Community discussions

MikroTik App
 
44alphabet
just joined
Topic Author
Posts: 1
Joined: Sun Jun 13, 2021 5:01 am

Hap ac2 Vlan DHCP problem

Sun Jun 20, 2021 12:22 pm

Hi guys I'm totally new to Mikrotik and need some help here
My device is rbd52g-5hacd2hnd-tc with RouterOS 6.48.3
Currently learning about vlan by following this great topic viewtopic.php?t=143620 to test it out
I've followed all the configuration in RouterSwitchAP.rsc to test it out only 2.4GHz and leave 5GHz untouched
Now my problem is all of the vlans (BASE,GREEN and BLUE) don't get ip address from DHCP server
Could you please point me some direction? thanks

Here is my config
/interface bridge
add name=BR1 protocol-mode=none vlan-filtering=yes
/interface wireless
set [ find default-name=wlan1 ] disabled=no frequency=auto mode=ap-bridge \
    ssid=BLUE
set [ find default-name=wlan2 ] ssid=MikroTik
/interface vlan
add interface=BR1 name=BASE_VLAN vlan-id=99
add interface=BR1 name=BLUE_VLAN vlan-id=10
add interface=BR1 name=GREEN_VLAN vlan-id=20
/interface list
add name=WAN
add name=VLAN
add name=BASE
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys \
    supplicant-identity=MikroTik
add authentication-types=wpa2-psk mode=dynamic-keys name=guest \
    supplicant-identity=MikroTik
add authentication-types=wpa2-psk mode=dynamic-keys name=Base \
    supplicant-identity=MikroTik
/interface wireless
add disabled=no mac-address=BA:69:F4:14:61:FD master-interface=wlan1 name=\
    wlan3 security-profile=guest ssid=GREEN
add disabled=no mac-address=BA:69:F4:14:61:FE master-interface=wlan1 name=\
    wlan4 security-profile=Base ssid=BASE
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/ip pool
add name=BLUE_POOL ranges=10.0.10.2-10.0.10.254
add name=GREEN_POOL ranges=10.0.20.2-10.0.20.254
add name=BASE_POOL ranges=192.168.0.10-192.168.0.254
/ip dhcp-server
add address-pool=BLUE_POOL disabled=no interface=BLUE_VLAN name=BLUE_DHCP
add address-pool=GREEN_POOL disabled=no interface=GREEN_VLAN name=GREEN_DHCP
add address-pool=BASE_POOL disabled=no interface=BASE_VLAN name=BASE_DHCP
/interface bridge port
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged \
    ingress-filtering=yes interface=ether2 pvid=10
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged \
    ingress-filtering=yes interface=ether3 pvid=10
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged \
    ingress-filtering=yes interface=wlan1 pvid=10
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged \
    ingress-filtering=yes interface=ether4 pvid=20
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged \
    ingress-filtering=yes interface=wlan3 pvid=20
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged \
    ingress-filtering=yes interface=wlan4 pvid=99
/ip neighbor discovery-settings
set discover-interface-list=BASE
/interface list member
add interface=ether1 list=WAN
add interface=BASE_VLAN list=VLAN
add interface=BLUE_VLAN list=VLAN
add interface=GREEN_VLAN list=VLAN
add interface=BASE_VLAN list=BASE
/ip address
add address=192.168.0.1/24 interface=BASE_VLAN network=192.168.0.0
add address=10.0.10.1/24 interface=BLUE_VLAN network=10.0.10.0
add address=10.0.20.1/24 interface=GREEN_VLAN network=10.0.20.0
/ip dhcp-server network
add address=10.0.10.0/24 dns-server=192.168.0.1 gateway=10.0.10.1
add address=10.0.20.0/24 dns-server=192.168.0.1 gateway=10.0.20.1
add address=192.168.0.0/24 dns-server=192.168.0.1 gateway=192.168.0.1
/ip dns
set allow-remote-requests=yes servers=9.9.9.9
/ip firewall filter
add action=accept chain=input comment="Allow Estab & Related" \
    connection-state=established,related
add action=accept chain=input comment="Allow VLAN" in-interface-list=VLAN
add action=accept chain=input comment="Allow Base_Vlan Full Access" \
    in-interface=BASE_VLAN
add action=drop chain=input comment=Drop
add action=accept chain=forward comment="Allow Estab & Related" \
    connection-state=established,related
add action=accept chain=forward comment="VLAN Internet Access only" \
    connection-state=new in-interface-list=VLAN out-interface-list=WAN
add action=drop chain=forward comment=Drop
/ip firewall nat
add action=masquerade chain=srcnat comment="Default masquerade" \
    out-interface-list=WAN
/system identity
set name=RouterSwitchAP
/system logging
add topics=debug
add topics=dhcp
/tool mac-server
set allowed-interface-list=BASE
/tool mac-server mac-winbox
set allowed-interface-list=BASE
 
oldcrow
just joined
Posts: 21
Joined: Sun Jul 15, 2018 11:04 am

Re: Hap ac2 Vlan DHCP problem

Thu Jun 24, 2021 3:42 am

Hi 44alphabet

As a beginner I am impressed!
When you look with Winbox.exe are the servers enabled? you seem to have missed disabled=no from the howto /ip dhcp-server section

