2 VLAN in mikrotik - 1 VLAN for mngmnt and 1 VLAN for WiFi

netazim · Tue Apr 17, 2012 2:24 pm

Hi everyone,

I'm still new to Mikrotik actually. I've experience in configuring cisco and hp networking (3com) switch and wireless controllers.. I choose mikrotik because of cheaper solution. From my reading, mikrotik has different concept than those 2 brands. I still dont understand the concept of bridging the vlan in mikrotik..

.. in other switches, just assign the port to the vlan.. Do mikrotik has trunk port? In cisco, its lighweight AP doesnt have to be in same VLAN with its wireless controller as long as they can join wireless controller using dhcp option 43 or DNS... By the way, i want to ask the question, i've already draw a diagram. Is this possible in mikrotik?

I actually, i dont tried it yet because i dont receive my rb750up.

netazim · Thu Apr 19, 2012 7:07 pm

Update from this topic, i've received my mikrotik. Before this, i tried to do intervlan routing in here and it is working. http://forum.mikrotik.com/viewtopic.php?f=2&t=61219

So, i'm moving forward to next step. Refer the diagram.

The only way i tried to get wireless users connected to the Internet is by using this config (Altai C1).

IP address configuration for AP

AP configuration

First SSID (VLAN1 - Altai Wireless Network)

Second SSID (VLAN2 - WiFi)

But, there is something wrong because when i tried to connect to SSID Altai Wireless Network (VLAN1), i get VLAN2 ip and i succesfully can surf the internet. I also can not ping the AP ip address (192.168.0.11) from user A (192.168.0.

When i tried to connect to SSID WiFi, i cant even get IP from my mikrotik and can not surf the internet.

If i enable native vlan tagging, i can't even get the both SSIDs working.

This is my config. I just tried and error. I dont know whether my config is right or not.

[admin@MikroTik] > /interface print detail
Flags: D - dynamic, X - disabled, R - running, S - slave
 0     name="ether1-gateway" type="ether" mtu=1500 l2mtu=1600

 1  R  name="ether2-master-local" type="ether" mtu=1500 l2mtu=1598
       max-l2mtu=2030

 2  R  name="ether3-slave-local" type="ether" mtu=1500 l2mtu=1598
       max-l2mtu=2030

 3  R  name="ether4-slave-local" type="ether" mtu=1500 l2mtu=1598
       max-l2mtu=2030

 4     name="ether5-slave-local" type="ether" mtu=1500 l2mtu=1598
       max-l2mtu=2030

 5  R  name="vlan1" type="vlan" mtu=1500 l2mtu=1594

 6  R  name="vlan2" type="vlan" mtu=1500 l2mtu=1594

 7  R  name="br-vlan1" type="bridge" mtu=1500 l2mtu=1594

 8  R  name="br-vlan2" type="bridge" mtu=1500 l2mtu=1594

 9  R  name="vlan1-e4" type="vlan" mtu=1500 l2mtu=1594

10     name="vlan1-e5" type="vlan" mtu=1500 l2mtu=1594

[admin@MikroTik] > /ip address print detail
Flags: X - disabled, I - invalid, D - dynamic
 0   address=192.168.0.1/24 network=192.168.0.0 interface=br-vlan1
     actual-interface=br-vlan1

 1   address=10.0.0.1/24 network=10.0.0.0 interface=br-vlan2
     actual-interface=br-vlan2

[admin@MikroTik] > /ip route print detail
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
 0 A S  dst-address=0.0.0.0/0 gateway=192.168.0.254
        gateway-status=192.168.0.254 reachable br-vlan1 distance=1 scope=30
        target-scope=10

 1 ADC  dst-address=10.0.0.0/24 pref-src=10.0.0.1 gateway=br-vlan2
        gateway-status=br-vlan2 reachable distance=0 scope=10

 2 ADC  dst-address=192.168.0.0/24 pref-src=192.168.0.1 gateway=br-vlan1
        gateway-status=br-vlan1 reachable distance=0 scope=10

[admin@MikroTik] > /interface print detail
Flags: D - dynamic, X - disabled, R - running, S - slave
 0     name="ether1-gateway" type="ether" mtu=1500 l2mtu=1600

 1  R  name="ether2-master-local" type="ether" mtu=1500 l2mtu=1598
       max-l2mtu=2030

 2  R  name="ether3-slave-local" type="ether" mtu=1500 l2mtu=1598
       max-l2mtu=2030

 3  R  name="ether4-slave-local" type="ether" mtu=1500 l2mtu=1598
       max-l2mtu=2030

 4     name="ether5-slave-local" type="ether" mtu=1500 l2mtu=1598
       max-l2mtu=2030

 5  R  name="vlan1" type="vlan" mtu=1500 l2mtu=1594

 6  R  name="vlan2" type="vlan" mtu=1500 l2mtu=1594

 7  R  name="br-vlan1" type="bridge" mtu=1500 l2mtu=1594

 8  R  name="br-vlan2" type="bridge" mtu=1500 l2mtu=1594

 9  R  name="vlan1-e4" type="vlan" mtu=1500 l2mtu=1594

10     name="vlan1-e5" type="vlan" mtu=1500 l2mtu=1594

[admin@MikroTik] > /interface vlan print
Flags: X - disabled, R - running, S - slave
 #    NAME                    MTU ARP        VLAN-ID INTERFACE
 0 R  vlan1                  1500 enabled          1 ether2-master-local
 1 R  vlan2                  1500 enabled          2 ether4-slave-local
 2 R  vlan1-e4               1500 enabled          1 ether4-slave-local
 3    vlan1-e5               1500 enabled          1 ether5-slave-local

[admin@MikroTik] > /ip firewall export
# jan/02/1970 16:28:05 by RouterOS 5.6
# software id = 1SD1-VBKI
#
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
    tcp-close-wait-timeout=10s tcp-established-timeout=1d \
    tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
    tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \
    tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=accept chain=input comment="default configuration" disabled=no \
    protocol=icmp
add action=accept chain=input comment="default configuration" \
    connection-state=established disabled=no
add action=accept chain=input comment="default configuration" \
    connection-state=related disabled=no
add action=drop chain=input comment="default configuration" disabled=yes \
    in-interface=ether1-gateway
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" disabled=\
    no out-interface=ether1-gateway
add action=masquerade chain=srcnat disabled=no src-address=10.0.0.0/24
add action=masquerade chain=srcnat disabled=no src-address=192.168.0.0/24
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061 sip-direct-media=yes
set pptp disabled=no

[admin@MikroTik] > /ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
 0   ;;; default configuration
     chain=srcnat action=masquerade out-interface=ether1-gateway

 1   chain=srcnat action=masquerade src-address=10.0.0.0/24

 2   chain=srcnat action=masquerade src-address=192.168.0.0/24

andyanthoine · Sun Jan 26, 2014 10:58 pm

Hi man, i m trying to configure something really close to your configuration, would you mind maybe sending me at andy.anthoine@gmail.com please?

Regards

Andy

2 VLAN in mikrotik - 1 VLAN for mngmnt and 1 VLAN for WiFi

2 VLAN in mikrotik - 1 VLAN for mngmnt and 1 VLAN for WiFi

Re: 2 VLAN in mikrotik - 1 VLAN for mngmnt and 1 VLAN for Wi

Re: 2 VLAN in mikrotik - 1 VLAN for mngmnt and 1 VLAN for Wi

Who is online