Community discussions

MikroTik App
 
kiloohm83
just joined
Topic Author
Posts: 2
Joined: Thu May 18, 2023 10:38 pm

VLAN, Bridge and DHCP

Thu May 18, 2023 10:48 pm

Hello community,

I'm just getting started with Microtik, have been trying to migrate my network from Unifi over and it the transition is much harder than I expected. Never had an issue with Cisco or Juniper gear before but these product use completely different syntax and structure. I'm committed to learn and I've done some research, following examples but always stumble back.

At this point, I'm trying to setup the core of my network. Once I have this framework, I should be able to slowly stitch services but at the moment, I'm really at step 2 (I guess step 1 was configure enough to be able to reach this box remotely).

I have 3 devices:
- CCR2216 as a core router
- 2 switches (CRS354 and CRS326) connected to the CCR2216

I will have a trunk port (vlan 100, 101, 102, 103 and 108) from the CCR2216 to the 2 switches.
I'm running a DHCP server on the CCR2216 for each VLANs except 108.
HUS-DEN-Layout.png
I created 2 test interfaces (sfp28-6 and sfp28-7) on the CCR2216 where I'm trying to get an IP via DHCP and this is where I am stuck, it doesn't work. I actually tried setting a static IP as well on these PCs and can't send/receive traffic. I get no arp response from the gateway. I guess my VLAN filtering is incorrect but I tried my best to follow the examples from https://help.mikrotik.com/docs/display/ ... NFiltering.

Below is my current config (I removed a few irrelevant sections)
# may/18/2023 14:33:29 by RouterOS 7.8
# software id = 4950-GF0P
#
# model = CCR2216-1G-12XS-2XQ
# serial number = HD808DPWAR9

/interface bridge
add fast-forward=no frame-types=admit-only-vlan-tagged name=br-bsod protocol-mode=none vlan-filtering=yes
add name=loopback0
add comment="Vlan Switch Bridge" ingress-filtering=no name=switchbridge1 vlan-filtering=yes

/interface vlan
add comment=HUS-DEN-Wired-LAN interface=switchbridge1 name=swbr1v100 vlan-id=100
add comment=HUS-DEN-Wireless-LAN interface=switchbridge1 name=swbr1v101 vlan-id=101
add comment=HUS-DEN-VoIP-LAN interface=switchbridge1 name=swbr1v102 vlan-id=102
add comment=HUS-DEN-Guest-LAN interface=switchbridge1 name=swbr1v103 vlan-id=103
add comment=HUS-DEN-NetTools interface=switchbridge1 name=swbr1v108 vlan-id=108

/ip pool
add name=dhcp_poolv100 ranges=172.19.0.51-172.19.0.199
add name=dhcp_poolv101 ranges=172.19.1.51-172.19.1.199
add name=dhcp_poolv102 ranges=172.19.2.51-172.19.2.199
add name=dhcp_poolv103 ranges=172.19.3.51-172.19.3.199

/ip dhcp-server
add address-pool=dhcp_poolv100 interface=swbr1v100 lease-time=12h name=dhcpv100
add address-pool=dhcp_poolv101 interface=swbr1v101 lease-time=12h name=dhcpv101
add address-pool=dhcp_poolv102 interface=swbr1v102 lease-time=12h name=dhcpv102
add address-pool=dhcp_poolv103 interface=swbr1v103 lease-time=1h name=dhcpv103

/interface bridge port
add bridge=switchbridge1 comment="Test LAN Port - untagged V100" interface=sfp28-6 pvid=100
add bridge=switchbridge1 comment="Test LAN Port - untagged V100" interface=sfp28-7 pvid=100
add bridge=switchbridge1 comment="Trunk Port Tagged V100,101,102,103,108" interface=qsfp28-1-1
add bridge=switchbridge1 comment="Trunk Port Tagged V100,101,102,103,108" interface=qsfp28-1-2

/interface bridge vlan
add bridge=switchbridge1 comment=HUS-DEN-Wired-LAN tagged=qsfp28-1-1,qsfp28-1-2 untagged=sfp28-6,sfp28-7 vlan-ids=100
add bridge=switchbridge1 comment=HUS-DEN-Wireless-LAN tagged=qsfp28-1-1,qsfp28-1-2 vlan-ids=101
add bridge=switchbridge1 comment=HUS-DEN-VoIP-LAN tagged=qsfp28-1-1,qsfp28-1-2 vlan-ids=102
add bridge=switchbridge1 comment=HUS-DEN-Guest-LAN tagged=qsfp28-1-1,qsfp28-1-2 vlan-ids=103
add bridge=switchbridge1 comment=HUS-DEN-NetTools tagged=qsfp28-1-1,qsfp28-1-2 vlan-ids=108

