Brainfreeze : VLAN from RB1200 to RB493

richedav · October 16, 2011, 2:50pm

Hi All

Ive been having a brain freeze all weekend and just cannot get my head around this very simple setup.

I have an RB1200, which will be running HotSpot server , on Ether2, with ETHer1 connected to a RB750G doing PCC load balancing

Ether2 will be connected (via a switch) to 5 x RB493s running a single WLAN card in AP mode.

THe RB1200 will have an ip range of 192.168.15.10, with the APS’s being 192.168.15.1 - 5

A PPTP connection ties the RB1200 into our core ISP router, allowing us to access the remote 1200 and 493’s as if it were local.

I simply want to split the RB1200 and Ethernet side of the 493s onto a management VLAN in the IP range listed, and tie the WLAN interface onto another client VLAN , on which the hotspot runs. (using 10.x.x.x)

Any pointers on this?

also, should I just bridge ether2-6 and not bother with a switch for the AP’s (I read not to use the RB as a switch)?

fewi · October 16, 2011, 4:48pm

also, should I just bridge ether2-6 and not bother with a switch for the AP’s (I read not to use the RB as a switch)?

Unless I’m mistaken the RB1200 has a switch chip, so that should work fine. Don’t bridge, though. Use the switch chip. I think (not sure, don’t have an RB1200) that you can only group 5 interfaces into a switch group. I’m assuming that you can do that to ether2-6 but you might not be able to. If you have to use different ports replace as required below. The code below is from memory. You might have to juggle it about some.

For the implementation: turn on the switch chip for ether2-6, with ether2 being the master port:

/interface ethernet
set ether3 master-port=ether2
set ether4 master-port=ether2
set ether5 master-port=ether2
set ether6 master-port=ether2

Create two VLAN interfaces for VLANs 20 and 30 on the master port, and assign them IP addressing:

/interface vlan
add name=mgmt interface=ether2 vlan-id=20 disabled=no
add name=hotspot interface=ether2 vlan-id=30 disabled=no
/ip address
add address=192.168.15.10/24 interface=mgmt
add address=10.0.0.1/8 interface=hotspot

Presumably you will want to keep Hotspot customers from accessing the APs, so make you create firewall filter rules blocking packets from being routed between those two VLANs.

That’s it on the RB1200. Then on the RB493s I’m assuming you’ll use ether1 for the wired connection to the RB1200. That will require two VLAN interfaces. One gets the IP address for management, the other one is simply placed into a bridge together with the radio.

/interface vlan
add name=mgmt interface=ether1 vlan-id=20 disabled=no
add name=hotspot interface=ether1 vlan-id=30 disabled=no
/ip address
add address=192.168.15.1/24 interface=mgmt
/ip route 
add dst-address=0.0.0.0/0 gateway=192.168.15.10
/interface bridge
add name=hotspot-bridge
/interface bridge port
add interface=hotspot bridge=hotspot-bridge
add interface=wlan1 bridge=hotspot-bridge

That should get you up and running. Again, might contain errors.

richedav · October 16, 2011, 5:10pm

Thank you Fewi

I’ll have a play around with it all tomorrow , ready for install on Tuesday.

richedav · October 17, 2011, 8:31am

For anyone else doing this, Ports 1-5 are on the switch chip, so just switch the WAN port from 1 to 10 etc.

richedav · October 17, 2011, 4:55pm

Quick question:

With a laptop connected to Eth10 (WAN port), and Ports 1-5 in a switch group

What allows me to ‘access’ the AP’s connected to the switch port?

Do i need to bridge Switchgroup and Eth10 so I can access the device from the laptop?

Hope thats clear.

fewi · October 17, 2011, 9:44pm

It’s a router. As long as the APs and laptops use the router as their default gateway you don’t have to have both on the same network as the router will between the two networks.

osvaldotcf · February 26, 2013, 1:33am

fewi:

also, should I just bridge ether2-6 and not bother with a switch for the AP’s (I read not to use the RB as a switch)?

Unless I’m mistaken the RB1200 has a switch chip, so that should work fine. Don’t bridge, though. Use the switch chip. I think (not sure, don’t have an RB1200) that you can only group 5 interfaces into a switch group. I’m assuming that you can do that to ether2-6 but you might not be able to. If you have to use different ports replace as required below. The code below is from memory. You might have to juggle it about some.

For the implementation: turn on the switch chip for ether2-6, with ether2 being the master port:
/interface ethernet
set ether3 master-port=ether2
set ether4 master-port=ether2
set ether5 master-port=ether2
set ether6 master-port=ether2
Create two VLAN interfaces for VLANs 20 and 30 on the master port, and assign them IP addressing:
/interface vlan
add name=mgmt interface=ether2 vlan-id=20 disabled=no
add name=hotspot interface=ether2 vlan-id=30 disabled=no
/ip address
add address=192.168.15.10/24 interface=mgmt
add address=10.0.0.1/8 interface=hotspot
Presumably you will want to keep Hotspot customers from accessing the APs, so make you create firewall filter rules blocking packets from being routed between those two VLANs.

That’s it on the RB1200. Then on the RB493s I’m assuming you’ll use ether1 for the wired connection to the RB1200. That will require two VLAN interfaces. One gets the IP address for management, the other one is simply placed into a bridge together with the radio.
/interface vlan
add name=mgmt interface=ether1 vlan-id=20 disabled=no
add name=hotspot interface=ether1 vlan-id=30 disabled=no
/ip address
add address=192.168.15.1/24 interface=mgmt
/ip route 
add dst-address=0.0.0.0/0 gateway=192.168.15.10
/interface bridge
add name=hotspot-bridge
/interface bridge port
add interface=hotspot bridge=hotspot-bridge
add interface=wlan1 bridge=hotspot-bridge
That should get you up and running. Again, might contain errors.

Does not work! Not for me, i need help.

What happens is that traffic does not pass on vlans created through the interface, with interface command.