Problem to connect 2 RB951G 2HnD (and use VLANS)

49er · March 20, 2013, 1:50pm

Hi,

I have 2 RB-951G 2HnD
One is configured as router and ether 1 is a WAN port. I connect the second RB951G 2HnD with Ether1 to ehter5 of the firste Mikrotik.
Everything on the first Mikrotik is working but it looks like the connection to the second Mikrotik is not working.

I can add the configuration of both mikrotiks if that helps.

InoX · March 20, 2013, 2:19pm

What connection is not working? No link on eth or what? Be aware that both of them have the same ip adress class 192.168.88.0/24.

49er · March 20, 2013, 2:36pm

On the second mikortik I can’t get an IP and can’t connect to the first Mikrotik.

Here are the configurations of both switches.

SWITCH01:

MMM MMM KKK TTTTTTTTTTT KKK

MMMM MMMM KKK TTTTTTTTTTT KKK

MMM MMMM MMM III KKK KKK RRRRRR OOOOOO TTT III KKK KKK

MMM MM MMM III KKKKK RRR RRR OOO OOO TTT III KKKKK

MMM MMM III KKK KKK RRRRRR OOO OOO TTT III KKK KKK

MMM MMM III KKK KKK RRR RRR OOOOOO TTT III KKK KKK

SW01 Setup met Router, AP en Usermanagement

Set Identity

/systen identity set name=SW01

Set Ether names

/interface ethernet set 0 name=ether1-public
/interface ethernet set 1 name=ether2-local
/interface ethernet set 2 name=ether3-local
/interface ethernet set 3 name=ether4-local
/interface ethernet set 4 name=ether5-local

Create bridges

/interface bridge add name=BR-LAN
/interface bridge add name=BR-MOBILE
/interface bridge add name=BR-GAST

Create VLANs

/interface vlan add name=VLAN-MOBILE vlan-id=10 interface=ether5-local disabled=no
/interface vlan add name=VLAN-GAST vlan-id=20 interface=ether5-local disabled=no

Add security profiles (WLAN)

/interface wireless security-profile add name=TNW.LOCAL authentication-type=wpa2-psk unicast-ciphers=aes-ccm group-ciphers=aes-ccm wpa2-pre-shared-key=“LAN” mode=dynamic-keys
/interface wireless security-profile add name=GAST authentication-type=wpa2-psk unicast-ciphers=aes-ccm group-ciphers=aes-ccm wpa2-pre-shared-key=“GAST” mode=dynamic-keys
/interface wireless security-profile add name=MOBILE authentication-type=wpa2-psk unicast-ciphers=aes-ccm group-ciphers=aes-ccm wpa2-pre-shared-key=“MOBILE” mode=dynamic-keys

Add virtual AP’s

/interface wireless add master-interface=wlan1 ssid=TNW.LOCAL security-profile=TNW.LOCAL name=VAP-LAN wmm-support=enabled disabled=no
/interface wireless add master-interface=wlan1 ssid=GAST security-profile=GAST name=VAP-GAST wmm-support=enabled disabled=no
/interface wireless add master-interface=wlan1 ssid=MOBIL security-profile=MOBILE name=VAP-MOBILE wmm-support=enabled disabled=no

Add ports to bridges

/interface bridge port add interface=ether2-local bridge=BR-LAN disabled=no
/interface bridge port add interface=VAP-LAN bridge=BR-LAN disabled=no
/interface bridge port add interface=VAP-GAST bridge=BR-GAST disabled=no
/interface bridge port add interface=VLAN-GAST bridge=BR-GAST disabled=no
/interface bridge port add interface=VAP-MOBILE bridge=BR-MOBILE disabled=no
/interface bridge port add interface=VLAN-MOBILE bridge=BR-MOBILE disabled=no

Add ether ports to switch

/interface ethernet set ether3-local master-port=ether2-local
/interface ethernet set ether4-local master-port=ether2-local

