Community discussions

MikroTik App
 
manolis940
just joined
Topic Author
Posts: 9
Joined: Sat May 06, 2023 6:42 pm

Access Point route to Different DHCP Server according to wifi Interface

Sat May 06, 2023 7:38 pm

So I try to create a network were I have a main router and 2 Access Points. In this network connected many devices like NVRs NAS Servers, some smart devices like Xiaomi Mop P Vaccum and of course give access to my clients.
So in my thinking in order to prevent the clients and smart devices access my private network I want to put them in separates networks and in separates DHCP Servers. I setup up this on my main router by adding 2 more Wireless virtual interfaces in separate bridges from each other and my personal network and 2 more DHCP servers. All work fine for main router but I don't know how to route a new connection to correct DHCP Server according the Wireless Interface. First of all is this possible? Any hint?

Network Schema

P.S. Its my first question sorry if I don't give any important information.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Access Point route to Different DHCP Server according to wifi Interface

Sun May 07, 2023 4:33 am

One bridge many vlans........... Done.
 
manolis940
just joined
Topic Author
Posts: 9
Joined: Sat May 06, 2023 6:42 pm

Re: Access Point route to Different DHCP Server according to wifi Interface

Mon May 08, 2023 3:01 pm

One bridge many vlans........... Done.
Thank you for answering anav. Sorry this is not so obvious for me. Don't I need DHCP relay on APs ?
What I did until now

On main router RT2

Create the VLANs and different bridges for etch one.
If I create one bridge isn't this end up to communicate to each other? I don't exactly want this. I want guest and smart devices communicate with Internet only.
/interface bridge
add admin-mac=DC:2C:6E:5E:71:07 auto-mac=no comment=defconf name=bridge
add name=bridge-guest
add comment="smart devices bridge" name=bridge-sd

/interface vlan
add comment="guest vlan" interface=ether2 name=vlan1 vlan-id=1
add comment="Smart Devices VLAN" interface=ether2 name=vlan2 vlan-id=2

/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge-guest interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
add bridge=bridge-guest interface=vlan1
add bridge=bridge-sd interface=vlan2
Give different IP to each bridge
/ip address
add address=10.10.0.1/16 interface=bridge network=10.10.0.0
add address=192.168.1.2/29 comment=WAN interface=ether1 network=192.168.1.0
add address=10.1.0.1/16 interface=bridge-guest network=10.1.0.0
add address=10.2.0.1/16 interface=bridge-sd network=10.2.0.0
Add the DHCP Servers
/ip dhcp-server
add address-pool=10.10.0.2-254 disabled=no interface=bridge lease-time=1h name=local
add address-pool=10.1.0.2-254 disabled=no interface=bridge-guest name=guest
add address-pool=10.2.0.2-254 disabled=no interface=bridge-sd lease-time=1d name="smart devces"
/ip dhcp-server network
add address=10.1.0.0/16 dns-server=8.8.8.8,192.168.1.1 gateway=10.1.0.1
add address=10.2.0.0/16 dns-server=8.8.8.8,192.168.1.1 gateway=10.2.0.1
add address=10.10.0.0/24 dns-server=8.8.8.8,192.168.1.1 gateway=10.10.0.1
Setup the wireless
In the area of my main router(RT2) I don't need to connect smart devices so I let 2.4Ghz for guests and 5GHz for private network.
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX disabled=no distance=indoors frequency=auto installation=indoor mode=ap-bridge security-profile=profile-guest ssid=guest wireless-protocol=802.11 wps-mode=disabled
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-XXXX disabled=no distance=indoors frequency=auto installation=indoor mode=ap-bridge security-profile=profile-private ssid=pv wireless-protocol=802.11 wps-mode=disabled

Access Points AP1 and AP2
Just starting from AP1. I will setup AP2 with export when AP1 work fine.
VLAN and bridges
/interface bridge
add admin-mac=DC:2C:6E:E4:DE:D7 auto-mac=no comment=defconf name=bridge

