I have a Rocket sector that connects to a mikrotik (RB2011) and right now I have 1 vlan on the Mikrotik for customer traffic but cannot see the antennas since they are on another subnet. If I add another vlan (with the radio IPs) on the mikrotik and turn on Managegent vlan on the radio will I be able to see the radios and customers go out with their IPs?
The 2011 is the access point and the UBNT radios are the clients?
Your solution sounds correct.
Basically, add a vlan sub-interface to the bridge that the AP is tied to (if it’s tied to a bridge, otherwise, make the vlan sub-interface be on the wlan1 interface itself)
Sorry for the confusion. The RB2011 is the router and the Rocket is the AP connected into port 2. My customer radios are Nanobridges. Currently I have Vlan 330 for a public /27 for my customers. The radios are on private 10.10.50.x addresses which I cannot see from the Mikrotik. How can I see both vlan 330 and a new vlan for the private radio addresses going out of port 2 of the tik?
Thx
Okay - your best thing to do is use management VLAN on both the AP and the client radios, and let the /27 be in a native, untagged VLAN. This way, you need no special configuration for the customer equipment - it just flows through the radio. The one drawback is that you need to be able to use a vlan interface on a workstation that connects to the radios for maintenance access.
It’s been a while since I’ve used UBNT gear, and apparently, the more recent versions let you put an IP interface on the ethernet interface only, so you could make all radios be 192.168.100.1 on their LAN side as well as a management vlan interface…
I’d suggest discussing the best practices for UBNT gear on their forums, though.
In general, for the Mikrotik side - any vlan interface will send/receive tagged traffic on whatever interface you attach it to - use the actual ethernet interface itself if you’re not using a bridge.
If you’re bridging several interfaces together, then put the vlan interfaces on the bridge instead of the physical interfaces. Then just put IP addresses / dhcp servers / firewall rules / etc onto each vlan interface as required for your operation.
Thank you! I’ll dig in and try this today.