAP3 tagged=bridge.hAP3,ether-1.uplink.hAP3,vAP3-80-GAST2,vAP3-80-GAST5 vlan-ids=80
add bridge=bridge.hAP3 tagged=bridge.hAP3,ether-1.uplink.hAP3,vAP3-90-EXT2,vAP3-90-EXT5 vlan-ids=90

/interface wireless cap
set bridge=bridge.hAP3 discovery-interfaces=bridge.hAP3 interfaces=hAP3-2GHz,hAP3-5GHz

/ip arp
add address=10.0.100.1 interface=bridge.hAP3 mac-address=00:0D:B9:47:16:71

/ip cloud
set update-time=no

/ip dhcp-client
add dhcp-options=hostname,clientid_duid,clientid disabled=no interface=bridge.hAP3

/ip service
set www-ssl disabled=no

/ip smb
set comment=Mikrotik-3-SMB domain=wbc.localdomain

/system clock
set time-zone-name=Europe/Vienna

/system identity
set name=MikroTik3

/system leds
add interface=hAP3-2GHz leds=user-led type=wireless-status

/system ntp client
set enabled=yes primary-ntp=10.0.100.1 secondary-ntp=10.0.100.1

.

anav · Sat Jul 11, 2020 7:31 pm

No worries, one doesnt have to delete the whole wireless profile just the sensitive bits - but not usually germane to most issues so not a problem.

In summary you need to read this document as your configuration vis-a-vis vlans is a mess, and pay special attention to section ACCESS POINT after you have read through it to understand the mechanics valid for all setups!!
viewtopic.php?f=13&t=143620

(1) Your problem is defining VLANS in the wrong space. They have no business being identified in the wireless settings.
Vlans needed to be identified in the CAPAC, and associated to the bridge interface.
The bridge ports and bridge vlans identify the interfaces (ports) that are associated with the vlans for ingress and egress (remember bridge ports included wired ports and wlan interfaces).

/interface wireless
set [ find default-name=wlan1 ] band=2ghz-g/n country=austria disabled=no frequency=auto installation=indoor l2mtu=1598 mode=ap-bridge name=hAP3-2GHz ssid=MikroTik3-2GHz wps-mode=disabled
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-Ceee country=austria disabled=no frequency=auto installation=indoor l2mtu=1598 mode=ap-bridge name=hAP3-5GHz ssid=MikroTik3-5GHz wps-mode=disabled
add disabled=no l2mtu=1598 mac-address=4A:8F:5A:24:7A:12 master-interface=hAP3-2GHz name=vAP3-10-KNX2 ssid=WBC-KNX2 vlan-id=10 vlan-mode=use-tag wps-mode=disabled
add disabled=no l2mtu=1598 mac-address=4A:8F:5A:24:7A:15 master-interface=hAP3-5GHz name=vAP3-10-KNX5 ssid=WBC-KNX5 vlan-id=10 vlan-mode=use-tag wps-mode=disabled
add l2mtu=1598 mac-address=4A:8F:5A:24:7A:22 master-interface=hAP3-2GHz name=vAP3-20-HIFI2 ssid=WBC-HiFi2 vlan-id=20 vlan-mode=use-tag wps-mode=disabled
add l2mtu=1598 mac-address=4A:8F:5A:24:7A:25 master-interface=hAP3-5GHz name=vAP3-20-HIFI5 ssid=WBC-HiFi5 vlan-id=20 vlan-mode=use-tag

ETC...

(2) I also dont think its wise to have so many virtual Access Points, I am not sure where I read this somewhere but I think the practical limit was closer to 4 or 6?????\

(3) What subnet are the master wlans1 and 2 running on? If they are also using vlan90 then that needs to be identified on bridge ports via PVID etc.
(4) You have not identified any of the VLANS and what interface they are attached to, in this case the bridge!!!
(5) Finally you have the wrong config for bridge vlans, all the wlan interfaces/ports that are feeding non-smart devices (aka untagged) NEED to be UNTAGGED here!!!!

xvo · Sat Jul 11, 2020 9:34 pm

add bridge=bridge.hAP3 tagged=bridge.hAP3,ether-1.uplink.hAP3,vAP3-90-EXT2,vAP3-90-EXT5 vlan-ids=90

You forgot to specify your ether2-ether5 as untagged ports for vlan-id 90 here.

And btw for you it would be much easier to config vlans in switch menu rather than using bridge vlan filtering (not to mention, that this way you won't lose hw-offloading for traffic between ethernet ports).

xvo · Sat Jul 11, 2020 9:48 pm

Like that:

/interface ethernet switch port
set 0 vlan-mode=secure
set 1 default-vlan-id=90 vlan-mode=secure
set 2 default-vlan-id=90 vlan-mode=secure
set 3 default-vlan-id=90 vlan-mode=secure
set 4 default-vlan-id=90 vlan-mode=secure
set 5 vlan-mode=secure
/interface ethernet switch vlan
add ports=switch1-cpu,ether-1.uplink.hAP3 switch=switch.hAP3 vlan-id=10
add ports=switch1-cpu,ether-1.uplink.hAP3 switch=switch.hAP3 vlan-id=20
add ports=switch1-cpu,ether-1.uplink.hAP3 switch=switch.hAP3 vlan-id=30
add ports=switch1-cpu,ether-1.uplink.hAP3 switch=switch.hAP3 vlan-id=40
add ports=switch1-cpu,ether-1.uplink.hAP3 switch=switch.hAP3 vlan-id=50
add ports=switch1-cpu,ether-1.uplink.hAP3 switch=switch.hAP3 vlan-id=60
add ports=switch1-cpu,ether-1.uplink.hAP3 switch=switch.hAP3 vlan-id=70
add ports=switch1-cpu,ether-1.uplink.hAP3 switch=switch.hAP3 vlan-id=80
add ports=switch1-cpu,ether-1.uplink.hAP3,ether-2.hAP3,ether-3.hAP3,ether-4.hAP3,ether-5.hAP3 switch=switch.hAP3 vlan-id=90

