Community discussions

MikroTik App
 
plum
just joined
Topic Author
Posts: 13
Joined: Mon May 22, 2017 3:40 pm

dhcp in vlans not working on CCR2004

Sat Oct 29, 2022 8:17 pm

Hi guys

I am sorry to use up your precious time, I couldn't figure out what is wrong with my new setup
I got a new CCR2004-16G-2S+ and decided to start from scratch. I followed the vlan guide here (because CCR2004 has two switch chips), which doesn't show how to add DHCP servers, so I interpolated it from an old bridge-in-bridge setup on my RB2011. The RB2011 worked with bridge-in-bridge, so the DHCPs were attached to a bridge, while here they are attached to a ethernet vlan (maybe that is wrong?)

only the vlan-99 dhcp works (on a vlan 99 port, e.g. ether15), probably because in this vlan the bridge is part of the bridge's vlan?
/interface bridge vlan
add bridge=bridge1 tagged=bridge1 untagged=ether16 vlan-ids=99
I took that from a "how to setup a mgmt vlan", but I wouldn't really need it, a fixed config-port (like the default ether15) is fine for my setup.


here is the full config:
# oct/29/2022 18:53:35 by RouterOS 7.6
# software id = KYH4-C65G
#
# model = CCR2004-16G-2S+
# serial number = HD4087F88JA
/interface bridge
add frame-types=admit-only-vlan-tagged name=bridge1 protocol-mode=none vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] name=ether1-outside
set [ find default-name=sfp-sfpplus1 ] name=sfp-sfpplus1-outside
set [ find default-name=sfp-sfpplus2 ] name=sfp-sfpplus2-trunk

/interface vlan
add interface=bridge1 name=vlan-01-default vlan-id=1
add interface=bridge1 name=vlan-20-dmz vlan-id=20
add interface=bridge1 name=vlan-40-intern vlan-id=40
add interface=bridge1 name=vlan-80-guest vlan-id=80
add interface=bridge1 name=vlan-99-mgmt vlan-id=99

/ip pool
add name=dhcp_pool-20 ranges=192.168.20.100-192.168.20.254
add name=dhcp_pool-40 ranges=192.168.40.100-192.168.40.254
add name=dhcp_pool-99 ranges=192.168.99.100-192.168.99.254
add name=dhcp_pool-80 ranges=192.168.80.100-192.168.80.254
/ip dhcp-server
add address-pool=dhcp_pool-40 interface=vlan-40-intern lease-time=15m name=dhcp40
add address-pool=dhcp_pool-20 interface=vlan-20-dmz lease-time=15m name=dhcp20
add address-pool=dhcp_pool-80 interface=vlan-80-guest lease-time=15m name=dhcp80
add address-pool=dhcp_pool-99 disabled=yes interface=vlan-99-mgmt lease-time=15m name=dhcp99

/interface bridge port
add bridge=bridge1 frame-types=admit-only-vlan-tagged interface=ether2 trusted=yes
add bridge=bridge1 frame-types=admit-only-vlan-tagged interface=ether3 trusted=yes
add bridge=bridge1 frame-types=admit-only-vlan-tagged interface=ether4 trusted=yes
add bridge=bridge1 frame-types=admit-only-vlan-tagged interface=sfp-sfpplus2-trunk trusted=yes
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=ether5 pvid=40
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=ether6 pvid=40
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=ether7 pvid=40
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=ether8 pvid=40
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=ether9 pvid=40
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=ether10 pvid=40
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=ether11 pvid=20
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=ether12 pvid=20
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=ether13 pvid=80
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=ether14 pvid=80
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=ether16 pvid=99


/interface bridge vlan
add bridge=bridge1 tagged=sfp-sfpplus2-trunk,ether2,ether3,ether4 untagged=ether11,ether12 vlan-ids=20
add bridge=bridge1 tagged=sfp-sfpplus2-trunk,ether2,ether3,ether4 untagged=ether5,ether6,ether7,ether8,ether9,ether10 vlan-ids=40
add bridge=bridge1 tagged=sfp-sfpplus2-trunk,ether2,ether3,ether4 untagged=ether13,ether14 vlan-ids=80
add bridge=bridge1 tagged=bridge1 untagged=ether16 vlan-ids=99

/ip address
add address=192.168.88.1/24 comment=defconf interface=ether15 network=192.168.88.0
add address=192.168.99.1/24 interface=vlan-99-mgmt network=192.168.99.0
add address=192.168.40.1/24 interface=vlan-40-intern network=192.168.40.0
add address=192.168.80.1/24 interface=vlan-80-guest network=192.168.80.0
add address=192.168.20.1/24 interface=vlan-20-dmz network=192.168.20.0
add address=192.168.1.1/24 interface=bridge1 network=192.168.1.0

/ip dhcp-client
add interface=ether1-outside
add interface=sfp-sfpplus1-outside

/ip dhcp-server network
add address=192.168.20.0/24 gateway=192.168.20.1
add address=192.168.40.0/24 dns-server=192.168.40.1 gateway=192.168.40.1
add address=192.168.80.0/24 dns-server=192.168.80.1 gateway=192.168.80.1
add address=192.168.99.0/24 gateway=192.168.99.1

/ip firewall filter
add action=accept chain=input comment="accept ICMP" protocol=icmp
add action=accept chain=input comment="accept established,related" connection-state=established,related
add action=fasttrack-connection chain=forward comment="fast-track for established,related" connection-state=established,related hw-offload=yes
add action=accept chain=forward comment="accept established,related" connection-state=established,related
add action=drop chain=forward comment="drop invalid" connection-state=invalid
add action=drop chain=forward comment="drop access to clients behind NAT from WAN, drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface=ether1-outside
add action=accept chain=forward comment="accept all outgoing traffic" disabled=yes out-interface=ether1-outside

/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1-outside

/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh port=2200
set api disabled=yes
Thanks in advance for any input!
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11437
Joined: Thu Mar 03, 2016 10:23 pm

Re: dhcp in vlans not working on CCR2004  [SOLVED]

Sat Oct 29, 2022 8:24 pm

You have to add bridge1 interface as tagged port to all relevant VLANs under /interface bridge vlan.
 
plum
just joined
Topic Author
Posts: 13
Joined: Mon May 22, 2017 3:40 pm

Re: dhcp in vlans not working on CCR2004

Sat Oct 29, 2022 8:43 pm

You have to add bridge1 interface as tagged port to all relevant VLANs under /interface bridge vlan.
Thanks a lot, you nailed it!
I don't understand why the bridge would need to be part of each vlan for dhcp to work, but whatever - it works :)
 
tdw
Forum Guru
Forum Guru
Posts: 1843
Joined: Sat May 05, 2018 11:55 am

Re: dhcp in vlans not working on CCR2004

Sat Oct 29, 2022 8:53 pm

Who is online

Users browsing this forum: deadmaus911, rjuho and 36 guests