Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


Complete123

17 posts

Geek


#179445 8-Sep-2015 23:53
Send private message

My Mikrotik RB2011U finally arrived for a home network configuration and I thought I'd throw it in and get it going before I had to be away with me. Unfortunately for around 4 hours now I've had absolutely no luck getting it to run.

I've attempted this configuration I found in a post:

 

open winbox and connect to the router
files backup
system reset configuration
interfaces --> plus button --> add vlan to ether1 - set tag to 10
ip - dhcp client - choose the default entry, change the interface to listen on your vlan
ip - firewall - nat - change the default entry to nat your vlan interface not ether1
ip - firewall - filter rules - as above. change every entry that is filtering eth1 to filter your new vlan

done

 

 

 

And I've attempted this also:

 

http://www.geekzone.co.nz/forums.asp?forumid=66&topicid=161676

With this I went and configured the DHCP Client to connect to the VLAN10; however whenever I did this (removing the previous DHCP Client) it changed the settings under internet to 'static'.

I left the DHCP Client on Ethernet1 and added one to the VLAN10 to no avail either.

I've also tried bridging the connections using this guide;

http://www.geekzone.co.nz/sbiddle/8744

To no avail here either.


Is there anyone out there that has a Mikrotik Router running on Orcon UFB able to lend me a hand to figure out how/where exactly I am going wrong here. 

 

I purchased this router as a learning experience (sorely needed networking experience needed) but I've outright hit a wall and have no clue which direction to turn any longer. I'd love quite simply get it up and running just so I can back up the settings then poke at it to my hearts content.

The general idea is I want to plug it into ETH1 and have it either Bridged or NAT (whichever work) to the remaining ports so I can have the several other devices connected to the network. It seemed like a simple task .. 

 

 

 

Any assistance would be hugely appreciated.

 

 

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2 | 3
LennonNZ
2459 posts

Uber Geek

ID Verified
Trusted

  #1382127 9-Sep-2015 00:19
Send private message

It seems you are doing it correctly.


Add a VLAN on Ethernet 1
--------------------------------
Interfaces.. Add New.. VLAN.
Name : VLAN10
VLAN ID: 10
Interface: Ether1

Set up DHCP Client on the New VLAN
---------------------------------------------
IP .. DHCP Client.. Add New
Interface: VLAN10


It should be connected now.. and if you go into IP Addresses you should see an Assigned Address

Make sure you have a DHCP Server on bridge-local  and you should get an internal ip address (can't remember if by default if already set up)

Then set up . IP , Firewall, NAT.

Chain: SRCNAT, Out Interface (VLAN10), Action, Masquerade






sbiddle
30853 posts

Uber Geek

Retired Mod
Trusted
Biddle Corp
Lifetime subscriber

  #1382151 9-Sep-2015 06:19
Send private message

My guide is for using a Mikrotik solely for VLAN tagging. It's of no use or no relevance for your setup which is to use the Mikrotik as a router.



Complete123

17 posts

Geek


  #1382163 9-Sep-2015 07:30
Send private message

LennonNZ: It seems you are doing it correctly.


Add a VLAN on Ethernet 1
--------------------------------
Interfaces.. Add New.. VLAN.
Name : VLAN10
VLAN ID: 10
Interface: Ether1

Set up DHCP Client on the New VLAN
---------------------------------------------
IP .. DHCP Client.. Add New
Interface: VLAN10


It should be connected now.. and if you go into IP Addresses you should see an Assigned Address

Make sure you have a DHCP Server on bridge-local  and you should get an internal ip address (can't remember if by default if already set up)

Then set up . IP , Firewall, NAT.

Chain: SRCNAT, Out Interface (VLAN10), Action, Masquerade





Thanks Lennon, I'll have a tool around with it some more in a couple days when I get back. It's really got me scratching my head but I may have screwed up the NAT settings.

With the DHCP Client is it applied to the Eth port or directly to the VLAN10 only? When I apply it to VLAN10 and remove it from the ETH and go to Quick Setup it's configured to 'Static' with a 0.0.0.0 address. Which is really throwing me and I'm wondering if that's what I'm doing wrong.


sbiddle: My guide is for using a Mikrotik solely for VLAN tagging. It's of no use or no relevance for your setup which is to use the Mikrotik as a router.




I appreciate that; I used it for the information on Vlan and people inevitably will link it. It is an excellent post.





Ragnor
8222 posts

Uber Geek

Trusted

  #1385658 11-Sep-2015 13:42
Send private message

Complete123:

With the DHCP Client is it applied to the Eth port or directly to the VLAN10 only?



I think the interface for your dhcp client should be the vlan, so: lan/bridge >>  dhcp client >> vlan >> eth1

Complete123

17 posts

Geek


  #1387989 15-Sep-2015 16:59
Send private message

Ragnor:
Complete123:

With the DHCP Client is it applied to the Eth port or directly to the VLAN10 only?



