Putting Hotspot on VLAN.

lanham · September 1, 2011, 9:33pm

I have an RB750GL and an Engenius 2611.
I have configured the 2611 with one SSID and configured as VLAN ID 1
I added a VLAN interface to Eth5, VLAN ID 1, named VLAN1
Eth2 is the master port, eth3-5 are slave ports of eth2
I added Hotspot service on VLAN1
When I connect to 2611 wirelessly I get an IP address from the DHCP pool configured for eth2-5, I am expecting to get an address from the Hotspot pool.
What am I not understanding correctly?

fewi · September 1, 2011, 9:41pm

You can’t put a VLAN interface on a slave port. Remove the master-port property from ether5 so that it’s a standalone port. You could also put the VLAN interface on ether2, but then that would affect ports 2 - 5, and not just port 5.

It’s also generally speaking not a good idea to use VLAN id 1. For various historical reasons some products treat VLAN id 1 as special and don’t tag it. Use VLAN id 2 instead.

lanham · September 1, 2011, 10:23pm

So I removed master port setting on eth 5.
I added another vlan as vlan2 to eth5 which will be used for the management port.
I changed vlan1 to vlan10 which will be hotspot traffic.
I created a bridge1, added eth2 and vlan2, and confirmed that I could talk to the management port of AP.
I also confirmed that I was getting hotspot dhcp addresses via AP.

Currently it looks like I have it setup the I want. What else should I add?

fewi · September 1, 2011, 10:28pm

Looks good to me, really.

What else do you want it to do?

lanham · September 1, 2011, 10:34pm

I read somewhere about adding a firewall rule so that the vlan’s could not talk to each other but it may have been a much more complicated setup.

fewi · September 1, 2011, 10:44pm

That’s actually pretty easy to do. Assuming the Hotspot network (VLAN 10) is 192.168.0.0/24 and the admin network (VLAN 2) is 10.0.0.0/24:

/ip firewall filter
add chain=forward src-address=192.168.0.0/24 dst-address=10.0.0.0/24 action=drop
add chain=forward dst-address=192.168.0.0/24 src-address=10.0.0.0/24 action=drop

lanham · September 14, 2011, 4:51pm

Can I use the same Hotspot on the VLAN interface (eth5) also on inteface eth3? If so how, or do I just install another hotspot service on eth5? I don’t want the hotspot on a vlan on eth3.

fewi · September 14, 2011, 5:58pm

You could do some crazy bridging. But don’t do that. Just run another Hotspot on the second interface.