HELP: VLANs on WLAN

zabullet · Tue Jul 22, 2014 11:09 pm

Hi Guys,

I'm really struggling with completing my network setup.

I have the following *working* setup

ADSL Modem <-PPPoE-> Router (RB750GL) <-> Ubiquiti AP

On the Router I have

2 VLANs
3 DHCP pools + servers

/interface vlan
add interface=ether2-master-local l2mtu=1594 name=vlan_100_25Low vlan-id=100
add interface=ether2-master-local l2mtu=1594 name=vlan_101_Roku vlan-id=101

/ip pool
add name=dhcp ranges=192.168.1.10-192.168.1.254
add name=dhcp_pool1 ranges=192.168.2.2-192.168.2.254
add name=dhcp_pool2 ranges=192.168.3.2-192.168.3.254
/ip address
add address=192.168.1.2/24 comment="default configuration" interface=ether2-master-local network=192.168.1.0
add address=192.168.2.1/24 interface=vlan_100_25Low network=192.168.2.0
add address=192.168.3.1/24 interface=vlan_101_Roku network=192.168.3.0
/ip dhcp-server
add address-pool=dhcp disabled=no interface=ether2-master-local lease-time=2d name=default
add address-pool=dhcp_pool1 disabled=no interface=vlan_100_25Low name=dhcp1
add address-pool=dhcp_pool2 disabled=no interface=vlan_101_Roku name=dhcp2
/ip dhcp-server network
add address=192.168.1.0/24 comment="default configuration" dns-server=8.8.8.8 gateway=192.168.1.2 netmask=24
add address=192.168.2.0/24 dns-server=8.8.8.8 gateway=192.168.2.1
add address=192.168.3.0/24 dns-server=8.8.8.8 gateway=192.168.3.1

On the Ubiquiti AP I have the following setup

SSID: DEFAULT VLAN: None
SSID: 25Low VLAN:100
SSID: Roku VLAN:101

Depending on which SSID I connect to I get the correct IP range.

I have now purchased a Mikrotik RB951G-2HnD and wish to replace the Ubiquiti AP, but I can't seem to get the config correct. No matter what I do I always get allocated an IP from the default range.

I've spent 3 days trying to get it to work, so clearly I'm lost and a bit of a N00B!

The way I'd imagine it should work is the following.

Quick set AP in bridge mode
Bridge uses DHCP
Add 2 VAPs attached to wlan1 (SSIDs 25Low + Roku)
Add 2 VLANs attached to the VAPs
Everything works and I go to sleep

What am I missing?

Thanks in advance.

zb.

jacekes · Wed Jul 23, 2014 12:13 pm

Hi,

assuming that ether1 of RB951 is connected to the RB750GL:
1. reset the RB951 to factory defaults, don't load the default settings;
don't use quick-set;
create the VLANs on the ether interface:

/interf vlan add name=vlan100 vlan-id=100 interf=ether1
/interf vlan add name=vlan101 vlan-id=101 interf=etrher1

2. create 3 bridge interfaces; you should also remember to set the mac-address on the bridge interface manually for example by copying the mac-address from the ether1 port

/interf bri add name=bridge1
/interf bri add name=bridge100
/interf bri add name=bridge101

3. add virtualAPs for example wlan2 and wlan3
4. connect the pairs of vlans and WLANs to bridges:

/interf bri port add interf=wlan1 bri=bridge1
/interf bri port add interf=ether1 bri=bridge1

/interf bri port add interf=wlan2 bri=bridge100
/interf bri port add interf=vlan100 bri=bridge100

/interf bri port add interf=wlan3 bri=bridge101
/interf bri port add interf=vlan101 bri=bridge101

Regards,
Jacek

zabullet · Wed Jul 23, 2014 7:44 pm

You are correct on your assumption that ether1 of RB951 is connected to the RB750GL....still no dice!

By default the wlan1 is disabled if you factory reset with no config, so in the end I ran the following.

