Is the following VLAN / WIFI setup possible?
If you installed RouterOS just now, and don't know where to start - ask here!

6 posts   •   Page 1 of 1
User avatar
harvey
newbie
 
Posts: 30
Joined: Thu Apr 05, 2012 8:16 pm

Is the following VLAN / WIFI setup possible?

by harvey » Mon Jul 15, 2013 11:47 am

I have an 493G with a wireless card in it, I also have a cisco small business switch capable of handling VLAN's.

Is it possible to have 2 vlans (potentially more in the future), then have two vaps's linked to the vlans, then specify specific ports on the 493g to be associated specific vlans and communicate with other devices on the same vlan. Then connect a cisco switch to a port and create a vlan trunk and have specific ports on the switch to be tagged / untagged access to the vlans's.

I have made several attempts to set up this kind of configuration with varying luck. I just want to make sure it's possible before I spend too much time on it.

Does anybody have any links to pages that may help or config overview to point me in the right direction.

I have attached a rough sketch of that I mean.

2013-07-15 09.32.19.jpg
2013-07-15 09.32.19.jpg (1.64 MiB) Viewed 1011 times

Boardsurfer
just joined
 
Posts: 11
Joined: Sat Jun 22, 2013 12:18 am

Re: Is the following VLAN / WIFI setup possible?

by Boardsurfer » Mon Jul 15, 2013 9:29 pm

This is doable, yes. If you need wire-speed between the ports on each VLAN you'll have to use the 493G's switch chip, which is a little bit more work to set up. Otherwise you can just set up regular VLANs on the trunk port and bridge the access ports and VAPs with the appropriate VLANs.

Regular VLANs are explained in this wiki article: http://wiki.mikrotik.com/wiki/Manual:Interface/VLAN
VLANs with the switch chip is explained at the end of this wiki article: http://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features

Let me know if you need more help or want explanations for setting up the switch chip with VLANs. I can show you the exact CLI commands I used for a similar setup on my own 493G.

User avatar
harvey
newbie
 
Posts: 30
Joined: Thu Apr 05, 2012 8:16 pm

Re: Is the following VLAN / WIFI setup possible?

by harvey » Mon Jul 15, 2013 9:46 pm

Boardsurfer wrote:This is doable, yes. If you need wire-speed between the ports on each VLAN you'll have to use the 493G's switch chip, which is a little bit more work to set up. Otherwise you can just set up regular VLANs on the trunk port and bridge the access ports and VAPs with the appropriate VLANs.

Regular VLANs are explained in this wiki article: http://wiki.mikrotik.com/wiki/Manual:Interface/VLAN
VLANs with the switch chip is explained at the end of this wiki article: http://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features

Let me know if you need more help or want explanations for setting up the switch chip with VLANs. I can show you the exact CLI commands I used for a similar setup on my own 493G.


Absolutely any examples would be really appreciated!!!!

Thanks for your time.

Boardsurfer
just joined
 
Posts: 11
Joined: Sat Jun 22, 2013 12:18 am

Re: Is the following VLAN / WIFI setup possible?

by Boardsurfer » Mon Jul 15, 2013 11:03 pm

Alright, here's my example setup:

* The example will use ether2-ether5 on a RouterBoard 493G
* ether5 will be the trunk port, connected to a VLAN-aware switch
* ether2 and ether3 will be access ports for VLAN10, ether4 will be the single access port for VLAN12
* The RouterBoard has one WLAN card, named wlan1 by default in the wireless interface list
* There will be two VLANs, VLAN10 for guest access and VLAN12 for employee access
* There will be two VAPs/ESSIDs, example-guests (egresses on VLAN10) and example-employees (egresses on VLAN12)
* The RouterBoard is running RouterOS v6.1 and is assumed to be in factory reset condition

I will show CLI commands because it's easier (and less typing) than trying to explain what to click and enter in the GUI. Check the GUI settings before and after you run the commands to see what changes.

