[Question] DHCP with and without vlan

java · Mon Jun 06, 2022 11:37 am

I had the vlan 123 for wifi client, setting up a DHCP Server on eth5's sub-interface. It worked fine.
But now I have a special controller:
1. can not be setup by static ip, only just by DHCP
2. must be on the same lan to provide services
3. no vlan support
4. need access 192.168.123.1 to internet

dd.png

I already have another DHCP Server for lan 192.168.21.x on bridge-lan.

I bridged this eth1 and eth5 interface and setup a DHCP server on eth5.vlan interface. I think "bridge" could make both interfaces communicate each other.
But now I just could get ip from vlan interface eth5 , but no ip from the interface eth1 without vlan.

What's wrong with me? how to separate two DHCP server for different lan and vlan. Is it possible both interfaces getting ip from one DHCP server?

please help！

# jun/14/2022 19:46:56 by RouterOS 7.3.1
#
# model = RB5009UG+S+

/interface bridge
add igmp-snooping=yes ingress-filtering=no multicast-querier=yes name=\
    bridge-lan vlan-filtering=yes

/interface ethernet
set [ find default-name=ether1 ] name=eth1
set [ find default-name=ether5 ] name=eth5
set [ find default-name=ether8 ] name=eth8

/interface vlan
add interface=eth5 name=vlan123 vlan-id=123

/ip pool
add name=lan-dhcp-pool-21 ranges=192.168.21.201-192.168.21.250
add name=lan-dhcp-pool-123 ranges=192.168.123.50-192.168.123.254

/ip dhcp-server
add address-pool=lan-dhcp-pool-21 interface=bridge-lan name=lan-dhcp
add address-pool=lan-dhcp-pool-123 interface=vlan123 name=vlan-123-wifi_dhcp

/interface pppoe-client
add disabled=no interface=eth8 keepalive-timeout=30 name=pppoe password=xxx profile=pppoe-profile user=xxx

/interface bridge port
add bridge=bridge-lan interface=eth1 pvid=123
add bridge=bridge-lan interface=eth5

/interface bridge vlan
add bridge=bridge-lan untagged="eth5,xxx" vlan-ids=1
add bridge=bridge-lan tagged=eth5 untagged=bridge-lan,eth1 vlan-ids=123

/ip address
add address=192.168.21.1/24 interface=bridge-lan network=192.168.21.0
add address=192.168.123.1/24 interface=vlan123 network=192.168.123.0

/ip dhcp-server network
add address=192.168.21.0/24 dns-server=114.114.115.115,223.6.6.6 gateway=192.168.21.1
add address=192.168.123.0/24 dns-server=114.114.115.115,223.6.6.6 gateway=192.168.123.1

erlinden · Mon Jun 06, 2022 11:43 am

This would require two DHCP servers, one per VLAN.
Still...why?

And before answering, read this topic very carefully:
viewtopic.php?t=143620

anav · Mon Jun 06, 2022 2:02 pm

The problem is your requirements are too vague.
Describe what users need to be able to do with traffic without discussing the config or setup.
A network diagrams shows us the physical structure so what we need is a diagram and the user requirements

java · Mon Jun 06, 2022 3:25 pm

The problem is your requirements are too vague.
Describe what users need to be able to do with traffic without discussing the config or setup.
A network diagrams shows us the physical structure so what we need is a diagram and the user requirements

thanks for your remind.

I had the vlan 123 for wifi client, setting up a DHCP Server on eth5's sub-interface. It worked fine.
But now I have a special controller:
1. can not be setup by static ip, only just by DHCP
2. must be on the same lan to provide services
3. no vlan support
4. need access 192.168.123.1 to internet

dd.png

java · Tue Jun 14, 2022 11:33 am

up, ask for help

mkx · Tue Jun 14, 2022 12:17 pm

But now I have a special controller:
1. can not be setup by static ip, only just by DHCP
2. must be on the same lan to provide services
3. no vlan support
4. need access 192.168.123.1 to internet

Bullet #2 is pointing in direction of simply bridging all ports together. So the config would be as follows:

1. set up DHCP client on bridge interface
2. add all ports to same bridge
3. so just ignore all VLAN related configuration options
4. DHCP server should provide default gateway as well ... so this item should be there automagically

The problem with switch/bridge config of device is that it doesn't perform firewall duties any more (because firewall is traditionally between IP interfaces and switch/bridge only has one). If you need firewall between bridge ports, come back and we'll help you with that.

java · Tue Jun 14, 2022 12:43 pm

Thx, But I have another DHCP Server for lan 192.168.21.x on bridge-lan, so how to separate two DHCP server for different lan and vlan.

But now I have a special controller:
1. can not be setup by static ip, only just by DHCP
2. must be on the same lan to provide services
3. no vlan support
4. need access 192.168.123.1 to internet
Bullet #2 is pointing in direction of simply bridging all ports together. So the config would be as follows:

1. set up DHCP client on bridge interface
2. add all ports to same bridge
3. so just ignore all VLAN related configuration options
4. DHCP server should provide default gateway as well ... so this item should be there automagically

The problem with switch/bridge config of device is that it doesn't perform firewall duties any more (because firewall is traditionally between IP interfaces and switch/bridge only has one). If you need firewall between bridge ports, come back and we'll help you with that.

mkx · Tue Jun 14, 2022 2:03 pm

Thx, But I have another DHCP Server for lan 192.168.21.x on bridge-lan, so how to separate two DHCP server for different lan and vlan.

