WRT54GL VLAN to Mikrotik 433GL

jannoke · September 6, 2013, 11:32am

VLANS

I have following setup - WRT54GL running in meeting room. Configured to have 2 Wireless SSID’s and 2 matching vlans (VLAN5, VLAN6).
On the other end , there is Mikrotik 433GL (ethernet 2). It has also 2 Wireless SSID’s. One for public, one for private lan just like wrt54gl.
Mikrotik has one ether for our private lan and one ether for WAN.

[admin@MikroTik1] > interface vlan print
Flags: X - disabled, R - running, S - slave
 #    NAME                    MTU ARP        VLAN-ID INTERFACE
 0 X  VLAN5_PUBLIC           1500 enabled          5 eth2_phyPubLan
 1 X  VLAN6_PRIVATE          1500 enabled          6 eth2_phyPubLan

[admin@MikroTik1] > interface bridge print
Flags: X - disabled, R - running
 0  R name="PrivateLAN" mtu=1500 l2mtu=1524 arp=enabled
      mac-address=D4:CA:6D:7E:75:59 protocol-mode=none priority=0x8000
      auto-mac=yes admin-mac=00:00:00:00:00:00 max-message-age=20s
      forward-delay=15s transmit-hold-count=6 ageing-time=5m

 1  R name="PublicLan" mtu=1500 l2mtu=1524 arp=enabled
      mac-address=D4:CA:6D:7E:75:5A protocol-mode=none priority=0x8000
      auto-mac=yes admin-mac=00:00:00:00:00:00 max-message-age=20s
      forward-delay=15s transmit-hold-count=6 ageing-time=5m

[admin@MikroTik1] > interface bridge port print
Flags: X - disabled, I - inactive, D - dynamic
 #    INTERFACE              BRIDGE              PRIORITY  PATH-COST    HORIZON
 0    WlanCard1_r52Hn        PrivateLAN              0x80         10       none
 1    eth1_phyPrivLan        PrivateLAN              0x80         10       none
 2    eth2_phyPubLan         PublicLan               0x80         10       none
 3 I  WlanCard1_Virtual1     PublicLan               0x80         10       none
 4 X  VLAN6_PRIVATE          PrivateLAN              0x80         10       none
 5 X  VLAN5_PUBLIC           PublicLan               0x80         10       none

[admin@MikroTik1] > interface ethernet print
Flags: X - disabled, R - running, S - slave
 #    NAME                                             MTU MAC-ADDRESS       ARP        MASTER-PORT                                         SWITCH
 0 R  eth1_phyPrivLan                                 1500 D4:CA:6D:7E:75:59 enabled    none                                                switch1
 1 R  eth2_phyPubLan                                  1500 D4:CA:6D:7E:75:5A enabled    none                                                switch1
 2 R  eth3_phyWAN                                     1500 D4:CA:6D:7E:75:5B enabled    none                                                switch1

[admin@MikroTik1] > interface ethernet switch port print
Flags: I - invalid
 #   NAME                                                                             SWITCH                                                                      VLAN-MODE VLAN-HEADER
 0   eth1_phyPrivLan                                                                  switch1                                                                     disabled  leave-as-is
 1   eth2_phyPubLan                                                                   switch1                                                                     disabled  add-if-missing
 2   eth3_phyWAN                                                                      switch1                                                                     disabled  leave-as-is
 3   switch1_cpu                                                                      switch1                                                                     disabled  leave-as-is

I have tryed the switch port vlan mode to set “check”, “fallback” and “secure”.
What am I missing?

I can see traffic coming in from wrt54gl on interface but torch shows no vlan id’s (coming or going).

Used this one as a guide: http://wiki.mikrotik.com/wiki/Vlans_on_Mikrotik_environment

Mikrotik 5.25 sw,
Model 433GL
Current Firmware 3.02

If topology is described too unclearly then let me know and I will try one more time.
Disregard “disabled” states sincei have temporarily disabled vlans on interface so that atleast public wifi would work in there.

jannoke · September 10, 2013, 12:15pm

I have tested the linkys - it has correct vlans. if i connect my laptop or openwrt router with configured vlans it will work without a problem. But bot with mikrotik.

jannoke · September 11, 2013, 9:52am

Update:
I seem to see all the packets coming from mirkotik (arp requests and broadcasts from both of my networks). All in correct vlans and with tags. But seems like whatever i send to mikrotik itself get’s lost.

Rudios · September 13, 2013, 4:38pm

If you want ether2 (connection between mt and wrt) to be a trunk for both vlans, do not add that interface to the bridges on the mikrotik.
Add only the wireless and ether interface into the bridge, together with the vlan interface.

jannoke · September 14, 2013, 7:28am

Yes- i figured that out. That was left in accidentally since i was jumping back and fourth between having trunk and restoring previous state for the people to use then they get back to work in the morning.
I also saw from tcpdump that i was getting untagged packets in parallel with same tagged packets so i actually have removed the ether2 device, but the case stays the same.

Currently I have the solution by just taking private land and public lan from mikrotik using different interfaces and trunking them together with another wrt54gl and this works, but is quite uqly soltion if mikrotiks should be able to do trunk itself.