I think the interface for your dhcp client should be the vlan, so: lan/bridge >>  dhcp client >> vlan >> eth1


Thanks Ragnor but the problem I have right now seems to be right at the start. Perhaps my understanding of the connection is wrong.

VLAN10 DHCP Client is what I need to connect to Orcon; so I create a VLAN10 connection in the RouterOS and attach it to the Ethernet1-Gateway.
By default it's created a bridge across the 2 switches Eth2-8 so I leave the bridge as is.
Create a DHCP-Client on EThernet1-Gateway (because if I don't it goes into static)
Create a DHCP-Client on VLAN10

At this point I'd expect to get a DHCP connection and IP. But when I check the connections, the ETH1 is 'Searching' and the Vlan10 is 'Requesting'. I never quite get a connection up. I can bridge the VLAN10 to the bridge and it should pass through all the traffic untagged. Which is what I want.

After this I can tinker with NAT and Bridging and everything but my problem is actually getting a connection to the Orcon network. It has rejected every attempt I've made to date. And I've read several pages on NAT and configuring VLAN10 routing all bridging etc. But for the life of me I can not get it to get an IP Address from the orcon connection.

There's plenty of great resources (like http://blog.butchevans.com/2010/02/to-tag-or-not-to-tag-that-is-the-question/ ) that give me everything I need to know AFTER I get a WAN connection. But I'll be DAMNED if I can figure out what I need to do to get the DHCP Client up and receiving packets. I'm clearly doing something wrong - I'm just not sure what.

nitrotech
1285 posts

Uber Geek


  #1388034 15-Sep-2015 17:26
Send private message

Complete123:
Ragnor:
Complete123:

With the DHCP Client is it applied to the Eth port or directly to the VLAN10 only?



I think the interface for your dhcp client should be the vlan, so: lan/bridge >>  dhcp client >> vlan >> eth1


Thanks Ragnor but the problem I have right now seems to be right at the start. Perhaps my understanding of the connection is wrong.

VLAN10 DHCP Client is what I need to connect to Orcon; so I create a VLAN10 connection in the RouterOS and attach it to the Ethernet1-Gateway.
By default it's created a bridge across the 2 switches Eth2-8 so I leave the bridge as is.
Create a DHCP-Client on EThernet1-Gateway (because if I don't it goes into static)
Create a DHCP-Client on VLAN10

At this point I'd expect to get a DHCP connection and IP. But when I check the connections, the ETH1 is 'Searching' and the Vlan10 is 'Requesting'. I never quite get a connection up. I can bridge the VLAN10 to the bridge and it should pass through all the traffic untagged. Which is what I want.

After this I can tinker with NAT and Bridging and everything but my problem is actually getting a connection to the Orcon network. It has rejected every attempt I've made to date. And I've read several pages on NAT and configuring VLAN10 routing all bridging etc. But for the life of me I can not get it to get an IP Address from the orcon connection.

There's plenty of great resources (like http://blog.butchevans.com/2010/02/to-tag-or-not-to-tag-that-is-the-question/ ) that give me everything I need to know AFTER I get a WAN connection. But I'll be DAMNED if I can figure out what I need to do to get the DHCP Client up and receiving packets. I'm clearly doing something wrong - I'm just not sure what.


I'm a bit confused by your config.

Firstly vlan10 shouldn't be in the bridge - vlan10 is part of your WAN not LAN

Don't put the DHCP client on eth1 it needs to be on vlan10 - think of the eth1 as just a vehicle vlan10 now becomes your wan interface - that means in the firewall you need to change the drop rule to vlan10 and also masquerade rule also needs to be vlan10 not eth1.

 

nitrotech
1285 posts

Uber Geek


  #1388041 15-Sep-2015 17:39
Send private message

There's more in this post - you can ignore the PPPoE stuff and replace that with DHCP client.

http://www.geekzone.co.nz/forums.asp?forumId=66&topicId=171257

If this is still no help I would suggest posting some screen shots of your config

 
 
 

Trade NZ and US shares and funds with Sharesies (affiliate link).
Complete123

17 posts

Geek


  #1388053 15-Sep-2015 17:43
Send private message

 
I'm a bit confused by your config.

Firstly vlan10 shouldn't be in the bridge - vlan10 is part of your WAN not LAN

Don't put the DHCP client on eth1 it needs to be on vlan10 - think of the eth1 as just a vehicle vlan10 now becomes your wan interface - that means in the firewall you need to change the drop rule to vlan10 and also masquerade rule also needs to be vlan10 not eth1.

 



Mmm; it's gotten to the point I've confused myself. I'm a systems engineer not a network engineer so lets do it this way:

interface vlan add name=OrconVlan vlan-id=10 interface=ether1-gateway disabled=no
ip dhcp-client add interface=OrconVlan disabled=no
ip dhcp-client disable 0 <-------- this disables ETH1 Client, the result below I deleted the ETH1 client DHCP (oops)
ip dhcp-client print detail

Flags: X - disabled, I - invalid
0 interface=OrconVlan add-default-route=yes default-route-distance=1
use-peer-dns=yes use-peer-ntp=yes dhcp-options=hostname,clientid
status=requesting... dhcp-server=60.234.8.54


This is the first part of my problem. What am I doing wrong here?


