Management VLAN over WIFI/MESH

richedav · August 4, 2011, 2:24pm

Hi

I think i need a point in the right direction to split my management and user traffic.

Current LAB setup is in HWMP mesh, using single radio.

Node A:
192.168.254.200 assigned to Eth1
ETH1 and WLAN bridged
Bridge placed into a HWMP mesh

Node B:
192.168.254.201 assigned to Eth1
ETH1 and WLAN bridged
Bridge placed into a HWMP mesh

Node C:
192.168.254.202 assigned to Eth1
ETH1 and WLAN bridged
Bridge placed into a HWMP mesh

Everything works fine, I can browse the net, email. Clients are assigned a DHCP from 192.168.254.1

I now want to add a management network so that the users on the 192.168.254.0/24 network cannot access the Mikrotik devices - for instance have the physical Mikrotik hardware on 10.10.0.0/24 , with client traffic on 192.168.254.x , split using VLAN.

There will be a hotspot server running on NODEA, on the users network , so management vlan needs to go through this.

Only NODE A , via LAN or remote IPSEC/PPTP connection would be able to access the 10.10.0.0/24 network to perform management.

Could someone more educated than I give a hint on how this is achieved?

Thank you.

richedav · August 5, 2011, 3:08pm

Anyone? Happy to pay for a trainer/consultant.

peson · August 5, 2011, 7:27pm

Is it something similar to this you want to achieve?
http://mum.mikrotik.com/presentations/2007_1/PL07_Roamingwire.pdf

/Paul

richedav · August 5, 2011, 8:31pm

Yes. Although thats a more complex scenario - i simply want to run the run hotspots on vlan5 , ap management on vlan 2 rather than manage the aps via ip bindings in hotspot server

peson · August 6, 2011, 9:22am

Can you upload the results of:
/int mesh export
/int wire wds export
/int bridge export

Are you going to use different radio for client access in the final network?

cieplik206 · August 8, 2011, 9:51am

Hello

Simple… wlan interface is not port of mesh network. so simple add a vlan interfaces either vlan5 and vlan2 with master interface hwmp-bridge.

add managment ip address to vlan5 interface

add additional bridge - call it hotspot-bridge

add two ports to that bridge vlan2 and wlan1

on Node A add hotspot on vlan2 and it should work

if any problem you can also contact me on pawel [a t] cieplinski dot pl

Regards
Pawel

Davis · August 8, 2011, 10:34am

Also make sure that VLAN-mode for switch ports where clients are connected is set to secure so your clients won’t be able to connect to VLANs using tagged packets.