Community discussions

MikroTik App
 
pvanthony
just joined
Topic Author
Posts: 3
Joined: Wed Mar 31, 2021 9:54 am

Vlan no internet - hEX router 6.48.1

Sun Apr 11, 2021 10:10 pm

Need help to get internet on the vlan.
Here is what was done.
1. Turned on the hEX router.
2. connected using winbox
3. Do the quick setup wizard.
4. working with internet.(Ethernet 1)
5. Bridge setup by quick setup has the ip 192.168.88.1
6. update to 6.48.1
7. Created a vlan with id 10 on the bridge.
8. Create the vlan address 192.168.100.1
8. Create dhcp pool for address. 192.168.100.2 to 199
9. Created dhcp server
10. Wireless phone can connected to the wireless ap that is connected to the vlan 10.
Can get the correct ip from the dhcp. But no internet. Cannot ping to 8.8.8.8.
Can ping the vlan 10 ip which is 192.168.100.1

What else needs to be done? Firewall? I am really lost.
 
pvanthony
just joined
Topic Author
Posts: 3
Joined: Wed Mar 31, 2021 9:54 am

Re: Vlan no internet - hEX router 6.48.1

Mon Apr 12, 2021 8:37 pm

Just figured out how to get the current config out of the router. Here is the exported config.
I really hope someone can help to see why there is no internet on the vlan10.
# apr/13/2021 01:30:41 by RouterOS 6.48.1
# software id = SN77-4XZZ
#
# model = RB750Gr3
# serial number = CC230C681EDF
/interface bridge
add admin-mac=48:8F:5A:88:53:73 auto-mac=no comment=defconf name=bridge
/interface vlan
add interface=bridge name=vlan10 vlan-id=10
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
add name=vlan10 ranges=192.168.100.2-192.168.100.199
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge name=defconf
add address-pool=vlan10 disabled=no interface=vlan10 name=vlan10
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=\
    192.168.88.0
add address=192.168.100.1/24 interface=vlan10 network=192.168.100.0
/ip dhcp-client
add comment=defconf disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
add action=drop chain=forward disabled=yes in-interface=vlan10 \
    out-interface-list=!WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
/system clock
set time-zone-name=Asia/Singapore
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN

 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11383
Joined: Thu Mar 03, 2016 10:23 pm

Re: Vlan no internet - hEX router 6.48.1

Mon Apr 12, 2021 8:47 pm

Your setup is missing half of DHCP server settings (in /ip dhcp-server network in particular).

VLAN setup is almost non-existent. I suggest you to read through this excellent tutorial.
 
pvanthony
just joined
Topic Author
Posts: 3
Joined: Wed Mar 31, 2021 9:54 am

Re: Vlan no internet - hEX router 6.48.1

Tue Apr 20, 2021 9:34 am

Your setup is missing half of DHCP server settings (in /ip dhcp-server network in particular).
Oh man! This is so embaressing. You are completely right. What a bo bo.
I have added the settings in dhcp-server > network and now it is working.
Thank you so much for the advice. It has been really helpful!
VLAN setup is almost non-existent. I suggest you to read through this excellent tutorial.
Ok. I will read up. Thank you for the link.

Once again thank you very much for helping.

Who is online

Users browsing this forum: No registered users and 44 guests