Not a newbie to networking (although it's still a bit of a weak point for me) but definitely a newbie to Mikrotik, and I'm struggling a bit to get a config working on an RB2011 - can anyone advise?
Basically my scenario is - I'm setting up a test environment for a new phone system. I have an RB2011 plugged into an HP 2530 managed switch. I need two VLANs, a default VLAN 1 (192.168.1.0/24) and a voice VLAN 30 (192.168.30.0/24) with the default VLAN traffic untagged and voice VLAN tagged. I also need DHCP on both networks, with phones getting an IP address on VLAN 30 (using option 156) and anything else getting an IP address on the default VLAN. The switch has both VLANs configured on the ports I'm using, and is set to tag VLAN 30 traffic, and has the IP address of the router set as a DHCP helper for that voice VLAN - it's actually using an old config from our production network so I'm fairly sure it should work.
The config in the router that I have now _almost_ works. I can plug a PC into the switch or the router, get an IP on the default VLAN, and I can ping the router on both it's IP addresses. However, from the switch I can't ping the router on it's VLAN 30 IP address, and if I plug a phone into the switch it gets an IP on the default VLAN, so either DHCP on VLAN 30 isn't working (quite possible) or the lack of comms between switch and router is causing it to fail, I'm not sure. Either way, I'm a little stumped.
Copy of config is below. Can anyone see any glaring errors? Thanks in advance.
Code: Select all
# oct/13/2021 12:03:03 by RouterOS 6.48.5
# software id = 1UE5-M0GP
#
# model = RB2011UiAS
# serial number = E7E20E4B75FB
/interface bridge
add admin-mac=2C:C8:1B:74:8D:18 auto-mac=no comment=defconf name=Bridge
/interface vlan
add interface=Bridge name="Default VLAN" vlan-id=1
add interface=Bridge name=Voice vlan-id=30
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip dhcp-server option
add code=156 name="IP Phone Boot Server" value="'configServers=\"update.sky.shor\
etel.com.au\",cloudDomain=\"sky.shoretel.com.au\",country=8,language=23,laye\
r2tagging=1,vlanid=30'"
/ip dhcp-server option sets
add name="Voice VLAN options" options="IP Phone Boot Server"
/ip pool
add name=voice_dhcp_pool ranges=192.168.30.50-192.168.30.200
add name=default_dhcp_pool ranges=192.168.1.50-192.168.1.100
/ip dhcp-server
add address-pool=voice_dhcp_pool dhcp-option-set="Voice VLAN options" disabled=\
no interface=Bridge name="Voice DHCP" relay=192.168.1.250
add address-pool=default_dhcp_pool disabled=no interface=Bridge name=\
"Default DHCP"
/interface bridge port
add bridge=Bridge comment=defconf interface=ether2
add bridge=Bridge comment=defconf interface=ether3
add bridge=Bridge comment=defconf interface=ether4
add bridge=Bridge comment=defconf interface=ether5
add bridge=Bridge comment=defconf interface=ether6
add bridge=Bridge comment=defconf interface=ether7
add bridge=Bridge comment=defconf interface=ether8
add bridge=Bridge comment=defconf interface=ether9
add bridge=Bridge comment=defconf interface=ether10
add bridge=Bridge comment=defconf interface=sfp1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface bridge vlan
add bridge=Bridge tagged=Bridge,ether2,ether3,ether4,ether5 vlan-ids=30
add bridge=Bridge untagged=Bridge vlan-ids=1
/interface ethernet switch vlan
add independent-learning=no ports=ether2,ether3,ether4,ether5 switch=switch1 \
vlan-id=1
add independent-learning=no ports=ether2,ether3,ether4,ether5 switch=switch1 \
vlan-id=30
/interface list member
add comment=defconf interface=Bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.1.250/24 interface=Bridge network=192.168.1.0
add address=192.168.30.250/24 interface=Bridge network=192.168.30.0
/ip dhcp-client
add comment=defconf disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=192.168.1.250 gateway=192.168.1.250 \
netmask=24
add address=192.168.30.0/24 comment=defconf dns-server=192.168.30.250 gateway=\
192.168.30.250 netmask=24
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.1.250 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=\
invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" \
connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=\
out,none out-interface-list=WAN
/system clock
set time-zone-name=Australia/Hobart
/system identity
set name=nmc-mitel
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN