Hi,
I am trying to configure a MikroTik Router RB750Gr3 with v7 but I am facing some problems.
First the scenario
ISP is Vodafone Portugal, they define three VLANs
100 - for internet traffic
105 - for IPTV
101 - for Phone
I am not worried about the phone, because I have another solution.
My connection to Vodafone is via ONT + Router, at this moment I have a Huawei ONT and an ASUS Router
The Asus Router assigns the different VLANs from the ONT traffic to different ports and from these ports I connect to a main Switch where these VLANs are defined as trunk or untagged.
From this Switch I connect to other switches, where some ports are allocated to VLAN 100 and others to VLAN 105, both untagged, this is working.
I am trying to do the same but now to have a MikroTik instead of an Asus.
I succeed to have Internet in the MikroTik router but I am not able to propagate to the main switch in a correct way.
I am defining, port 1 of the interface to connect to the ONT, over there I created two VLANs with 100 and 105 tags, one DHCP Client for VLAN 100, and another to VLAN 105, this is working fine and I get the DNS from Vodafone.
The problem now is to define the VLANs to the local network, shall I create two VLANs and associate them with the WAN VLANs, or shall I use the existing VLANs from the WAN?
Another doubt is if I should create a Bridge for all ports or to keep them separated?
I can post here my configuration if it may help.
Thank you, but know very well the VLAN logic, I have them defined on my ASUS router and on different switches at my place, the question is how to define them in RouterOS v7.8 on RB750Gr3
I have two doubts
My ISP has defined two vlans, I want to route the traffic from these vlans to two local vlans and assign them to different ports, should be easy if my router could assign switch chip vlans, but because it has the MT7621 chip, it's not possible Switch Chip Features - RouterOS - MikroTik Documentation
Perhaps I could use the Bridge HW vlan-filtering, but I haven't tried, in this case I believe the configuration would be:
I am defining vlan 100 untagged on ether2 and, vlan 105 untagged on ether3
Do I need to define two vlans for my local network, or should I use just the vlans created and assigned to the wan port ether1, I suppose I don't need them
From the following image, I wan to achieve the case B, where at the moment i have case A. I don’t mind having the Vodafone router, what i would like to achieve is not having to have 2 network cables around the house, one with network 1 (Vodafone) and other with network 2 (my own).
Did someone figured out? By the way how is your asus doing authentication to Vodafone, where did you get the credentials?
Thanks to zwame.pt, danielb7390 for helping, and also Vodafone for not helping at all.
Rant: Vodafone PT is extremely dificult to talk to someone that understands our problem, is full of crap AI and phone systems that dont work. What we need is humanize support and not robotize with crap systems.
Well after all the pain this config works, once again thanks in advance
# Configuration for Vodafone Portugal IPTV service.
# Tested with VBOX Pro 4k.
# Also tested with a older Cisco Mediaroom, needs some more stuff, check the end of the file.
# Feel free to leave comments with suggestions and/or improvements!
# Credit to the original users that provided the pfsense config found at https://forum.zwame.pt/threads/iptv-net-vodafone-com-pfsense.1049250
# 2023-08-01 20:57:50 by RouterOS 7.10.1
# model = RB5009UPr+S+
# example interfaces using a sfp module
/interface vlan
add interface=sfp-sfpplus1 name=sfp-iptv vlan-id=105
add interface=sfp-sfpplus1 name=sfp-wan vlan-id=100
# make sure to set igmp-snooping=yes in the main lan bridge interface
# Add iptv to the WAN list
/interface list member add interface=sfp-iptv list=WAN
# Add dhcp client to iptv interface
/ip dhcp-client add add-default-route=special-classless default-route-distance=210 interface=sfp-iptv use-peer-dns=no use-peer-ntp=no
# Add firewall rules to accept the IPTV traffic
/ip firewall filter
add action=accept chain=input comment="iptv: Accept IGMP" connection-state="" \
dst-address=224.0.0.0/4 dst-address-list="" in-interface=sfp-iptv protocol=igmp
add action=accept chain=forward comment="iptv: Accept and forward udp multicast iptv traffic" \
connection-state=established,related,new,untracked dst-address=\
224.0.0.0/4 in-interface=sfp-iptv protocol=udp
# activate and configure igmp-proxy
/routing igmp-proxy set query-interval=30s quick-leave=yes
/routing igmp-proxy interface
add interface=bridge
add alternative-subnets=10.2.0.0/18,224.0.0.0/4,10.56.192.0/19 interface=sfp-iptv upstream=yes
#
# Extra stuff for the old Cisco MediaRoom STBs
#
# Create a DHCP option with the IPTV DNS servers
/ip dhcp-server option add code=6 name=iptv_dns value="'87.103.119.196''213.30.36.212'"
# Connect the STB to the network, go to IP => DHCP Server => Leases, find it there double click it and "Make Static".
# Double click it again, and change the "DHCP Options" dropdown to the option created before "iptv_dns"
# The rule "iptv: Accept and forward udp multicast iptv traffic" can't be that specific, had to remove the dst-address part
# Not sure what are the security implications of doing this tho, if anyone has some information to share feel free
/ip firewall filter add action=accept chain=forward comment="iptv: Accept and forward udp iptv traffic" \
connection-state=established,related,new,untracked in-interface=sfp-iptv protocol=udp