/ip address
add address=192.168.88.1/24 comment=defconf interface=ether1 network=192.168.88.0
add address=172.19.125.2 interface=loopback0 network=172.19.125.2
add address=172.19.0.1/24 interface=swbr1v100 network=172.19.0.0
add address=172.19.1.1/24 interface=swbr1v101 network=172.19.1.0
add address=172.19.2.1/24 interface=swbr1v102 network=172.19.2.0
add address=172.19.3.1/24 interface=swbr1v103 network=172.19.3.0
add address=172.19.8.1/24 interface=swbr1v108 network=172.19.8.0

/ip dhcp-server network
add address=172.19.0.0/24 dns-server=172.19.124.1 domain=den.hitrontools.com gateway=172.19.0.1 netmask=24
add address=172.19.1.0/24 dns-server=172.19.124.1 domain=den.hitrontools.com gateway=172.19.1.1 netmask=24
add address=172.19.2.0/24 dns-server=172.19.124.1 domain=den.hitrontools.com gateway=172.19.2.1 netmask=24
add address=172.19.3.0/24 dns-server=172.19.124.1 domain=den.hitrontools.com gateway=172.19.3.1 netmask=24
Any pointers on what I did wrong?
You do not have the required permissions to view the files attached to this post.
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 2865
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: VLAN, Bridge and DHCP

Fri May 19, 2023 8:40 pm

 
kiloohm83
just joined
Topic Author
Posts: 2
Joined: Thu May 18, 2023 10:38 pm

Re: VLAN, Bridge and DHCP  [SOLVED]

Fri May 19, 2023 9:22 pm

This is the part that I missed
# L3 switching so Bridge must be a tagged member
/interface bridge vlan
add bridge=BR1 tagged=BR1 vlan-ids=10
add bridge=BR1 tagged=BR1 vlan-ids=20
add bridge=BR1 tagged=BR1 vlan-ids=99
Once I added that (modified of course for my config), it started working. This wasn't part of the examples I was following including in the documentation at https://help.mikrotik.com/docs/display/ ... NFiltering
 
User avatar
Buckeye
Forum Veteran
Forum Veteran
Posts: 887
Joined: Tue Sep 11, 2018 2:03 am
Location: Ohio, USA

Re: VLAN, Bridge and DHCP

Fri May 19, 2023 9:31 pm

I see you already figured it out while I was creating this. But you may still find it useful if you want to understand why, instead of just finding something that works.

You need to create "connections" from the switch ASIC to the CPU.

My guess is that you currently have Layer 2 connectivity on vlan 100, but there is no connection to the CPU/Routing Engine/services (like DHCP)

You need to add the switchbridge1 as a tagged member of the CPU to Switch ASIC "internal trunk". Add it should include the parts in blue

/interface bridge vlan
add bridge=switchbridge1 comment=HUS-DEN-Wired-LAN tagged=switchbridge1,qsfp28-1-1,qsfp28-1-2 untagged=sfp28-6,sfp28-7 vlan-ids=100
add bridge=switchbridge1 comment=HUS-DEN-Wireless-LAN tagged=switchbridge1,qsfp28-1-1,qsfp28-1-2 vlan-ids=101
add bridge=switchbridge1 comment=HUS-DEN-VoIP-LAN tagged=switchbridge1,qsfp28-1-1,qsfp28-1-2 vlan-ids=102
add bridge=switchbridge1 comment=HUS-DEN-Guest-LAN tagged=switchbridge1,qsfp28-1-1,qsfp28-1-2 vlan-ids=103
add bridge=switchbridge1 comment=HUS-DEN-NetTools tagged=switchbridge1,qsfp28-1-1,qsfp28-1-2 vlan-ids=108

Here are some other links to see

@anav's beginner's configuration guide (see section C) viewtopic.php?p=906567

The first link is the one I found more useful than the "cookbook" that the previous post link, if you want to really understand instead of see an example with little explaination.

After you read RouterOS bridge mysteries explained, you can see my additions to what @sindy wrote in the two post starting here.
 
User avatar
Buckeye
Forum Veteran
Forum Veteran
Posts: 887
Joined: Tue Sep 11, 2018 2:03 am
Location: Ohio, USA

Re: VLAN, Bridge and DHCP

Fri May 19, 2023 9:56 pm

...This wasn't part of the examples I was following including in the documentation at https://help.mikrotik.com/docs/display/ ... NFiltering
The examples are showing how to configure the L2 parts. Here's the example that does have the bridge included, (but I think the graphic is not as good as it could be, as it doesn't explain where the routing is taking place.

VLAN Example - InterVLAN Routing by Bridge

Who is online

Users browsing this forum: gigabyte091 and 40 guests