I have RouterOS HAP AC2 with 3 vlans: vlan10 and vlan20 for private/public access and vlan99 for management access. This router connects (and powered by) RB260GSP.
ether1 on HAP AC2 is a trunk port, connected to RB260GSP port 5 which should also be a trunk port.
The DHCP server on vlan99 does work for sure, because I get an address if I connect my laptop on ether2-mgmt untagged port on the router.
My main problem is that the switch cannot get IP address via DHCP, and specifying static address also does not work.
I have tried everything I could, but now I'm stuck.
Here is my routeros config:
Code: Select all
# jun/10/2021 17:22:35 by RouterOS 6.47.10
# software id = BGJQ-V2CF
#
# model = RBD52G-5HacD2HnD
# serial number = D7160D5AA834
/interface bridge
add admin-mac=08:55:31:E7:F3:68 auto-mac=no comment=defconf frame-types=admit-only-vlan-tagged ingress-filtering=yes name=bridge-main \
vlan-filtering=yes
add name=vpn-blackhole protocol-mode=none
/interface ethernet
set [ find default-name=ether1 ] comment="to main switch, poe in" name=ether1-trunk
set [ find default-name=ether2 ] comment="Management port, not in bridge" name=ether2-mgmt
set [ find default-name=ether3 ] comment="acess private network" name=ether3-private
set [ find default-name=ether4 ] comment="access private network" name=ether4-private
set [ find default-name=ether5 ] comment="WAN port/internet" name=ether5-wan
/interface vlan
add interface=bridge-main name=vlan-mgmt vlan-id=99
add interface=bridge-main name=vlan-private vlan-id=10
add interface=bridge-main name=vlan-public vlan-id=20
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/ip dhcp-server option
add code=119 name=domain-search-option value="'magnet.'"
/ip pool
add comment="For private vlan10" name=pool-private ranges=192.168.19.100-192.168.19.200
add comment="For public vlan20" name=pool-public ranges=10.10.1.1-10.10.3.254
add comment="For management" name=pool-mgmt ranges=192.168.77.100-192.168.77.200
/ip dhcp-server
add address-pool=pool-private disabled=no interface=vlan-private lease-script=onDhcpLease name=dhcp-private
add address-pool=pool-mgmt disabled=no interface=vlan-mgmt name=dhcp-mgmt
add address-pool=pool-public disabled=no interface=vlan-public name=dhcp-public
/interface bridge port
add bridge=bridge-main comment="access private vlan10" frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes \
interface=ether3-private pvid=10
add bridge=bridge-main comment="access private vlan10" frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes \
interface=ether4-private pvid=10
add bridge=bridge-main frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=vlan-private pvid=10
add bridge=bridge-main frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=vlan-public pvid=20
add bridge=bridge-main frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=ether1-trunk pvid=10
add bridge=bridge-main frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether2-mgmt pvid=99
add bridge=bridge-main frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=vlan-mgmt pvid=99
/ip neighbor discovery-settings
set discover-interface-list=LAN
/ip settings
set rp-filter=strict
/interface bridge vlan
add bridge=bridge-main tagged=ether1-trunk,bridge-main untagged=ether3-private,ether4-private,vlan-private vlan-ids=10
add bridge=bridge-main tagged=ether1-trunk,bridge-main untagged=vlan-public vlan-ids=20
add bridge=bridge-main tagged=bridge-main untagged=ether2-mgmt,vlan-mgmt vlan-ids=99
/interface list member
add comment=defconf interface=bridge-main list=LAN
add comment=defconf interface=ether5-wan list=WAN
/ip address
add address=192.168.19.254/24 comment=defconf interface=vlan-private network=192.168.19.0
add address=192.168.77.254/24 interface=vlan-mgmt network=192.168.77.0
add address=10.10.0.254/22 interface=vlan-public network=10.10.0.0
/ip dhcp-client
add comment=defconf default-route-distance=10 disabled=no interface=ether5-wan use-peer-dns=no use-peer-ntp=no
/ip dhcp-server lease
add address=192.168.19.253 client-id=1:8:55:31:db:5d:2d mac-address=08:55:31:DB:5D:2D server=dhcp-private
/ip dhcp-server network
add address=10.10.0.0/22 dns-server=1.1.1.3,1.0.0.3 domain=pubnet. gateway=10.10.0.254
add address=192.168.19.0/24 comment=defconf dns-server=192.168.19.254 domain=magnet. gateway=192.168.19.254 ntp-server=192.168.19.254
add address=192.168.77.0/24 comment=management dns-server=192.168.77.254 gateway=192.168.77.254
/ip dns
set allow-remote-requests=yes servers=1.1.1.3,1.0.0.3
/ip dns static
add address=192.168.19.254 comment=defconf name=router.magnet.
add address=10.10.0.254 name=router.pubnet
add address=192.168.77.1 name=router.mgmt
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
/ip route
add comment="Blackhole for RCF 1918 class A" distance=1 dst-address=10.0.0.0/8 gateway=vpn-blackhole
add comment="Blackhole for RCF 1918 class B" distance=1 dst-address=172.16.0.0/12 gateway=vpn-blackhole
add comment="Blackhole for RCF 1918 class C" distance=1 dst-address=192.168.0.0/16 gateway=vpn-blackhole
https://imgur.com/a/R6cYD2R