The router in question:
RB 3011 UiAS-RM RouterOS version 7.4.1
So far i have setup:
- Eth1 is an DHCP Client and is connected to my other router so it has internet
- Eth2 is in a bridge and has a DHCP Server, that ports works fine and i'm using it to setup the Router via WinBox
- Eth3 is the Vlan trunk port (for vlan 10 and 20) Its those vlans which have an invalid DHCP Server.
I will connect a sfp switch (also mikrotik) to eth3 to divide the network.
my config:
Code: Select all
# aug/27/2022 14:22:45 by RouterOS 7.4.1
# software id = S9S1-TLZQ
#
# model = RB3011UiAS
# serial number =
/interface bridge
add name=bridge
/interface ethernet
set [ find default-name=ether1 ] name=ether1-wan
set [ find default-name=ether2 ] name=ether2-mangement
set [ find default-name=ether3 ] name=ether3-vlan
set [ find default-name=ether6 ] disabled=yes
set [ find default-name=ether7 ] disabled=yes
set [ find default-name=ether8 ] disabled=yes
set [ find default-name=ether9 ] disabled=yes
set [ find default-name=ether10 ] disabled=yes
set [ find default-name=sfp1 ] disabled=yes
/interface vlan
add interface=ether3-vlan name=vlan10 vlan-id=10
add interface=ether3-vlan name=vlan20 vlan-id=20
/interface list
add name=WAN
add name=LAN
add name=DISCOVER
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool_vlan10 ranges=10.0.10.20-10.0.10.200
add name=dhcp_pool_vlan20 ranges=10.0.20.20-10.0.20.200
add name=dhcp_pool_lan ranges=10.0.0.2-10.0.0.254
/ip dhcp-server
add address-pool=dhcp_pool_vlan10 interface=vlan10 lease-time=30m name=\
dhcpvlan10
add address-pool=dhcp_pool_vlan20 interface=vlan20 lease-time=30m name=\
dhcpvlan20
add address-pool=dhcp_pool_lan interface=bridge lease-time=30m name=dhcplan
/port
set 0 name=serial0
/interface bridge port
add bridge=bridge interface=ether3-vlan trusted=yes
add bridge=bridge interface=ether2-mangement
/ip neighbor discovery-settings
set discover-interface-list=DISCOVER
/interface list member
add interface=ether1-wan list=WAN
add interface=ether2-mangement list=LAN
add interface=vlan10 list=LAN
add interface=vlan20 list=LAN
add interface=bridge list=DISCOVER
/ip address
add address=10.0.10.1/24 interface=vlan10 network=10.0.10.0
add address=10.0.20.1/24 interface=vlan20 network=10.0.20.0
add address=10.0.0.1/24 interface=bridge network=10.0.0.0
/ip dhcp-client
add interface=ether1-wan
/ip dhcp-server network
add address=10.0.0.0/24 dns-server=8.8.8.8,1.1.1.1 gateway=10.0.0.1
add address=10.0.10.0/24 dns-server=8.8.8.8,1.1.1.1 gateway=10.0.10.1
add address=10.0.20.0/24 dns-server=8.8.8.8,1.1.1.1 gateway=10.0.20.1
/ip firewall address-list
add address=10.0.0.0/24 list=Management
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=drop chain=forward comment="drop vlan to vlan" in-interface=\
all-vlan out-interface=all-vlan
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
/system clock
set time-zone-name=Europe/Amsterdam