VlAN setup with HotSpot

someuser · December 28, 2010, 1:59am

I've got a simple Hotspot setup on a 750g

Internet ---> Modem----->(WAN interface1<--->RB750G<--->Interface2)------>(WAP-- 2 SSID's--1VLAN)---->Wireless clients

I'm experimenting with my first VLAN setup.
I have a wireless AP which has VLAN capability. It is wired to ether 3 or whichever is correct,on the rb750g.

The wap can be configured to have @ 4 SSID's. I'd like to create a VLAN per SSID.
I this possible and/or practical?

For the moment, I'm just trying to get one VLAN going.

So, my question regarding a previous post from fewi mentioning adding hotspots on vlans

His post:
"Make two VLAN interfaces, one for each Hotspot. One gets an IP address of .../24, the
other gets .../24. You set up the Hotspots as usual but use the VLAN interfaces for them"

My question: How to create the VLAN and properly configure the 2nd hotspot on the vlan.
I'm not sure as to putting the VLAN on the master interface 2, on top of 1st hotspot or on the
3rd (non-enslaved) interface or?.

[admin@MikroTik] > ip address print detail
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; default configuration
address=192.168.88.1/24 network=192.168.88.0 broadcast=192.168.88.255
interface=ether2-local-master actual-interface=ether2-local-master

1 ;;; vlan
address=10.0.0.1/24 network=10.0.0.0 broadcast=10.0.0.255
interface=vlan1 actual-interface=vlan1

2 D address=98.../20 network=98... broadcast=98...*
interface=ether1-gateway actual-interface=ether1-gateway

[admin@MikroTik] > ip route print detail
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
0 ADS dst-address=0.0.0.0/0 gateway=98...*
gateway-status=98...* reachable ether1-gateway distance=1
scope=30 target-scope=10 vrf-interface=ether1-gateway

1 ADC dst-address=10.0.0.0/24 pref-src=10.0.0.1 gateway=vlan1
gateway-status=vlan1 reachable distance=0 scope=10

2 ADC dst-address=98.155.80.0/20 pref-src=98...*
gateway=ether1-gateway gateway-status=ether1-gateway reachable
distance=0 scope=10

3 ADC dst-address=192.168.88.0/24 pref-src=192.168.88.1
gateway=ether2-local-master
gateway-status=ether2-local-master reachable distance=0 scope=10

[admin@MikroTik] > interface print
Flags: D - dynamic, X - disabled, R - running, S - slave

NAME TYPE MTU L2MTU

0 R ether1-gateway ether 1500 1524
1 R ether2-local-master ether 1500 1524
2 ether3-local-slave ether 1500 1524
3 ether4-local-slave ether 1500 1524
4 ether5-local-slave ether 1500 1524
5 R vlan1 vlan 1500 1520

[admin@MikroTik] > ip firewall export

dec/27/2010 17:54:40 by RouterOS 5.0rc5

software id = SFGP-C845

/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s
tcp-close-wait-timeout=10s tcp-established-timeout=1d tcp-fin-wait-timeout=
10s tcp-last-ack-timeout=10s tcp-syn-received-timeout=5s
tcp-syn-sent-timeout=5s tcp-syncookie=no tcp-time-wait-timeout=10s
udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here"
disabled=yes
add action=accept chain=input comment="default configuration" disabled=no
protocol=icmp
add action=accept chain=input comment="default configuration" connection-state=
established disabled=no in-interface=ether1-gateway
add action=accept chain=input comment="default configuration" connection-state=
related disabled=no in-interface=ether1-gateway
add action=drop chain=input comment="default configuration" disabled=no
in-interface=ether1-gateway
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here"
disabled=yes
add action=masquerade chain=srcnat comment="default configuration" disabled=no
out-interface=ether1-gateway
add action=masquerade chain=srcnat comment="masquerade hotspot network"
disabled=no src-address=192.168.88.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network"
disabled=no src-address=10.5.50.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network"
disabled=no src-address=10.0.0.0/24
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061
set pptp disabled=no

Thanks

fewi · December 28, 2010, 2:44am

If ether3 is slaves to the chipset with ether2 as the master the physical interface for the VLAN (under “/interface VLAN”) is ether2, the Hotspot is then configured on the VLAN interface.

someuser · December 28, 2010, 2:58am

OK,
Thanks
So, the config I’ve got is correct?

fewi · December 28, 2010, 3:25am

Impossible to say at this point since what you posted doesn’t show either condition I mentioned (doesn’t show the output of “/interface vlan export” to see if the VLAN interface is tied to the right physical interface, and doesn’t show the output of “/interface ethernet print” to check master and slave ports), and doesn’t show the output of “/ip hotspot print” to check what interface the Hotspot is tied to. And your original post is unclear on what port you’re actually connecting the AP to (you say it is connected to “ether3 or whichever is correct”, but I assuming it is on ether3).

someuser · December 28, 2010, 5:24am

Yea.
I left that open, apologize for that open ended question.
But I think I get it now.
Thanks

fewi · December 28, 2010, 5:25am

Post back if it doesn’t work - I can post some examples from production routers.

someuser · December 28, 2010, 8:36am

Will do…I just need to grab another switch
Yes, examples are good for me.