I have a new setup I am try to implement with multiple VLAN’s using a single RB3011 Routerboard and a ZyXel GS1900-24HP switch. My proposed network layout diagram is attached. Sifting through the documentation and examples out there I have this as my setup:
/ip address
add address=172.20.0.1/24 comment=defconf interface=ether2 network=172.20.0.0
/interface vlan
add interface=sfp1 name=Internal-vlan10 vlan-id=10
add interface=sfp1 name=VOIP-vlan20 vlan-id=20
add interface=sfp1 name=PrivWifi-vlan30 vlan-id=30
add interface=sfp1 name=PubWifi-vlan40 vlan-id=40
/interface bridge
add name=bridge-vlan10
add name=bridge-vlan20
add name=bridge-vlan30
add name=bridge-vlan40
/interface bridge port
add bridge=bridge-vlan10 interface=Internal-vlan10
add bridge=bridge-vlan10 interface=ether6
add bridge=bridge-vlan20 interface=VOIP-vlan20
add bridge=bridge-vlan20 interface=ether7
add bridge=bridge-vlan30 interface=PrivWifi-vlan30
add bridge=bridge-vlan30 interface=ether8
add bridge=bridge-vlan40 interface=PubWifi-vlan40
add bridge=bridge-vlan40 interface=ether9
/ip address
add address=172.20.1.0/24 interface=Internal-vlan10
add address=172.20.2.0/24 interface=VOIP-vlan20
add address=172.20.3.0/24 interface=PrivWifi-vlan30
add address=172.20.4.0/24 interface=PubWifi-vlan40
/ip pool
add name=Internal-pool ranges=172.20.1.10-172.20.1.250
add name=VOIP-pool ranges=172.20.2.10-172.20.2.250
add name=PrivWifi-pool ranges=172.20.3.10-172.20.3.250
add name=PubWifi-pool ranges=172.20.4.10-172.20.4.250
/ip dhcp-server
add name=Internal-dhcp interface=Internal-vlan10 address-pool=Internal-pool
add name=VOIP-dhcp interface=VOIP-vlan20 address-pool=VOIP-pool
add name=PrivWifi-dhcp interface=PrivWifi-vlan30 address-pool=PrivWifi-pool
add name=PubWifi-dhcp interface=PubWifi-vlan40 address-pool=PubWifi-pool
/ip dhcp-server network
add address=172.20.1.0/24 gateway=172.20.1.1 netmask=24
add address=172.20.2.0/24 gateway=172.20.2.1 netmask=24
add address=172.20.3.0/24 gateway=172.20.3.1 netmask=24
add address=172.20.4.0/24 gateway=172.20.4.1 netmask=24
I have a computer on ether7 and a VOIP phone with VLAN id 20 configured in the phone and as my test I am trying to ping the phone from the computer and trying to bring up the phones Wedfig. So far I have had no luck. Looking at torch on ether7 I am not seeing any VLAN id coming across, nor on the sfp1. Any pointers in the what I am doing wrong would sure be helpful. Thank you.
Dan
The bottom half of your diagram makes no sense with regard to port numbers.
Your four “/ip address” statements should be like “add 172.20.1.1/24 interface=bridge-vlan10”
Similarly, the “/ip dhcp-server” statements should be “add name=Internal-dhcp interface=bridge-vlan10 address-pool=Internal-pool”
Get rid of “netmask=24” on the “/ip dhcp-server network” statements, and you will almost certainly need to set a DNS address on them.
You are not going to see VLAN IDs on ether7 as it is an untagged port.
On the bottom half of the diagram please disregard the ports. Those were overlooked and did not get updated. On that, Port 25 (SFP) is the link to the router. Port 1, unused. Port 2, Wifi for both VLAN30 and VLAN40, Ports 3-12 would be to office equipment VLAN10, and ports 13-24 will be VOIP VLAN20.
I see that you say I should assign the interfaces on my address and dhcp statements to the bridge and not the VLAN interface. I will make the modifications and will see how it goes.
Thanks for the clarification on the VLAN tag. I know that it was untagged but wasnt sure if associating it with the VLAN would add the tag or not to be seen in torch.
I made those changes. When I plug a computer using DHCP into ether7, I get no address assignment. I am expecting to get an assignment from 172.20.2.10-172.20.2.250 pool, but I dont get any assignment at all. If statically set an IP of 172.20.2.5 into the computer, I still cannot reach the VOIP phone on vlan20. Any other suggestions?
}Dan
Have you established comms. between each device and the router address first?
You did pick up that all your IP addresses were .0 instead of .1 didn’t you?
Use a command line session on the router to Ping the device addresses.
Also check the ARP cache on the router - if there is no MAC address then you have a more fundamental problem.
Thanks for the help. I got it figured out. Your suggestion of backing up and checking comms led me down the right path. There were two issues at play here. Evidently in my /ip dhcp-server add lines, I need to specify disabled=no in the lines. It seems to default to disabled. Would not have thought that, but there it is. As soon as I did that I started getting IP assignments on my local ether ports but still not at the ZyXel switch. So backing up and checking my comms as you suggested, I noticed that my VLAN trunk port (the sfp port) on the ZyXel was set to Untagged. I changed that to Tagged and everything is working as expected. So all is well and I thank you again for your help.