Hi,
I’m using a Mikrotik with queue, NAT, etc and everything works fine, but now I need to create 2 VLAN, this is what I need:
Is there any example for this kind of config?
The switch has some VLAN features which may or may do what you want:
http://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features
If you want to create the VLANs the generic way within RouterOS you:
Create one or more VLAN interfaces and assign them to the relevant Ethernet interface. You can then assign IP number etc. to the VLAN interface just as you would an Ethernet interface.
Not sure what you mean about VLAN3 “connecting” with VLAN1. You can route the traffic between VLANs just as any other interfaces. You could bridge them but then why bother having VLANs unless you are going to filter the bridge…
I’m a bit lost.
This is the config :
eth1 is the WAN
eth2 is the master switch linked with eth3 to eth5
created a bridge for WiFi and eth2 and all traffic is redirected to the bridge.
Now, I’m trying to create an unttaged vlan1 (default) on the bridge and set the IP of the router to the vlan1 instead of the bridge, but do not work. Sure I lost something…
Then will try to set a vlan2 and create a 2nd DHCP for the tagged vlan2.
Create the VLAN interface for VLAN2 and assign it to the bridge. Add an IP the the VLAN2 interface, then add a DHCP server to the VLAN 2 interface with an appropriate IP Pool. Remember to also set the network settings for that DHCP server.
If VLAN1 is “untagged” then you don’t need to create a VLAN interface for it - the native bridge traffic is already “untagged”.
I did but do not work.
What do you mean by set the network settings for that DHCP? Network and Pool is created…
If I don’t set a vlan1, how to give a priority to the vlan2?
Sounds correct.
On RouterOS you do not need to create VLAN1 as you would on a Cisco device. If VLAN1 is the untagged traffic on an Ethernet port then you can simply differentiate the paths/priority for the traffic in various ways.
e.g. if you use mangle rules you could mark traffic depending on whether it originates from the bridge (VLAN1 in your case) or the VLAN2 interface (VLAN2 in your case).
But Mangle is used for external traffic, and already works fine here.
My problem is managing the 2 neworks on the same cable, and give a priority to vlan2 instead of the rest in the local network…
Actually, I did what you say, set a phone with vlan tagged, but can’t connect.
I can’t see any traffic on vlan2.
How you prioritize the traffic is another subject. As regards the VLAN itself once it is established you need to get down to basics. e.g. is it pulling an IP lease from the DHCP server on VLAN2? Can you ping the VLAN2 client using /Tools Ping?
I can ping the gw of the dhcp server for the vlan2, but how to link something on the dhcp of vlan2? I’ve tag it to 10, and try with a device (voip phone) but is not reconized.
I’m note sure what is being tagged to “10” or where you pinged and from where.
Can you upload the current output from /export compact and give a clear indication of what the settings are on the phone?
PS: here vlan2 is vlan10
Here you have…
(I deleted some long parts…)
[admin@HOME] > export compact
/interface bridge
add admin-mac=00:0C:42:F8:88:C5 auto-mac=no comment=“BRIDGE ETH2 & WIFI”
l2mtu=1598 name=bridge-local protocol-mode=rstp
/interface wireless
set 0 antenna-gain=17 band=2ghz-b/g/n comment=WLAN country=canada disabled=no
distance=indoors frequency=2452 ht-rxchains=0,1 ht-txchains=0,1 l2mtu=
2290 mode=ap-bridge name=wlan-WiFi noise-floor-threshold=-110
rate-selection=legacy wireless-protocol=any
/interface ethernet
set 0 comment=INTERNET name=eth1-WAN
set 1 comment=LAN name=eth2-master-NC
set 2 master-port=eth2-master-NC name=eth3-slave-dect6
set 3 master-port=eth2-master-NC name=eth4-slave-NAS
set 4 master-port=eth2-master-NC name=eth5-slave-RB250G
/interface wireless manual-tx-power-table
set wlan-WiFi comment=WLAN
/interface wireless nstreme
set wlan-WiFi comment=WLAN
/interface vlan
add comment=VoIP interface=eth2-master-NC l2mtu=1594 name=vlan10
use-service-tag=yes vlan-id=10
/ip dhcp-server option
add code=66 name=tftp value=xxxx.pointca.com
/ip pool
add name=default-dhcp ranges=192.168.0.100-192.168.0.150
add name=pool-vlan10 ranges=10.10.10.50-10.10.10.99
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge-local name=default
add address-pool=pool-vlan10 disabled=no interface=vlan10 name=vlan10-VoIP
src-address=10.10.10.1
(…)
/interface bridge port
add bridge=bridge-local interface=eth2-master-NC
add bridge=bridge-local interface=wlan-WiFi
/interface bridge settings
set use-ip-firewall=yes
/ip address
add address=192.168.0.1/24 comment=“default configuration” interface=
bridge-local
add address=10.10.10.1/24 comment=“VoIP (Vlan10) network” interface=vlan10
/ip dhcp-client
add comment=“default configuration” disabled=no interface=eth1-WAN
/ip dhcp-server network
add address=10.10.10.0/24 comment=Vlan10 dhcp-option=tftp dns-server=
10.10.10.1 gateway=10.10.10.1
add address=192.168.0.0/24 comment=“default configuration” dns-server=8.8.8.8
gateway=192.168.0.1
/ip dns
set allow-remote-requests=yes max-udp-packet-size=512
/ip dns static
add address=192.168.88.1 name=router
/ip firewall address-list
add address=xx.xx.xx.xx list=current_DynDNS_IP
add address=xx.xx.xx.xx list=current_NoIP
(…)
Set the service tag option OFF. That is for 802.1ad use.
I had already set it off, but change nothing.
It works now. Just had to set the vlan on the bridge.
Now how to give the priority to the vlan ? (in the local network)
You changed it since uploading the config?
yes… in fact I tried a lot of things… sorry for the confusion.
Now I need to know how to give the priority to the vlan in the local network?
Have a look at this part of the WiKi:
Do you have an example? I just want to priorize VLAN from the rest of the network. I read the theory, but I’m not very familiar with that.
Actually, I have a queue done for external trafic (IN: eth2-master and OUT eth1-WAN)