Router, VLANs, Switches and Clients - Best Practices

eakteam · November 9, 2022, 1:19am

Hi everyone, i am struggling to configure a network like below in picture of network diagram but cannot make it run successfully…
Anyone can help me achieve it?
Thanks

Main Router is RB3011UiAS, first switch is CRS-112-8G-4S(bridge all ports) and the last one is RB2011UiAS (Bridge all ports - Configured as switch)

mikrotik.jpg[/attachment][/img]

Buckeye · November 9, 2022, 3:05am

Every broadcast domain on a vlan-aware switch will be in some distinct vlan. If you don’t specify it, it will probably default of vlan 1. Whether it is tagged or untagged on egress from the switch is independent of what vlan it is a member of.

So to me, your diagram isn’t clear. Perhaps all your LAN clients are not vlan aware, and you expect the switch to do the classification into a specific vlan (e.g. for the the devices you want to get dhcp addresses from 192.168.6.0/24, these devices would normally be connected to “access ports” for vlan 1000).

The devices getting access to 192.168.5.0/24 need to be in a different vlan than the devices in 192.168.6.0/24. I would probably use vlan 5 for the devices in 192.168.5.0/24 (and I would probably use vlan 6 instead of 1000, not because 1000 won’t work, just because that’s the way I normally do it to make it more obvious what the mapping between ip subnets and vlans is).

What specifically is your question? If is not possible to guess what problem(s) you are having, if you don’t show us an export of the configurations of the three MikroTik devices, and what your expectations are.

Are all clients just “standard” non-vlan-aware devices?

What are you using for access point in vlan 1000?

eakteam · November 9, 2022, 8:04am

Every broadcast domain on a vlan-aware switch will be in some distinct vlan. If you don’t specify it, it will probably default of vlan 1. Whether it is tagged or untagged on egress from the switch is independent of what vlan it is a member of.

So to me, your diagram isn’t clear. Perhaps all your LAN clients are not vlan aware, and you expect the switch to do the classification into a specific vlan (e.g. for the the devices you want to get dhcp addresses from 192.168.6.0/24, these devices would normally be connected to “access ports” for vlan 1000).

The devices getting access to 192.168.5.0/24 need to be in a different vlan than the devices in 192.168.6.0/24. I would probably use vlan 5 for the devices in 192.168.5.0/24 (and I would probably use vlan 6 instead of 1000, not because 1000 won’t work, just because that’s the way I normally do it to make it more obvious what the mapping between ip subnets and vlans is).

What specifically is your question? If is not possible to guess what problem(s) you are having, if you don’t show us an export of the configurations of the three MikroTik devices, and what your expectations are.

Are all clients just “standard” non-vlan-aware devices?

What are you using for access point in vlan 1000?

I just want to know how to configure and make it works.
Yes all my clients are standart devices like smartphones and computers.
For AP i use Ubiquiti Unifi APs in bridge mode.

eakteam · November 9, 2022, 4:42pm

Any help?

anav · November 9, 2022, 5:39pm

Use one bridge at each device, bridge does no dhcp or heavy lifting, vlans for all subnets (do not use vlanid=1 as that is the MT default vlan in the background).
Ensure you have a management vlan, it could be a trusted vlan if you dont want/need a separate one.
All the smart devices from switches to smart APs, will get their IP on this vlan.
You will need hybrid ports for the ubiquiti I believe as they expect the management vlan to be untagged.

Read para C. https://forum.mikrotik.com/viewtopic.php?t=182373
Specifically the first link is an excellent guide (but read my comments on how to use it).