Greetings forumites and fellow Mikrotik users
I recently acquired an old model Mikrotik saved from a junk pile
It is an RB411-5uH
I now have all the hardware working and antenna connected.as well as the latest ROS installed
Although I was aware of Mikrotik and ROS this is my first – hands-on experience
So jumping in at the deep-end
I have taken some time learning Winbox and the ROS CLI with which I now feel comfortable
Sadly I have not been able to get the device configured correctly.
I have a home Cisco network which I am using for networking self-education.and practise
I would like to incorporate the RB411 into the network initially as an access point ( AP )
There is already a Cisco AP as well as a Huawei B315 ( LTE router ) active in the network(on separate VLANs of their own )
I have moved the Cisco default management VLAN and Native VLAN to VLAN’s other than the default VLAN 1
(Recommended best security practise )
I believe I have a good understanding of these concepts as far as the Cisco World is concerned
( Here is a nice and clear description )
https://networkdirection.net/Tagged%2C+Untagged%2C+and+Native+VLANs
What I would like to do with the RB411 is use it as an “edge” AP ( WiFi access point ) connected to and incorporated into the
rest of the wider Cisco network – attached to a particular user VLAN which is connected to the Internet via ADSL ( Cisco
upstream router ) This VLAN uses private IP’s internally and is only NATTED when it goes out the downstream Cisco router.
Because my Internet access is via ADSL I do not have any static ( full time public ) IP’s
Sounds quite easy
I have however not been able to find an example config for such an application or to get it working.
What is significant is that there is only ONE ether port so ALL traffic must flow over it !
I do not know if this type of application is a valid one for this device ?
I have a management VLAN for the network which is local / not routed / and has no access to the Internet.
The native VLAN is a very high number and is not active ( in suspend mode )
ALL routing / switching / NAT / firewall etc etc is done downstream on the Cisco router and switches
What I would like is for the wireless traffic coming in via the RB to obtain Internet access for those hosts connected to it via the [Cisco] VLAN
( which is connected via ADSL to the ISP on this specific VLAN I have more than one ISP)
The RB411 ethernet port is connected to a TRUNK port on the Cisco switch with the necessary VLAN’s allowed ( including the
very high number and suspended native VLAN )
I have read a number of the Wiki articles including the most recent one – “Manual: VLANs on Wireless”
However what is confusing me is the use of PVID which is not realy enumerated or explaned in the Wiki article
IF I understand correctly ?
PVID = Port VLAN ID – which is normally the native VLAN ? ( as done in the MTK World )
With the latest ROS 6.41.2 the bridge is set up for a dynamic PVID – WHAT should this be ?
/interface bridge
ANY port attached to such a bridge also needs a PVID ( whether a physical interface or a VLAN )
Again what should these be ?
/interface bridge port
VLANs when set under the Bridge ( for VLAN filtering ) however have VLAN-IDs
/interface bridge vlan
In this setup what is meant to be – “native vlan” / tagged / untagged ( which ports / interfaces ? )
( I understand this in Cisco speak but the ROS appears very confusing )
I have created two vlans – one for management [ether1] and one for the data [wlan1]
In normal use the MRTK sees the ether as the WAN and the wlan as the LAN
I have set these two VLANs under the ether1 to create a trunk port ( according to the WiKi )
IP addresses have been set with the VLAN’s as interface
A firewall has been set up – just to pass ALL traffic
All of the interfaces reside under the single bridge
(I have also read that anything under such a bridge has the tags automatically removed ? )
I have tried using vlan-filtering=on as well as vlan-filtering=off
I am using my DELL laptop as the AP client – to connect to the RB411 wlan
Tested and working fine with the Cisco AP
Try as I might – round and round up and down I cannot get the MRTK wlan to connect and get access to the Internet
It will connect and I can see traffic movement but NO connection to the Internet ?
( I have tried with all the various firewalls switched off )
The VLAN it is meant to connect to DOES have Internet access – tested using another host.
WHAT am I doing wrong ?
A full working config would be first prize
( I have left the setting up of the 3G side of things for a later project when I understand how to get the WiFi working )
However
Knowing how the logic is meant to work and what needs to be done to get WiFi access to the Internet would be a great help.
The frustration at having to admit defeat will be replaced by the joy of getting this machine working again …
Any / all assistance much appreciated