Vlan configuration

fraksipon · March 9, 2015, 9:15am

Please help in the implementation of VLAN between the MT and the Access Point Tplinka.
At the moment the network is working that

all assigned MAC have IP
1 ip-pool
10.0.4.10-10.0.4.24
10.0.5.3-10.0.5.102

If the MT does not recognize the MAC address, it is assigned an address from another pool
0 adresy_do_sprawdzania_mac 192.168.0.100-192.168.0.199

I would like to port ether 5 add two VLAN. One network should work the same way as described above and the second network should operate in a hotspot for addressing 192.168.1.1/24

Please help in the configuration

[admin@MikroTik] > interface ethernet print
Flags: X - disabled, R - running, S - slave 
 #    NAME          MTU MAC-ADDRESS       ARP        MASTER-PORT      SWITCH     
 0 R  ether1       1500 4C:xx:xx:xx:xx:34 enabled    none             switch2    
 1 R  ether2       1500 4C:xx:xx:xx:xx:35 reply-only none             switch2    
 2 RS ether3       1500 4C:xx:xx:xx:xx:36 reply-only ether2           switch2    
 3 RS ether4       1500 4C:xx:xx:xx:xx:37 reply-only ether2           switch2    
 4 RS ether5       1500 4C:xx:xx:xx:xx:38 reply-only ether2           switch2

[admin@MikroTik] > interface vlan print    
Flags: X - disabled, R - running, S - slave 
 #    NAME                     MTU ARP        VLAN-ID INTERFACE                  
 0 R  vlan1                   1500 reply-only       1 ether5

[admin@MikroTik] > ip address print
Flags: X - disabled, I - invalid, D - dynamic 
 #   ADDRESS            NETWORK         INTERFACE                                
 0   XX.xx.XX.XX/30     XX.XX.XX.XX     ether1                                   
 1   192.168.0.100/24   192.168.0.0     ether2                                   
 2   10.0.4.1/23        10.0.4.0        ether2                                   
 3   192.168.1.1/24     192.168.1.0     ether2

[admin@MikroTik] > ip pool print
 # NAME                                           RANGES                         
 0 adresy_do_sprawdzania_mac                      192.168.0.100-192.168.0.199    
 1 ip-pool                                        10.0.4.10-10.0.4.24            
                                                  10.0.5.3-10.0.5.102            
[admin@MikroTik] >

ZeroByte · March 9, 2015, 9:51pm

Only on port 5 but leave 2-4 as they are?
The first issue is that 5 is running as a slave to port 2. You can put the vlan interface on port 2, and this desired configuration will be the same for ports 2-5 (this will be the easiest and most efficient)

Move the vlan interface to port2

Move the IP address 192.168.1.1/24 onto the vlan interface.

Delete your pool adresy_do_sprawdzania_mac because hotspot wizard will create the pool for you.

Go into hotspot section and click the hotspot setup wizard button. When it asks for the interface to use, specify the vlan interface, and the wizard should use the IP address of the interface in all of its questions for you automatically.

fraksipon · March 11, 2015, 11:54pm

For starters try to simplify my concept.
First let’s try to do two VLANs as shown in the image below.
VLAN1 ether2 addresses

1 ip-pool
10.0.4.10-10.0.4.24
10.0.5.3-10.0.5.102
and VLAN2 ether2 addresses
192.168.0.100-192.168.0.199

All Access Point have the ability to configure the VLAN1 VLAN 2, but how to give only VLAN1 to ether2, ether3, ether4
and
VLAN1 + VLAN2 is ether5
?

ZeroByte · March 12, 2015, 1:45am

Create Two bridges:
bridge-vlan1
bridge-vlan2

I assume that vlan1 should be untagged on the physical interfaces…

Build the ip addresses / dhcp / hotspot / nat rules / forward rules / etc - all using the bridge-vlanX interfaces, and not the physical interfaces.

Next make sure ether2, ether3, ether4, and ether5 all have master port set to none.
Then add all four of these ports to bridge-vlan1
Create vlan subinterface on ether5 (name=vlan5.2 interface=ether5 vlan=2)
Add port vlan5.2 onto bridge-vlan2
Even though there is currently only one interface with vlan2 right now, configuring as a bridge will let you add that VLAN to other interfaces very easily.

Then it should work as you requested - the only thing that concerns me is if bridge including ether5 for vlan 1 picks up the tagged frames and puts them onto the other ports with vlan 5 tag… you can do a wireshark or tcpdump to confirm it is/isn’t happening. (would prefer that it isn’t)

So in summary:
Create bridge interfaces for each vlan, and build your configs on those as if they were physical interfaces.
Connect the untagged vlan to each interface where you want it to be
Connect the tagged vlan to the vlanX sub-interfaces where you want it to be.