Thanks! I realised my mistakes meanwhile I was reading your message!. below is the updated configuration (also for Internet Discovery and neightbours). the subnet .88 I am not sure to keep, maybe only for "mgmn" purposes (over all devices).The first config, you have all the vlans assigned to vlan2, and thus your bridge ports should NOT include ether2 ???
Typically following this excellent article: viewtopic.php?t=143620
The idea is one bridge, and all vlans associated to the bridge, and thus either remove bridge port 2 ( easiest fix ) or
add all the vlans to the bridge, and make the .88 subnet a vlan...........
Set detect internet to none, its not useful in this scenario and could cause issues.
Set neighbours discovery to LAN, not all.
I have only one question, as you see looks like the DHCP can't work on a "slave" interface, this means that i can't allocate my IP over the respective VLAN ID... how to fix this?
Code:
# 2024-02-06 20:30:55 by RouterOS 7.13.3# software id = JFZQ-1JBT## model = RB960PGS# serial number = HFA098RB8ZH/interface bridgeadd admin-mac=78:9A:18:A4:7D:F4 auto-mac=no name=bridge/interface vlanadd interface=ether2 name=gst_vlan200 vlan-id=200add interface=ether2 name=iot_vlan30 vlan-id=30add interface=ether2 name=mmx_vlan20 vlan-id=20add interface=ether2 name=net_vlan10 vlan-id=10add interface=ether2 name=vit_vlan40 vlan-id=40/interface listadd name=WANadd name=LANadd name=IT_LAN/ip pooladd name=mgm_pool ranges=192.168.88.10-192.168.88.254add name=vit_pool ranges=192.168.40.20-192.168.40.254add name=gst_pool ranges=192.168.200.20-192.168.200.254add name=net_pool ranges=192.168.10.20-192.168.10.254add name=mmx_pool ranges=192.168.20.20-192.168.20.254add name=iot_pool ranges=192.168.30.20-192.168.30.254/ip dhcp-serveradd address-pool=mgm_pool interface=bridge lease-time=1w1d name=main_dhcp# DHCP server can not run on slave interface!add address-pool=gst_pool interface=gst_vlan200 lease-time=5m name=gst_dhcp# DHCP server can not run on slave interface!add address-pool=net_pool interface=net_vlan10 lease-time=1d name=net_dhcp# DHCP server can not run on slave interface!add address-pool=mmx_pool interface=mmx_vlan20 lease-time=1d name=mmx_dhcp# DHCP server can not run on slave interface!add address-pool=iot_pool interface=iot_vlan30 lease-time=2d name=iot_dhcpadd address-pool=vit_pool interface=vit_vlan40 name=vit_dhcp/ip vrfadd interfaces=IT_LAN name=it_vrf/interface bridge portadd bridge=bridge interface=ether3add bridge=bridge interface=ether4add bridge=bridge interface=ether5add bridge=bridge interface=sfp1add bridge=bridge frame-types=admit-only-vlan-tagged interface=iot_vlan30 pvid=\ 30add bridge=bridge frame-types=admit-only-vlan-tagged interface=mmx_vlan20 pvid=\ 20add bridge=bridge frame-types=admit-only-vlan-tagged interface=net_vlan10 pvid=\ 10add bridge=bridge frame-types=admit-only-vlan-tagged interface=gst_vlan200 \ pvid=200/ip neighbor discovery-settingsset discover-interface-list=LAN/interface bridge vlanadd bridge=bridge tagged=iot_vlan30 vlan-ids=30add bridge=bridge tagged=mmx_vlan20 vlan-ids=20add bridge=bridge tagged=net_vlan10 vlan-ids=10add bridge=bridge tagged=gst_vlan200 vlan-ids=200/interface list memberadd interface=bridge list=LANadd interface=pppoe-out1 list=WANadd interface=vit_vlan40 list=IT_LANadd interface=IT_wireguard list=IT_LAN/ip addressadd address=192.168.88.1/24 interface=bridge network=192.168.88.0add address=192.168.200.1/24 interface=gst_vlan200 network=192.168.200.0add address=192.168.10.1/24 interface=net_vlan10 network=192.168.10.0add address=192.168.20.1/24 interface=mmx_vlan20 network=192.168.20.0add address=192.168.30.1/24 interface=iot_vlan30 network=192.168.30.0add address=192.168.40.1/24 interface=vit_vlan40 network=192.168.40.0add address=10.2.0.2 interface=IT_wireguard network=10.2.0.0/ip dhcp-server networkadd address=192.168.10.0/24 dns-server=192.168.10.1 gateway=192.168.10.1add address=192.168.20.0/24 dns-server=192.168.20.1 gateway=192.168.20.1add address=192.168.30.0/24 dns-server=192.168.30.1 gateway=192.168.30.1add address=192.168.40.0/24 dns-server=10.2.0.1,192.168.40.1 gateway=\ 192.168.40.1add address=192.168.41.0/24 dns-server=10.2.0.1,192.168.41.1 gateway=\ 192.168.41.1add address=192.168.88.0/24 dns-server=192.168.88.1 gateway=192.168.88.1add address=192.168.200.0/24 dns-server=192.168.200.1 gateway=192.168.200.1/system identityset name=GW00-TBUKThe purpose is that only the VLAN 40 will connect/tunnel over Wireguard which is configured with a VPN provider for Italy geolocation.Since the wireguard connection is client for handshake..........
What is the purpose for this router and wireguard....... to connect to another MT router over wireguard??
or to a third party VPN provider, if the latter, then suggest the wireguard interface should be part of the WAN interface list.
All the other WireGuard and all the VLAN will go directly via PPPoE (PPPoE will connect to the ISP router via ether1).
yeah, I'm using like as AP, probably not at full potential. In future, I might have more AP, which means that the GW will serve multiple AP with all the VLANsIt would appear from the diagram you simply need the other MT to act solely as an AP switch.
Suggest you also use one bridge
The only interface list item needed is lets say MGMT.
I'm using only one bridge, the other one is disabled... and I will delete it. I will add as well the MGMT, i got the meaning.
I don't get this... can you explain with some examples?The only vlan requiring identification is the vlan where the AP gets its IP from ( trusted subnet ).
This is the only vlan requiring tagging on the bridge itself, the rest just flow in from ether1 to whatever lan port or wlan port they need to go out of.
Will do, got the meaning.If you do have a spare port on the AP, setup an ip address just for that port, OFF the bridge so the AP is accessible independently during configuration.
Statistics: Posted by thebox — Tue Feb 06, 2024 11:01 pm