Community discussions

MikroTik App
 
MadMarvin
just joined
Topic Author
Posts: 9
Joined: Wed Jan 02, 2019 3:13 pm

Connecting external AP to Mikrotik using VLAN

Wed Jan 09, 2019 9:17 am

Hi all,

I got some Trouble when I try to connect my external Access-Point to my RB4011 and want to use VLANs with multiple SSIDs.

I connected my AP to a tagged-port and when I use the SSID linked to my standard VLAN everything is fine, but if I want to use a different VLAN for example my vlan30 my mobile devices don't really use the offered IP-adress they instead complaining about don't having a internet connection.

Here is my config on the RB4011:
# jan/09/2019 07:58:26 by RouterOS 6.43
# software id = 340C-VRWU
#
# model = RB4011iGS+
# serial number = 968A095E08F9
/interface bridge
add admin-mac=B8:69:F4:99:5D:DA auto-mac=no name=bridge vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] name=e1-wan
set [ find default-name=ether2 ] name=e2-wan
set [ find default-name=ether3 ] name=e3-tagged
set [ find default-name=ether4 ] name=e4-tagged
set [ find default-name=ether5 ] name=e5-tagged
set [ find default-name=ether6 ] name=e6
set [ find default-name=ether7 ] name=e7
set [ find default-name=ether8 ] name=e8
set [ find default-name=ether9 ] name=e9
set [ find default-name=ether10 ] name=e10-untagged
/interface vlan
add interface=bridge name=MGMT vlan-id=99
add interface=bridge name=vlan1 vlan-id=1
add interface=bridge name=vlan20 vlan-id=20
add interface=bridge name=vlan30 vlan-id=30
add interface=bridge name=vlan40 vlan-id=40
add interface=bridge name=vlan50 vlan-id=50
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool1 ranges=192.168.2.100-192.168.2.200
add name=dhcp_pool20 ranges=172.18.20.100-172.18.20.200
add name=dhcp_pool30 ranges=172.18.30.100-172.18.30.200
add name=dhcp_pool40 ranges=172.18.40.100-172.18.40.200
add name=dhcp_pool50 ranges=172.18.50.100-172.18.50.200
add name=ovpn28 ranges=10.8.0.109-10.8.0.111
add name=ovpn27 next-pool=ovpn28 ranges=10.8.0.105-10.8.0.106
add name=ovpn26 next-pool=ovpn27 ranges=10.8.0.101-10.8.0.102
add name=ovpn25 next-pool=ovpn26 ranges=10.8.0.97-10.8.0.98
add name=ovpn24 next-pool=ovpn25 ranges=10.8.0.93-10.8.0.94
add name=ovpn23 next-pool=ovpn24 ranges=10.8.0.89-10.8.0.90
add name=ovpn22 next-pool=ovpn23 ranges=10.8.0.85-10.8.0.86
add name=ovpn21 next-pool=ovpn22 ranges=10.8.0.81-10.8.0.82
add name=ovpn20 next-pool=ovpn21 ranges=10.8.0.77-10.8.0.78
add name=ovpn19 next-pool=ovpn20 ranges=10.8.0.73-10.8.0.74
add name=ovpn18 next-pool=ovpn19 ranges=10.8.0.69-10.8.0.70
add name=ovpn17 next-pool=ovpn18 ranges=10.8.0.65-10.8.0.66
add name=ovpn16 next-pool=ovpn17 ranges=10.8.0.61-10.8.0.62
add name=ovpn15 next-pool=ovpn16 ranges=10.8.0.57-10.8.0.58
add name=ovpn14 next-pool=ovpn15 ranges=10.8.0.53-10.8.0.54
add name=ovpn13 next-pool=ovpn14 ranges=10.8.0.49-10.8.0.50
add name=ovpn12 next-pool=ovpn13 ranges=10.8.0.45-10.8.0.46
add name=ovpn11 next-pool=ovpn12 ranges=10.8.0.41-10.8.0.42
add name=ovpn10 next-pool=ovpn11 ranges=10.8.0.37-10.8.0.38
add name=ovpn9 next-pool=ovpn10 ranges=10.8.0.33-10.8.0.34
add name=ovpn8 next-pool=ovpn9 ranges=10.8.0.29-10.8.0.30
add name=ovpn7 next-pool=ovpn8 ranges=10.8.0.25-10.8.0.26
add name=ovpn6 next-pool=ovpn7 ranges=10.8.0.21-10.8.0.22
add name=ovpn5 next-pool=ovpn6 ranges=10.8.0.17-10.8.0.18
add name=ovpn4 next-pool=ovpn5 ranges=10.8.0.13-10.8.0.14
add name=ovpn3 next-pool=ovpn4 ranges=10.8.0.9-10.8.0.10
add name=ovpn2 next-pool=ovpn3 ranges=10.8.0.5-10.8.0.6
add name=ovpn1 next-pool=ovpn2 ranges=10.8.0.1-10.8.0.2
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=vlan1 name=dhcp1
add address-pool=dhcp_pool20 disabled=no interface=vlan20 name=dhcp20