I'm not sure I understand your concern. If I read the diagram correctly, then you're asking about configuration of lower-most device (controller) which doesn't know anything about VLANs. So the configuration of controller will only run DHCP client and will receive IP configuration from DHCP server which is already running on centre router, serving eth5.vlan123 L2 subnet (untagged member of which should become ether1).

If you're asking about needed (additional) config of centre router, then post current configuration of that router and we'll help you adjust the config (if it's a mikrotik device).

If my understanding of current state and desired config is off, then please describe things into more detail.

java · Tue Jun 14, 2022 2:59 pm

yes, it's right.

main configuration is as follows:

# jun/14/2022 19:46:56 by RouterOS 7.3.1
# model = RB5009UG+S+

/interface bridge
add igmp-snooping=yes ingress-filtering=no multicast-querier=yes name=\
    bridge-lan vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] name=eth1
set [ find default-name=ether5 ] name=eth5
set [ find default-name=ether8 ] name=eth8

/interface vlan
add interface=eth5 name=vlan123 vlan-id=123

/ip pool
add name=lan-dhcp-pool-21 ranges=192.168.21.201-192.168.21.250
add name=lan-dhcp-pool-123 ranges=192.168.123.50-192.168.123.254

/ip dhcp-server
add address-pool=lan-dhcp-pool-21 interface=bridge-lan name=lan-dhcp
add address-pool=lan-dhcp-pool-123 interface=vlan123 name=vlan-123-wifi_dhcp

/interface pppoe-client
add disabled=no interface=eth8 keepalive-timeout=30 name=pppoe password=xxx profile=pppoe-profile user=xxx

/interface bridge port
add bridge=bridge-lan interface=eth1 pvid=123
add bridge=bridge-lan interface=eth5

/interface bridge vlan
add bridge=bridge-lan untagged="eth5,xxx" vlan-ids=1
add bridge=bridge-lan tagged=eth5 untagged=bridge-lan,eth1 vlan-ids=123

/ip address
add address=192.168.21.1/24 interface=bridge-lan network=192.168.21.0
add address=192.168.123.1/24 interface=vlan123 network=192.168.123.0

/ip dhcp-server network
add address=192.168.21.0/24 dns-server=114.114.115.115,223.6.6.6 gateway=192.168.21.1
add address=192.168.123.0/24 dns-server=114.114.115.115,223.6.6.6 gateway=192.168.123.1

Thx, But I have another DHCP Server for lan 192.168.21.x on bridge-lan, so how to separate two DHCP server for different lan and vlan.

I'm not sure I understand your concern. If I read the diagram correctly, then you're asking about configuration of lower-most device (controller) which doesn't know anything about VLANs. So the configuration of controller will only run DHCP client and will receive IP configuration from DHCP server which is already running on centre router, serving eth5.vlan123 L2 subnet (untagged member of which should become ether1).

If you're asking about needed (additional) config of centre router, then post current configuration of that router and we'll help you adjust the config (if it's a mikrotik device).

If my understanding of current state and desired config is off, then please describe things into more detail.

mkx · Tue Jun 14, 2022 4:36 pm

There are a few problems with your config. In essence, you need to treat VLAN 123 all tagged in your router, including bridge (only keep eth1 as untagged/access port to that VLAN). Here's what I see as being wrong (with corrections), the rest seems to be fine:

/interface vlan
add interface=eth5bridge-lan name=vlan123 vlan-id=123

/interface bridge vlan
add bridge=bridge-lan tagged=bridge-lan,eth5 untagged=bridge-lan,eth1 vlan-ids=123

java · Wed Jun 15, 2022 3:15 pm

It's worked. Finally I got the difference between untagged and tagged with the "bridge" interface. THX!

There are a few problems with your config. In essence, you need to treat VLAN 123 all tagged in your router, including bridge (only keep eth1 as untagged/access port to that VLAN). Here's what I see as being wrong (with corrections), the rest seems to be fine:

/interface vlan
add interface=eth5bridge-lan name=vlan123 vlan-id=123

/interface bridge vlan
add bridge=bridge-lan tagged=bridge-lan,eth5 untagged=bridge-lan,eth1 vlan-ids=123

[Question] DHCP with and without vlan [SOLVED]

[Question] DHCP with and without vlan

Re: [Question] DHCP with and without vlan

Re: [Question] DHCP with and without vlan

Re: [Question] DHCP with and without vlan

Re: [Question] DHCP with and without vlan

Re: [Question] DHCP with and without vlan

Re: [Question] DHCP with and without vlan

Re: [Question] DHCP with and without vlan

Re: [Question] DHCP with and without vlan

Re: [Question] DHCP with and without vlan [SOLVED]

Re: [Question] DHCP with and without vlan

Who is online