I'm fairly new to Mikrotik and Ubiquiti (been using the isp provided modem/router combo so far) so I'm guaranteed to be doing something wrong in the setup.
Last month I bought an RB 4011 and set up VLANs (no firewalls yet tough) on it and all worked well.
To replace a normal switch I bough a ubiquiti switrct, a cloud key and 2 access points and now I'm stuck scratching my head with getting it to work.
All was fine till I added the switch and tried to connect them via trunk port, so I'm fairly confident the fault lies there..
I have configured several vlans, but no firewall rules yet:
VLAN ID - name - network
10 - Corporate - 10.0.10.1/24
30 - Guest - 10.0.30.1/24
50 - IoT - 10.0.50.1/24
100 - Home - 192.168.100.1/24
I can't get rid of the ISP provided box (will be switching it to bridge mode later, when I get this to work) due to the phone and possibly IPTV.
When I plug my PC into any of the ports specified for a specific VLAN, I do get the appropriate IP, so that does work.
When I plug my PC into eth5 which is configured as a trunk port, I don't get an IP, I'm guessing it should work that way?
The Ubiquiti gear has been configured to use the 192.168.100.1/24 network.
The problem is that I have no access to the UniFi control panel and get no IP when I connect the RB4011 to the switch via the trunk port (eth5).
As far as I now, UniFi requires the base vlan to be untagged but am unsure if i configured it currently on the RB4011 side.
I did try connecting the router and switch via a dedicated vlan port tough and got the following results.
When I connect the RB4011 to the switch via a port 7 (Home vlan), and my PC is on RB4011 port 2 (Home vlan), I have access to the UniFi control panel.
If I switch my PC to a port on the switch which is configured for a vlan network 100, I lose access but if I connect it to a port designated to the default LAN network I get an IP in the 192.168.100.1/24 network.
I can't get any other vlan from the switch, obviously, as it't not connected via a trunc port.
The config for the router is attached.
Or for convenience, followed by a simple chart of the network:
Code: Select all
# oct/04/2020 11:41:03 by RouterOS 6.47.3
# software id = 56W4-Z3DJ
#
# model = RB4011iGS+
# serial number = D4440C5AADA1
/interface bridge
add name=bridgeNET protocol-mode=none vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] comment=WAN
/interface vlan
add interface=bridgeNET name=Corporate_VLAN vlan-id=10
add interface=bridgeNET name=Guest_VLAN vlan-id=30
add interface=bridgeNET name=Home_VLAN vlan-id=100
add interface=bridgeNET name=IoT_VLAN vlan-id=50
add interface=IPTV_bridge name=MaxTV vlan-id=1023
/interface ethernet switch port
set 0 default-vlan-id=0
set 1 default-vlan-id=0
set 2 default-vlan-id=0
set 3 default-vlan-id=0
set 4 default-vlan-id=0
set 5 default-vlan-id=0
set 6 default-vlan-id=0
set 7 default-vlan-id=0
set 8 default-vlan-id=0
set 9 default-vlan-id=0
set 10 default-vlan-id=0
set 11 default-vlan-id=0
/interface list
add name=WAN
add name=VLAN
add name=HOME
add name=IPTV
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=Corporate_POOL ranges=10.0.10.11-10.0.10.250
add name=Guest_POOL ranges=10.0.30.11-10.0.30.250
add name=IoT_POOL ranges=10.0.50.11-10.0.50.250
add name=Home_POOL ranges=192.168.100.31-192.168.100.
/ip dhcp-server
add address-pool=Corporate_POOL disabled=no interface=Corporate_VLAN name=\
Corporate_DHCP
add address-pool=Guest_POOL disabled=no interface=Guest_VLAN name=Guest_DHCP
add address-pool=IoT_POOL disabled=no interface=IoT_VLAN name=IoT_DHCP
add address-pool=Home_POOL disabled=no interface=Home_VLAN name=Home_DHCP
/interface bridge port
add bridge=bridgeNET interface=ether2 pvid=100
add bridge=bridgeNET interface=ether3 pvid=10
add bridge=bridgeNET interface=ether4 pvid=30
add bridge=bridgeNET interface=ether5
add bridge=bridgeNET interface=ether6 pvid=100
add bridge=bridgeNET interface=ether7 pvid=100
/interface bridge vlan
add bridge=bridgeNET tagged=bridgeNET,ether5 vlan-ids=10
add bridge=bridgeNET tagged=bridgeNET,ether5 vlan-ids=30
add bridge=bridgeNET tagged=bridgeNET,ether5 vlan-ids=50
add bridge=bridgeNET tagged=bridgeNET,ether5 untagged=Home_VLAN vlan-ids=100
add bridge=bridgeNET tagged=bridgeNET,ether5 vlan-ids=1500
/interface list member
add interface=ether1 list=WAN
add interface=Home_VLAN list=VLAN
add interface=Corporate_VLAN list=VLAN
add interface=Guest_VLAN list=VLAN
add interface=IoT_VLAN list=VLAN
add interface=Home_VLAN list=HOME
add interface=ether9 list=IPTV
add interface=ether10 list=IPTV
add list=VLAN
/ip address
add address=192.168.100.1/24 comment=home interface=Home_VLAN network=\
192.168.100.0
add address=10.0.10.1/24 comment=corp interface=Corporate_VLAN network=\
10.0.10.0
add address=10.0.30.1/24 comment=guest interface=Guest_VLAN network=10.0.30.0
add address=10.0.50.1/24 comment=iot interface=IoT_VLAN network=10.0.50.0
/ip dhcp-client
add disabled=no interface=ether1
/ip dhcp-server network
add address=10.0.10.0/24 comment=corporate dns-server=10.0.10.1 gateway=\
10.0.10.1
add address=10.0.30.0/24 comment=guest dns-server=10.0.30.1 gateway=10.0.30.1
add address=10.0.50.0/24 comment=iot dns-server=10.0.50.1 gateway=10.0.50.1
add address=192.168.100.0/24 comment=home dns-server=192.168.100.1 gateway=\
192.168.100.1
/ip dns
set allow-remote-requests=yes servers=1.1.1.1,1.0.0.1,8.8.8.8
/ip firewall nat
add action=masquerade chain=srcnat comment="Default masquerade" \
out-interface-list=WAN
/system clock
set time-zone-name=Europe/Zagreb
The Rb4011 is on 6.47.3 firmware
I would be very grateful for any help or hints provided ,
Misha