Community discussions

MikroTik App
 
domon
just joined
Topic Author
Posts: 20
Joined: Sat Dec 03, 2016 4:20 pm

same VLAN id for both WiFI and ethernet breaks WiFi on hAPac

Sat Jan 05, 2019 8:21 pm

Hello,

When trying to connect to wifi configured with the same VLAN id that's configured on an ethernet port, the WiFi clients can't pull a DHCP IP. WiFi clients can connect and pull an IP on wifi networks that do not have the same VLAN ID as is configured on an ethernet port on the same hapac.

How does one configure a wifi vlan and ethernet vlan on the same hapac switch to work at the same time? The only wifi networks that work are the ones that does not have the same vlan id configured to a switch port.

If a hapac has an ethernet port configured for vlan 20, wifi clients cannot pull a DHCP IP on a wifi network configured on that hapac that is on vlan 20. They can however connect to a wifi network on vlan 50 and pull a DHCP IP just fine.

There are 2 hapacs with this same behavior.
In this config below, physical port ether4-20 works on vlan 20, but wifi clients cannot get DHCP IP on wifi ssid "wlan2-20" on vlan 20. However, wifi clients CAN get DHCP IP on "wlan2-50"

Code: Select all

/interface bridge
add fast-forward=no name=bridge-vlan-20 vlan-filtering=yes
add fast-forward=no name=bridge-vlan-30 vlan-filtering=yes
add fast-forward=no name=bridge-vlan-50 vlan-filtering=yes


/interface vlan
add name=vlan20-ether2 vlan-id=20
add interface=ether4-20 name=vlan20-ether4 vlan-id=20
add name=vlan30-ether2 vlan-id=30
add interface=ether5-30 name=vlan30-ether5 vlan-id=30
add name=vlan50-ether2 vlan-id=50


/interface ethernet switch port
set 2 default-vlan-id=20 vlan-header=always-strip vlan-mode=secure
set 3 default-vlan-id=30 vlan-header=always-strip vlan-mode=secure
set 4 vlan-header=add-if-missing vlan-mode=secure
set 5 vlan-mode=secure

(trimmed for brevity)
/interface wireless
add disabled=no mac-address=XXXXXXXXX master-interface=wlan1 name=wlan1-20 security-profile=vlan-20 ssid=wlan20 vlan-id=20 vlan-mode=use-tag
add default-forwarding=no disabled=no mac-address=XXXXXXXX master-interface=wlan2 name=wlan2-20 security-profile=vlan-20 ssid=wlan2-20 vlan-id=20 vlan-mode=use-tag
add default-forwarding=no disabled=no mac-address=XXXXXXXX master-interface=wlan2 name=wlan2-50 security-profile=vlan-20 ssid=wlan2-50 vlan-id=50 vlan-mode=use-tag

/interface vlan
add interface=wlan1-20 name=vlan20-wlan1 vlan-id=20
add interface=wlan2 name=vlan20-wlan2 vlan-id=20
add interface=wlan1-30 name=vlan30-wlan1 vlan-id=30
add interface=wlan2-30 name=vlan30-wlan2 vlan-id=30
add interface=wlan1-50 name=vlan50-wlan1 vlan-id=50
add interface=wlan2-50 name=vlan50-wlan2 vlan-id=50


/interface bridge port
add bridge=bridge-vlan-30 interface=vlan30-ether2
add bridge=bridge-vlan-50 interface=vlan50-ether2
add bridge=bridge-vlan-20 interface=vlan20-ether2
add bridge=bridge-vlan-20 interface=vlan20-ether4
add bridge=bridge-vlan-30 interface=vlan30-ether5
add bridge=bridge-vlan-30 interface=vlan30-wlan1
add bridge=bridge-vlan-50 interface=vlan50-wlan1
add bridge=bridge-vlan-30 interface=vlan30-wlan2
add bridge=bridge-vlan-50 interface=vlan50-wlan2
add bridge=bridge-vlan-20 interface=vlan20-wlan1
add bridge=bridge-vlan-20 interface=vlan20-wlan2
add bridge=bridge-vlan-20 interface=ether4-20
add bridge=bridge-vlan-20 interface=wlan2-20

/interface ethernet switch vlan
add independent-learning=yes ports=ether2-trunk,switch1-cpu switch=switch1 vlan-id=50
add independent-learning=yes ports=ether2-trunk,ether4-20 switch=switch1 vlan-id=20
add independent-learning=yes ports=ether2-trunk,switch1-cpu,ether5-30 switch=switch1 vlan-id=30
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11383
Joined: Thu Mar 03, 2016 10:23 pm

Re: same VLAN id for both WiFI and ethernet breaks WiFi on hAPac

Sat Jan 05, 2019 8:44 pm

Your VLAN setup is over-complicated. Which version of ROS and which device type?

