Access Point on Trunk Port - no connection

Labonnie · March 10, 2024, 5:24pm

Hi all,

I have a problem which I can’t seem to be able to wrap my head around.
Probably the issue or better the solution is very basic.

I have a running network already, no VLANs (IP range 192.168.1.0/24, let’s call it legacy).
I have a Mikrotik coreswitch (CCR2004-1G-12S+2XS, firmware version 6.47.8 (I know… I need to upgrade)), und einen Access Switch (CRS328-24P-4S+, same version). But this is just a side node.

I started configuring VLANs and first tests on access ports work well and all.
For that I have created another bridge (vlan-bridge).
However, now I have an AP (TP Link EAP 670) which is supposed to broadcast different SSIDs with respective VLANs. I have configured that part.
I trunked the VLANs for the SSIDs to the port where the AP is connected to, added the port to the vlan-bridge and lo and behold, SSIDs are broadcasted, clients connected end up in right VLAN.
So far so good. However, when the physical port where the AP is connected to is added to the vlan-bridge, I lose connection to the AP (which makes sense, as it has a static IP in the legacy network, plus the route to that network obviously point to the legacy bridge (bridge1)).
I don’t know how to resolve that issue. I tried trunking the VLAN that is supposed to be the management VLAN to the port as well, giving the AP a static IP in that range. But it still failed. I tried to set the Mgmt VLAN as tagged, as well as untagged. Neither worked.
I am not sure what happens if I set the AP itself to DHCP (general question: What happens if you have several VLANs tagged on that port and the machine which is connected there is set to DHCP?).

I hope I could make myself somewhat clear. English is not my native language.

I hope you could hint me to the right direction. Thanks.

holvoetn · March 11, 2024, 6:32am

No need to use multiple bridges with vlan.

See this excellent guide fro more info on the recommended approach to use vlan:
http://forum.mikrotik.com/t/using-routeros-to-vlan-your-network/126489/1

This approach will work for all ROS devices.
Depending on your device it could be some fine-tuning is possible using specific switch chip features.
But first learn to walk, then run.

Labonnie · March 13, 2024, 2:07pm

Thanks for the reply.

I know, but I still run the “old” default network, where all my clients are in and I want them to be migrated one by one. But probably I should just take a day and migrate them all at once.

My question specifically is, how do I configure the device that is at the receiving end of a trunk port (in this case the AP). What happens if you have a device connected to a trunked port and this device is configured for DHCP?
Or: Do I trunk the mgmt VLAN as tagged or untagged on that port?

Thanks so much for your help.

anav · March 13, 2024, 2:11pm

AP/Switch approach:

In terms of the switch, the main difference is
a. only need to create and identify the management vlan on the switch
b. only the management vlan is tagged to the bridge in /interface bridge vlans
c. only need single MGMT interface list and the only member is the management vlan (normally, unless one port is off bridge for emerg access or general config purposes )
d. use interface list in neighbours discovery, and mac-server winbox-server line.
e. make a single route out management vlan gateway
f. allow remote dns server=management vlan gateway
g. address of switch is as assigned by the main router and attached to management vlan interface.