Set IP addresses to the Interfaces

/ip address add address=192.168.1.1/24 disabled=no interface=ether1-public
/ip address add address=192.9.201.245/24 disabled=no interface=BR-LAN
/ip address add address=192.9.210.1/24 disabled=no interface=BR-GAST
/ip address add address=192.9.220.1/24 disabled=no interface=BR-MOBILE

Set Route

/ip route add dst-address=0.0.0.0/0 gateway=192.168.1.254 scope=30 target-scope=10 disabled=no distance=1

Set NAT masquerade

/ip firewall nat add action=masquerade chain=srcnat disabled=no out-interface=ether1-public

Set DNS

/ip dns set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB max-udp-packet-size=64 server=192.9.201.5

Turn on WLAN

/interface wireless enable wlan1

Hide SSID wlan1 (mikrotik)

/interface wireless set wlan1 hide-ssid=yes

Set wireless mode

/interface wireless set mode=ap-bridge wlan1 band=2ghz-b/g/n ht-txchains=0,1 ht-rxchains=0,1 wmm-support=enabled

Set wireless channel

/interface wireless set wlan1 channel-width=20/40mhz-ht-above

Set wirless protocol

/interface wireless set wlan1 wireless-protocol=any

Add NTP server

/system ntp client set primary-ntp=192.9.201.5 mode=unicast enabled=yes

Setup DHCP Server

/ip dhcp-server add name=“DHCP-MOBILE” interface=BR-MOBILE lease-time=1h address-pool=static-only authoritative=after-2sec-delay bootp-support=none disabled=no

Setup DHCP Network

/ip dhcp-server network add address=192.9.220.0/24 gateway=192.9.220.1

Add static addresses

/ip dhcp-server lease add address=192.9.220.2 mac-address=00:00:00:00:00:01 server=DHCP-MOBILE

DHCP Server GAST

DHCP Pool setup

/ip pool add name=“DHCP-POOL-GAST” ranges=192.9.210.2-192.9.210.253

Setup DHCP Server

/ip dhcp-server add name=“DHCP-GAST” interface=BR-GAST lease-time=1h address-pool=“DHCP-POOL-GAST” authoritative=after-2sec-delay bootp-support=static disabled=no

Setup DHCP Network

/ip dhcp-server network add address=192.9.210.0/24 gateway=192.9.210.1

#############################################################################################################################

Setup HOTSPOT server with Radius for GUESTS

Setup Hotspot Profile

/ip hotspot profile add name=“GAST-PROFILE” hotspot-address=192.9.210.1 dns-name=“” html-directory=hotspot http-proxy=0.0.0.0:0 login-by=http-chap,cookie use-radius=yes radius-accounting=yes

Setup Hotspot Server

/ip hotspot add name=“HOTSPOT-GAST” interface=BR-GAST address-pool=“DHCP-POOL-GAST” profile=“GAST-PROFILE” disabled=no

Setup Radius

/radius add service=hotspot address=127.0.0.1 secret=123456

Add user (Manger voor usermanager)

/ip hotspot user add name=admin password=49er4All

Enable Graphs

/tool graphing interface add interface=BR-LAN
/tool graphing interface add interface=BR-GAST
/tool graphing interface add interface=BR-MOBILE

Set Admin password

/user set admin password=password

Set Ether speed 1GB/s

/interface ethernet set ether1 speed=1Gbps
/interface ethernet set ether2 speed=1Gbps
/interface ethernet set ether3 speed=1Gbps
/interface ethernet set ether4 speed=1Gbps
/interface ethernet set ether5 speed=1Gbps

End of file

SWITCH02:
/systen identity set name=SW02

Set Ether names

/interface ethernet set 0 name=ether1-local
/interface ethernet set 1 name=ether2-local
/interface ethernet set 2 name=ether3-local
/interface ethernet set 3 name=ether4-local
/interface ethernet set 4 name=ether5-local

Create bridges

/interface bridge add name=BR-LAN
/interface bridge add name=BR-MOBILE
/interface bridge add name=BR-GAST