I found some missing configuration in your setup, but let's make the whole VLAN mess tidier.
 
domon
just joined
Topic Author
Posts: 20
Joined: Sat Dec 03, 2016 4:20 pm

Re: same VLAN id for both WiFI and ethernet breaks WiFi on hAPac

Sat Jan 05, 2019 8:51 pm

Your VLAN setup is over-complicated. Which version of ROS and which device type?

I found some missing configuration in your setup, but let's make the whole VLAN mess tidier.
RouterOS 6.43.8 and RouterBOARD 962UiGS-5HacT2HnT

The VLAN mess is worse, I took out several other VLANs in hopes to make it more readable.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11383
Joined: Thu Mar 03, 2016 10:23 pm

Re: same VLAN id for both WiFI and ethernet breaks WiFi on hAPac

Sat Jan 05, 2019 9:24 pm

OK, here's a "diff" to your configuration above:
  • I'll assume that contents of /interface ethernet is fine.
  • only single bridge is needed, and that without vlan-filtering as bridge is used as dumb switch. Get rid of all current bridges, create only one and add all physical interfaces (VAP devices as well) to it:
    /interface bridge
    add admin-mac=<put MAC of ether2 here> auto-mac=no name=bridge
    /interface bridge port
    # not sure about ether names, that part of config is missing from your post
    add bridge=bridge interface=ether2
    add bridge=bridge interface=ether4
    add bridge=bridge interface=ether5
    add bridge=bridge interface=wlan1-20
    add bridge=bridge interface=wlan2-20
    add bridge=bridge interface=wlan2-50
    # add also other wlan interfaces
    
    This step bridges all devices (with all VLANs) together. As it is a dumb switch, proper VLAN filtering has to be done by member ports. It is done for ether ports (configuration in /interface ethetnet) as well as wireless (options vlan-mode=use-tag vlan-id=XX).
  • get rid of all VLAN interfaces and add only one VLAN interface per VLAN where device acts as router (not only as switch/bridge)
    /interface vlan
    add interface=bridge name=vlan-20 vlan-id=20
    add interface=bridge name=vlan-30 vlan-id=30
    add interface=bridge name=vlan-50 vlan-id=50
    # etc.
    
    Add IP configuration which is currently (most probably) set on "interfaces" bridge-vlan-20, bridge-vlan-30 and bridge-vlan-50 .
  • I suppose wifi setup is fine.

After you change the VLAN setup in the manner shown above, we can iron out any remaining problems. In that case, try to post complete configuration (don't trim it), but include it in [ code ] ... [ /code ] environment.
 
domon
just joined
Topic Author
Posts: 20
Joined: Sat Dec 03, 2016 4:20 pm

Re: same VLAN id for both WiFI and ethernet breaks WiFi on hAPac

Sat Jan 05, 2019 10:15 pm

Ok, I made the changes but have the same results. ether4-20 on vlan20 can still access the LAN, but no wifi (wlan2-20 on vlan20)

Then noticed this:
/interface ethernet switch vlan
add independent-learning=yes ports=ether2-trunk,switch1-cpu switch=switch1 vlan-id=50
add independent-learning=yes ports=ether2-trunk,ether4-20 switch=switch1 vlan-id=20
The vlan-id=20 line was missing switch1-cpu. Adding switch1-cpu fixed it:
add independent-learning=yes ports=ether2-trunk,ether4-20,switch1-cpu switch=switch1 vlan-id=20
Now both wifi and vlan20 ethernet port work.

665 Mbits/sec wired and 84.7 Mbits/sec wifi.
 
netflow
Frequent Visitor
Frequent Visitor
Posts: 94
Joined: Sat Oct 01, 2016 3:53 pm

Re: same VLAN id for both WiFI and ethernet breaks WiFi on hAPac

Mon Jan 07, 2019 9:05 pm

This can be marked as solved I believe.
CPU port needs to be involved as it is enabling the link with the bridge. You can omit only in VLAN that are concerning pure ethernet forwarding ports.

Who is online

Users browsing this forum: baragoon, FranMercedesG and 45 guests