Super beginner here so please be gentle. I have two VLANs set up on my Unifi router with IDs 1 and 2, and I have my Mikrotik CRS310-8G+2s+IN switch connected to it via its SFP+1 uplink. I cannot for the life of me get VLAN tagging to work, I want eth1 and eth2 on VLAN 1, the rest on VLAN 2. I have gone into bridge and interface, added both VLANs, untagged eth1 and eth2 on VLAN 1 and tagged SFP+1, and on VLAN 2 I’ve untagged eth3-eth8 and tagged SFP+1. Enabling VLAN filtering just makes it so none of my devices can access the internet and I’m getting super frustrated because I just don’t understand. Also can someone explain a management VLAN like I’m 5? That is just beyond me.
What I recommend is take a port OFF the bridge assign it an IP like 192.168.55.0/30
Then plug into the port with laptop and change IPV4 settings to 192.168.55.2 and you should be in.
Make sure the port is part of the LAN interface list.
Its a safer way to config the MT switch or router while frigging with vlans and one bridge.
The first rule is to not use VLAN 1 (it can be used but you should really know what you are doing), rename them to VLAN 10 and VLAN 20, to exclude possible issues that are very difficult to find and troubleshoot.
First, I guess you already know how to setup VLAN on Unifi Network Controller (Setting > Networks). As mentioned by Anav and Jaclaz, don’t use VLAN ID 1, use another number.
Example:
name=vlan100
vlan id=100
ip-address=192.168.100.1
netmask=24
(then generate address, see picture)
Repeat the process and add:
name=vlan200
vlan id=200
ip-address=192.168.200.1
netmask=24
Here I use VLAN ID 100 and 200, and also use 192.168.100.1/24 and 192.168.200.1/24 respectively so its easy to remember.
You also can use long name, i.e. vlan100-family (for family) and vlan200-server (for pc/server). This will help you in the future if you want to troubleshoot or make an adjustment.
Second, connect the sfp port from UDM to Mikrotik.
If you want to make adjustment to sfp port on Unifi side, go to Device > Port Setting. But I think leave it as default (except you know what you are doing).
If you already setup Unifi properly, feel free to ask on Mikrotik side.
Thanks for all your help so far. I’ve managed to get it working, sans WiFi. I have two U6 LR access points, both connected to a poe unmanaged switch, which then connects to SFP2 to my Mikrotik switch. Whenever I turn VLAN filtering on, wired VLANs work just fine, but both of my APs can’t assign IP addresses. I have three VLANs set up on the router, with IDs 10, 20 and 30, each of those is mapped to its own WiFi network. I’ve tried tagging SFP1 with all three VLAN IDs, but that doesn’t seem to work either. Any ideas?
