As in title I've already describe maybe next I'll show my configuration.
Code: Select all
# jun/1/2021 18:41:08 by RouterOS 6.49beta27
#
# model =RB750Gr3
/interface bridge
add name=local-network
add igmp-snooping=yes name=orange-iptv
/interface ethernet
set [ find default-name=ether1 ] name=eth1-WAN
set [ find default-name=ether2 ] name=eth2-TV
set [ find default-name=ether3 ] name=eth3-AX11000
/interface vlan
add interface=eth1-WAN mtu=1492 name=vlan-orange vlan-id=35
add interface=eth1-WAN name=vlan-orange-tv vlan-id=839
add interface=eth1-WAN name=vlan-orange-vod vlan-id=838
add interface=eth2-TV name=vlan-orange-tv-local vlan-id=100
/interface pppoe-client
add name=pppoe-orange add-default-route=yes disabled=no interface=vlan-orange keepalive-timeout=disabled max-mtu=1492 use-peer-dns=yes user="X@neostrada.pl" password="X"
/interface list
add name=WAN
add name=LAN
add name=IPTV
/ip dhcp-client option
add code=60 name=vendor-class-identifier value="'sagemcom'"
add code=61 name=dhcp-client-identifier value="'X'"
add code=77 name=user-class value="0x2546535644534c5f66756e626f782e4d4c54562e736f66746174686f6d652e46756e626f7836"
/ip pool
add name=dhcp ranges=192.168.1.100-192.168.1.254
add name=orange-tv ranges=192.168.2.1-192.168.2.10
/ip dhcp-server
add add-arp=yes address-pool=dhcp always-broadcast=yes disabled=no interface=local-network lease-time=3h name=defconf
add address-pool=orange-tv disabled=no interface=vlan-orange-tv-local lease-time=3h name=dhcp-iptv
/interface bridge filter
add action=set-priority chain=output new-priority=4 out-interface=vlan-orange-tv passthrough=yes
add action=set-priority chain=output new-priority=4 out-interface=vlan-orange-vod passthrough=yes
/interface bridge port
add bridge=local-network comment=defconf interface=eth2-TV
add bridge=local-network comment=defconf interface=eth3-AX11000
add bridge=orange-iptv interface=vlan-orange-tv
add bridge=orange-iptv interface=vlan-orange-vod
/interface bridge settings
set use-ip-firewall=yes use-ip-firewall-for-vlan=yes
/interface list member
add interface=local-network list=LAN
add interface=eth1-WAN list=WAN
add interface=pppoe-orange list=WAN
add interface=orange-iptv list=IPTV
add interface=vlan-orange-tv-local list=IPTV
/ip address
add address=192.168.1.1/24 comment=defconf interface=eth3-AX11000 network=192.168.1.0
add address=192.168.2.1/24 interface=eth2-TV network=192.168.2.0
/ip dhcp-client
add add-default-route=special-classless default-route-distance=210 dhcp-options=hostname,dhcp-client-identifier,vendor-class-identifier,user-class disabled=no interface=orange-iptv use-peer-ntp=no
/ip dhcp-server lease
add address=192.168.1.2 comment="TP-Link Archer AX11000" mac-address=X server=defconf
/ip dhcp-server network
add address=192.168.1.0/24 comment=defconf gateway=192.168.1.1 netmask=24
add address=192.168.2.0/24 gateway=192.168.2.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=1.1.1.1,8.8.8.8
/ip dns static
add address=192.168.1.1 name=MikroTik-RB750Gr3
/ip firewall address-list
add address=192.168.1.0/24 list=internal
add address=192.168.2.0/24 list=guest
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="Accept incoming IPTV" in-interface-list=IPTV
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=drop chain=forward dst-address-list=internal src-address-list=guest
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=accept chain=forward in-interface=vlan-orange-tv-local out-interface=pppoe-orange
add action=accept chain=forward disabled=yes in-interface=vlan-orange-tv-local out-interface=orange-iptv
add action=accept chain=forward in-interface=orange-iptv out-interface=vlan-orange-tv-local
add action=accept chain=forward connection-state=established,related disabled=yes in-interface=orange-iptv
add action=drop chain=forward in-interface-list=IPTV
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat out-interface=orange-iptv
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote
/routing igmp-proxy
set quick-leave=yes
/routing igmp-proxy interface
add alternative-subnets=0.0.0.0/0 interface=orange-iptv upstream=yes
add alternative-subnets=0.0.0.0/0 interface=eth2-TV
But, within this configuration all imports are fine, PPPoE connection are fine & establisted. But main problem is that DHCP client didn't receive IP address.
What should I change to fix my configuration? Maybe now I explain how to I want to set it in my home.
Light -> ONT (Huawei) -> MikroTik RB750Gr3:
- eth1 - WAN
- eth2 - LAN -> Samsung ICU100 (IPTV, 192.168.2.1-192.168.2.10)
- eth3 - LAN -> AX11000 (DHCP, dynamic for unsecure (192.168.1.100-192.168.1.254), static for secure(192.168.1.2-192.168.1.99)
Best regards from Poland,
Gregory