1 VPLS Tunnel / multi vlan / 1 Dhcp server

RouterOS Forwarding Protocols
1

Is this best practice?

I have a lab set up with OSPF / MPLS / VPLS / vlans

This lab works great and here is a brief description of how I have this set up.

R1 - Core router
create a vlan 30 and attach to interface of vpls-R1-R2 tunnel
Create the IP subnet and attach to vlan30
Add DHCP server for vlan30

R2
Create create bridge1 and add vpls-r1-r2 and the ether2 ( port connected to the switch)

This works great and the dhcp server assigns ip’s to clients connected to R2 Access points on the switch. Each access points in their own vlan.

Please see attached diagram

In my config I will have a subnet /vlan for each access point at the tower(seperate vlan per AP). I have 4 access points per tower with 9 towers.
That’s a total of 36 subnet with 36 dhcp servers on the core router.
This is great as it helps me separate traffic per AP on the tower.

However, the filter rules to block traffic at layer 3 on the core router is going to be huge. I would like to reduce the number of subnets

In best case scenario i have at most 50 clients at each tower.
So here is my question?
I would prefer to have one Subnet per tower.
I have tried create bridge on the core router and adding all vlans to the bridge and vpls-r1-r2 interface. Then create dhcp server on the bridge but client dhcp request is not reaching the server.

I appreciate any help and hope someone can understand what I just typed above :slight_smile:
wisp design.jpg

2

Did you tagged the bridge with all these vlans? What interfaces belong to your vlans after bridge created?

3

When creating the vlan i add it to interface bridge1.
I also attach vpls-r1-r2 to bridge1 and vlans

Anumrak - this is where i get confused. -

When creating the vlan - do i add the vlan to interface bridge1?
Then also add attach vlan and vpls-r1-r2 to the bridge?
I have read so much on this subject but can’t find what is the best practice.

4

Yes, you adding interface vlan and vpls in a bridge. But also you need assign an ethernet port to interface vlan! :slight_smile: Each vlan have to belong same ethernet interface or many.

5

Anumrak - I am not engineer by any means but am doing as many labs as I can to improve my knowledge level.

I have it working but want to make sure my setup is OK.

On the core router I have bridge1 with ports vlan30, vlan31, vlan31 and vpls-r1-r2.
It started working when I enable bridge horizon 1 on all ports.

So is it safe to say that stp was blocking traffic on bridge before bridge horizon was enabled.

thanks

6

Filtering, natting and queues should be distributed, core routers should be minimalistic with aggregation functions on dedicated provide edge routers.

7

I think no, because stp rpocess works in a vlan, and your networks are already segmented with defferent vlans. You should’ve check who is root bridge in yout bridge interface in all 3 vlans. Split horizon isolates interfaces for untagged traffic or tagged in the same vlan. You should enable it on all interface which should not be allowed to communicate.