Community discussions

MUM Europe 2020
 
Mongoid
just joined
Topic Author
Posts: 6
Joined: Thu Nov 24, 2016 7:31 pm

Vlan setup

Thu Nov 01, 2018 4:57 am

Hello all,

I have an RB750 that is being used as a gateway device in a very small office. Seems like there is a ppoe-out on ethernet 1 and the rest are bridged for the LAN. There is an EAP245 AP at the other side of the building. There is one cable currently running to a small POE switch where the AP is. There is only a single administration PC and the AP sharing the little POE switch. Currently all machines are on the same subnet on an unmanaged switch and there is a single SSID being put out by the AP. The owners wish to isolate 4 of the office PCs from the rest of the network and they want to create a guest network on the AP for wireless access, of course keeping it isolated. The 4 PC's can be on the same subnet as the Guest wireless. The AP (I have never used an EAP245) apparently has the ability to recognize VLANs? I guess I can send it tagged traffic directly. I dunno, more reading about that later. So my thought was to create a trunk port out of ethernet 4, creating the 2 VLANs there and add them to bridges with separate DHCP servers, firewall isolation etc. but the more I read the more I am confused. I'm still not wrapping my head around VLAN filtering. What is the suggested best practice for this configuration. I am using Winbox due to my infrequent use of the OS.

Appreciate any pointers ,

Thanks
 
User avatar
xvo
Long time Member
Long time Member
Posts: 631
Joined: Sat Mar 03, 2018 1:12 am
Location: Moscow, Russia

Re: Vlan setup

Thu Nov 01, 2018 10:57 am

There are numerous similar topics on the forum.

Briefly: if you need a more complex config then a single trunk port, then in latest ROS versions the best way to configure vlans is one single bridge containing physical ports, with vlan-interfaces created on top of that bridge, and vlan filtering either done using new "bridge vlan filtering", or done in the switch menu (depending on vlan capabilities of the switch chip).
 
Mongoid
just joined
Topic Author
Posts: 6
Joined: Thu Nov 24, 2016 7:31 pm

Re: Vlan setup

Fri Nov 02, 2018 3:53 am

Thank you for the reply. Since this is only a single trunk port, I just set it up the "old way" with 2 bridges. The EAP245 does properly accept tagged vlans and is giving out proper DHCP on each SSID. I am sorry I posted the question so poorly. I am just having a hard time understanding the post 6.41 way of putting all the vlans and access ports in a single bridge and use vlan filtering. I have been reading a ton of posts as I also have an RB2011 that I might like to try setting up that way. I'm thinking I should read more :)

Mongoid
 
User avatar
xvo
Long time Member
Long time Member
Posts: 631
Joined: Sat Mar 03, 2018 1:12 am
Location: Moscow, Russia

Re: Vlan setup

Fri Nov 02, 2018 9:47 am

Thank you for the reply. Since this is only a single trunk port, I just set it up the "old way" with 2 bridges. The EAP245 does properly accept tagged vlans and is giving out proper DHCP on each SSID. I am sorry I posted the question so poorly. I am just having a hard time understanding the post 6.41 way of putting all the vlans and access ports in a single bridge and use vlan filtering. I have been reading a ton of posts as I also have an RB2011 that I might like to try setting up that way. I'm thinking I should read more :)

Mongoid
Perhaps I didn't fully understand your initial post, but with a single trunk port you don't need any bridges at all - you just add two vlan interfaces to desired ethernet port and attach all ip config to these vlan interfaces directly.

Who is online

Users browsing this forum: Anumrak, gfucka, huntermic, ikozak, Znevna and 41 guests