Groove VLANs and Multiple SSID

RouterOS Wireless Networking
1

Hi all,

I have problem with configuration VLANs and multiple SSID on Groove A-52HPn.

I need to have on LAN site multiple VLANs which comming from HP Procurve switch.
One VLAN will be set as management (it used only for manage GROOVE with IP address: 10.31.1.100/24, GW: 10.31.1.251)
Other VLANs will only go through LAN interface to WLAN interace and represent as Wifi SSIDs.

My configurations on GROOVE

  1. Created VLANs for ether1 with particular VLAN name and VLAN ID (e.g. ether1.vlan220)
  2. Set mode AP BRIDGE and hide SSID on main WLAN interface (wlan1)
  3. Created VirtualAPs with particular SSID name and set for each “VLAN mode: use tag” and corresponding “VLAN ID”
  4. Created BRIDGE, add interfaces ether1, all virtual aps

Here is my live situation:

My configuration does not work, can samebody help with my problem?

Many thanks
Petr

2

Make separate bridges for each vlan and put individual virtual Ap there together with the relevant vlan. Remove the vlan tagging from the virtual APs.

3

Hi Jarda,

thanks for your quickly answer.
I tried set you idea, but it does not work.
I do not know, maybe I have some mistake in my configuration.
If I added some vlans on ether1 to bridge, I lost connection with GROOVE (no ping)
If I tried to connect to some SSID than did not get any connection (ip address) - DHCP server is enabled on both 280,290 VLANs
Can you check my configuration please?

### HP SWITCH port for GROOVE
220		VLAN220		Untagged
220		VLAN280		Tagged
220		VLAN290		Tagged




### GROOVE
/ip address
add address=10.31.12.100/24 interface=ether1 network=10.31.12.0

/ip route
add distance=1 gateway=10.31.12.251

/interface vlan
add interface=ether1 name=ether1.280 vlan-id=280
add interface=ether1 name=ether1.290 vlan-id=290

/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g default-authentication=no \
    default-forwarding=no disabled=no frequency=auto hide-ssid=yes mode=\
    ap-bridge
add disabled=no keepalive-frames=disabled mac-address=6E:3B:6B:54:80:6B \
    master-interface=wlan1 multicast-buffering=disabled name=wlan1.280 ssid=\
    Wifi280 wds-cost-range=0 wds-default-cost=0
add disabled=no keepalive-frames=disabled mac-address=6E:3B:6B:54:80:6C \
    master-interface=wlan1 multicast-buffering=disabled name=wlan1.290 ssid=\
    Wifi290 wds-cost-range=0 wds-default-cost=0
	
/interface bridge
add name=bridge.vlan280
add name=bridge.vlan290

/interface bridge port
add bridge=bridge.vlan290 interface=wlan1.290
add bridge=bridge.vlan280 interface=wlan1.280
add bridge=bridge.vlan280 interface=ether1.280
add bridge=bridge.vlan290 interface=ether1.290

Many thanks
Petr

4

Looks good. At least from what you provided.

Can you remove everything and start from the beginning? I mean, clear the configuration (reset with no defaults) and start with ip on ether1. When it is fine, set wlan to ap bridge, bridge it with ether1 and test wifi. When fine, add virtual ap 280, bridge it with vlan280.ether1 and test again.

See the ip address and ip routes if nothing is changing there during your added config…

Note, the clients will normally decide not to keep the wifi connection when ip is not correctly configured after their connection. See the log (switch on debug logging before) what happens if you see any problems further.

Torch the ether1 to see if the vlans are comming correctly…

It should be working fine…

5

Hi Jarda,

thanks for your reply

I tested your instruction:

  1. cleared all settings on GROOVE
  2. Defined IP address, GW on ether1
  3. Defined WLAN with mode “ap bridge”
  4. Defined bridge which contains ether1 and wlan1
    WLAN works without problems, I connected to SSID and I got through. (ping in GW, ping on 8.8.8.:sunglasses:
  5. Defined Virtual AP (wlan1.280) with name SSID “WifiTEST280” and added to bridge
    I connected to virtual AP SSID “WifiTEST280”, I had the same connection as before
  6. I run a torch function, I see comming packects on ether1 with VLANs 280, 290

Here is configurations for requested steps:

/interface bridge
add name=bridge1
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n disabled=no frequency=auto \
    mode=ap-bridge ssid=WifiTEST
add disabled=no keepalive-frames=disabled mac-address=6E:3B:6B:54:80:6C \
    master-interface=wlan1 multicast-buffering=disabled name=wlan1.280 ssid=\
    WifiTEST280 wds-cost-range=0 wds-default-cost=0
/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=wlan1
add bridge=bridge1 interface=wlan1.280
/ip address
add address=10.31.12.100/24 interface=ether1 network=10.31.12.0
/ip route
add distance=1 gateway=10.31.12.251
/system leds
set 0 interface=wlan1
/system routerboard settings
set cpu-frequency=600MHz protected-routerboot=disabled

Here is picture with TORCH result

Please can you advice with further configurations.

Many thanks
Petr

6

Make separate bridges for each vlan and for ether1. Do not mix them in one bridge. Put management ip to the first bridge where the ether1 is with the wlan only.

7

Hi Jarda,

I configured GROOVE according to your description, but:

  1. I have no ping on GROOVE in management VLAN
  2. I tested to connect by Wifi, I din’t get any IP addresses (on both VLANs are enabled DHCP)

Here is my configuration:

[admin@MikroTik] > export compact 
# jan/02/1970 00:10:04 by RouterOS 6.34.3
# software id = VYHL-X9YT
#
/interface bridge
add name=bridge.vlan280
add name=bridge.vlan290
add name=bridge1
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n disabled=no frequency=auto \
    mode=ap-bridge ssid=WifiTEST
add disabled=no keepalive-frames=disabled mac-address=6E:3B:6B:54:80:6C \
    master-interface=wlan1 multicast-buffering=disabled name=wlan1.280 ssid=\
    WifiTEST280 wds-cost-range=0 wds-default-cost=0
add disabled=no keepalive-frames=disabled mac-address=6E:3B:6B:54:80:6B \
    master-interface=wlan1 multicast-buffering=disabled name=wlan1.290 ssid=\
    WifiTEST290 wds-cost-range=0 wds-default-cost=0
/interface vlan
add interface=ether1 name=ether1.vlan280 vlan-id=280
add interface=ether1 name=ether1.vlan290 vlan-id=290
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=wlan1
add bridge=bridge.vlan280 interface=ether1.vlan280
add bridge=bridge.vlan280 interface=wlan1.280
add bridge=bridge.vlan290 interface=ether1.vlan290
add bridge=bridge.vlan290 interface=wlan1.290
/ip address
add address=10.31.12.100/24 interface=bridge1 network=10.31.12.0
/ip route
add distance=1 gateway=10.31.12.251
/system leds
set 0 interface=wlan1
/system routerboard settings
set cpu-frequency=600MHz protected-routerboot=disabled

Here are pictures from WinBox

Maybee I didn’t specify exactly that Wifi with SSID WifiTEST280, WifiTEST290 should be untagged (it means, comunication is for client - CLIENT can’t work with VLAN tags).
I need the translation between tagged and untagged (ether1 - wlan1) should be done by GROOVE.

In my opinion as soon as there is deffine any VLAN on GROOVE than the GROOVE can’t work with untagged packets any more.
If I set management VLAN from untagged to tagged on my switch and defined VLAN 220 (for ether1) on GROOVE and set IP address to this vlan, I got success comunication (ping, etc.)

Please can you help?

Thanks
Petr