I'm following the guide here:viewtopic.php?t=143620 and trying to follow the router-switch-ap (although without the AP) example. When I apply the configuration to my new CCR2116, I'm not able to get any ip address on my VLAN access ports (ether5-8 in my configuration). My full config is below, any help would be greatly appreciated.
For reference, I've use MT for quite a while in small deployments, but never really attempted anything with VLANs. I'm trying to learn as my networks become large enough to benefit from more segmentation, but I'm struggling just getting it set up. This is a brand new router, all I've done is update it to ROS 7.5.
Code: Select all
# jan/02/1970 00:25:14 by RouterOS 7.5
# model = CCR2116-12G-4S+
/interface bridge
add name=BR1 protocol-mode=none vlan-filtering=yes
/interface vlan
add interface=BR1 name=BASE_VLAN vlan-id=99
add interface=BR1 name=LAN_VLAN vlan-id=10
add interface=BR1 name=Voice_VLAN vlan-id=20
/interface list
add name=WAN
add name=VLAN
add name=BASE
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=LAN_POOL ranges=10.0.10.2-10.0.10.254
add name=Voice_POOL ranges=10.0.20.2-10.0.20.254
/ip dhcp-server
add address-pool=LAN_POOL interface=LAN_VLAN name=LAN_DHCP
add address-pool=Voice_POOL interface=Voice_VLAN name=Voice_DHCP
/port
set 0 name=serial0
/interface bridge port
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged interface=ether5 pvid=10
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged interface=ether6 pvid=10
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged interface=ether7 pvid=20
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged interface=ether8 pvid=20
add bridge=BR1 interface=ether12 pvid=99
/interface list member
add interface=ether1 list=WAN
add interface=BASE_VLAN list=VLAN
add interface=LAN_VLAN list=VLAN
add interface=Voice_VLAN list=VLAN
add interface=BASE_VLAN list=BASE
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether13 network=192.168.88.0
add address=192.168.0.1/24 interface=BASE_VLAN network=192.168.0.0
add address=10.0.10.1/24 interface=LAN_VLAN network=10.0.10.0
add address=10.0.20.1/24 interface=Voice_VLAN network=10.0.20.0
/ip dhcp-server network
add address=10.0.10.0/24 dns-server=192.168.0.1 gateway=10.0.10.1
add address=10.0.20.0/24 dns-server=192.168.0.1 gateway=10.0.20.1
/ip dns
set allow-remote-requests=yes servers=9.9.9.9
/ip firewall filter
add action=accept chain=input comment="Allow Estab & Related" connection-state=established,related
add action=accept chain=input comment="Allow VLAN" in-interface-list=VLAN
add action=accept chain=input comment="Allow Base_Vlan Full Access" in-interface=BASE_VLAN
add action=drop chain=input comment=Drop
add action=accept chain=forward comment="Allow Estab & Related" connection-state=established,related
add action=accept chain=forward comment="VLAN Internet Access only" connection-state=new in-interface-list=VLAN out-interface-list=WAN
add action=drop chain=forward comment=Drop
/ip firewall nat
add action=masquerade chain=srcnat comment="Default masquerade" out-interface-list=WAN
/system identity
set name=HomeCCR