TL;DR: VLANs work without them being assigned in Mikrotik. How?
I just bought a CRS109-8G-1S-2HND-IN. This is my first experience with Mikrotik equipment and RouterOS and I have limited experience with networking in general. I only worked with a Cisco switch and OpenWRT routers till now. I also want to say that my replaced unit, a TP-LINK WDR3600 with openwrt worked perfectly with the same setup.
My current setup is kinda simple. I have a pfsense appliance for the wan connection and it’s LAN port goes into Mikrotik. From there, I have several desktops and a proxmox hypervisor. Proxmox has a few VMs, and some of them are on a VLAN. So, I want to use Mikrotik as a switch and wireless access point, only.
I had a very hard time figuring out how to do a guest network with a virtual wireless AP on Mikrotik and the solution is what strikes me as very odd. I have VLAN 13 setup as a guest interface in pfsense. In Mikrotik, I assigned a VLAN in interfaces and tagged the virtual wireless with VLAN 13. Pfsense received DHCP requests, but the clients didn’t didn’t get the address assigned. Static IPs didn’t work either. After a lot of trial and error, what worked was removing in Mikrotik the VLAN 13 tag for the port connected to pfsense.
So, that was odd… how does Mikrotik switch traffic if it doesn’t know that a port is taggedw with a VLAN?
I removed all VLAN tags from the Mikrotik ports, and everything works. I don’t understand this behavior since on the Cisco switch, I had to setup trunk ports and specify the tags for them to work. For example, my webservers are on VLAN 10, hosted on Proxmox. How did they get an IP assigned from pfsense’s DHCP, if I didn’t tag neither pfsense nor proxmox’s ports with VLAN 10?
It is very hard to guess what is the problem if you dons post cnfiguration. My first guess would be that you briged everything on mikrotik, and connect it to pfsence. Than pfsence gave out DHCP based on dhcp binding that already have. And every device recived correct IP. Communiaction worked because everything is bridged, so any device can access any network.
My guess is something like this happend, but please think about it how can we help if we dont see any configuration from pfsense and MikroTik
Yes, everything is bridge. It’s the default configuration. I’ve attached most of my configuration.
If I disconnect the pfsense, then I can’t access the VLANs. So traffic is still routed through pfsense. My only rough explanation is that MT is sending the traffic through all the ports and it receives from pfsense because he’s the one answering to that type of traffic.
I think I got it working, but I’d appreciate if someone did a sanity check.
removed bridge. no bridge present in configuration
assigned ether-2 as master switch for all ports
created switch VLAN with id 0 which includes all ports including switch1-cpu . This one is for passing untagged traffic
created VLANs
disabled “Forward invalid VLAN” in switch settings
setup works as expected
Next step. Create bridge for wlan and guest wlan.
With everything setup like this… I assume the switch would send out packets to all ports and when it “hit” the target, that client would reply? In noob terms that is…