add address-pool=dhcp_pool30 disabled=no interface=vlan30 name=dhcp30
add address-pool=dhcp_pool40 disabled=no interface=vlan40 name=dhcp40
add address-pool=dhcp_pool50 disabled=no interface=vlan50 name=dhcp50
/ppp profile
add dns-server=192.168.2.1 local-address=ovpn1 name=ovpn remote-address=ovpn1
/interface bridge nat
add action=accept chain=srcnat
/interface bridge port
add bridge=bridge interface=e3-tagged
add bridge=bridge interface=e4-tagged
add bridge=bridge interface=e5-tagged
add bridge=bridge interface=e6
add bridge=bridge interface=e7
add bridge=bridge interface=e8
add bridge=bridge interface=e9
add bridge=bridge interface=e10-untagged
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface bridge vlan
add bridge=bridge tagged=bridge,e3-tagged,e4-tagged,e5-tagged vlan-ids=1
add bridge=bridge tagged=bridge,e3-tagged,e4-tagged,e5-tagged vlan-ids=20
add bridge=bridge tagged=bridge,e3-tagged,e4-tagged,e5-tagged vlan-ids=30
add bridge=bridge tagged=bridge,e3-tagged,e4-tagged,e5-tagged vlan-ids=40
add bridge=bridge tagged=bridge,e3-tagged,e4-tagged,e5-tagged vlan-ids=50
add bridge=bridge tagged=bridge,e3-tagged,e4-tagged,e5-tagged vlan-ids=99
/interface list member
add interface=bridge list=LAN
add interface=e1-wan list=WAN
add interface=e2-wan list=WAN
/interface ovpn-server server
set auth=sha1 certificate=rb4011 cipher=aes256 default-profile=ovpn enabled=\
    yes max-mtu=1492 port=443 require-client-certificate=yes
/ip address
add address=192.168.0.2/24 interface=e1-wan network=192.168.0.0
add address=192.168.2.1/24 interface=vlan1 network=192.168.2.0
add address=172.18.20.1/24 interface=vlan20 network=172.18.20.0
add address=172.18.30.1/24 interface=vlan30 network=172.18.30.0
add address=172.18.40.1/24 interface=vlan40 network=172.18.40.0
add address=172.18.50.1/24 interface=vlan50 network=172.18.50.0
add address=192.168.99.1/24 interface=MGMT network=192.168.99.0
/ip dns
set allow-remote-requests=yes servers=192.168.0.1,8.8.8.8
/ip firewall filter
add action=accept chain=forward
add action=accept chain=input
add action=accept chain=output
/ip firewall nat
add action=masquerade chain=srcnat ipsec-policy=out,none out-interface-list=\
    WAN
/ip route
add distance=1 gateway=192.168.0.1
/system clock
set time-zone-name=Europe/Berlin
/system routerboard settings
set silent-boot=no
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
My access-Point have the ip-adress 192.168.2.12 in vlan1 and is accessible.
When a mobile device books in I can see trafic with torch for VLAN30 and if I look at my DHCP-Server I see an entry where a Lease for VLAN30 was offered, but thats all and its not working.

Do you have any idea where I have to look at?

Thanks in Advance


Martin
 
MadMarvin
just joined
Topic Author
Posts: 9
Joined: Wed Jan 02, 2019 3:13 pm

Re: Connecting external AP to Mikrotik using VLAN

Wed Jan 09, 2019 11:01 am

I got news.

It looks like my problem exists on the Access-Point-Level and not on the Mikrotik site.

I configured an Access-Point from a different manufacturer and it works, I get my IP-adress in my vlan area and can access the ip-range in the vlan.
The config is as far as I can see the same, but of course the menu entries on AP-level are different.
The AP which does not function is a Siemens Scalance W788, which I did not understand cause I thought my consumer ware AP from Linksys would make more trouble than the Siemens one.

Thanks to all who have looked at my topic. If you still have any idea how to troubleshoot, feel free to tell me.

Cheers


Martin

Who is online

Users browsing this forum: Google [Bot], Kanzler, sybadi and 39 guests