/interface bridge port
add bridge=bridge comment=defconf interface=pwr-line1
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge interface=ether1
Setup the wireless
Use main wirless interface for my pv network and create 2 virtual for guest and smart devices. I am willing to create a wifi mesh but now for testing purposes add some numbers.
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX country=greece disabled=no distance=indoors frequency=auto installation=indoor mode=ap-bridge security-profile=profile-private ssid=pv1 wireless-protocol=802.11 wps-mode=disabled
add disabled=no keepalive-frames=disabled mac-address=DE:2C:6E:E4:DE:D8 master-interface=wlan1 multicast-buffering=disabled name=wlan2 security-profile=profile-guest ssid=guest1 wds-cost-range=0 wds-default-cost=0 wps-mode=disabled
add disabled=no keepalive-frames=disabled mac-address=DE:2C:6E:E4:DE:D9 master-interface=wlan1 multicast-buffering=disabled name=wlan3 security-profile=profile-sd ssid=sd wds-cost-range=0 wds-default-cost=0 wps-mode=disabled

Create a DHCP client for AP
I prefer to lease IP of every device on main router so for easy config
/ip dhcp-client
add comment=defconf disabled=no interface=bridge
DHCP Relays
I am not sure that I have understand completely the Relays role. I use them in order to route the traffic to correct DHCP according to wireless interface.
/ip dhcp-relay
add dhcp-server=10.1.0.1 disabled=no interface=wlan2 name="guest DHCP relay"
add dhcp-server=10.2.0.1 disabled=no interface=wlan3 name="sd DHCP relay"
add dhcp-server=10.10.0.1 disabled=no interface=wlan1 name="private DHCP relay"

Testing DHCP
Using my phone trying to test DHCP and the results are bellow
  • RT2 - pv CHECK
    RT2 - guest CHECK
    AP1 - pv CHECK
    AP1 - guest FAIL(Obdaining IP Adress)
    AP1 - sd FAIL(Obdaining IP Adress)
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11383
Joined: Thu Mar 03, 2016 10:23 pm

Re: Access Point route to Different DHCP Server according to wifi Interface

Mon May 08, 2023 3:30 pm

Sorry to disappoint you, but L2 (and parts of L3) is wrong. If you do it right, then no DHCP relays will be needed.

As @anav mentioned: the key is single bridge and multiple VLANs. And this means also APs (and router-AP interconnects).

I'm sure @anav will come back with some configuration code, meanwhile you can read this tutorial on VLANs, it covers various use cases so I guess your's will be there some way or another as well.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Access Point route to Different DHCP Server according to wifi Interface

Mon May 08, 2023 4:32 pm

Sorry to disappoint MKX, you didnt send me that bottle I was asking for, so no favours, plus I went the Holvoe school of demanding more effort from OPs and less silver spooning!

As per the link one bridge the rest vlans, bridge does NO dhcp, and dont use vlan1 its already in use by the bridge in the background.

vlan10 - Trusted vlan 10.10.0.0/24
vlan20 - guest vlan 10.1.0.0/24
vlan30 - smart devices 10.2.0.0/24

Now attempt the config and then post back.
 
manolis940
just joined
Topic Author
Posts: 9
Joined: Sat May 06, 2023 6:42 pm

Re: Access Point route to Different DHCP Server according to wifi Interface

Mon May 08, 2023 10:32 pm

Sorry to disappoint you, but L2 (and parts of L3) is wrong. If you do it right, then no DHCP relays will be needed.

I'm sure @anav will come back with some configuration code, meanwhile you can read this tutorial on VLANs, it covers various use cases so I guess your's will be there some way or another as well.
There is no disappointment! If I don't need DHCP relay, it means the answer is simpler, and that means I have a lot to learn, which is actually the opposite of disappointment! :D
Thank you for the tutorial. I will start reading it now.
Sorry to disappoint MKX, you didnt send me that bottle I was asking for, so no favours, plus I went the Holvoe school of demanding more effort from OPs and less silver spooning!

As per the link one bridge the rest vlans, bridge does NO dhcp, and dont use vlan1 its already in use by the bridge in the background.

vlan10 - Trusted vlan 10.10.0.0/24
vlan20 - guest vlan 10.1.0.0/24
vlan30 - smart devices 10.2.0.0/24

Now attempt the config and then post back.
I posted for the purpose of gaining knowledge, rather than for the purpose of setting up something ready-to-use. Thank you for the hints and all the help. Before attempting the new configuration, I will read the tutorial above.
Before continiue I don't understand this prhase "As per the link one bridge". Is technical term? My English abandon me? I don't know.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Access Point route to Different DHCP Server according to wifi Interface

Tue May 09, 2023 12:01 am

no I meant to say as per the link to the article............... so nothing there,
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11383
Joined: Thu Mar 03, 2016 10:23 pm

Re: Access Point route to Different DHCP Server according to wifi Interface

Tue May 09, 2023 8:53 am

Thank you for the tutorial. I will start reading it now.

