I have a small WISP running with a dozen Ubiquiti Nano Locos paired with airGateways that connect to a main Ubiquiti Rocket AP which is in turn connected to an EdgeRouter and a TELUS broadband hub for internet access. I have all of the Ubiquiti routers on a “Management VLAN (10)” so if I connect my (vlan10-enabled) laptop (WiFi or Ethernet) to any node I can access any other by its VLAN IP.
I’ve spent head-banging hours trying to do the same thing with a hAP AC Lite since I’d like to use it on my own desk instead of an airGateway. I have it connected to a Loco on ether1 and it connects fine to the internet with the LAN set to 192.168.88.1 + DHCP on and it get’s its WAN IP automatically.
All I want to do is assign it a VLAN IP of 10.10.10.60 (netmask 255.255.255.0 Gateway IP 10.10.10.1) on VLAN 10 so that I can access all the other devices on that VLAN whether I’m connected to the hAP via Ethernet or WiFi - basically just like the attached Ubiquiti router screenshot where the VLAN is on all ports. I can get a “Management VLAN (10)” running on an airOS router in about 90 seconds so I feel like maybe I’m missing something obvious?
Use Quick Set profile to do all the basic configuration since you’re doing a static IP, instead of the default DHCP WAN setup. I don’t know what profiles are available on the Lite, but perhaps “Home AP Dual”.
# WAN: Identify VLAN and its ID to this router
/interface vlan
add interface=ether1 name=Management vlan-id=10
# WAN: Set VLAN network addresses
/ip address
add address=10.10.10.1/24 interface=Management network=10.10.10.0
# LAN: tell LAN bridge about the VLAN
/interface bridge vlan
add bridge=bridge tagged=bridge,ether2,ether3,ether4,ether5 vlan-ids=10
As shown in the command, the bridge itself probably has to be tagged in because every port is acting like a trunk, since you said your laptop is VLAN-aware (“vlan10-enabled”).
While I haven’t tested it, that should work or get you much closer.
Well, that was another no-go… but thank you, it was enough to get dysfunctionally closer.
I created a vlan id=10 on interface=ether1
I added an IP address of 10.10.10.60/24 (I’m not sure why you put 10.10.10.1 since that’s my gateway EdgeRouter?)
Now, if I add ether1 to the existing default bridge I can access any of the other devices on VLAN 10 (but not 10.10.10.60) e.g., 10.10.10.2 is a remote wireless AP 3 hops away I can get to, but then I don’t have access to the Internet. Changing the IP to 10.10.10.1/24 doesn’t help.
Whether I add the VLAN to the LAN bridge (ports tagged or not) doesn’t make any difference.
If I look at the VLAN interface it show Rx traffic but no Tx; not sure if that’s helpful.
I used 10.10.10.1/24 because the last group of digits doesn’t matter when identifying a network range for the VLAN. You should have the static IP of the device elsewhere already from the Quick Set configuration.
Do you have a route under IP Routes for 0.0.0.0/0 with a Gateway of 10.10.10.1 - so that your router knows where to go for Internet (or anything outside of its segment)?
I used 10.10.10.1/24 because the last group of digits doesn’t matter when identifying a network range for the VLAN. You should have the static IP of the device elsewhere already from the Quick Set configuration.
Hmmm, no? The hAP AC Lite gets its WAN IP (192.168.176.38 at the moment) from a DHCP server on the network; what I’m not running is a second DHCP service for the VLAN’s 10.10.10.1/24 subnet because I want to assign fixed IPs to each client’s CPE setups so I know where to go troubleshoot.
Do you have a route under IP Routes for 0.0.0.0/0 with a Gateway of 10.10.10.1
No, but adding one didn’t make a difference.
I created vlan-id=10 name=Management interface=ether1
I added an IP address of 10.10.10.60/24
Interestingly, whether or not I add the VLAN to the LAN bridge (ports tagged or not) I can ping my EdgeRouter (VLAN10 IP: 10.10.10.1) from the hAP’s terminal window, and can ping the hAP back (VLAN10 IP: 10.10.10.60) from the EdgeRouter. So, the Management VLAN is working over ether1, so it seems like your last step, # LAN: tell LAN bridge about the VLAN, is the right concept, only it doesn’t work.
Also, if I assign Management VLAN interface=bridge then I can ping back and forth between the hAP and my desktop, access the Internet, but not be able to ping any other of the devices on VLAN 10.
I don’t understand how RouterOS v6.42 can be configured to operate a VLAN on both the WAN and any or all of the LAN ports which doesn’t seem like a wacky idea to me.