Let us know how you get on

Cheers
oldcrow.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Hap ac2 Vlan DHCP problem

Thu Jun 24, 2021 3:48 am

what you have read???
disabled=no is present on all:

/ip dhcp-server
add address-pool=BLUE_POOL disabled=no interface=BLUE_VLAN name=BLUE_DHCP
add address-pool=GREEN_POOL disabled=no interface=GREEN_VLAN name=GREEN_DHCP
add address-pool=BASE_POOL disabled=no interface=BASE_VLAN name=BASE_DHCP
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19100
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Hap ac2 Vlan DHCP problem

Thu Jun 24, 2021 4:06 am

My only comments are with the firewall settings. See additions.........
/ip firewall filter
add action=accept chain=input comment="Allow Estab & Related" \
connection-state=established,related

add action=drop chain=input connection-state=invalid
add action=accept chain=input comment="Allow VLAN" in-interface-list=VLAN Remove, the Base Vlan should have full access not the VLAN interfaces!!!
add action=accept chain=input comment="Allow Base_Vlan Full Access" \
in-interface=BASE_VLAN
add action=accept chain=input comment="Allow LAN DNS queries - TCP" \
connection-state=new dst-port=53 in-interface-list=VLAN protocol=tcp
add action=accept chain=input comment="Allow LAN DNS queries-UDP" \
connection-state=new dst-port=53 in-interface-list=VLAN protocol=udp

add action=drop chain=input comment=Drop
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related

add action=accept chain=forward comment="Allow Estab & Related" \
connection-state=established,related

add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid

add action=accept chain=forward comment="VLAN Internet Access only" \
connection-state=new in-interface-list=VLAN out-interface-list=WAN
add action=drop chain=forward comment=Drop
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19100
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Hap ac2 Vlan DHCP problem

Thu Jun 24, 2021 4:11 am

In addition I didnt see the Bridge vlan settings........although you have no trunk ports so all the access ports will be created dynamically when needed.
It would look like this, if one wanted to express it manually

/interface bridge vlan
add bridge=BR1 untagged=ether2,ether3,wlan1 vlan-ids=10
add bridge=BR1 untagged=ether4,wlan3 vlan-ids=20
add bridge=BR1 untagged=wlan4 vlan-ids=99
 
tdw
Forum Guru
Forum Guru
Posts: 1843
Joined: Sat May 05, 2018 11:55 am

Re: Hap ac2 Vlan DHCP problem

Thu Jun 24, 2021 4:13 am

There doesn't appear to be any /interface bridge vlan configuration present - the untagged VLAN membership will be generated automatically from the port PVID settings, but the tagged membership on the bridge-to-cpu interface will be missing hence no connectivity, DHCP, etc.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19100
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Hap ac2 Vlan DHCP problem

Thu Jun 24, 2021 1:23 pm

TDW, there are no trunk ports here so I dont think that bridge vlan filtering needs to be explicitly stated.
It should work as is! In other words disagree the bridge does not need to be tagged.
 
tdw
Forum Guru
Forum Guru
Posts: 1843
Joined: Sat May 05, 2018 11:55 am

Re: Hap ac2 Vlan DHCP problem

Thu Jun 24, 2021 3:09 pm

No - the bridge-to-CPU interface is a trunk port too, so
/interface bridge vlan
add bridge=BR1 tagged=BR1 vlan-ids=10
add bridge=BR1 tagged=BR1 vlan-ids=20
add bridge=BR1 tagged=BR1 vlan-ids=99
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19100
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Hap ac2 Vlan DHCP problem

Thu Jun 24, 2021 5:01 pm

Okay so the Bridge vlan settings need to be stated regardless
with jus the bridge tagged as you stated but without any TAGs ur UNTAGS for the vlan ids? (well the untags are dynamically added anyway).

Interesting, i will check as this may be a missing piece from the related useful article.
Thanks much for your input!!!
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19100
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Hap ac2 Vlan DHCP problem

Thu Jun 24, 2021 5:44 pm

of course I would put it this way......as I like to see the config..........

/interface bridge vlan
add bridge=BR1 tagged=BR1 untagged=ether2,ether3,wlan1 vlan-ids=10
add bridge=BR1 tagged=BR1 untagged=ether4,wlan3 vlan-ids=20
add bridge=BR1 tagged=BR1 untagged=wlan4 vlan-ids=99

Who is online

Users browsing this forum: anav, Nospam, qatar2022 and 36 guests