Community discussions

MikroTik App
 
wilburt
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 84
Joined: Tue Aug 24, 2010 3:07 am

RB750 DHCP Server + Vlan

Mon Nov 01, 2010 5:13 am

I am trying to add a DHCP server to a vlan but none of my client machines are getting an ip address.

are we suppose to add the dhcp server onto a physical interface or the vlan interface or a bridge?How/what is the dhcp server ip address?


This is basically what i am trying to do

Ether1 (master port = none) - attached to modem

Ether2 (master port = none) - vlan10
Ether3 (master port = none) - vlan10
/interface vlan 
add name=vlan10_e2 vlan-id=10 interface=ether2 disabled=no
add name=vlan10_e3 vlan-id=10 interface=ether3 disabled=no
Do I have to add an ip address to these vlan interfaces?
If a client machine is plugged into ether3 or 2, they should get an ip address from the dhcp server within vlan10

any help would be appreciated... these vlans are driving me crazy
 
blake
Member
Member
Posts: 426
Joined: Mon May 31, 2010 10:46 pm
Location: Arizona

Re: RB750 DHCP Server + Vlan

Mon Nov 01, 2010 9:25 am

If you want the hosts to be able to communicate with each other and receive IPs from the same DHCP pool then try this.
/interface vlan 
add name=vlan10_e2 vlan-id=10 interface=ether2 disabled=no
add name=vlan10_e3 vlan-id=10 interface=ether3 disabled=no

/interface bridge add name=bridge1
/interface bridge port
add bridge=bridge1 interface=vlan10_e2
add bridge=bridge1 interface=vlan10_e3

/ip address add interface=bridge1 address=192.0.2.1/24

/ip pool add name=dhcp_pool ranges=192.0.2.2-192.0.2.254

/ip dhcp-server
add name=dhcp1 interface=bridge1 address-pool=dhcp_pool authoritative=yes disabled=no

/ip dhcp-server network
add address=192.0.2.0/24 gateway=192.0.2.1 dns-server=8.8.8.8,8.8.4.4

/ip firewall nat
add chain=srcnat action=masquerade out-interface=ether1 comment="NAT outbound traffic"
This config assumes your hosts can tag their packets with the proper VLAN ID.
IT consultant. Network manager. Packet junkie.
1-928-328-1509
 
wilburt
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 84
Joined: Tue Aug 24, 2010 3:07 am

Re: RB750 DHCP Server + Vlan

Mon Nov 01, 2010 12:10 pm

Thanks blake for the help I will give it a go and let you know of the outcome.

Your last quote
This config assumes your hosts can tag their packets with the proper VLAN ID.
How does that work if the host doesn't know what IP address or vlan they need to be in? Can we set by default a specific vlan? Or how does a host set their vlan id (i.e. windows xp or 7)
 
blake
Member
Member
Posts: 426
Joined: Mon May 31, 2010 10:46 pm
Location: Arizona

Re: RB750 DHCP Server + Vlan

Mon Nov 01, 2010 10:29 pm

It would depend on the drivers for the Ethernet card. Intel and Broadcom provide client-side utilities which let you manipulate VLAN interfaces on PCs.

Sounds like you need the RB750 to do the tagging for the clients though. Is this a 750, or 750G? The gigabit version has the ability to mark VLAN tags for the client. Otherwise could you just add those ports directly to a bridge, and then hook it into the rest of your network over a VLAN attached on another port.
/interface vlan add interface=ether4 name=vlan10 vlan-id=10 disabled=no comment="Uplink to VLAN switch"

/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=vlan10
Something like that. Make sense?
IT consultant. Network manager. Packet junkie.
1-928-328-1509
 
wilburt
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 84
Joined: Tue Aug 24, 2010 3:07 am

Re: RB750 DHCP Server + Vlan

Wed Nov 03, 2010 7:04 am

I think that makes sense. I think that is what I have done (see below config)

I am still unable to obtain an IP address from the hotspot server and also not able to ping between my 192.168.88.0/24 network for NTP and management purposes. I must be doing something wrong.