Code: Select all
# First we create VLAN interfaces on ether5 for VLAN10 and VLAN12. Each VLAN interface will accept and transmit tagged frames.
[admin@MikroTik] > /interface vlan
[admin@MikroTik] /interface vlan> add interface=ether5 vlan-id=10 name=vlan10-guests
[admin@MikroTik] /interface vlan> add interface=ether5 vlan-id=12 name=vlan12-employees

# This step creates security profiles for the wireless interfaces, which is neccessary to use WPA/WPA2. You can skip it and use the default profile if you don't need encryption.
[admin@MikroTik] /interface wireless security-profiles
[admin@MikroTik] /interface wireless security-profiles> add name=profile-guests authentication-types=wpa2-psk wpa2-pre-shared-key=guestpass mode=dynamic-keys
[admin@MikroTik] /interface wireless security-profiles> add name=profile-employees authentication-types=wpa2-psk wpa2-pre-shared-key=employeepass mode=dynamic-keys

# After setting up the security profiles (or skipping that step) we configure and enable the VAPs. Note that I'm just renaming and using the actual wireless card (wlan1) instead of adding two VAPs. I'm using 802.11 on the 2.4GHz band, but you can of course use whatever your WLAN card and clients support.
[admin@MikroTik] /interface wireless
[admin@MikroTik] /interface wireless> set wlan1 band=2ghz-b/g/n
[admin@MikroTik] /interface wireless> set wlan1 name=vap-employees mode=ap-bridge ssid=example-employees frequency=2437 wireless-protocol=802.11 security-profile=profile-employees
[admin@MikroTik] /interface wireless> add name=vap-guests master-interface=vap-employees ssid=example-guests mode=ap-bridge security-profile=profile-guests
[admin@MikroTik] /interface wireless> enable vap-guests,vap-employees

# Finally we bridge the VLAN interfaces, trunk ports and VAPs.
[admin@MikroTik] /interface bridge port
[admin@MikroTik] /interface bridge port> add bridge=bridge-vlan10 interface=ether2               
[admin@MikroTik] /interface bridge port> add bridge=bridge-vlan10 interface=ether3
[admin@MikroTik] /interface bridge port> add bridge=bridge-vlan10 interface=vap-guests
[admin@MikroTik] /interface bridge port> add bridge=bridge-vlan10 interface=vlan10-guests

[admin@MikroTik] /interface bridge port> add bridge=bridge-vlan12 interface=ether4
[admin@MikroTik] /interface bridge port> add bridge=bridge-vlan12 interface=vap-employees
[admin@MikroTik] /interface bridge port> add bridge=bridge-vlan12 interface=vlan12-employees


If it doesn't work I might have typoed something, just let me know and I'll double-check the commands.

User avatar
harvey
newbie
 
Posts: 30
Joined: Thu Apr 05, 2012 8:16 pm

Re: Is the following VLAN / WIFI setup possible?

by harvey » Mon Jul 15, 2013 11:18 pm

That's fantastic. I'll try to implement that in the next day or so. Can you confirm which interface you assign ip addresses and DHCP pools to? Is it the vlan interface?

Boardsurfer
just joined
 
Posts: 11
Joined: Sat Jun 22, 2013 12:18 am

Re: Is the following VLAN / WIFI setup possible?

by Boardsurfer » Mon Jul 15, 2013 11:43 pm

harvey wrote:That's fantastic. I'll try to implement that in the next day or so. Can you confirm which interface you assign ip addresses and DHCP pools to? Is it the vlan interface?


Yes, I think the VLAN interfaces make most sense in this case. You could really use any interface that has been added to the bridge (I think so at least), but by using the VLAN interfaces you show which network segment the IP addresses and DHCP pools are meant for.

6 posts   •   Page 1 of 1

Who is online

Users browsing this forum: No registered users and 17 guests

It is currently Fri Dec 19, 2014 12:21 pm