Community discussions

MikroTik App
 
shados
just joined
Topic Author
Posts: 5
Joined: Sun Aug 29, 2021 6:11 pm

VLAN

Mon Aug 30, 2021 2:32 am

Hello guys, I guess my questions are going to be stupid, but I'm lost and I can't find a solution. What I'm trying to do is to set up two VLANs with different IP address ranges on ether 2 and 3. I have default Mikrotik config with 1 bridge and DHCP server that is attached to that bridge. All LAN ports are bridged, well, everything defaulted.
I create 2 VLANs for ether2 and 3. I set up 2 additional DHCP servers with completely different private ranges of IP addresses. I add those ranges to the pool and address list. But the devices in these VLANs never get IP addresses from new DHCP servers, I tried removing the bridge and original DHCP server completely but it causes the whole thing to stop working altogether.
Could you please pinpoint how I can isolate ether2 and ether3 from one another and allocate different IP address ranges to both interfaces? Thanks!
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: VLAN

Mon Aug 30, 2021 6:53 pm

First the best path to success and happiness is good communications.
A network diagram is always helpful as it helps organize your thoughts and lets us know what equipment is in the mix and some intentions.
Finally, a good idea is for you to express the requirements in terms of what users/device should be able to do and not to do but without any talk of equipment solution or configuration.

Last is to show us the progress to date........
/export hide-sensitive file=anynameyouwish

Note you do not really need vlans unless you RUN out of ports or want to send MORE than one subnet on a single port.
 
shados
just joined
Topic Author
Posts: 5
Joined: Sun Aug 29, 2021 6:11 pm

Re: VLAN

Sat Sep 04, 2021 12:23 pm

Thank you for the response. Let's do something very simple. How do I configure the DHCP server for VLAN on ether2? When I set up the second DHCP for that VLAN specifically it still gets overridden by the primary bridge DHCP, how do I keep the bridge DHCP server from assigning IP addresses to devices on my VLAN? If I were to delete bridge DHCP whole internet goes down and devices on ether2 (VLAN) never getting IP addresses.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11433
Joined: Thu Mar 03, 2016 10:23 pm

Re: VLAN

Sat Sep 04, 2021 12:44 pm

Networking basics: in princliple[*] there can only be one DHCP server per L2 broadcast domain[**]. So first thing you need to get straight is your L2 network and only after that deal with issues of your higher layers (IP is L3, DHCP is strictly speaking L2 but with hooks to L3).

[*] There can be more than one DHCP server per L2 broadcast domain, but all of them either
  1. work independently and it's matter of almost randomness as to which DHCP server's offer will be used by DHCP client. Not entirely randmoness, it's the answer of DHCP server which answers first. Which can be affected by network latencies and DHCP server performance.
  2. are configured in master/slave or multi-master configuration which means they synchronize lease data behind the scene. They both/all serve IP settings for the same IP subnet. That's a very advanced feature of DHCP servers, most of implementations don't support it.

[**] L2 broadcast domain is nowdays most commonly an ethernet network, delimited from other L2 broadcast domains by a router. Switches and bridges are parts of same L2 broadcast domain, so if you have multiple ports members of same bridge in ROS, that's still same L2 domain.

Another L2 entity is VLAN (although it's on top of another L2 entity, which is ethernet subnet), so same principles (single DHCP server) apply.

And when dealing with bridged L2 networks in ROS, the proper thing is to bind services, provided by router (everything IP-related, also DHCP server and client), to bridge interface ... member ports should be considered as ports, not interfaces. This article nicely explains multiple personalities of a bridge in ROS.

You probably wonder what's the difference between interface and port: interface is an entity which allows device to interact with connected device(s). Nowdays interaction is done mostly via IP, so interface allows IP configuration. Port, OTOH, is an entity which allows to connect device(s). On computer and router (in the narrow meaning), interface is almost synonymous for port as one interface is bound to exactly one port. On switch (or bridge), there are many ports members of same L2 broadcast domain, but there are no interfaces (when talking about non-managed switches). Or there can be a single interface which allows switch (or bridge) device to interact to all devices connected to ports of same switch/bridge.
When creating bridge in ROS, member ports (e.g. etherX) should not be used as interfaces any more. Although ROS does allow to use member ports as interfaces, it's still wrong.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11433
Joined: Thu Mar 03, 2016 10:23 pm

Re: VLAN

Sat Sep 04, 2021 1:10 pm

I forgot to add: there's a really great tutorial, which explains how to properly configure VLANs in RouterOS.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: VLAN

Sat Sep 04, 2021 2:16 pm

Thank you for the response. Let's do something very simple. How do I configure the DHCP server for VLAN on ether2? When I set up the second DHCP for that VLAN specifically it still gets overridden by the primary bridge DHCP, how do I keep the bridge DHCP server from assigning IP addresses to devices on my VLAN? If I were to delete bridge DHCP whole internet goes down and devices on ether2 (VLAN) never getting IP addresses.
This is where a network diagram and a set of requirements will make it very clear to you and to the reader what is possible, logical and then optimal in terms of configuring the router.
You are trying to explain requirements in terms of the config which is the wrong approach.
What you need to state is what are the needs of the single or groups of users/devices , what they should be able to do and what they should not be able to do
with no mention of the config.
 
Zacharias
Forum Guru
Forum Guru
Posts: 3459
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: VLAN

Sat Sep 04, 2021 6:15 pm

@mkx, DHCP is a Layer 7 ( Application Layer ) Protocol ...
https://help.mikrotik.com/docs/display/ ... r+Networks
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11433
Joined: Thu Mar 03, 2016 10:23 pm

Re: VLAN

Sat Sep 04, 2021 9:18 pm

Right ...
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: VLAN

Sun Sep 05, 2021 2:19 am

Right ...
Right as in your correct or is that a Right sarcastically??
I cant tell this time..........
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11433
Joined: Thu Mar 03, 2016 10:23 pm

Re: VLAN

Sun Sep 05, 2021 1:58 pm

Right ...
Right as in your correct or is that a Right sarcastically??
I cant tell this time..........

Both.

Sometimes I don't get how some particular thing fits into OSI 7 layer scheme. DHCP being service which (upon request) returns some data (IP address, network mask, gateway address, etc.) is L7 indeed. But my own view is that it fits into lower layers because it somehow configures L3. But I guess my own view doesn't count, it just confuses me :wink:

Sometimes OSI layering is plain confusing. For example take EoIP: ethernet is L2 and in this case it's carried over IP which is L3. Higher layers are usually carried over lower layers.
 
Zacharias
Forum Guru
Forum Guru
Posts: 3459
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: VLAN

Sun Sep 05, 2021 5:38 pm

Yes indeed is confusing...

Many times i forget it too...
But its a L7 client-server protocol that assists L2 functionalities ...

Who is online

Users browsing this forum: kkeyser, mtkvvv and 41 guests