This is what I have done for my Rb750 and Rb433

RB750
/interface bridge
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes \
    comment="" disabled=no forward-delay=15s l2mtu=1524 max-message-age=20s \
    mtu=1500 name=bridge20_e5 priority=0x8000 protocol-mode=none \
    transmit-hold-count=6
/interface vlan
add arp=enabled comment="" disabled=no interface=bridge20_e5 l2mtu=1520 mtu=\
    1500 name=vlan20_e5 use-service-tag=no vlan-id=20
/interface ethernet switch
set switch1 mirror-source=none mirror-target=none name=switch1
/ip dhcp-server
add authoritative=after-2sec-delay bootp-support=static disabled=no \
    interface=vlan20_e5 lease-time=3d name=dhcp1
/ip hotspot profile
set default dns-name="" hotspot-address=0.0.0.0 html-directory=hotspot \
    http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=cookie,http-chap \
    name=default rate-limit="" smtp-server=0.0.0.0 split-user-domain=no \
    use-radius=no
/ip hotspot user profile
set default idle-timeout=none keepalive-timeout=2m name=default shared-users=\
    1 status-autorefresh=1m transparent-proxy=no
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
add name=dhcp_pool1 ranges=192.168.5.242-192.168.5.254
add name=hs-dhcp-pool ranges=10.10.0.10-10.10.1.254
/ip dhcp-server
add address-pool=default-dhcp authoritative=after-2sec-delay bootp-support=\
    static disabled=no interface=ether2-local-master lease-time=3d name=\
    server1
/ip hotspot
add address-pool=dhcp_pool1 addresses-per-mac=1 disabled=no idle-timeout=5m \
    interface=vlan20_e5 keepalive-timeout=none name=hotspot1 profile=hsprof1
/interface bridge port
add bridge=bridge20_e5 comment="" disabled=no edge=auto external-fdb=auto \
    horizon=none interface=ether5-local-slave path-cost=10 point-to-point=\
    auto priority=0x80
/ip address
add address=192.168.88.1/24 broadcast=192.168.88.255 comment="" disabled=no \
    interface=ether2-local-master network=192.168.88.0
add address=192.168.5.1/24 broadcast=192.168.5.255 comment="" disabled=no \
    interface=vlan20_e5 network=192.168.5.0
/ip dhcp-client
add add-default-route=yes comment="default configuration" \
    default-route-distance=1 disabled=no interface=ether1-gateway \
    use-peer-dns=yes use-peer-ntp=yes
/ip route
add comment="" disabled=no distance=1 dst-address=192.168.88.10/32 gateway=\
    ether5-local-slave scope=30 target-scope=10
RB433

/interface bridge
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes \
    comment="" disabled=no forward-delay=15s l2mtu=1522 max-message-age=20s \
    mtu=1500 name=BridgeH priority=0x8000 protocol-mode=none \
    transmit-hold-count=6
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes \
    comment="" disabled=no forward-delay=15s l2mtu=65535 max-message-age=20s \
    mtu=1500 name=bridgeVlan20 priority=0x8000 protocol-mode=none \
    transmit-hold-count=6
/interface vlan
add arp=enabled comment="" disabled=no interface=bridgeVlan20 l2mtu=65531 \
    mtu=1500 name=vlan20 use-service-tag=no vlan-id=20

/interface bridge port
add bridge=bridgeVlan20 comment="" disabled=no edge=auto external-fdb=auto \
    horizon=none interface=wlan1 path-cost=10 point-to-point=auto priority=\
    0x80
add bridge=BridgeH comment="" disabled=no edge=auto external-fdb=auto \
    horizon=none interface=ether2 path-cost=10 point-to-point=auto priority=\
    0x80
add bridge=BridgeH comment="" disabled=no edge=auto external-fdb=auto \
    horizon=none interface=ether3 path-cost=10 point-to-point=auto priority=\
    0x80
add bridge=BridgeH comment="" disabled=no edge=auto external-fdb=auto \
    horizon=none interface=vlan20 path-cost=10 point-to-point=auto priority=\
    0x80
/ip route
add disabled=no distance=1 dst-address=192.168.88.1/32 gateway=ether3 scope=\
    30 target-scope=10

 
wilburt
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 84
Joined: Tue Aug 24, 2010 3:07 am

Re: RB750 DHCP Server + Vlan

Wed Nov 03, 2010 7:09 am

In short this is what I have done

On RB433
wlan - bridgevlan20 - vlan20

bridged together (vlan20, ether3, ether2)

assigned an ip address to ether3 for management on the 192.168.88.0/24 network

Ether3 is connected to RB750 ether5

On RB750

I have created Vlan20

bridged ether5 - bridgevlan20 - vlan20

Hotspot is attached to vlan20

I can't ping from RB433 ether3 to the gateway 192.168.88.1 on RB750

Can anyone see what I have obviously done wrong?

