This should be a straight out of the examples setup, can't get it to work and completely stumped at this point.
Using a RB3011 routerboard.
I'm setting up a "router on a stick" type setup.
I started from a default setup, removed some of the ports from the default bridge and created a new bridge called "bridge1"
I tried to keep the existing settings as much as possible for ref/so I don't have to deal with accidentally taking out my connection.
I'm new to routerOS and tried reading through the wiki. This setup feels copied off an example, but it doesn't seem to work.
Issue: I can't get DHCP to work on bridge1, using static IP doesn't seem to work either. I'm not using the switch chip, this is deliberate.
Any idea what I'm missing?
# jan/02/1970 05:34:10 by RouterOS 7.2.3
# software id = E78J-UB21
#
# model = RB3011UiAS
# serial number = xxxxxxxxxxxxxxxxxx
/interface bridge
add admin-mac=DC:2C:6E:C1:6A:A1 auto-mac=no comment=defconf name=bridge
add name=bridge1 pvid=6 vlan-filtering=yes
/interface vlan
add interface=bridge1 name=VLAN6 vlan-id=6
add interface=bridge1 name=VLAN11 vlan-id=11
add interface=bridge1 name=VLAN21 vlan-id=21
add interface=bridge1 name=VLAN31 vlan-id=31
add interface=bridge1 name=VLAN41 vlan-id=41
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
add name=LAN2
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
add name=DHCP_POOL21 ranges=192.168.21.16-192.168.21.254
add name=DHCP_POOL11 ranges=192.168.11.16-192.168.11.254
add name=DHCP_POOL6 ranges=192.168.6.16-192.168.6.254
add name=DHCP_POOL31 ranges=192.168.31.16-192.168.31.254
add name=DHCP_POOL41 ranges=192.168.41.16-192.168.41.254
/ip dhcp-server
add address-pool=default-dhcp interface=bridge name=defconf
add address-pool=DHCP_POOL6 interface=VLAN6 name=DHCP6
add address-pool=DHCP_POOL41 interface=VLAN41 name=DHCP41
add address-pool=DHCP_POOL21 interface=VLAN21 name=DHCP21
add address-pool=DHCP_POOL31 interface=VLAN31 name=DHCP31
add address-pool=DHCP_POOL11 interface=VLAN11 name=DHCP11
/port
set 0 name=serial0
/interface bridge port
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=ether9
add bridge=bridge comment=defconf interface=ether10
add bridge=bridge comment=defconf interface=sfp1
add bridge=bridge interface=ether6
add bridge=bridge interface=ether7
add bridge=bridge1 frame-types=admit-only-vlan-tagged interface=ether2
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=ether3 pvid=6
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=ether4 pvid=11
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=ether5 pvid=41
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface bridge vlan
add bridge=bridge1 tagged=ether2,bridge1 untagged=ether3 vlan-ids=6
add bridge=bridge1 tagged=ether2 untagged=ether4 vlan-ids=11
add bridge=bridge1 tagged=ether2 untagged=ether5 vlan-ids=41
add bridge=bridge1 tagged=ether2 vlan-ids=31
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add list=LAN2
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=192.168.88.0
add address=192.168.6.1/24 interface=VLAN6 network=192.168.6.0
add address=192.168.11.1/24 interface=VLAN11 network=192.168.11.0
add address=192.168.21.1/24 interface=VLAN21 network=192.168.21.0
add address=192.168.31.1/24 interface=VLAN31 network=192.168.31.0
add address=192.168.41.1/24 interface=VLAN41 network=192.168.41.0
/ip dhcp-client
add comment=defconf interface=ether1
/ip dhcp-server network
add address=192.168.6.0/24 dns-server=192.168.6.1 gateway=192.168.6.1
add address=192.168.11.0/24 dns-server=192.168.11.1 gateway=192.168.11.1
add address=192.168.21.0/24 dns-server=192.168.21.1 gateway=192.168.21.1
add address=192.168.31.0/24 dns-server=192.168.31.1 gateway=192.168.31.1
add address=192.168.41.0/24 dns-server=192.168.41.1 gateway=192.168.41.1
add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
add address=192.168.6.1 name=router.lan2
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=accept chain=input comment="Test rule, allow access from bridge1" in-interface=bridge1 src-address=0.0.0.0
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related hw-offload=yes
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=33434-33534 protocol=udp
add action=accept chain=input comment="defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=input comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=forward comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN