Hey Guys, I really really hope someone can help me understand whats going on.
Its so frustrating… I have been trying to test trunk vlans and native access vlans across my various Mikrotik routers.
This eventually is to make use of capsman and have a guest network with their own vlan and have an access list.
so whats going wrong is that I followed a few guides where I make a bridge(BridgeVlan253) for the native “management” vlan for all the Mikrotiks.
this has almost all the ports within each router except for a few which need untagged from a different vlan20 that is within BridgeVlan253.
There is another bridge(BridgeVlan20) which bridges to vlan20 and to the ports need to be untagged including some wireless interfaces as dont want
to suddenly have no wifi at home whilst testing and messing with capsman. Family would kill me lol. But at 4am i could no longer continue.
I am including the backups I last made of the configurations.
Id had some really weird behavior like laptop being able to ping “data link” router and the next router “Office-Data” but not my Janitza after that.
but that router “Office-Data” can ping the Janitza and ping back to “data-link” It was some weird stuff. If any of you have suggestions I would really
appreciate it. Also if you have suggestions about any of my other configuration…
Thankyou again. Would gladly also make a diagram of how things are connected or anything anyone wants to know. so badly want to understand where
this is going wrong.
Concur and capsman is a waste of time adds many lines of config and thus potentially many errors and is not needed in many cases.
You can setup another MT as an AP switch in just a few minutes.
I did try to reply a little while ago but my ISP went down lol. Okay moving forward, thanks for the suggestion and ive opened both now to
read through. Thankyou
I need a way of implementing mac authentication list of some kind across all of these mikrotik routers.
I wanted to implement it at home and then push it onto the work network lol. cause there i have 2 problems.
Staff that manage to get the password from someone or their device(thanks to darn qr-code sharing) and have
randomised mac address generation. it has been a “policy” that people need to turn that feature off but. lets say
that isnt being enforced and site has this 12mb line which is almost always being abused.
that and when a visitor or another engineer comes to site I could have seemless roaming? maybe even 1 ssid
and them automatically getting put in the correct network with the correct access.
Least thats what it looks like it could do?
In that case there may be a use for capsman if it has some mac address control filtering…
But at least you are better explaining the situation in terms of traffic to allow and traffic to not allow.
Hopefully someone with similar experience can help.!!
Yeah thats the thing haha, Would far rather experiment and learn using my own network. Albeit without
making family mad and what not. Thankyou though and still appreciate the comments. yes thankyou
At home I basically set all leases to static DHCP no allocating IPs… and use ARP controll.
If someone wants to use wifi I add static lease and then add ARP entry…
What is left out of this whole conversation because some have very limited things they do
Do you need IP’s in the VLAN at the bridge point???
So are you
a) trying to make a basic dumb VLAN switch replacement
b) need to route or access thru the VLANS at the bridge point
For example of B … if your want to do something like this
10.0.2.3/24 in VLAN 2
10.0.3.3/24 in VLAN 3
In that instance the old way is the only way you can do it and why the old method still exists.
In B we are clearly trying to keep the IP’s isolated but with the option to access or route thru them
Classic example occurs when you want to set a different DHCP server into each vlan at the bridge point such as for a multi-SSID access point.