/interface wireless
set 0 adaptive-noise-immunity=none allow-sharedkey=no antenna-gain=0 area="" arp=enabled band=2ghz-b/g/n basic-rates-a/g=6Mbps basic-rates-b=1Mbps bridge-mode=enabled channel-width=20/40mhz-ht-above \
    compression=no country=no_country_set default-ap-tx-limit=0 default-authentication=yes default-client-tx-limit=0 default-forwarding=yes dfs-mode=none disable-running-check=no disabled=no \
    disconnect-timeout=3s distance=indoors frame-lifetime=0 frequency=2412 frequency-mode=manual-txpower frequency-offset=0 hide-ssid=no ht-ampdu-priorities=0 ht-amsdu-limit=8192 ht-amsdu-threshold=8192 \
    ht-basic-mcs=mcs-0,mcs-1,mcs-2,mcs-3,mcs-4,mcs-5,mcs-6,mcs-7 ht-guard-interval=any ht-rxchains=0,1 ht-supported-mcs=\
    mcs-0,mcs-1,mcs-2,mcs-3,mcs-4,mcs-5,mcs-6,mcs-7,mcs-8,mcs-9,mcs-10,mcs-11,mcs-12,mcs-13,mcs-14,mcs-15,mcs-16,mcs-17,mcs-18,mcs-19,mcs-20,mcs-21,mcs-22,mcs-23 ht-txchains=0,1 \
    hw-fragmentation-threshold=disabled hw-protection-mode=none hw-protection-threshold=0 hw-retries=7 l2mtu=2290 mac-address=4C:5E:0C:24:C7:F3 max-station-count=2007 mode=ap-bridge mtu=1500 \
    multicast-helper=default name=wlan1 noise-floor-threshold=default nv2-cell-radius=30 nv2-noise-floor-offset=default nv2-preshared-key="" nv2-qos=default nv2-queue-count=2 nv2-security=disabled \
    on-fail-retry-time=100ms periodic-calibration=default periodic-calibration-interval=60 preamble-mode=both proprietary-extensions=post-2.9.25 radio-name=4C5E0C24C7F3 rate-selection=advanced rate-set=\
    default scan-list=default security-profile=default ssid=Test0 station-bridge-clone-mac=00:00:00:00:00:00 supported-rates-a/g=6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps \
    supported-rates-b=1Mbps,2Mbps,5.5Mbps,11Mbps tdma-period-size=2 tx-power-mode=default update-stats-interval=disabled wds-cost-range=50-150 wds-default-bridge=none wds-default-cost=100 wds-ignore-ssid=\
    no wds-mode=disabled wireless-protocol=any wmm-support=disabled

add area="" arp=enabled bridge-mode=enabled default-ap-tx-limit=0 default-authentication=yes default-client-tx-limit=0 default-forwarding=yes disable-running-check=no disabled=no hide-ssid=no mac-address=\
    4E:5E:0C:24:C7:F3 master-interface=wlan1 max-station-count=2007 mtu=1500 multicast-helper=default name=wlan2 proprietary-extensions=post-2.9.25 security-profile=default ssid=Test1 \
    update-stats-interval=disabled wds-cost-range=0 wds-default-bridge=none wds-default-cost=0 wds-ignore-ssid=no wds-mode=disabled wmm-support=disabled
add area="" arp=enabled bridge-mode=enabled default-ap-tx-limit=0 default-authentication=yes default-client-tx-limit=0 default-forwarding=yes disable-running-check=no disabled=no hide-ssid=no mac-address=\
    4E:5E:0C:24:C7:F4 master-interface=wlan1 max-station-count=2007 mtu=1500 multicast-helper=default name=wlan3 proprietary-extensions=post-2.9.25 security-profile=default ssid=Test2 \
    update-stats-interval=disabled wds-cost-range=0 wds-default-bridge=none wds-default-cost=0 wds-ignore-ssid=no wds-mode=disabled wmm-support=disabled

/interface vlan
add arp=enabled disabled=no interface=ether1 l2mtu=1594 mtu=1500 name=vlan100 use-service-tag=no vlan-id=100
add arp=enabled disabled=no interface=ether1 l2mtu=1594 mtu=1500 name=vlan101 use-service-tag=no vlan-id=101

/interface bridge
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes disabled=no forward-delay=15s l2mtu=1598 max-message-age=20s mtu=1500 name=bridge1 priority=0x8000 protocol-mode=none \
    transmit-hold-count=6
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes disabled=no forward-delay=15s l2mtu=1594 max-message-age=20s mtu=1500 name=bridge100 priority=0x8000 protocol-mode=none \
    transmit-hold-count=6
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes disabled=no forward-delay=15s l2mtu=1594 max-message-age=20s mtu=1500 name=bridge101 priority=0x8000 protocol-mode=none \
    transmit-hold-count=6
/interface bridge port
add bridge=bridge1 disabled=no edge=auto external-fdb=auto horizon=none interface=wlan1 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge1 disabled=no edge=auto external-fdb=auto horizon=none interface=ether1 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge100 disabled=no edge=auto external-fdb=auto horizon=none interface=vlan100 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge101 disabled=no edge=auto external-fdb=auto horizon=none interface=vlan101 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge100 disabled=no edge=auto external-fdb=auto horizon=none interface=wlan2 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge101 disabled=no edge=auto external-fdb=auto horizon=none interface=wlan3 path-cost=10 point-to-point=auto priority=0x80

I can connect, but don't get DHCP as expected.....I only get an address on wlan1 (SSID:test0)

If there isn't anything obviously wrong with the above config, is there a way/strategy to debug?

