I try to setup my small network with some VLANs. In every VLAN should run a DHCP-Server. Devices that have a wired connection at the managed switch are getting an IP. If I connect to the Wifi the device don't get any IP. Please help me to get started and to understand the problem and how to run the DHCP-Server on all interfaces.
Greets
button
Code: Select all
/interface bridge
add igmp-snooping=yes ingress-filtering=no name=BR1 protocol-mode=none vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] advertise=100M-half,100M-full,1000M-half,1000M-full comment=WAN
set [ find default-name=ether2 ] advertise=100M-half,100M-full,1000M-half,1000M-full comment=AP_1_CAP_ac
set [ find default-name=ether3 ] comment=AP_2_CAP_lite
set [ find default-name=ether5 ] comment=Power-LAN
set [ find default-name=ether6 ] advertise=1000M-half,1000M-full comment="to HP1810"
set [ find default-name=sfp-sfpplus1 ] comment=sfp-sfpplus1 name=sfp1
/interface wireguard
add listen-port=13231 mtu=1420 name=wireguard1
add listen-port=13232 mtu=1420 name=wireguard2
/interface vlan
add interface=BR1 name=VLAN1 vlan-id=1
add interface=BR1 name=VLAN10_admin vlan-id=10
add interface=BR1 name=VLAN20_mobiles vlan-id=20
add interface=BR1 name=VLAN30_iot vlan-id=30
add interface=BR1 name=VLAN40_smarthome vlan-id=40
add interface=BR1 name=VLAN50_entertain vlan-id=50
add interface=BR1 name=VLAN60_guest vlan-id=60
add interface=BR1 name=VLAN90_pis vlan-id=90
/caps-man configuration
add country=germany datapath.bridge=BR1 .local-forwarding=yes multicast-helper=full name=cfg2-mobiles security.authentication-types=wpa2-psk \
.encryption=aes-ccm .group-encryption=aes-ccm ssid=harryklein
/interface list
add name=WAN
add name=VLAN
/caps-man configuration
add country=germany datapath.bridge=BR1 .interface-list=VLAN .local-forwarding=yes .vlan-id=10 .vlan-mode=no-tag multicast-helper=full name=\
cfg1-admin security.authentication-types=wpa2-psk .encryption=aes-ccm .group-encryption=aes-ccm ssid=a
add country=germany datapath.bridge=BR1 .interface-list=VLAN .local-forwarding=yes .vlan-id=60 .vlan-mode=no-tag multicast-helper=full name=\
cfg6-guest security.authentication-types=wpa2-psk .encryption=aes-ccm .group-encryption=aes-ccm ssid=b
add country=germany datapath.bridge=BR1 .interface-list=VLAN .local-forwarding=yes .vlan-id=1 .vlan-mode=use-tag multicast-helper=full name=\
cfg4-smarthome security.authentication-types=wpa2-psk .encryption=aes-ccm .group-encryption=aes-ccm ssid=c
add country=germany datapath.bridge=BR1 .interface-list=VLAN .local-forwarding=yes .vlan-id=30 .vlan-mode=no-tag multicast-helper=full name=\
cfg3-iot security.authentication-types=wpa2-psk .encryption=aes-ccm .group-encryption=aes-ccm ssid=d
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip dhcp-server option
add code=42 name=ntp-srv value="'130.149.17.21'"
/ip pool
add name=POOL01 ranges=192.168.1.2-192.168.1.254
add name=POOL10 ranges=192.168.10.2-192.168.10.254
add name=POOL20 ranges=192.168.20.2-192.168.20.254
add name=POOL30 ranges=192.168.30.2-192.168.30.254
add name=POOL40 ranges=192.168.40.2-192.168.40.254
add name=POOL50 ranges=192.168.50.2-192.168.50.254
add name=POOL90 ranges=192.168.90.2-192.168.90.254
add name=POOL60 ranges=192.168.60.2-192.168.60.254
/ip dhcp-server
add address-pool=POOL01 interface=BR1 name=DHCP-SRV1
add address-pool=POOL10 interface=VLAN10_admin name=VLAN10_DHCP
add address-pool=POOL20 interface=VLAN20_mobiles name=VLAN20_DHCP
add address-pool=POOL30 interface=VLAN30_iot name=VLAN30_DHCP
add address-pool=POOL40 interface=VLAN40_smarthome name=VLAN40_DHCP
add address-pool=POOL50 interface=VLAN50_entertain name=VLAN50_DHCP
add address-pool=POOL90 interface=VLAN90_pis name=VLAN90_DHCP
add address-pool=POOL60 interface=VLAN60_guest name=VLAN60_DHCP
/user group
add name=homeassistant policy=\
local,read,test,api,!telnet,!ssh,!ftp,!reboot,!write,!policy,!winbox,!password,!web,!sniff,!sensitive,!romon,!dude,!rest-api
/caps-man manager
set ca-certificate=auto certificate=auto enabled=yes
/caps-man provisioning
add action=create-dynamic-enabled master-configuration=cfg1-admin name-format=identity slave-configurations=\
cfg6-guest,cfg4-smarthome,cfg3-iot,cfg2-mobiles
/interface bridge port
add bridge=BR1 interface=ether2
add bridge=BR1 interface=ether3
