Community discussions

 
bmurph213
just joined
Topic Author
Posts: 2
Joined: Tue Oct 23, 2018 3:10 am

Vlan setup questions with Router and CAP

Tue Oct 23, 2018 3:31 am

Hi All,

I am trying to connect a Mikrotik RouterOS and Cap together with multiple SSID's. What I have been able to do is create multiple bridges on the RouterOS for the specific subnets I need and I have the necessary firewall rules I require to keep them all separate. What I am struggling with is setting up multiple SSID's on the Cap and VLAN tag them trough a trunk to route them through the correct bridge on the Router. I am able to get the Wifi to connect though the router to the WAN and browse the internet, but it give a 192.168.0.x address and I am wanting it to be a 192.168.1.x address. Can someone tell me what I am missing with the VLAN setup? TIA

I have the Cap connected to the Router port ether24 from Cap port ether1

My Router Config:
/interface list
add name=WAN
add name=LAN
add include=none name=LAN-IoT
add name=LAN-Internal
add name=LAN-Guest
add name=Trunk
/caps-man datapath
add bridge=bridge client-to-client-forwarding=yes interface-list=all \
local-forwarding=no name=datapath_internal vlan-id=10 vlan-mode=use-tag
/caps-man configuration
add channel=channel11 country="united states" datapath=datapath_internal \
datapath.bridge=bridge-Internal datapath.vlan-id=100 datapath.vlan-mode=\
no-tag mode=ap name=Wireless_Internal security=Security_Internal ssid=\
NutNutGoose
add channel=channel1 datapath=datapath_internal name=Wireless_Guest security=\
Security_Guest ssid=Murphy-Guest
/ip pool
add name=dhcp-0.1 ranges=192.168.0.100-192.168.0.200
add name=dhcp-1.1 ranges=192.168.1.100-192.168.1.200
add name=dhcp-2.1 ranges=192.168.2.100-192.168.2.200
add name=dhcp-3.1 ranges=192.168.3.100-192.168.3.200
/ip dhcp-server
add add-arp=yes address-pool=dhcp-0.1 disabled=no interface=bridge \
lease-time=1h name=dhcp
add add-arp=yes address-pool=dhcp-2.1 disabled=no interface=bridge-IoT name=\
dchp-IoT
add add-arp=yes address-pool=dhcp-1.1 disabled=no interface=bridge-Internal \
name=dhcp-Internal
add address-pool=dhcp-3.1 disabled=no interface=bridge-Guest name=dhcp-Guest
/interface bridge port
add bridge=bridge comment=defconf disabled=yes interface=ether1
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge-Internal comment=defconf interface=ether3
add bridge=bridge-Internal comment=defconf interface=ether4
add bridge=bridge-Internal comment=defconf interface=ether5
add bridge=bridge-Internal comment=defconf interface=ether6
add bridge=bridge-Internal comment=defconf interface=ether7
add bridge=bridge-Internal comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=ether9
add bridge=bridge comment=defconf interface=ether10
add bridge=bridge comment=defconf interface=ether11
add bridge=bridge comment=defconf interface=ether12
add bridge=bridge comment=defconf interface=ether13
add bridge=bridge comment=defconf interface=ether14
add bridge=bridge comment=defconf interface=ether15
add bridge=bridge comment=defconf interface=ether16
add bridge=bridge-IoT comment=defconf interface=ether17
add bridge=bridge-IoT comment=defconf interface=ether18
add bridge=bridge-IoT comment=defconf interface=ether19
add bridge=bridge-IoT comment=defconf interface=ether20
add bridge=bridge comment=defconf interface=ether21
add bridge=bridge comment=defconf interface=ether22
add bridge=bridge comment=defconf interface=ether23
add bridge=bridge comment=defconf interface=ether24
add bridge=bridge-Trunk comment=defconf interface=sfp-sfpplus1
add bridge=bridge comment=defconf interface=sfp-sfpplus2
add bridge=bridge comment=defconf interface=sfp-sfpplus3
add bridge=bridge comment=defconf interface=sfp-sfpplus4
add bridge=bridge-Trunk interface=LAN-Internal pvid=100
add bridge=bridge-Trunk interface=LAN-IoT pvid=200
add bridge=bridge-Trunk interface=LAN-Guest pvid=300
/interface bridge settings
set use-ip-firewall=yes use-ip-firewall-for-vlan=yes
/interface bridge vlan
add bridge=bridge-IoT tagged=bridge-Internal,bridge-Guest untagged=bridge-IoT \
vlan-ids=200
add bridge=bridge-Internal tagged=bridge-IoT,bridge-Guest untagged=\
bridge-Internal vlan-ids=100
add bridge=bridge-Guest tagged=bridge-Internal,bridge-IoT untagged=\
bridge-Guest vlan-ids=300
add bridge=bridge-Trunk comment="Reference from YouTube" disabled=yes tagged=\
bridge-IoT untagged=bridge-Internal vlan-ids=100
/interface list member
add interface=bridge list=LAN
add interface=ether1 list=WAN
add interface=ether17 list=LAN-IoT
add interface=ether18 list=LAN-IoT
add interface=ether19 list=LAN-IoT
add interface=ether20 list=LAN-IoT
add interface=ether3 list=LAN-Internal
add interface=ether4 list=LAN-Internal
add interface=ether5 list=LAN-Internal
add interface=ether6 list=LAN-Internal
add interface=ether24 list=Trunk
add interface=sfp-sfpplus1 list=Trunk
/ip address
add address=192.168.0.1/24 interface=ether2 network=192.168.0.0
add address=192.168.0.91 interface=ether24 network=192.168.0.0
add address=192.168.2.1/24 interface=ether17 network=192.168.2.0
add address=192.168.1.1/24 interface=ether3 network=192.168.1.0
add address=192.168.3.1/24 interface=bridge-Guest network=192.168.3.0
add address=192.168.100.1/24 interface=vlan100 network=192.168.100.0
add address=192.168.200.1/24 interface=vlan200 network=192.168.200.0
add address=192.168.250.1/24 interface=vlan300 network=192.168.250.0
add address=192.168.100.1 interface=bridge-Trunk network=192.168.10.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether1
/ip dhcp-server lease
/ip dhcp-server network
add address=192.168.0.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.0.1 \
netmask=24
add address=192.168.1.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.1.1 \
netmask=24
add address=192.168.2.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.2.1 \
netmask=24