While you're in reading mode, you may want to read through description of different bridge personalities, it is amazing how many different things are layered on "bridge" thingie in ROS. Understanding it helps configuring VLANs properly.
 
manolis940
just joined
Topic Author
Posts: 9
Joined: Sat May 06, 2023 6:42 pm

Re: Access Point route to Different DHCP Server according to wifi Interface

Sat May 13, 2023 3:08 pm

After the reading I found out that I had completely wrong idea for what happens behind scenes and all I do above is completely wrong not only on set up perspective but also in the mindset behind creating VLANs. So in a toxic community they will do jokes on me so guys well done. You are above than perfect and thank you :)

So first of all I want to say an apologize for my network diagram. I simplified because of my wrong mindset so I let here a better look of it. If you can't see it right this a link to access it
Image

So now I think to create my managment VLAN and give different VLAN not only for guest or smart devices but also for every Floor. Although I have some questions and thoughts
  • As I see Office 2 has connection to with RT1 thought not Mikrotik equipement. This means that I can't create a separate VLAN for that space? Do I need to put at least a router on that space between BS-ANT 2 and BS-US 3?
  • Is wise to put the HVR 1 on Management VLAN so I have remote access on it or separate it from other network devices?
  • In VLAN guide the configuration files of router.rsc I don't what happens exactly on this lines[55-62].
# egress behavior
/interface bridge vlan

# Purple Trunk. These need IP Services (L3), so add Bridge as member
add bridge=BR1 tagged=BR1,ether2,ether3,ether4,ether5,ether6,ether7,sfp1 vlan-ids=10
add bridge=BR1 tagged=BR1,ether2,ether3,ether4,ether5,ether6,ether7,sfp1 vlan-ids=20
add bridge=BR1 tagged=BR1,ether2,ether3,ether4,ether5,ether6,ether7,sfp1 vlan-ids=30
add bridge=BR1 tagged=BR1,ether2,ether3,ether4,ether5,ether6,ether7,sfp1 vlan-ids=99
PS. What happens with that code snippets? What am I doing wrong. I do changes and fix them by mistake :P.
You do not have the required permissions to view the files attached to this post.
 
manolis940
just joined
Topic Author
Posts: 9
Joined: Sat May 06, 2023 6:42 pm

Re: Access Point route to Different DHCP Server according to wifi Interface

Mon May 15, 2023 10:12 pm

So thinking the above I did some small changes on network connection. So the BS-US 2 witch located on HOME connected now to RT1. Now I can use BS-US 1 only for OFFICE 1 devices.
Current network digram is this:
Image

Although I start by configuring the RT1 and AP1 connected them on BS-US 2 and almost nothing works as expected
RT1 is a RB952Ui-5ac2nD-TC
  • erth1=WAN
  • erth2= Trunk port
  • erth3=Office 1 Private Vlan
  • erth4= Managment-Private Vlan
  • erth5 = Nothing/Disabled
  • wlan1 & wlan2= Private & Management wireless interface, Virtual Interfaces for Guest and Office 1 Users of 2.4GHz and 5GHz
AP1 is a RBmAPL-2nD
  • erth1=Trunk
  • wlan1 = Private & Managment wireless Interfacse, Virtual interfaces for Guest, Home Users and Smart Devices at 2.4GHz
Image

According to my Expectations:
Works:
  • Connecting to RT1 erth4 getting IP address of BASE_POOL and I can manage from winbox both devices.
  • Connecting to AP1 wlan1 getting IP address of BASE_POOL and I can manage from winbox both devices.
Dont Work:
  • Connecting RT1 erth3 don't get IP address of OFFICE_1_POOL and I can manage from winbox both devices.
  • Connecting RT1 wlan1 or wlan2 don't get IP address of OFFICE_1_POOL and I can manage from winbox both devices.
  • Connecting AP1 wlan1 don't get IP address of BASE_POOL and I can't manage from winbox both devices.
  • Connecting on every Virtual Wireless interface of both AP1 and RT1 i don't get an IP Address
Configuration:
I want to say sorry but code tag makes my post a mess and I don't know why. So I give you the config to rsc form :(
RT1 config:
RT1.rsc
AP1 config:
AP1.rsc
You do not have the required permissions to view the files attached to this post.

Who is online

Users browsing this forum: No registered users and 41 guests