Create VLANs

/interface vlan add name=VLAN-MOBILE vlan-id=10 interface=ether1-local disabled=no
/interface vlan add name=VLAN-GAST vlan-id=20 interface=ether1-local disabled=no

Add security profiles (WLAN)

/interface wireless security-profile add name=TNW.LOCAL authentication-type=wpa2-psk unicast-ciphers=aes-ccm group-ciphers=aes-ccm wpa2-pre-shared-key=“LAN” mode=dynamic-keys
/interface wireless security-profile add name=GAST authentication-type=wpa2-psk unicast-ciphers=aes-ccm group-ciphers=aes-ccm wpa2-pre-shared-key=“GAST” mode=dynamic-keys
/interface wireless security-profile add name=MOBILE authentication-type=wpa2-psk unicast-ciphers=aes-ccm group-ciphers=aes-ccm wpa2-pre-shared-key=“MOBILE” mode=dynamic-keys

Add virtual AP’s

/interface wireless add master-interface=wlan1 ssid=TNW.LOCAL security-profile=TNW.LOCAL name=VAP-LAN wmm-support=enabled disabled=no
/interface wireless add master-interface=wlan1 ssid=GAST security-profile=GAST name=VAP-GAST wmm-support=enabled disabled=no
/interface wireless add master-interface=wlan1 ssid=MOBIL security-profile=MOBILE name=VAP-MOBILE wmm-support=enabled disabled=no

Add ports to bridges

/interface bridge port add interface=ether2-local bridge=BR-LAN disabled=no
/interface bridge port add interface=VAP-LAN bridge=BR-LAN disabled=no
/interface bridge port add interface=VAP-GAST bridge=BR-GAST disabled=no
/interface bridge port add interface=VLAN-GAST bridge=BR-GAST disabled=no
/interface bridge port add interface=VAP-MOBILE bridge=BR-MOBILE disabled=no
/interface bridge port add interface=VLAN-MOBILE bridge=BR-MOBILE disabled=no

Add ether ports to switch

/interface ethernet set ether3-local master-port=ether2-local
/interface ethernet set ether4-local master-port=ether2-local
/interface ethernet set ether5-local master-port=ether2-local

Set IP addresses to the Interfaces

/ip address add address=192.9.201.246/24 disabled=no interface=BR-LAN
/ip address add address=192.9.210.2/24 disabled=no interface=BR-GAST
/ip address add address=192.9.220.2/24 disabled=no interface=BR-MOBILE

Set Route

/ip route add dst-address=0.0.0.0/0 gateway=192.168.1.254 scope=30 target-scope=10 disabled=no distance=1

Turn on WLAN

/interface wireless enable wlan1

Hide SSID wlan1 (mikrotik)

/interface wireless set wlan1 hide-ssid=yes

Set wireless mode

/interface wireless set mode=ap-bridge wlan1 band=2ghz-b/g/n ht-txchains=0,1 ht-rxchains=0,1 wmm-support=enabled

Set wireless channel

/interface wireless set wlan1 channel-width=20/40mhz-ht-above

Set wirless protocol

/interface wireless set wlan1 wireless-protocol=any

Add NTP server

/system ntp client set primary-ntp=192.9.201.5 mode=unicast enabled=yes

Enable Graphs

/tool graphing interface add interface=BR-LAN
/tool graphing interface add interface=BR-GAST
/tool graphing interface add interface=BR-MOBILE

Set Admin password

/user set admin password=password

Set Ether speed 1GB/s

/interface ethernet set ether1 speed=1Gbps
/interface ethernet set ether2 speed=1Gbps
/interface ethernet set ether3 speed=1Gbps
/interface ethernet set ether4 speed=1Gbps
/interface ethernet set ether5 speed=1Gbps

End of file

49er · March 20, 2013, 5:44pm

Hi, did you see the configuration of both devices?

49er · March 21, 2013, 10:52am

This is what I want in basic.