I have a hEX, CSS610-8G, and CSS610-8P on my network and I am attempting to get VLANs setup. I followed the instructions in this thread but my two systems are not receiving an IP from the DHCP server on the hEX.
My config is below.
Code: Select all
# jun/07/2023 08:55:21 by RouterOS 6.48.6
# software id = KHHU-L60U
#
# model = RB750Gr3
/interface bridge
add admin-mac=DC:2C:6E:7B:1D:1B auto-mac=no comment=defconf fast-forward=no \
name=Bridge-LAN
add name=Bridge-VLANs protocol-mode=none pvid=2 vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] disabled=yes
set [ find default-name=ether2 ] disabled=yes
set [ find default-name=ether4 ] comment=LAN
set [ find default-name=ether5 ] comment="WAN"
/interface vlan
add interface=Bridge-VLANs name=vlan5 vlan-id=5
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/ip pool
add name=Bridge ranges=172.16.1.100-172.16.1.150
add name="VLAN 5 Pool" ranges=172.16.5.2-172.16.5.5
/ip dhcp-server
add address-pool=Bridge disabled=no interface=Bridge-LAN lease-time=4h name=\
"Bridge DHCP"
add address-pool="VLAN 5 Pool" disabled=no interface=vlan5 name="VLAN 5 DHCP"
/interface bridge port
add bridge=Bridge-LAN interface=ether4
add bridge=Bridge-VLANs frame-types=admit-only-vlan-tagged ingress-filtering=\
yes interface=ether3
/ip neighbor discovery-settings
set discover-interface-list=LAN protocol=""
/interface bridge vlan
add bridge=Bridge-VLANs tagged=Bridge-VLANs,ether3 vlan-ids=5
/interface ethernet switch vlan
add independent-learning=no ports=ether3 switch=switch1 vlan-id=5
/interface l2tp-server server
set use-ipsec=required
/interface list member
add comment=defconf interface=Bridge-LAN list=LAN
add interface=ether5 list=WAN
/ip address
add address=172.16.1.1/24 comment="vlan 1 - Trusted" interface=Bridge-LAN \
network=172.16.1.0
add address=172.16.5.1/24 comment="vlan 5" interface=vlan5 network=172.16.5.0
/ip cloud
set ddns-enabled=yes ddns-update-interval=1h update-time=no
/ip dhcp-client
add default-route-distance=5 disabled=no interface=ether5 use-peer-dns=no
/ip dhcp-server network
add address=172.16.1.0/24 comment="Bridge-LAN DHCP Settings" dns-server=\
172.16.1.1 domain=domain.local gateway=172.16.1.1 netmask=24
add address=172.16.5.0/24 dns-server=172.16.5.1 domain=domain.testing gateway=\
172.16.5.1
/ip dns
set allow-remote-requests=yes cache-max-ttl=1h servers=\
208.67.222.222,208.67.220.220
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat comment="Default MASQ" out-interface=\
ether5
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www address=172.16.1.0/24
set ssh address=172.16.1.0/24
set api disabled=yes
set winbox address=172.16.1.0/24
set api-ssl disabled=yes
/ip ssh
set strong-crypto=yes
/system clock
set time-zone-name=America/New_York
/system identity
set name=router
/system ntp client
set enabled=yes server-dns-names=0.us.pool.ntp.org,1.us.pool.ntp.org
/tool bandwidth-server
set enabled=no
/tool graphing interface
add interface=Bridge-LAN
add interface=ether3
/tool graphing resource
add store-on-disk=no
/tool mac-server
set allowed-interface-list=none
/tool mac-server mac-winbox
set allowed-interface-list=none
/tool mac-server ping
set enabled=no
/tool sniffer
set filter-interface=Bridge-LAN filter-ip-address=4.2.2.2/32
/tool traffic-monitor
add interface=ether1 name=WAN traffic=received