Community discussions

MikroTik App
 
rheo
just joined
Topic Author
Posts: 20
Joined: Tue Aug 14, 2012 8:19 am

Wireless access point with VLANS

Fri Apr 15, 2016 9:38 am

This device is just an access point. I just want to check that I have implemented my VLANS right.

I've used Cisco gear in the past but I am new to Mikrotik.

The bonded interface is a trunk port to my switch. My switch has a trunk connection to my router which is doing the inter-vlan routing. (Router on a stick)

Are there any improvements you could suggest?

Thanks
[admin@hAP ac] > /export hide-sensitive
# apr/15/2016 16:30:38 by RouterOS 6.34.4
# software id = T8QN-3WCP
#
/interface bridge
add name=bridge-default
add name=bridge-guest
add name=bridge-lab
add name=bridge-lan
add name=bridge-management
add name=bridge-media
add name=bridge-native
/interface ethernet
set [ find default-name=ether1 ] speed=1Gbps
set [ find default-name=sfp1 ] disabled=yes
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n country=australia disabled=no distance=indoors frequency=\
    auto frequency-mode=regulatory-domain mode=ap-bridge ssid="" wireless-protocol=802.11
add disabled=no keepalive-frames=disabled mac-address=E6:8D:8C:52:FE:8C master-interface=wlan1 \
    multicast-buffering=disabled name=wlan1.vlan10 ssid=mylan-media vlan-id=10 wds-cost-range=0 \
    wds-default-cost=0 wps-mode=disabled
add disabled=no keepalive-frames=disabled mac-address=E6:8D:8C:52:FE:8B master-interface=wlan1 \
    multicast-buffering=disabled name=wlan1.vlan20 ssid=mylan vlan-id=20 wds-cost-range=0 \
    wds-default-cost=0 wps-mode=disabled
add disabled=no hide-ssid=yes keepalive-frames=disabled mac-address=E6:8D:8C:52:FE:8F master-interface=\
    wlan1 multicast-buffering=disabled name=wlan1.vlan50 ssid=mylan-management vlan-id=50 wds-cost-range=0 \
    wds-default-cost=0 wps-mode=disabled
set [ find default-name=wlan2 ] band=5ghz-onlyac country=australia disabled=no distance=indoors frequency=\
    auto frequency-mode=regulatory-domain mode=ap-bridge ssid="" wireless-protocol=802.11
add disabled=no keepalive-frames=disabled mac-address=E6:8D:8C:52:FE:90 master-interface=wlan2 \
    multicast-buffering=disabled name=wlan2.vlan10 ssid=mylan-media vlan-id=10 wds-cost-range=0 \
    wds-default-cost=0 wps-mode=disabled
add disabled=no keepalive-frames=disabled mac-address=E6:8D:8C:52:FE:8A master-interface=wlan2 \
    multicast-buffering=disabled name=wlan2.vlan20 ssid=mylan vlan-id=20 wds-cost-range=0 \
    wds-default-cost=0 wps-mode=disabled
add disabled=no hide-ssid=yes keepalive-frames=disabled mac-address=E6:8D:8C:52:FE:91 master-interface=\
    wlan2 multicast-buffering=disabled name=wlan2.vlan50 ssid=mylan-management vlan-id=50 wds-cost-range=0 \
    wds-default-cost=0 wps-mode=disabled
/interface bonding
add mode=802.3ad name=bonding1 slaves=ether1,ether2 transmit-hash-policy=layer-2-and-3
/interface vlan
add interface=bonding1 name=default vlan-id=1
add interface=bonding1 name=guest vlan-id=30
add interface=bonding1 name=lab vlan-id=40
add interface=bonding1 name=lan vlan-id=20
add interface=bonding1 name=management vlan-id=50
add interface=bonding1 name=media vlan-id=10
add interface=bonding1 name=native vlan-id=99
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=dynamic-keys \
    supplicant-identity=MikroTik
add authentication-types=wpa2-psk eap-methods="" management-protection=allowed mode=dynamic-keys name=guest \
    supplicant-identity=""
/interface wireless
add disabled=no keepalive-frames=disabled mac-address=E6:8D:8C:52:FE:8D master-interface=wlan1 \
    multicast-buffering=disabled name=wlan1.vlan30 security-profile=guest ssid=mylan-guest vlan-id=30 \
    wds-cost-range=0 wds-default-cost=0 wps-mode=disabled
add disabled=no keepalive-frames=disabled mac-address=E6:8D:8C:52:FE:8E master-interface=wlan2 \
    multicast-buffering=disabled name=wlan2.vlan30 security-profile=guest ssid=mylan-guest vlan-id=30 \
    wds-cost-range=0 wds-default-cost=0 wps-mode=disabled
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/interface bridge port
add bridge=bridge-lan interface=lan
add bridge=bridge-default interface=default
add bridge=bridge-guest interface=guest
add bridge=bridge-lab interface=lab
add bridge=bridge-management interface=management
add bridge=bridge-media interface=media
add bridge=bridge-native interface=native
add bridge=bridge-lan interface=wlan1.vlan20
add bridge=bridge-media interface=wlan1.vlan10
add bridge=bridge-lan interface=wlan2.vlan20
add bridge=bridge-guest interface=wlan1.vlan30
add bridge=bridge-guest interface=wlan2.vlan30
add bridge=bridge-media interface=wlan2.vlan10
add bridge=bridge-management interface=wlan1.vlan50
add bridge=bridge-management interface=wlan2.vlan50
/ip address
add address=192.168.0.250/24 interface=bridge-lan network=192.168.0.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=sfp1
/ip dns
set servers=192.168.0.1,192.168.0.4
/ip route
add distance=1 gateway=192.168.0.1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ipv6 address
add address=2001:xxxx:xxxx:9d02:: eui-64=yes
/system clock
set time-zone-name=Australia/Melbourne
/system identity
set name="hAP ac"
/system leds
set 1 interface=wlan2
/system ntp client
set enabled=yes primary-ntp=192.231.203.132 secondary-ntp=192.231.203.132 server-dns-names=internode.on.net
/system routerboard settings
set cpu-frequency=720MHz protected-routerboot=disabled
/tool romon
set enabled=yes
[admin@hAP ac] > 

Who is online

Users browsing this forum: stbatpierret and 74 guests