I am trying to create a separate subnet for my small homelab. Since I'm new to networking, trying to learn, but still not complicate things too much, the new network should have access to the main network and to the internet.
My main network is 192.168.0.0/24, the router/modem from my ISP takes care of wifi, dhcp and everything else. I connected one of the ports with my switch, which connects my main pc, TV.
The switch is also connected with Mikrotiik Hap ac2, which until now was being used as a WIFI access point (configured by using QuickSet).
The wan port is connected to the switch, ports 2-4 are used for computers from my small homelab.
However I'd like to separate the networks a bit and use the ethernet ports 2-4 for a different network, for example 172.31.0.0 or 192.168.1.0.
This network should have access to the internet.
I have managed to configure the Mikrotik to give those PCs an IP address with a predefined DNS server, however none of them can access the internet or any other computer in the household.
Here is a quick scheme of my setup:
* Link to the image: https://ibb.co/nwFzGLG
This is my configuration:
Code: Select all
# mar/07/2021 16:23:05 by RouterOS 6.47.7
# software id = Q6K6-I8T1
#
# model = RBD52G-5HacD2HnD
# serial number = C6140C325ACD
/interface bridge
add admin-mac=48:8F:5A:A5:CF:86 auto-mac=no comment=defconf name=bridge
add name=bridge2-hypervisors
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
disabled=no distance=indoors frequency=auto installation=indoor mode=\
ap-bridge name=wlan1_2.4 ssid="You know the rules and so do I" \
wireless-protocol=802.11
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
20/40/80mhz-XXXX country=slovenia disabled=no distance=indoors \
installation=indoor mode=ap-bridge name=wlan2_5ghz ssid=\
"You know the rules and so do I" wireless-protocol=802.11
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys \
supplicant-identity=MikroTik
/ip dhcp-server
add interface=bridge name=defconf
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=pool1-hypervisors ranges=172.31.0.2-172.31.0.250
/ip dhcp-server
add address-pool=pool1-hypervisors disabled=no interface=bridge2-hypervisors \
name=dhcpserver-hyperv
/interface bridge port
add bridge=bridge2-hypervisors comment=defconf interface=ether2
add bridge=bridge2-hypervisors comment=defconf interface=ether3
add bridge=bridge2-hypervisors comment=defconf interface=ether4
add bridge=bridge2-hypervisors comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=wlan1_2.4
add bridge=bridge comment=defconf interface=wlan2_5ghz
add bridge=bridge interface=ether1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface detect-internet
set detect-interface-list=all
/interface list member
add comment=defconf interface=ether1 list=WAN
add interface=ether2 list=LAN
add interface=ether3 list=LAN
add interface=ether4 list=LAN
add interface=ether5 list=LAN
add interface=wlan2_5ghz list=LAN
add interface=wlan1_2.4 list=LAN
/ip address
add address=192.168.0.251/24 comment=defconf disabled=yes interface=ether2 \
network=192.168.0.0
add address=172.31.0.1/24 interface=bridge2-hypervisors network=172.31.0.0
/ip dhcp-client
add comment=defconf disabled=no interface=bridge
/ip dhcp-server network
add address=172.31.0.0/24 dns-server=77.111.1.77,8.8.8.8 gateway=172.31.0.1
/ip dns
set allow-remote-requests=yes servers=77.111.1.77,8.8.8.8
/ip dns static
add address=192.168.0.251 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat
/ip route
add distance=1 dst-address=192.168.0.0/24 gateway=bridge2-hypervisors
/system clock
set time-zone-name=Europe/Ljubljana
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
Code: Select all
tracert:
C:\WINDOWS\system32>tracert 8.8.8.8
Tracing route to dns.google [8.8.8.8]
over a maximum of 30 hops:
1 172.31.0.1 reports: Destination net unreachable.
Trace complete.
ipconfig:
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) Ethernet Connection (4) I219-V
Physical Address. . . . . . . . . : 48-2A-E3-00-E8-87
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::8c8d:171a:9d5d:831%13(Preferred)
IPv4 Address. . . . . . . . . . . : 172.31.0.249(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, March 7, 2021 4:13:28 PM
Lease Expires . . . . . . . . . . : Sunday, March 7, 2021 4:23:28 PM
Default Gateway . . . . . . . . . : 172.31.0.1
DHCP Server . . . . . . . . . . . : 172.31.0.1
DHCPv6 IAID . . . . . . . . . . . : 105392867
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-23-FC-31-76-48-2A-E3-00-E8-87
DNS Servers . . . . . . . . . . . : 77.111.1.77
8.8.8.8
NetBIOS over Tcpip. . . . . . . . : Enabled
I've been folowing these tutorials/threads, however Im a bit lost now:
- viewtopic.php?t=139330
- How to run multiple networks from a Mikrotik
- viewtopic.php?t=87458
- MikroTik Tutorial 42 - Separate DHCP Server for WiFi Clients
How could I make this work? What should be changed?
Thank you for any suggestions :)