Regards,

zb.

jacekes · Thu Jul 24, 2014 10:53 am

That's a lot of config you've applied, especially to the wireless section. But it seems ok.

My strategy to debug this problem would be:
1. enable vlan 100 (and next 101) on a ethernet interface of a windows computer, connect it to the interface of RB750 and check if the IP address is obtained properly. I suppose it will be ok, because it worked with the Ubiquiti.
2. Connect the RB951 back to the RB750 and observe the contents of /interf bri host pr - check if the mac address of VLAN interfaces of RB750 are visible on correct bridge ports of RB951 (for example MAC address of vlan 100 interface of RB750 should be visible in the bridge host table of bridge100 on interface vlan100). If this fails, it means you've got a problem with L2 on the connection between RBs. MTU values should be checked. If MAC addresses are visible, proceed to step 3.
3. you can set up a dhcp-client on bridge100, bridge101 (do not use add-default-route!) and check if the bridges obtain the addresses. If this fails - address the bridges maually in correct subnet and try pinging the IP addresses of vlan interfaces on RB750 (disable hotspot if it's enabled).

zabullet · Thu Jul 24, 2014 11:46 pm

Still not working, but feel I'm getting closer. Thanks.

1. I set VLAN on my eth of my laptop and plugged into RB951 and I got the expected behaviour. i.e. it worked
2. I checked the hosts on the RB951 and MAC for the RB750 can only be seen on eth1/bridge1, which suggests an MTU issue (not sure how to resolve that)
3. I set up a DHCP client and only got DHCP on eth1/bridge1

I haven't tried manual IP assignment for VLANs, yet. I'll to that tomorrow.

Any suggestions in the time being?

Regards,

zb.

jacekes · Fri Jul 25, 2014 1:12 am

It looks like the Layer 2 connection is not continuous for the VLANs.
It seems like the 802.1q vlan tagged frames aren't accepted / are dropped by the RB951.
This could happen because of a couple of reasons that I can think of:
- too small MTU value - check it in interface properties on the RB951, should be at least 1500
- mismatch of VLAN ids between RB750 and RB951
- wrong ethertype - disable "use service tag" on the VLAN interfaces of RB750 and RB951.
A proper outcome should be the MAC addresses of RB750 vlan interfaces visible on the bridge table, as I've written before.

zabullet · Fri Jul 25, 2014 11:16 am

Nope. I've checked all the values for the MTUs are *all* > 1500 *and* VLANs match, but still not working.

Conceptually I think I understand what I need to do to get it working, so I'll tinker this weekend and probably simplify the setup.

If I don't get it working I'll post some more config.

Regards,

zb.

zabullet · Sat Jul 26, 2014 7:03 pm

Several more hours and I'm pretty sure I'm getting closer....

I simplified my AP config to the following

/interface wireless
set 0 disabled=no mode=ap-bridge mtu=1600 channel-width=20/40mhz-ht-above bridge-mode=enabled band=2ghz-b/g/n wireless-protocol=any

/interface wireless
add area="" master-interface=wlan1 name=wlan2 ssid=Test1 disabled=no mtu=1600 

/interf vlan add name=vlan100 vlan-id=100 interf=ether1 mtu=1600 

/interf bri add name=bridge1 mtu=1600 
/interf bri add name=bridge100 mtu=1600 

/interf bri port add interf=wlan1 bri=bridge1
/interf bri port add interf=ether1 bri=bridge1
/interf bri port add interf=ether3 bri=bridge1

/interf bri port add interf=wlan2 bri=bridge100
/interf bri port add interf=vlan100 bri=bridge100

I don't know why I didn't think of this before but I started checking the DHCP log RB750 and I saw this....

Capture 01.PNG

Similarly if I add vlan100 on RB951 as a DHCP client I get the same messages on the RB750.

So it seems the DHCP message isn't getting back to the RB951, so I'm guessing a routing issue....I'll keep tinkering, but if you can spot the problem let me know.

Regards,

zb

zabullet · Sun Jul 27, 2014 11:02 pm

Sigh! This is a very humbling experience.....still no luck!

Anyone want to spot what idiotic thing I'm getting wrong?

Regards,

zb

HELP: VLANs on WLAN

HELP: VLANs on WLAN

Re: HELP: VLANs on WLAN

Re: HELP: VLANs on WLAN

Re: HELP: VLANs on WLAN

Re: HELP: VLANs on WLAN

Re: HELP: VLANs on WLAN

Re: HELP: VLANs on WLAN

Re: HELP: VLANs on WLAN

Re: HELP: VLANs on WLAN

Who is online