Thanks in advance for the community's help :)
 
blake
Member
Member
Posts: 426
Joined: Mon May 31, 2010 10:46 pm
Location: Arizona

Re: RB750 DHCP Server + Vlan

Wed Nov 03, 2010 10:37 am

Could you better explain the topology you're trying to achieve? It seems like the setup has changed from your initial question. Your configuration effectively confused me.
IT consultant. Network manager. Packet junkie.
1-928-328-1509
 
wilburt
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 84
Joined: Tue Aug 24, 2010 3:07 am

Re: RB750 DHCP Server + Vlan

Thu Nov 04, 2010 4:56 am

RB750
|___ Ether5 ___ Ether3 RB433(1) Ether2 ___ Ether3 RB433(2)
|___ Ether1 ___ www | |
|___ Ether2___ AdminPC | |
| |
Wlan wlan


I have created a vlan20 to be used for the hotspot service on RB750 and attached it to ether5. Clients will connect to the wlan from teh RB433, but they won't know about the vlan. I will need to push any requests that come from the wlan into vlan20 to obtain an ip address from the hotspot.

Ether2 is on a local ip range, 192.168.88.0/24 and this subnet will be used in the network for management purposes (i.e. maintenance and sync the clocks on all the devices)

Basically I want to create a HS service in vlan20 but still be able to manage the devices in a separate private network.

Creating the HS service is straight forward, but putting the service through a vlan seems to confuse me.
 
blake
Member
Member
Posts: 426
Joined: Mon May 31, 2010 10:46 pm
Location: Arizona

Re: RB750 DHCP Server + Vlan

Fri Nov 05, 2010 7:43 am

Gotcha.

Not sure why you have two RB433's in your diagram. You didn't describe the other one. I'll just give the config for using one. I also assume you want the RB433 available on the management subnet. We'll pass another VLAN across that link for that purpose.

RB433
/interface wireless
set wlan1 mode=ap-bridge ssid="WiFi" frequency=2414 band=2.4ghz-b/g default-authentication=yes default-forwarding=no

/interface vlan
add disabled=no interface=ether3 name=vlan20 vlan-id=20 comment="Hotspot VLAN"
add disabled=no interface=ether3 name=vlan25 vlan-id=25 comment="Management VLAN"

/interface bridge add name=bridge1
/interface bridge port
add bridge=bridge1 interface=wlan1
add bridge=bridge1 interface=vlan20

/ip address add interface=vlan25 address=192.168.88.2/24
/ip route add gateway=192.168.88.1

/ip firewall filter
add chain=forward action=reject in-interface=wlan1 out-interface=!vlan20 comment="Drop WiFi traffic not exiting VLAN 20"
RB750
/interface vlan
add disabled=no interface=ether5 name=vlan20 vlan-id=20
add disabled=no interface=ether5 name=vlan25 vlan-id=25

/interface bridge add name=bridge1
/interface bridge port
add bridge=bridge1 interface=vlan25
add bridge=bridge1 interface=ether2

/ip address 
add interface=vlan20 address=10.1.20.1/24
add interface=bridge1 address=192.168.88.1/24

/ip pool
add name=dhcp-pool ranges=10.1.20.2-10.1.20.254

/ip dhcp-server
add name=dhcp1 interface=vlan20 address-pool=dhcp1-pool authoritative=yes bootp-support=none disabled=no

/ip dhcp-server network
add address=10.1.20.0/24 gateway=10.1.20.1

/ip dhcp-client
add interface=ether1 add-default-route=yes use-peer-dns=yes disabled=no

/ip firewall nat
add chain=srcnat action=masquerade out-interface=ether1

/ip hotspot
add name=hotspot1 interface=vlan20 address-pool=none profile=default disabled=no addresses-per-mac=2
That seems like a working config to me. I haven't tested it so there may be errors, but hopefully you get the idea.
IT consultant. Network manager. Packet junkie.
1-928-328-1509
 
wilburt
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 84
Joined: Tue Aug 24, 2010 3:07 am

Re: RB750 DHCP Server + Vlan

Tue Nov 09, 2010 1:56 am

Hi Blake,

Thanks for the pointer. I have finally got what I wanted to work.

Thanks again for your assistance :D

Who is online

Users browsing this forum: james58899, WildRat and 46 guests