I have looked everywhere online and I cannot find a guide that is remotely close to the specifications that i need in my network.
I have a RB 951Ui-2HnD. Here’s the setup that I need…
I need port 1 to be the WAN, ports 2-5 to be LAN. I need 3 vlans (100, 200, 300). Port 5 needs to accept only tagged packets and then send those packets to the specified VLAN. Ports 2-4 need to send all data (since all of the data will be untagged) to VLAN 300. I then want VLAN 100 to be on 192.168.100.xxx/24, VLAN 200 to be on 192.168.200.xxx/24, and VLAN 300 to be on 192.168.10.xxx/24. If possible I want VLAN 200 & 300 to be able to interact with each other - i.e 192.168.200.16 can talk with 192.168.10.78 . And all vlans need to have their own DHCP server so nothing has to be statically set every time I connect a device.
I’ve been configuring everything via the terminal interface inside of the router. So I will configure it via the GUI or terminal. Either way is fine for me.
And also the default configuration seems to be getting into my way when I run certain commands, so I will let you know what happens when I run the commands that I’m given.
Been a while since I’ve done this but if memory serves right (coming from a clean configuration):
start using your switch chip in order to take some load of your CPU, by configuring master port for ports 3-5 to port 2 in /interface ethernet
in /interface vlan, add VLANs 100,200 and 300 as interfaces on port 2.
add your desired gateway IP for the various VLANs interfaces in /ip address
configure DHCP desired pools and networks and for each VLAN interface, add desired DHCP server with correspondig pool
in /interface ethernet switch vlan, add desired VLANs memberships and in /interface ethernet switch vlan, for ports 2-4 set VLAN mode to ‘add if missing’ with default 300. Optionally configure port 5 to a black hole VLAN.
Unfortunately the RB951Ui’s switch chip can’t change VLAN tags based on switch rules, so you’ll have to setup your prefered forwarding and filtering rules in /ip firewall filter. This means though that inter-vlan traffic will be putting load on your CPU. The RB951’s CPU is fine for most broadband routing, but it’s performance is limited if you plan route loads of LAN traffic through it. Depening the rest of your firewall config, you can try and limit the impact by jumping early for lan-to-lan traffic and properly configuring fast track for established connections.
OK. Thanks for all of the information, but I’ve changed my mind AGAIN in the way that I want to get this configured, so I’m just going to re-state what I want - and this is the final change, I promise.
2 VLANS
-vLAN 100 - on the 192.168.10.0/24 network, with default gateway at 192.168.10.1 and it to hand out the IP addresses from 192.168.10.10-192.168.10.254
-vLAN 200 - on the 192.168.200.0/24 network, with default gateway at 192.168.200.1 and it to hand out the IP addresses from 192.168.200.10-192.168.200.254
I want ether 1 to be WAN port. Ether 2-4 to be on VLAN 100 (all data on these ports will be untagged and I need all data to be sent to VLAN100 - so I think I need an access port for that).
Also, I have an access point that will be plugged into ether 5 and it will be tagging packets and sending them to either vLAN 100 (Private WiFi) or vLAN 200 (Guest WiFi). I think I need something called a Hybrid port for that? And vLAN 200 will only be used for the Guest WiFi.
And I could sort of figure out how to input the commands that you gave me the first time into the terminal of the router, but I couldn’t figure out how to complete some of them and make them work. So if you don’t mind, could you write out most or all of the command that I need to input into the terminal?