I took a few quick screenshots that will explain my dilemma better. Here is a screenshot of removing the DHCP client from ETH1 and ONLY adding it to VLAN10. I haven't changed the QUICKSET on this config as I just reset the router but I went through all my options. I also tried BRIDGE but that didn't help much either. To fix the STATIC problem (change it to Automatic) it applies a DHCP Client on Ethernet1 which gets stuck on 'searching' and VLAN10 goes to 'Requesting'.

Any help at this point woould be HUGELY appreciated; I'm always up for learning something new.


Vlan10


Vlan10 (2)


Ragnor
8222 posts

Uber Geek

Trusted

  #1388112 15-Sep-2015 19:31
Send private message

Does orcon still use DHCP option 82 on UFB? Wonder if it's something to do with that... but the ONT adds that iirc.

Complete123

17 posts

Geek


  #1388116 15-Sep-2015 19:41
Send private message

You've just stepped out of my comfort zone; not sure what Option 82 is (am reading about it now) but if you have any suggestions that'd be great. I just reconfigured the router with this config:

 

 

 

/system reset no-defaults=yes

/interface vlan add name=e10-v10-WAN interface=ether10 vlan-id=10 disabled=no
/interface bridge add name=br-lan
/interface ethernet set ether2,ether3,ether4,ether5 master-port=ether1
/interface ethernet set ether7,ether8,ether9 master-port=ether6
/interface bridge port add bridge=br-lan interface=ether1
/interface bridge port add bridge=br-lan interface=ether6
/interface bridge port add bridge=br-lan interface=wlan1
/ip dhcp-client add interface=e10-v10-WAN disabled=no
/ip address add address=192.168.1.1/24 interface=br-lan
/ip pool add name=lan ranges=192.168.1.100-192.168.1.254
/ip dhcp-server network add address=192.168.1.0/24 dns-server=8.8.8.8 gateway=192.168.1.1
/ip dhcp-server add address-pool=lan authoritative=yes disabled=no interface=br-lan lease-time=3d name=lan
/ip firewall nat add chain=srcnat action=masquerade src-address=192.168.1.0/24 out-interface=e10-v10-WAN

In a last ditch attempt to just get the connection up, but this gave me the same result. No IP Address. 

I'm likely moving house in a year; but this has really destroyed any option of going back to Orcon. I'm in a flat currently but I can say for certain that if I can't configure this I'll be looking at other providers. =(

Ragnor
8222 posts

Uber Geek

Trusted

  #1388117 15-Sep-2015 19:45
Send private message

Hmm now you trying are using port 10 as your wan?

Complete123

17 posts

Geek


  #1388119 15-Sep-2015 19:48
Send private message

Ragnor: Hmm now you trying are using port 10 as your wan?


Haha, yes I did in that configuration. It has a GB and 10/100 switch. I figured if I was going to reset the router and configure it from scratch I was going to move it off the GB switch to the 10/100 to open up a free port. Why do things in halves; I also thought 'MAYBE' it was a fault with the port (I'm clutching at straws now). 

Edit: I had every intention of configuring it like this (been doing a lot of reading and had some assistance understanding what goes where; I'm currently reading up on the firewall interfaces) but for the purpose of trying to get some help I simplified it down as much as possible to the crux of the problem. You two are both clearly experienced so I just dumped what I have. =)

RunningMan
8956 posts

Uber Geek


  #1388123 15-Sep-2015 19:56
Send private message

Can't offer much personally, but have you read this thread http://www.geekzone.co.nz/forums.asp?forumid=82&topicid=112729 ?

Ragnor
8222 posts

Uber Geek

Trusted

  #1388153 15-Sep-2015 20:04
Send private message

Complete123: You two are both clearly experienced so I just dumped what I have. =)


I setup a RB2011 for work but it was on Voyager using PPPoE instead of DHCP.

I think the problem is just minor mistakes in the commands you're using.

Also isn't port 10 the PoE output port on  the RB2011 series? you probably don't want to use that as your WAN port.


Ragnor
8222 posts

Uber Geek

Trusted

  #1388156 15-Sep-2015 20:12
Send private message

Here's where I think you need to be going (dhcp client on the vlan, no vlan in the bridge), example (port 1 for wan):

 

# vlan
/interface vlan add name=vlan1 vlan-id=10 interface=ether1
# dhcp client
/ip dhcp-client add interface=vlan1 disabled=no
# bridge
/interface bridge add name=bridge1
/interface bridge port add interface=ether2 bridge=bridge1
.. etc


 1 | 2 | 3
View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00


eero Pro 7 Review
Posted 23-Jul-2025 12:07


BeeStation Plus Review
Posted 21-Jul-2025 14:21


eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01


WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32


RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26


Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24


Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05


Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01


Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01


Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22


Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46


Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42


D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34


Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.