Community discussions

MikroTik App
 
Jacck
just joined
Topic Author
Posts: 2
Joined: Thu Jul 04, 2019 3:19 pm

PtP Connection with 2 vlans

Thu Jul 04, 2019 3:26 pm

Hi Everyone,

I'm a big beginner in case of Mikrotik systems and i would like to connect 2 buildings wia PtP wireless connection using LHG5ac. Currently i have internet from another source than IPTV. So i will have 2 separate connections and i need to make a vlan bridge over the PtP connection and again separate VLANs after the wireless bridge. Problem number one is, that internet doesn't have any vlan tag. Second problem is, that the IPTV vlan must be separated and in best case even the MAC of the LHG5ac shouldn't be visible in that vlan. Here is a basic diagram, how should the final network look like. Anyone can please help with the setup?
Navrh_reseni_sipkova_eng3.jpeg
Thank you very much for any help ;-)
You do not have the required permissions to view the files attached to this post.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11452
Joined: Thu Mar 03, 2016 10:23 pm

Re: PtP Connection with 2 vlans

Thu Jul 04, 2019 3:48 pm

High-level overview of things to be configured on the left side - for this example I'll use ether4 as port which RB2011 connects to the left LHG 5AC and I'll write VLAN13 for VLAN carrying internet.
  • convert internet from non-VLAN to VLAN-enabled inside RB2011. Which means that every ethernet port, which carries internet, becomes access (untagged) port of VLAN13.
  • exception from the above rule is interface ether4, which should be trunk (tagged for both VLAN13 and VLAN101)
  • on LHG 5AC create bridge and add ether1 and wlan1 interfaces to it.
  • configure VLAN-related stuff on bridge (e.g. set ether1 as tagged member of vlans 13 and 101, ditto wlan1 interface ... add bridge interface as tagged member of vlan 13, create vlan interface with vlan-id=13 on bridge and add IP config to this interface to keep management access)
  • enable vlan-filtering on bridge

Setup on the right side of wireless link is similar.

BTW, on the right side you might want to use some hAP instead of RB750 and omit the wireless AP if that's physically feasible. One box less to administer.
 
Jacck
just joined
Topic Author
Posts: 2
Joined: Thu Jul 04, 2019 3:19 pm

Re: PtP Connection with 2 vlans

Thu Jul 04, 2019 9:28 pm

Thank you for the high-level overview. Just few questions for the beginning.

1. I have clear routers RB2011 and RB750GL, there is no configuration at this moment. So i expect, that also VLAN 101 should be created for the IPTV traffic. What is the best option of creating the VLAN configuration? Do it over the switch or the old way?
2. The LHG 5AC is already configured as a bridge, should i define all the vlan details or is it better to keep it in default bridge configuration and do the vlan stuff on the second router (RB750GL)?

Thank you very much for your help.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11452
Joined: Thu Mar 03, 2016 10:23 pm

Re: PtP Connection with 2 vlans

Thu Jul 04, 2019 10:37 pm

1. I have clear routers RB2011 and RB750GL, there is no configuration at this moment. So i expect, that also VLAN 101 should be created for the IPTV traffic. What is the best option of creating the VLAN configuration? Do it over the switch or the old way?
Be careful with RB2011, it's got two switch chips (one for gigabit ports and one for fast ethernet ports) and if you'll configure VLANs on switch chip, things might get complicated - specially so if you're going to span ether ports from both switch chips. If you go with the new btidge vlan concept, things will stay (relatively) simple at expense of performance.
For the RB750GL I'd suggest to use switch chip, its CPU will struggle if configured the new way.

Anyway, have a look at this thread, it makes great reading about vlans configured the new way.

Regarding VLAN101: it depends how IPTV gets delivered to the left side of RB2011 ... if it's tagged already (probably meaning that STB expects it tagged as well), then you need one ether port on RB2011 as tagged (trunk) port for that VLAN (but in contrast to ether4 it shouldn't be member of VLAN13). Depending on STB ... you might want to deliver internet connectivity to it. Might be that STP expects untagged internet, so STB-facing ether port on RB750GL should be hybrid port (tagged for VLAN101 and untagged for VLAN13).
If IPTV is delivered untagged (and STB expects it untagged as well), then port on RB2011 should be untagged access port for VLAN101, STB-facing ether port on RB750GL as well.


2. The LHG 5AC is already configured as a bridge, should i define all the vlan details or is it better to keep it in default bridge configuration and do the vlan stuff on the second router (RB750GL)?

The steps I described were for RB2011 and the left LHG 5AC ... And I described what I consider optimal LHG config. You can keep it in "more transparent" configuration regarding VLANs by ommiting all VLAN setup (only vlan interface on bridge is needed for management access). Whatever config done on RB2011 should probably be mirrored on RB750GL.

Who is online

Users browsing this forum: No registered users and 12 guests