I'm currently having some problems configuring the VLAN in our network.
Description: get the VOIP phones in to the VLAN2 with the MikroTik RouterBoard HAP. VPN configuration is on this device for the SIP server, so this is required in the network setup.
Mikrotik setup:
ether1 <- in
ether2 <- VLAN2
ether3 <- admin
ether4 <- not used
ether5 <- not used
wlan <- enabled
I've no experience in networking, more basic-level stuff. The Mikrotik is an advanced type, a lot of feautures and settings.
Creating a VLAN in the Mikrotik is done by adding a bridge, interface, ip pool, addresses etc.. I've found several setups from others which I can relate to our setup, but still no working VLAN
I don't know what's going wrong here, I think some routing problems but I need some advise from you.
If I configure the IP phones with VLAN2 they don't get any DHCP, If I leave the VLAN option empty, they got DHCP from the 10.250.1.xxx pool.
The setup is:
add admin-mac=xxxxx auto-mac=no comment=defconf name=bridge
add fast-forward=no name=bridge-vlan2 protocol-mode=none
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce disabled=no distance=indoors frequency=auto mode=ap-bridge ssid=MikroTik-6E1E3F wireless-protocol=802.11
/interface vlan
add interface=ether2 name=VLAN2 vlan-id=2
/interface ethernet switch port
set 1 default-vlan-id=2 vlan-mode=fallback
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=xxxxxx wpa2-pre-shared-key=xxxxx
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
add name=dhcp ranges=10.250.2.100-10.250.2.250
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge name=defconf
add address-pool=dhcp disabled=no interface=bridge-vlan2 name=dhcp-vlan2
/interface pptp-client
add connect-to=xxxxx disabled=no name=pptp-voip password=xxxxx profile=default user=xxxxx
/interface bridge port
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge-vlan2 interface=VLAN2 pvid=2
add bridge=bridge-vlan2 interface=ether2 pvid=2
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface ethernet switch vlan
add disabled=yes ports=ether2 switch=switch1 vlan-id=2
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=192.168.88.0
add address=10.250.2.100/24 interface=ether2 network=10.250.2.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=ether1
/ip dhcp-server network
add address=10.250.2.0/24 comment=VLAN2 gateway=10.250.2.1
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=10.250.2.100 name=router.lan
/ip firewall address-list
add address=172.16.4.5 list=remote
add address=185.29.200.70 list=remote
/ip firewall filter
add action=accept chain=input src-address-list=remote
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat out-interface=pptp-voip
/ip route
add disabled=yes distance=1 gateway=pptp-voip routing-mark=voip
/ip route rule
add action=lookup-only-in-table dst-address=91.205.215.67/32 table=voip
add action=lookup-only-in-table dst-address=185.29.200.70/32 table=voip
add action=lookup-only-in-table dst-address=172.16.4.5/32 table=voip
/system clock
set time-zone-name=Europe/Amsterdam
/system routerboard settings
set silent-boot=no
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
Best Answer
I think it's because
/ip address add address=10.250.2.100/24 interface=ether2 network=10.250.2.0Try to useinterface=bridge-vlan2