Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

Assigning an ethernet port to different subnet and priority

Post Reply
 
Jansza
just joined
Topic Author
Posts: 2
Joined: Sat Jun 26, 2021 2:38 pm

Assigning an ethernet port to different subnet and priority

Sat Jun 26, 2021 4:29 pm

Hello!
I'm now a proud owner of a Chateau LTE12, it's a great bang-for-the-buck device when LTE capability is concerned.
The sheer amount of configuration options is awesome but makes me feel like I've fallen into enterprise-grade networking by accident.
I'm an avid GUI user and it's rather confusing.

I have a NAS with two ethernet ports connected to my Chateau.
What I'm trying to achieve is that one of these connections is handled as the lowest possible priority by my Chateau, preferably it's also separated from my LAN.
So for example in case I'm creating an off-site backup in the middle of the day using that second low priority port in my NAS it wouldn't make video calls or Youtube watching impossible for me or other users in my LAN.

What I've done up to this point?
  • Created a new DHCP pool in different subnet (192.168.2.0/24 vs the main 192.168.1.0/24 one).
  • Created a new bridge
  • Assigned port 5 of my Chateau to this new subnet
At this point my NAS cannot get a proper address on that second connection and I'm a bit stumped.

Can anyone point me in the right direction? Am I even trying to solve the task in a correct manner?

Best regards,
Jansza
Top
 
aesmith
Member Candidate
Member Candidate
Posts: 264
Joined: Wed Mar 27, 2019 6:43 pm

Re: Assigning an ethernet port to different subnet and priority

Mon Jun 28, 2021 5:19 pm

There are a few steps to creating and activating a DHCP server and scope. Could you post up your existing configuration? You could start with just the DHCP config for brevity ..
Code: Select all
ip pool export

ip dhcp export
Or the full config to be sure ..
Code: Select all
/export hide
Top
 
Jansza
just joined
Topic Author
Posts: 2
Joined: Sat Jun 26, 2021 2:38 pm

Re: Assigning an ethernet port to different subnet and priority

Mon Jun 28, 2021 6:37 pm

Hello!

Here it is:
Code: Select all
/interface bridge
add admin-mac=2C:C8:1B:59:93:F0 auto-mac=no comment=defconf name=bridge
add name=nassu_wan
/interface wireless
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-XXXX country=estonia disabled=no distance=indoors frequency=auto installation=indoor mode=ap-bridge name=Deepweb ssid=Deepweb wireless-protocol=802.11 wps-mode=disabled
set [ find default-name=wlan1 ] band=2ghz-g/n channel-width=20/40mhz-XX country=estonia distance=indoors frequency=auto installation=indoor mode=ap-bridge ssid=DeepwebDisabled wireless-protocol=802.11
/interface ethernet
set [ find default-name=ether5 ] rx-flow-control=auto tx-flow-control=auto
/interface lte
set [ find ] allow-roaming=yes band=1,3,7,20,8,38,40,41,5,28 name=lte1 network-mode=lte
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface lte apn
set [ find default=yes ] ip-type=ipv4
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=dynamic-keys supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.1.20-192.168.1.254
add name=nassu_wlan_pool ranges=192.168.2.20-192.168.2.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether1
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=nassu_wan comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=Deepweb
/ip neighbor discovery-settings
set discover-interface-list=LAN
/ip settings
set accept-redirects=yes accept-source-route=yes
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=lte1 list=WAN
/interface lte settings
set external-antenna=auto
/ip address
add address=192.168.1.1/24 comment=defconf interface=bridge network=192.168.1.0
add address=192.168.2.1/24 interface=nassu_wan network=192.168.2.0
/ip dhcp-server network
add address=192.168.1.0/24 comment=defconf dns-server=192.168.1.1 gateway=192.168.1.1
add address=192.168.2.0/24 dns-server=192.168.1.1 gateway=192.168.1.1
/ip dns
set allow-remote-requests=yes servers=1.1.1.1,8.8.8.8
/ip dns static
add address=192.168.1.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related hw-offload=yes
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh disabled=yes
set winbox disabled=yes
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=bridge type=internal
add interface=lte1 type=external
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=33434-33534 protocol=udp
add action=accept chain=input comment="defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=input comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=forward comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
/system clock
set time-zone-name=Europe/Tallinn
/system routerboard mode-button
set enabled=yes on-event=dark-mode
/system script
add comment=defconf dont-require-permissions=no name=dark-mode owner=*sys policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\
    "\r\
    \n   :if ([system leds settings get all-leds-off] = \"never\") do={\r\
    \n     /system leds settings set all-leds-off=immediate \r\
    \n   } else={\r\
    \n     /system leds settings set all-leds-off=never \r\
    \n   }\r\
    \n "
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
Is the general idea of how I'm trying to solve my task correct or is there a better way to do it?

Br,
Jansza
Top
 
aesmith
Member Candidate
Member Candidate
Posts: 264
Joined: Wed Mar 27, 2019 6:43 pm

Re: Assigning an ethernet port to different subnet and priority

Wed Jun 30, 2021 6:08 pm

You have two DHCP pools defined and networks defined, but only one is being used by a DHCP server. The gateway is wrong on your second pool as well, if I understand your overall configuration properly. The gateway needs to be on the same subnet as the host addressing.
Code: Select all
/ip pool
add name=dhcp ranges=192.168.1.20-192.168.1.254
add name=nassu_wlan_pool ranges=192.168.2.20-192.168.2.254

/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf

/ip dhcp-server network
add address=192.168.1.0/24 comment=defconf dns-server=192.168.1.1 gateway=192.168.1.1
add address=192.168.2.0/24 dns-server=192.168.1.1 gateway=192.168.1.1

So if you excuse any typo I might make, you need to add something like ...
Code: Select all
/ip dhcp-server network
add address=192.168.2.0/24 dns-server=192.168.1.1 gateway=192.168.2.1

/ip dhcp-server
add address-pool=nassu_wlan_pool disabled=no interface=nassu_wan name=Something

Or you can do this from Winbox under IP / DHCP Server
Top
Post Reply

Who is online

Users browsing this forum: Amazon [Bot] and 44 guests
  4. RouterOS
  5. Beginner Basics