And remove anything vlan-related in /bridge, /bridge port, and /bridge vlan sections.

anav · Sun Jul 12, 2020 4:04 am

xvo is correct there are two ways to configure for vlans (switch chip method and bridge vlan method). The article I noted addresses the latter and its the only way I am familiar with.
I am not aware of a good article explaining the switch chip method but it is more efficient on CPU load. However the additional load on the CPU may not have any effect on your network usage (not noticeable by users). This is just my hunch though........ I have used it on hex routers and nobody complained with 10 vlans running LOL.

xvo · Sun Jul 12, 2020 10:38 am

I have used it on hex routers and nobody complained with 10 vlans running LOL.

Clearly it's not the number of vlans, but the volume of traffic pushed, what makes the difference

coliflower · Sun Jul 12, 2020 12:36 pm

Dear all,

thank you so much for your great support !
I will study your proposals/advices to find some "perfect" solution to my need (primary a working DHCP on ether2 by ether 5, secondary smooth working setup, from security point of view, too) and reply as soon I have any

Have a nice Saturday

anav · Sun Jul 12, 2020 1:23 pm

xvo, the problem is you do not have any reference to guide users when you barge into a thread with your SWITCH CHIP solution LOL.
Take for example this poor guy, no answer cause the switch chip method is just to hard to fathom or document ............
viewtopic.php?f=2&t=163548
So my suggestion is for you to create a decent document, seeing as you have spare time.

xvo · Sun Jul 12, 2020 1:48 pm

It's not "my" own solution in any way.
There is enough info on the official wiki.
https://wiki.mikrotik.com/wiki/Manual:S ... p_Features
https://wiki.mikrotik.com/wiki/Manual:B ... _switching
Those switch chips in smaller devices are limited in functionality, and thus are quite straightforward to setup (in comparison with CRS1XX/2XX devices).
The only problem is that there are different switch chips depending on a particular device, so one should always pay attention to side notes in the mentioned wiki articles.

Concerning your link: the device in question is CRS3XX, so it can fully benefit from "bridge type configuration".

anav · Sun Jul 12, 2020 2:58 pm

duplicate post............

anav · Sun Jul 12, 2020 3:00 pm

I disagree, the wiki is never clear enough, why do you think a proper explanation with clear examples and discussion was created by pcunite for bridged vlans.
I was hoping to voluntold you into the same for the switch chip approach.

I will have a look at your refs to see if I can make heads or tails of them.

Edit: You are right, there is enough info in there to make a configuration, kinda reminds me in a way the settings for my 260GS units which is another beast altogether.

xvo · Sun Jul 12, 2020 3:26 pm

Edit: You are right, there is enough info in there to make a configuration, kinda reminds me in a way the settings for my 260GS units which is another beast altogether.

Yes! That's exactly my point: configuring switch chip in small mikrotik routers is almost as easy (and more or less similar) as doing it on RB260GS in SwOS.

hAP ac^2 | Clients on Switch-Port do not get IP via DHCP

hAP ac^2 | Clients on Switch-Port do not get IP via DHCP

Re: hAP ac^2 | Clients on Switch-Port do not get IP via DHCP

Re: hAP ac^2 | Clients on Switch-Port do not get IP via DHCP

Re: hAP ac^2 | Clients on Switch-Port do not get IP via DHCP

Re: hAP ac^2 | Clients on Switch-Port do not get IP via DHCP

Re: hAP ac^2 | Clients on Switch-Port do not get IP via DHCP

Re: hAP ac^2 | Clients on Switch-Port do not get IP via DHCP

Re: hAP ac^2 | Clients on Switch-Port do not get IP via DHCP

Re: hAP ac^2 | Clients on Switch-Port do not get IP via DHCP

Re: hAP ac^2 | Clients on Switch-Port do not get IP via DHCP

Re: hAP ac^2 | Clients on Switch-Port do not get IP via DHCP

Re: hAP ac^2 | Clients on Switch-Port do not get IP via DHCP

Re: hAP ac^2 | Clients on Switch-Port do not get IP via DHCP

Re: hAP ac^2 | Clients on Switch-Port do not get IP via DHCP

Re: hAP ac^2 | Clients on Switch-Port do not get IP via DHCP

Re: hAP ac^2 | Clients on Switch-Port do not get IP via DHCP

Re: hAP ac^2 | Clients on Switch-Port do not get IP via DHCP

Re: hAP ac^2 | Clients on Switch-Port do not get IP via DHCP

Re: hAP ac^2 | Clients on Switch-Port do not get IP via DHCP

Re: hAP ac^2 | Clients on Switch-Port do not get IP via DHCP

Re: hAP ac^2 | Clients on Switch-Port do not get IP via DHCP

Re: hAP ac^2 | Clients on Switch-Port do not get IP via DHCP

Re: hAP ac^2 | Clients on Switch-Port do not get IP via DHCP

Who is online