The initial state of my router is pretty simple: a bridge named mainBridge has ether2-ether8 assigned to it. ether1 is WAN, and masquerading is set up in a simple home network configuration. The bridge is set up with default rules, PVID set 1 on all bridge ports. There are no VLANS.
What I want to do is simple: I want to shave off ether3 into a VLAN and setup a DHCP server on that VLAN it. That's it. All I want to do is to be able to plug into that port and do nothing more than get a different IP address from a different pool.
Here's what I tried:
- Create a Layer 2 VLAN on the bridge with ID 2 and tag it for untagged egress from ether3
- /interface bridge vlan add bridge=mainBridge vlan-ids=2 untagged=ether3
- /interface vlan add name=rentalVLAN vlan-id=2 interface=mainBridge
- /ip address add address=192.168.102.1/24 interface=rentalVLAN
- /ip pool add name=rentalHDCPIPPool ranges=192.168.102.100-192.168.102.254
- /ip dhcp network add address=192.168.102.0/24 gateway=192.168.102.1 dns-server=192.168.102.1
- /ip dhcp add name=rentalHDCP interface=rentalVLAN address-pool=rentalHDCPIPPool
- /ip firewall filter add chain=forward src-address=192.168.102.0/24 dst-address=192.168.1.0/24 action=drop
- /ip firewall filter add chain=forward src-address=192.168.1.0/24 dst-address=192.168.102.0/24 action=drop
- /interface bridge set mainBridge vlan-filtering=yes
- /interface bridge port set [find interface=ether3] pvid=2
What have I done wrong?
Thanks.