I'm running Routeros 6.42.4 with a RB493G and am admittedly a VLAN-noob looking for some help as I'm clearly doing _something_ silly.
I've got some Ubiquiti AP's currently delivering in-house wifi with no VLAN set via my LAN interface. I have setup a vlan-666 for IOT-devices on the Uniquity and now hopefully the Mikrotik with the intention to keep them separate longer term - for now I just want both my vlan666 and my "no-vlan" ether4 to coexist with my other isp links still working.
My mikrotik has the following physical interfaces setup:
- ether4 = LAN / 192.168.3.1/24 and also where the Uniquiti's get hooked up, no VLAN set
- ether7 = Internet ISP1 / 192.168.1.2/24
- ether8 = Internet ISP2 (via a PPPOE interface called fb-aquiss)
I got things semi-working, dhcp-and-all by configuring a iot-vlan (192.168.113.1/24) hanging off a bridge created from my ether4 but am struggling (I think) with what bridge members should sit where and how they traverse each other.
In the configuration below if bridge port ether4 is turned on anywhere, I lose all connectivity going to anything but ether4. However vlan666 can then chat happily to ether4 members but (for reasons unknown) cant reach the internet.
Admittedly - I'm not sure how the bridge, and it's ports are supposed to look/interact in the configuration.
I chopped the config to the more relevant bits as ipv6, dns and firewall elements are probably not applicable at this stage.
Code: Select all
/interface bridge
add disabled=yes fast-forward=no name=bridge-lan
add fast-forward=no name=bridge-local
add fast-forward=no name=bridge-vlan666
/interface ethernet
set [ find default-name=ether4 ] name=ether4-lan
set [ find default-name=ether7 ] name=ether7-sb
set [ find default-name=ether8 ] name=ether8-fb speed=1Gbps
/interface vlan
add interface=bridge-local name=iot-vlan vlan-id=666
/ip pool
add name=dhcp_pool2 ranges=192.168.3.11-192.168.3.254
add name=dhcp-iot-pool ranges=192.168.113.10-192.168.113.250
/ip dhcp-server
add address-pool=dhcp_pool2 authoritative=after-2sec-delay disabled=no interface=ether4-lan lease-time=1w2d name=\
dhcp1
add address-pool=dhcp-iot-pool disabled=no interface=iot-vlan lease-time=1d name=dhcp-iot
/interface bridge port
add bridge=bridge-vlan666 interface=iot-vlan
add auto-isolate=yes bridge=bridge-local disabled=yes frame-types=admit-only-untagged-and-priority-tagged \
ingress-filtering=yes interface=ether4-lan
add bridge=bridge-vlan666 disabled=yes interface=ether4-lan
/ip neighbor discovery-settings
set discover-interface-list=discover
/ip settings
set accept-redirects=yes
/interface bridge vlan
add bridge=bridge-local disabled=yes vlan-ids=666
/ip address
add address=192.168.3.1/24 interface=ether4-lan network=192.168.3.0
add address=192.168.1.2/24 interface=ether7-sb network=192.168.1.0
add address=192.168.113.1/24 interface=iot-vlan network=192.168.113.0
/ip route
add distance=1 gateway=192.168.1.254 routing-mark=odd scope=255
add distance=1 gateway=fb-aquiss routing-mark=even scope=255
add check-gateway=ping distance=2 gateway=fb-aquiss
add check-gateway=ping distance=2 gateway=192.168.1.254E
