I have a HAP AC Lite that I would like to have 2 VLAN trunks with VLAN IDs 10,20,30,40 on ether1 and ether2. I would also like to have an access port for VLAN 20 on ether3 and an access port for VLAN30 on ether5.
I tried to do this without bridges but it didn't seem to work. Most of the info on the forum seems to suggest that bridges are are required for this setup, but then I'm using the CPU right? Can this not all be accomplished in the switch chip?
I have a CRS125-24G-1S-RM on one of the trunks and a Zyxel POE switch on the other to power an IP camera.
Re: VLAN trunks without bridges?
if you want to do vlans using hap switch take a look on this
http://wiki.mikrotik.com/wiki/Manual:Sw ... p_Features
to do vlans on CRS take a look on this
http://wiki.mikrotik.com/wiki/Manual:CRS_examples
on hap switch chip is a lot simpler and easier and can be a good introductory before trying on CRS
http://wiki.mikrotik.com/wiki/Manual:Sw ... p_Features
to do vlans on CRS take a look on this
http://wiki.mikrotik.com/wiki/Manual:CRS_examples
on hap switch chip is a lot simpler and easier and can be a good introductory before trying on CRS
Re: VLAN trunks without bridges?
That's exactly what I was looking for. It seems like that would be good info to have in the VLAN section on the wiki.
I got the VLAN config onto the hap ac lite and at least one of the trunks seams to be working but the first access port I've tried doesn't work. I had very limited time to work on it. I need to try a few more things. I will post back if I have trouble.
Thanks for the info Chechito
I got the VLAN config onto the hap ac lite and at least one of the trunks seams to be working but the first access port I've tried doesn't work. I had very limited time to work on it. I need to try a few more things. I will post back if I have trouble.
Thanks for the info Chechito
Re: VLAN trunks without bridges?
I've got the ethernet ports working the way I'd like, but now I'm trying to add the 2Ghz interface to vlan 10 but so far nothing I've changed seems to work. When I connect, my phone just says obtaining IP address and then fails. I'm not exactly sure what vlan-mode should be set to, but "no tag" and "use tag" don't seem to make a difference. "use service tag" didn't seem right seem right from what I found on the forum and the wiki.
I did change VLANs on ports 3 and 5 since my original post.
I did change VLANs on ports 3 and 5 since my original post.
Code: Select all
# mar/01/2016 08:18:47 by RouterOS 6.33.5
#
/interface ethernet
set [ find default-name=ether2 ] master-port=ether1
set [ find default-name=ether3 ] master-port=ether1
set [ find default-name=ether5 ] master-port=ether1 poe-out=off
/interface wireless
set [ find default-name=wlan1 ] bridge-mode=enabled distance=indoor disabled=no mode=ap-bridge ssid=Removed vlan-id=10 wireless-protocol=802.11
set [ find default-name=wlan2 ] band=5ghz-a/n/ac bridge-mode=disabled distance=indoors frequency=auto mode=ap-bridge ssid=Removed vlan-id=10 vlan-mode=use-tag wireless-protocol=802.11 wps-mode=disabled
/interface vlan
add interface=ether1 name=vlan10 vlan-id=10
/interface ethernet switch port
set 0 vlan-header=add-if-missing vlan-mode=secure
set 1 vlan-header=add-if-missing vlan-mode=secure
set 2 default-vlan-id=10 vlan-header=always-strip vlan-mode=secure
set 4 default-vlan-id=20 vlan-header=always-strip vlan-mode=secure
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=dynamic-keys wpa2-pre-shared-key=Removed
/interface ethernet switch vlan
add ports=ether1,ether2,ether3,switch1-cpu switch=switch1 vlan-id=10
add ports=ether1,ether2,ether5 switch=switch1 vlan-id=20
add ports=ether1,ether2 switch=switch1 vlan-id=30
add ports=ether1,ether2 switch=switch1 vlan-id=40
/ip address
add address=10.10.10.2/24 interface=vlan10 network=10.10.10.0
/ip firewall filter
add chain=input comment="defconf: accept ICMP" protocol=icmp
add chain=input comment="defconf: accept establieshed,related" connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalidRe: VLAN trunks without bridges?
If you set vlan id for wlan, it works as untagged acccess port. Outgoing traffic is untagged and incoming is assigned to selected vlan. But if you want it to do anything useful, you need to connect it to something else, because currently the vlan is only on wlan and isolated from everything else. You could bridge wlan with ethernet (with vlan trunk) and it would connect vlan 10 on those interfaces.
But I'm not sure how it would play together with vlans set up on hardware switch, I don't have much experience with that.
But I'm not sure how it would play together with vlans set up on hardware switch, I don't have much experience with that.
Re: VLAN trunks without bridges?
Once you said it, it seemed obvious and it worked great. Thanks.
If it helps anyone else, here is what I added/changed.
If it helps anyone else, here is what I added/changed.
Code: Select all
/interface bridge port
add bridge=bridge1 interface=vlan10
add bridge=bridge1 interface=wlan1
add bridge=bridge1 interface=wlan2
/interface wireless
set [ find default-name=wlan1 ] distance=indoors frequency=2462 mode=ap-bridge ssid=Removed vlan-id=10 wireless-protocol=802.11 wps-mode=disabled
set [ find default-name=wlan2 ] band=5ghz-a/n/ac bridge-mode=disabled disabled=no distance=indoors frequency=auto mode=ap-bridge ssid=Removed vlan-id=10 wireless-protocol=802.11 wps-mode=disabled
Who is online
Users browsing this forum: Bing [Bot] and 56 guests