UNTAGGED AND TAGGED VLAN ON HEX LITE

pran21 · February 14, 2017, 5:57pm

Hi everyone, i was looking for an answer to this question in the forum but i didn’t find an already opened topic satifying me.
I have an hexlitepoe running routeros last non-beta version, i want to create 2 vlans for my network, i do not have managed switches so…
i want to create a vlan available on all ports if i connect a common pc via ethernet (so i want to plug my pc and connect to the main vlan directly) but i also need another vlan on all ports to use on my guest net via my access points (uap-acs)
how can i do it?
Thanks

pe1chl · February 14, 2017, 6:16pm

Just add a VLAN interface to the master port of the switch.

pran21 · February 15, 2017, 7:49pm

I said that I want 2 vlans…one tagged and one untagged…how can I do it?

effndc · February 21, 2017, 11:27pm

I assume your AP is directly connected to your HEx Lite so that you can actually pass VLAN tags. The untagged default/native network already exists, otherwise you wouldn’t be able to access anything. You are looking to add a new VLAN for your guest network, so you need to create the VLAN on the switch…of course if you also want to have DHCP and routing on that network you will need to create a VLAN interface.

The default/native/untagged VLAN can safely be assumed to be VLAN1, and nothing would need to change there. If you want your Guest VLAN to be VLAN 10 then you need something like below, just exclude your WAN interface from the list for VLAN access.

Add VLAN to switch

/interface ethernet switch vlan
add independent-learning=no ports=ether2-master,ether3,ether4,ether5,switch1-cpu switch=switch1 vlan-id=10

Add VLAN interface for DHCP and routing:

/interface vlan
add comment="Guest network" interface=ether2-master name=vlan10-guest vlan-id=10
/ip address
add address=192.168.103.1/24 comment="Guest Gateway" interface=vlan10-guest network=192.168.103.0

Configure DHCP server on that network:

/ip dhcp-server network
add address=192.168.10.0/24 comment="Guest Network" dns-server=8.8.8.8,8.8.4.4 gateway=192.168.10.1 netmask=24
/ip dhcp-server
add add-arp=yes address-pool=Guest disabled=no interface=vlan10-guest lease-time=8h name="Guest Network"

You will then need to create appropriate firewall rules to allow the guest network access to the Internet and to prevent access from your “main” network if you wish.

chux · March 5, 2020, 2:00pm

Please could you explain these steps using winbox?

pe1chl · March 5, 2020, 3:44pm

The information in this topic is no longer valid.

anav · March 5, 2020, 3:59pm

chux, look to this post for direction. If you need help afterwards then you can post again.
http://forum.mikrotik.com/t/using-routeros-to-vlan-your-network/126489/1