Best practice - Home WLAN with Guest WLAN

pqn · August 5, 2014, 11:14am

Hello,

i’m bought a flat and want to ask what is the best practice for my new home.

Network devices that i have:

2x - Mikrotik RouterBOARD RB951G-2HnD
1x - Mikrotik RouterBOARD RB2011iL-RM as Gateway

What I want:

Disconnectless Wifi between the 2 RB951G-2HnD (Both APs are connected by wire to the Gateway). Do I need the WDS Connection between the RB951G-2HnD? Or is it enough to set the same SSID with other wifi channels? Nstreme, nv2 or only 802.11? Is there any good manual?
A guest Wifi that not allow to connect to each other network devices on my home devices or other wifi members? Do I need VLANs? Same question is there a good manual?
One port on a RB951G-2HnD should also only connect to the Internet but not to any network device.

My opinion is:
I need 2 DHCP Server and 2 VLANs on RB2011iL-RM. But i don’t know further to implement, i need some HowTo’s or Manuals. I’m searched the Mikrotik Wiki, but I don’t find really what I’m looking for. So far I only have one RB951G-2HnD for the WLAN.

Thank you for your help.

Rudios · August 6, 2014, 11:19am

Let’s say you connect port 1 of the 2 RB951’s on port 5 and 4 of the RB2011

Create 2 VLAN’s on port4 and 5 of the RB2011, each existing on the 2 interfaces connecting to the different RB951’s
/interface vlan
add name=vlan10-eth4 vlan-id=10
add name=vlan20-eth4 vlan-id=20
add name=vlan10-eth5 vlan-id=10
add name=vlan20-eth5 vlan-id=20Bridge the same VLAN’s to individual bridges
/interface bridge
add name=bridge-vlan10
add name=bridge-vlan20
/interface bridge port
add bridge=bridge-vlan10 interface=vlan10-eth4
add bridge=bridge-vlan10 interface=vlan10-eth5
add bridge=bridge-vlan20 interface=vlan20-eth4
add bridge=bridge-vlan20 interface=vlan20-eth5Put the DHCP server on both bridges.
/ip dhcp-server
add name-dhcp-vlan10 interface=bridge-vlan10 address-pool=pool-vlan10
add name-dhcp-vlan20 interface=bridge-vlan20 address-pool=pool-vlan20Create VLAN’s with the same ID on both RB951’s, on the interface connecting to the RB2011. (Do the following on both RB951’s)
/interface vlan
add interface=ether1 name=vlan10-eth1 vlan-id=10
add interface=ether1 name=vlan20-eth1 vlan-id=20Create 2 VAP’s on the wireless
/interface wireless
add name=wi-vlan10 master-interface=wlan1 security-profile=
add name=wi-vlan20 master-interface=wlan1 security-profile=Bridge the designated VLAN interface with the correct VAP
/interface bridge
add name=bridge-vlan10
add name=bridge-vlan20
/interface bridge port
add bridge=bridge-vlan10 interface=vlan10-eth1
add bridge=bridge-vlan10 interface=wi-vlan10
add bridge=bridge-vlan20 interface=vlan20-eth1
add bridge=bridge-vlan20 interface=wi-vlan20Also make sure that both bridges on the RB2011 do have an IP address in different network segments and put these network settings on the DHCP servers in order to get proper addresses from them. Also create appropriate pools to handle from.

PS I have written the code without testing it on a real unit, so there can be some typo’s or inconsistent namings.

grryf · August 7, 2014, 11:21am

Hello!

I think you need mikrotik wireless controller (CAPsMAN) with 2 APs, then you can have Disconnectless WiFi
http://wiki.mikrotik.com/wiki/Manual:CAPsMAN

I would also like to see such working configuration.
Best Regards,
grryf

Rudios · August 7, 2014, 11:25am

It can be done as long as both devices have the same SSID, on a different channel.

pqn · August 7, 2014, 7:35pm

Thank you for your help. I will try it on the weekend. I will reply my results next week.