Multiple VLANs on Wan

rogerowl · February 6, 2015, 5:58pm

Hi I’m using a RB951G for a while and after I change ISP I’m trying to do a specific configuration without success.

My ISP is a triple service (internet, voice and TV).
Each of the services is delivered in a specific VLAN:

Internet Vlan 100
VOIP Vlan 101
IPTV Vlan 105

I’m having the ISP equipment to handle VOIP and IPTV so I define a bridge with 2 port, one from the ONT the other to the ISP equipment. in that bridge a get a external IP.

/interface bridge
add name=bridge-sw1
add admin-mac=4C:5E:0C:B0:14:17 auto-mac=no name=bridge-sw2
/interface ethernet
set [ find default-name=ether1 ] name=eth1
set [ find default-name=ether2 ] name=eth2
set [ find default-name=ether3 ] name=eth3
set [ find default-name=ether4 ] name=eth4
set [ find default-name=ether5 ] name=eth5
/ip neighbor discovery
set eth1 discover=no
/interface vlan
add interface=bridge-sw1 l2mtu=1594 name=vlan-100-sw1 vlan-id=100
/ip pool
add name=dhcp ranges=192.168.88.100-192.168.88.120
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge-sw2 name=default
/interface bridge port
add bridge=bridge-sw1 interface=eth1
add bridge=bridge-sw1 interface=eth2
add bridge=bridge-sw2 interface=eth3
add bridge=bridge-sw2 interface=eth4
add bridge=bridge-sw2 interface=eth5
/ip address
add address=192.168.88.1/24 interface=bridge-sw2 network=192.168.88.0
/ip dhcp-client
add default-route-distance=0 dhcp-options=hostname,clientid disabled=no interface=\
    vlan-100-sw1
/ip dhcp-server network
add address=192.168.88.0/24 dns-server=\
    192.168.88.1,8.8.4.4,8.8.8.8 gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=casarouter
/ip firewall filter
add chain=input protocol=icmp
add chain=input connection-state=established,related
add action=drop chain=input in-interface=vlan-100-sw1
add chain=forward connection-state=established,related
add action=drop chain=forward connection-state=invalid
add action=drop chain=forward connection-nat-state=!dstnat connection-state=new \
    in-interface=vlan-100-sw1
/ip firewall nat
add action=masquerade chain=srcnat out-interface=vlan-100-sw1

With this configuration everything is running, I have internet access in port 3,4 and 5. The IPTV boxes as well as the phone are connect to the ISP equipement.
The question is that now I want to connect the IPTV box (VLAN105) to port 5.
The IPTV box should also get a address in the internal network.
packets with Vlan 105 tag should be delivered only on port 5 and the other packets should be handled normally. This would allow us to access the IPTV box from smartphone or pcs.
What changes should I do in order to achieve this?
thanks

PhantomR32 · February 9, 2015, 9:25pm

Hi rogerowl,

Are you sure that is going to work? I have a similar setup to you, as in I have a WAN trunk with an internet vlan and a TV vlan, but the TV service has a separate WAN IP. The TV box only has that WAN IP and can’t also have a LAN IP. Just trying to help you save some time if you happen to be looking at the wrong thing.

Cheers,
Phantom

ShayanFiroozi · February 10, 2015, 11:13am

Hi
VLAN works on layer 2 , if you wanna send VLAN traffic over L3 network you should use EoIP tunnel between devices

rogerowl · February 10, 2015, 8:26pm

Hi PhantomR32,
The information from the ISP on this subject is allmost none, and their equipament is very poor in terms of internet capabilities (port forwarding, ddns, etc). Thats the reason I’m trying to replace it.
I’m not sure if everything works this way, but I know that if I use only the ISP equipment I can connect my pc to a port and I see the TV box in my lan, and can even use some applications running on PC or mobile to control it.
As far as I know the ISP equipment delivers any packet with a vlan tag 105 to the port where the TV box is and those packets with vlan tag 100 or untagged to all the ports.
So, this was the behaviour I was trying to reproduced in the RouterBoard.
thanks