Hello
First of all greetings to all here - it is my first post on this forum. I have read it for a while, tryed different configs but I am stuck and it seem I need help
Networking isn’t my primary point of specialization but I am trying. my best.
I have local network, diagram is attached. Till now WAN link was phone line directly from adsl modem to WAN port on FW. Now I have WIFI bridge as WAN link and I would like to connect it via VLAN from RB4011 (nr1. on diagram) to different room. On second room I have HPE1910 switch, both devices are connected via FO cable. Generally I have configured 3 VLANs:
VLAN 100 as main access vlan for devices, untagged, configured on most ports on 1910,
2.VLAN 200 - WAN, actually unused. Tagged on 4 uplink ports, untagged on access port 24 on 1910
3.VLAN 1 - default vlan on switch, only for default mgmt purpose
Uplink ports on 1910 are configured as hybrid ports with PVID 100 and untagged VLAN 100, tagged 200
Is there any possibility to connect WAN (wireless bridge on schema) directlty to FW port via VLAN ? Next cable between rooms is not an option, and I know it would be perfect solution
If this configuration is impossible, can you propose working one ? I have RB4011 already, also 1910, but I can possibly change 1910 to a some MikroTik option if ti will help to provide working solution.
Thanks for any help you can provide
Chris
Write more about the new WAN (wireless bridge), how is it realized on RB4011?
After you fill in the details, we’ll be able to give you some usable advice.
Hi mkx, thanks for your interest on this case.
I believe that WAN link is realized by Ubiquiti NanoStation, and I have external IP address dedicated to my router on /26 segment.
At the moment WAN link i connected to FW directly (I have moved it do different room till I will be able resolve my challenge), connection via RB4011 is a plan - connect NanoStation to port 10 (POE port for power up NS also) and then do some VLAN magic
So if I understand you correctly: whatever the wireless bridge is, it is connected to RB4011 using ethernet cable and ultimately you want it connected to ether10?
My suggestion: use existing bridge, add all ether ports (and wifi ports) to it, including ether10. And enable VLAN- filtering on bridge.
The only special thing about ether10 is that it needs PVID set to 200 making ether10 access port for VLAN ID 200. Then add sfp-sfpplus port to the same bridge as well, but make it tagged member of VLAN 200 (and untagged member of LAN).
My whole-hearted suggestion, though, would be to convert all config to all-VLAN setup, meaning that LAN would be tagged over inter-switch connections as well. This would make configuration more uniform (e.g. no untagged frames in random parts of LAN infrastructure devices) and thus easier to maintain.
In the /interface bridge vlan section you have to add bridge interface as member of VLAN 100. The way you have it configured otherwise it would have to be untagged (and you would need to set pvid as well). However, I rather suggest you to go the all-tagged way:
/interface vlan
add interface=bridge1 name=vlan100 vlan-ids=100
/interface bridge vlan
add bridge=bridge1 tagged=sfp-sfpplus1,bridge1 untagged=ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether9,wlan1,wlan2 vlan-ids=100
/ip address
add address=x.x.x.x/24 interface=vlan100 # (for mgmt purpose, if do not have be a different VLAN)
The rest of config seems fine.
In case you’re wondering about bridge being member of VLAN: it has to be if bridge/ROS interacts with certain VLAN (read: if it has IP address in that VLAN). If RB only bridges/switches traffic of a certain VLAN (in your case VLAN 200), bridge doesn’t have to be member of that VLAN.
And I have tested VLAN 200 functionality and It does not work
When I have WAN connected directly to FW port - it works
When I have connected it like :
WAN device ↔ port 10 on RB4011 (PVID200, VLAN200) ↔ trunk between RB and CRS ↔ port 1 on CRS ( PVID 200, VLAN 200) ↔ port on FW
it does not working.
MikrotTik devices shows correctly tagged and untagged ports, but connection does not working
I suggest you do some step-by-step debugging and tracing.
Start off with a PC connected to WAN port of RB4011. Configure a vlan interface on RB and try pinging RB from PC and vice-versa.
Next step would be to configure vlan interface for VID 200 on CRS and ping between PC and CRS (and RB4011 and CRS).
Next step would be to use access port on CRS to connect a PC and repeat ping tests between RB and PC (this time test would check CRS as well).
And you can still post complete config of both RB4011 and CRS … together with updated network scheme (your iriginal scheme did not mention CRS …).
Hi
Sorry for a late answer, but I found some time today to test everything again. And - as always - best option is back to basis. I have started from L1, next L2 and found an issue I have not expected. I am using CRS326-24S+2Q+ as a core (before it was a dumb switch) and some different SFPs, most of them are 3-party.
What I have found - most 3party SFPs workig very well, but only when you disable auto-negotiation and set desired speed. I was my case - I founded auto-negotiation will work fine, but it was not. So
only thing I had to do was to se up correct interface speed on CRS and everything is working just fine.
@mkx - your suggestion was crucial, make me to think about everything below L3 and check it out. Sometimes you want something so badly, you forgot basis.
At this moment all I can say ; I have full VLAN setup with working VLAN100 as LAN access and VLAN200 as separated WAN . It will simplify my cable setup, as my home was not adapted to any LAN cable connections, and as I am a tech fan, a cable connection is my friend
Thank you @mkx for all effort and suggestions, all of you too.
