I managed to get VLANs working on my MikroTik device, which acts as a managed switch for my router. I verified each vlan port works by giving me the ip address I am expecting for each port by physically connecting my device to the MikroTik. Now I want to set up a wireless access point and configure the VLANs on there for my SSIDs.
When I attempt to connect to an SSID I set for my VLAN 10 or 20, I get a “No DHCP server was found” error on my devices connecting to it. My SSID set toward my PVID 1 works fine and I am able to connect and get the ip address I am expecting. So I am guessing it is just a configuration I missed when setting up my MikroTik
Here is my /export:
I only wanted one port to be a separate VLAN, but I don’t think that’s causing any issues
I am able to get ip addresses with the DHCP client on my VLAN interface in MikroTik for my LAN and VLANs
I am not too familiar with networks but there has to be a way to pass in the DHCP from OPNsense that’s working on MikroTik down to the Access Point somehow, right? It doesn’t seem to be an access point setting.
I tried to set up a DHCP relay to pass it through but I am unsure of the configuration I need for it:
If your OPNsense router is providing VLANs and DHCP services the only configuration on the Mikrotik should be bridge ports & VLANs plus management address.
Is the AP you are setting up another device, or on this Mikrotik in which case there appears to be no configuration for it.
As noted, if its a switch why are you configuring it like a router ( no pools required )
The only vlan that needs to be defined is the management or trusted vlan where the mT gets its IP address from.
Find the appropriate example here → http://forum.mikrotik.com/t/using-routeros-to-vlan-your-network/126489/1
AP is a separate device. An ASUS AX86U Pro that supports VLANs on their stock firmware on AP mode (according to docs). I added several VLAN ID profiles and SSID for each profile to match what I have configured on OPNSense and the switch.
Reason I have those pools is cause I was trying out the different DHCP settings but no good there. I tried to follow the guide but I wasn’t able to get different IP addresses on the different ports corresponding to each VLAN unless I had those DHCP clients set up.
Here’s my configuration with bare minimum of what works as I am expecting it… I tried to get rid of DHCP client but I am not able to get different IP addresses on the different ports corresponding to the VLAN, I just get the same IP address from my LAN:
okay, nevermind. I was able to get rid of the DHCP clients and get the IP addresses from the different ports as expected after I set the ip route to my router/opnsense. But on the MikroTik itself, I am not able to ping 8.8.8.8 anymore, is that expected for this configuration?
Which VLAN are you using for management of the Mikrotik (untagged on the bridge, VLAN 10 or VLAN 20), static or DHCP-assigned address, and which port is the AP plugged into?
Managing the MikroTik on the untagged on the bridge and have the access point connected to ether2, which is untagged. I’m unsure of your last question but I am forwarding DHCP from OPNsense but the VLAN have a static range they are assigned to, which is how I am verifying the ports and wifi work by checking if my computer gets the IP corresponding to the right VLAN/SSID
Due to the lack of network diagram and overall clarity.
Is the mikrotik device simply between the main router and the AP. ( a switch only, no WIFI)
So the mikrotik gets a trunk port on the router with lets say 3 vlans, managment, homewifi guest wifi etc…
Or is it doing wifi as well.
THere should be no bridge address on the MT device if acting as a switch or ap/switch.
Did you not read the provided reference??
MikroTik is just acting as a switch between router and the AP. No wifi on the MikroTik itself.
I tried to follow the configuration in the reference post and it just turns off internet access on all the ports so that’s why my configuration is the way it is now. Just that the access point is only able to broadcast the SSID for the LAN network and not able to provide Internet on the SSIDs associated with the VLANs
I am able to access Internet physically under the VLAN I set to ether4 and on the other ports for the LAN. I verified i get the IP address that’s associated with them.
It needs the VLANs for the SSIDs on the AP added as tagged.
I’m unsure of your last question but I am forwarding DHCP from OPNsense but the VLAN have a static range they are assigned to
It was regarding the management address for the Mikrotik, assuming that is provided untagged by DHCP from the router the bridge port & VLAN and management configuration would be:
I appreciate the configuration you sent. I still ran into the same issues as before. I thought it was an issue with my Access Point so I bought a new one and I am still running into the same issues where I am only able to get IP address from the SSID associated with the Default network, not any of the other VLAN IDs
I verified that the ports on the MikroTik work as expected, I am able to get the IP address I am expecting on ether4 and on ether2/3/5.
Here is my Access Point configuration here. I have several devices trying to connect to one of the SSIDs but they’re not able to reach my router/OPNSense
Someone on another forum suggested the issue could be related to mixing tagged and untagged traffic on the same interfaces. They said if such mixed traffic arrives at OPN then it could be the problem, freeBSD is not a happy camper with that traffic.
when I attempt to make ether1 into ‘admit-only-vlan-tagged’, I lose connection to the network completely, even on physical connection on the same VLAN ID
So a device plugged into ether3 or ether5 receives an address from the range your base untagged network uses, and plugged into ether4 from the range VLAN 20 uses. Does configuring a port with a PVID of 10 similarly provide an address from the range VLAN 10 uses?
Have you tried temporarily plugging the AP into the feed which normally feeds the Mikrotik switch to check if that works without the switch?
So I just plugged the AP into the feed that normally feeds MikroTik and all my SSIDs are working now. Seems the issue is on MikroTik switch specifically. Guessing it may have to do with that vlan untagged stuff then… Been stuck on this for a few days now
My MikroTik is a CRS304-4XG and it’s on RouterOS 7.16.2