add bridge=BR1 interface=ether4
add bridge=BR1 interface=ether5
add bridge=BR1 interface=ether6
add bridge=BR1 interface=ether7
/interface bridge settings
set use-ip-firewall-for-vlan=yes
/ip neighbor discovery-settings
set discover-interface-list=*2000010
/interface bridge vlan
add bridge=BR1 tagged=BR1,ether2,ether3,ether4,ether5,ether6,ether7,sfp1 vlan-ids=10
add bridge=BR1 tagged=BR1,ether2,ether3,ether4,ether5,ether6,ether7,sfp1 vlan-ids=20
add bridge=BR1 tagged=BR1,ether2,ether3,ether4,ether5,ether6,ether7,sfp1 vlan-ids=30
add bridge=BR1 tagged=BR1,ether2,ether3,ether4,ether5,ether6,ether7,sfp1 vlan-ids=40
add bridge=BR1 tagged=BR1,ether2,ether3,ether4,ether5,ether6,ether7,sfp1 vlan-ids=50
add bridge=BR1 tagged=BR1,ether2,ether3,ether4,ether5,ether6,ether7,sfp1 vlan-ids=60
add bridge=BR1 tagged=BR1,ether2,ether3,ether4,ether5,ether6,ether7,sfp1 vlan-ids=90
add bridge=BR1 tagged=BR1,ether2,ether3,ether4,ether5,ether6,ether7,sfp1 vlan-ids=99
/interface detect-internet
set detect-interface-list=WAN internet-interface-list=WAN wan-interface-list=WAN
/interface list member
add interface=ether1 list=WAN
add interface=VLAN20_mobiles list=VLAN
add interface=VLAN50_entertain list=VLAN
add interface=VLAN30_iot list=VLAN
add interface=VLAN40_smarthome list=VLAN
add interface=VLAN10_admin list=VLAN
add interface=VLAN90_pis list=VLAN
add interface=VLAN60_guest list=VLAN
/interface ovpn-server server
set auth=sha1,md5
/interface wireguard peers
(.......)
/ip address
add address=192.168.98.1/24 interface=wireguard1 network=192.168.98.0
add address=192.168.99.1/24 interface=wireguard2 network=192.168.99.0
add address=192.168.1.1/24 interface=BR1 network=192.168.1.0
add address=192.168.10.1/24 interface=VLAN10_admin network=192.168.10.0
add address=192.168.20.1/24 interface=VLAN20_mobiles network=192.168.20.0
add address=192.168.30.1/24 interface=VLAN30_iot network=192.168.30.0
add address=192.168.40.1/24 interface=VLAN40_smarthome network=192.168.40.0
add address=192.168.50.1/24 interface=VLAN50_entertain network=192.168.50.0
add address=192.168.90.1/24 interface=VLAN90_pis network=192.168.90.0
add address=192.168.60.1/24 interface=VLAN60_guest network=192.168.60.0
add address=192.168.2.1/24 interface=BR1 network=192.168.2.0
/ip dhcp-client
add interface=ether1
/ip dhcp-server config
set store-leases-disk=immediately
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=192.168.1.1 gateway=192.168.1.1
add address=192.168.10.0/24 dns-server=192.168.1.1 gateway=192.168.10.1
add address=192.168.20.0/24 dns-server=192.168.1.1 gateway=192.168.20.1
add address=192.168.30.0/24 dns-server=192.168.1.1 gateway=192.168.30.1
add address=192.168.40.0/24 dns-server=192.168.1.1 gateway=192.168.40.1
add address=192.168.50.0/24 dns-server=192.168.1.1 gateway=192.168.50.1
add address=192.168.60.0/24 dns-server=192.168.1.1 gateway=192.168.60.1
add address=192.168.90.0/24 dns-server=192.168.1.1 gateway=192.168.90.1
/ip dns
set allow-remote-requests=yes servers=192.168.1.1,1.1.1.1
/ip firewall filter
add action=accept chain=input comment="accept established,related" connection-state=established,related
add action=accept chain=forward connection-state=established,related
add action=accept chain=forward comment="VLAN Internet Access only" connection-state=new in-interface-list=VLAN out-interface-list=WAN
add action=accept chain=input comment="allow ICMP" in-interface=ether1 in-interface-list=WAN protocol=icmp
add action=accept chain=input comment="allow Winbox" in-interface=ether1 in-interface-list=WAN port=8291 protocol=tcp
add action=accept chain=input comment="allow WAN-SSH" in-interface=ether1 in-interface-list=WAN port=22 protocol=tcp
add action=accept chain=input comment="allow WAN-wireguard" in-interface=ether1 in-interface-list=WAN port=13231 protocol=udp
add action=accept chain=input comment=wireguard1 dst-port=13231 protocol=udp
add action=accept chain=input comment=wireguard2 dst-port=13232 protocol=udp
add action=drop chain=input comment="block everything else" in-interface=ether1
/ip firewall nat
add action=masquerade chain=srcnat comment="Default masquerade" out-interface-list=WAN
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
/ip ssh
set host-key-size=4096 strong-crypto=yes
/ip traffic-flow
set enabled=yes