Hi,
The site in question is running a CRS125-24G-1S-RM, 2x Ubiquiti UAP-PRO
The goal is to provide 2 LAN/WLAN interfaces for the users of 2 business units to access only the resources in their respective segments and provide a gateway to the internet for each. Due to coverage requirements each UAP needs to broadcast both LAN1 and LAN2’s SSIDs, tagging each with the right VLAN back to the CRS, management untagged will be on LAN2. Hopefully that description makes sense, but i believe this is a simple setup and with my limited Mikrotik skills i am unable to get even dhcp going on the vlan.
I’m managing via the console cable just to get it all going first, from reading wiki i’ve got this far in creating a config to apply to a blank CRS, any help in getting this working is appreciated.
/interface ethernet
set ether5 master-port=ether1 comment=ether05-UAP-PRO-2
set ether6 master-port=ether1 comment=ether06-UAP-PRO-1
set ether7 master-port=ether1 comment=ether07-LAN1
set ether8 master-port=ether1 comment=ether08-LAN1
set ether9 master-port=ether1 comment=ether09-LAN2
set ether10 master-port=ether1 comment=ether10-LAN2
set ether11 master-port=ether1 comment=ether11-LAN2
set ether12 master-port=ether1 comment=ether12-LAN2
set ether13 master-port=ether1 comment=ether13-LAN2
set ether14 master-port=ether1 comment=ether14-LAN2
set ether15 master-port=ether1 comment=ether15-LAN2
set ether16 master-port=ether1 comment=ether16-LAN2
set ether17 master-port=ether1 comment=ether17-LAN2
set ether18 master-port=ether1 comment=ether18-LAN2
set ether19 master-port=ether1 comment=ether19-LAN2
set ether20 master-port=ether1 comment=ether20-LAN2
set ether21 master-port=ether1 comment=ether21-LAN2
set ether22 master-port=ether1 comment=ether22-LAN2
set ether23 master-port=ether1 comment=ether23-LAN2
set ether24 master-port=ether1 comment=ether24-LAN2
/interface ethernet switch ingress-vlan-translation
add ports=ether5,ether6,ether9,ether10,ether11,ether12,ether13,ether14,ether15,ether16,ether17,ether18,ether19,ether20,ether21,ether22,ether23,ether24 customer-vid=0 new-customer-vid=151 sa-learning=yes
add ports=ether7,ether8 customer-vid=0 new-customer-vid=119 sa-learning=yes
/interface ethernet switch egress-vlan-tag
add tagged-ports=ether1,ether5,ether6 vlan-id=119
add tagged-ports=ether1,ether5,ether6 vlan-id=151
/interface ethernet switch vlan
add ports=ether1,ether5,ether6,ether9,ether10,ether11,ether12,ether13,ether14,ether15,ether16,ether17,ether18,ether19,ether20,ether21,ether22,ether23,ether24 vlan-id=151 learn=yes
add ports=ether1,ether5,ether6,ether7,ether8 vlan-id=119 learn=yes
/interface ethernet switch
set drop-if-invalid-or-src-port-not-member-of-vlan-on-ports=ether1,ether5,ether6,ether7,ether8,ether9,ether10,ether11,ether12,ether13,ether14,ether15,ether16,ether17,ether18,ether19,ether20,ether21,ether22,ether23,ether24
/interface vlan
add name=vlan-119-LAN1 vlan-id=119 interface=ether1
add name=vlan-151-LAN2 vlan-id=151 interface=ether1
/ip address
add address=192.168.119.1/24 interface=vlan-119-LAN1
add address=192.168.151.1/24 interface=vlan-151-LAN2
/ip pool add name=LAN1 ranges=192.168.119.200-192.168.119.254
/ip pool add name=LAN2 ranges=192.168.151.200-192.168.151.254
/ip dhcp-server
add disabled=no name=dhcp-LAN1 interface=vlan-119-LAN1 address-pool=LAN1
add disabled=no name=dhcp-LAN2 interface=vlan-151-LAN2 address-pool=LAN2
/ip dhcp-server network add address=192.168.119.0/24 netmask=24 gateway=192.168.119.1 comment=”LAN1-VLAN-119”
/ip dhcp-server network add address=192.168.151.0/24 netmask=24 gateway=192.168.151.1 comment=”LAN2-VLAN-151”