My Cap Config
/interface list
add name=WAN
add name=LAN
add name=Wlan-Internal
add name=Wlan-Guest
add name=Wlan-IoT
/ip pool
add name=dhcp-10.1 ranges=192.168.10.10-192.168.10.100
add name=dhcp-20.1 ranges=192.168.20.10-192.168.20.100
add name=dhcp-30.1 ranges=192.168.30.10-192.168.30.50
/ip dhcp-server
add add-arp=yes address-pool=dhcp-10.1 disabled=no interface=\
bridge-Wlan-Internal name=dhcp-Wlan-Internal
add add-arp=yes address-pool=dhcp-20.1 disabled=no interface=bridge-Wlan-IoT \
name=dhcp-Wlan-IoT
add address-pool=dhcp-30.1 disabled=no interface=bridge-Wlan-Guest name=\
"dhcp=Wlan-Guest"
/interface bridge port
add bridge=bridge-Trunk comment=defconf interface=ether1
add bridge=bridge-Trunk comment=defconf interface=ether2
add bridge=bridge-Trunk comment=defconf interface=wlan1
add bridge=bridge-Trunk comment=defconf interface=wlan2
add bridge=bridge-Trunk interface=Wlan-Internal pvid=100
add bridge=bridge-Trunk interface=Wlan-IoT pvid=200
add bridge=bridge-Trunk interface=Wlan-Guest pvid=300
/interface bridge vlan
add bridge=bridge-Wlan-Guest tagged=bridge-Wlan-Internal,bridge-Wlan-IoT \
untagged=bridge-Wlan-Guest vlan-ids=300
add bridge=bridge-Wlan-Internal tagged=bridge-Wlan-Guest,bridge-Wlan-IoT \
untagged=bridge-Wlan-Internal vlan-ids=100
add bridge=bridge-Wlan-IoT tagged=bridge-Wlan-Internal,bridge-Wlan-Guest \
untagged=bridge-Wlan-IoT vlan-ids=200
add bridge=bridge-Trunk untagged=ether1 vlan-ids=""
/interface detect-internet
set detect-interface-list=all internet-interface-list=WAN lan-interface-list=\
LAN wan-interface-list=WAN
/interface list member
add interface=ether1 list=WAN
add disabled=yes interface=ether2 list=LAN
add interface=wlan2 list=LAN
add interface=wlan1 list=LAN
/interface wireless cap
#
set bridge=bridge-Trunk discovery-interfaces=ether1,bridge-Trunk enabled=yes \
interfaces=wlan1,wlan2
/ip address
add address=192.168.10.1/24 interface=bridge-Wlan-Internal network=192.168.10.0
add address=192.168.20.1/24 interface=bridge-Wlan-IoT network=192.168.20.0
add address=192.168.30.1/24 interface=bridge-Wlan-Guest network=192.168.30.0
add address=192.168.100.2/24 interface=vlan100 network=192.168.100.0
add address=192.168.200.2/24 interface=vlan200 network=192.168.200.0
add address=192.168.250.2/24 interface=vlan300 network=192.168.250.0
add address=192.168.100.2 disabled=yes interface=vlan100 network=192.168.1.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=\
bridge-Trunk
/ip dhcp-relay
add dhcp-server=192.168.0.1 disabled=no interface=bridge-Trunk name=relay1
add dhcp-server=192.168.2.1 disabled=no name=relay2
/ip dhcp-server network
add address=192.168.10.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.10.1 \
netmask=24
add address=192.168.20.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.20.1 \
netmask=24
 
bmurph213
just joined
Topic Author
Posts: 2
Joined: Tue Oct 23, 2018 3:10 am

Re: Vlan setup questions with Router and CAP

Tue Dec 04, 2018 10:50 pm

I have been able to get the Vlan to work on the physical radio and supply a DHCP address, but I cannot get the virtual wlan to connect to DCHP on the router. I cannot figure out why with torch I see the device connect to the virtual wlan, but never see the request make it to the router. Any thoughts here on where to check? DCHP will give me an address with the physical wlan with the vlan configured the exact same way
 
anav
Forum Guru
Forum Guru
Posts: 1128
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: Vlan setup questions with Router and CAP

Tue Dec 04, 2018 11:06 pm

This is what I am used to seeing for
/interface
wan
lan

NOT
/interface list
add name=WAN
add name=LAN
add include=none name=LAN-IoT
add name=LAN-Internal
add name=LAN-Guest
add name=Trunk

It looks more like an
/interface list members

{Note: I dont use capsman yet, just capACs direct.}

On the main router, I would only use one bridge and run my ethernet interfaces, a main LAN for example and vlans off that bridge.

Who is online

Users browsing this forum: emilst and 25 guests