Community discussions

MikroTik App
 
kepomag
just joined
Topic Author
Posts: 1
Joined: Tue Jul 13, 2021 12:03 pm

VLAN not working

Tue Jul 13, 2021 12:13 pm

Hey guys,
need advice regarding my network, trying to set up vlans following this
https://wiki.mikrotik.com/wiki/Manual:C ... s_switches but once i enter vpid for the specific bridge port the device stops responding
I have this topology on my CSR328-24P

eth1 - wan in modem
eth2 - cAP - 3 networks, private (family), guest (visitors) and iot (iot devices)
eth3 - powerbox pro - goes outside property, bridge mode, powering 2x poe cams
eth4-14 - some home devices pc laptop, nas etc...
eth16-24 - hikvision poe cams

I am first trying to get the poe cams on one vlan, then continue iot, guest network, private network etc...
Currently i have cams, iot and guest split only by subnets, dhcp server leases static entries but they still can access other networks too.
Why my vlan config does not work? thanx
# jan/06/2002 08:33:40 by RouterOS 6.48.3
# model = CRS328-24P-4S+

/interface bridge
add admin-mac=xx:xx:xx:xx:xx:xx auto-mac=no name=bridge vlan-filtering=yes

/interface ethernet
set [ find default-name=ether1 ] name="ether1 - wan in" poe-out=off
set [ find default-name=ether2 ] name="ether2 - ap"
set [ find default-name=sfp-sfpplus1 ] disabled=yes
set [ find default-name=sfp-sfpplus2 ] disabled=yes
set [ find default-name=sfp-sfpplus3 ] disabled=yes
set [ find default-name=sfp-sfpplus4 ] disabled=yes

/interface pppoe-client
add add-default-route=yes disabled=no interface=bridge name=pppoe-out1 user=\
    xxxxxxxx

/interface pptp-server
add name=pptp-user1 user=user1

/caps-man interface
add configuration.mode=ap configuration.ssid=guest datapath.bridge=bridge \
    disabled=no l2mtu=1600 mac-address=xx:xx:xx:xx:xx:xx master-interface=\
    none name=2.4G radio-mac=xx:xx:xx:xx:xx:xx radio-name=xxxxxxxxxxxx \
    security.authentication-types=wpa-psk,wpa2-psk security.encryption=\
    aes-ccm
add configuration.mode=ap configuration.ssid=guest datapath.bridge=bridge \
    disabled=no l2mtu=1600 mac-address=xx:xx:xx:xx:xx:xx master-interface=\
    none name=5G radio-mac=xx:xx:xx:xx:xx:xx radio-name=xxxxxxxxxxxx \
    security.authentication-types=wpa-psk,wpa2-psk security.encryption=\
    aes-ccm
add configuration.mode=ap configuration.ssid=iot datapath.bridge=bridge \
    datapath.vlan-id=30 disabled=no l2mtu=1600 mac-address=xx:xx:xx:xx:xx:xx \
    master-interface=2.4G name=iot radio-mac=00:00:00:00:00:00 radio-name="" \
    security.authentication-types=wpa2-psk security.encryption=aes-ccm
add configuration.mode=ap configuration.ssid=iot_link datapath.bridge=bridge \
    disabled=no l2mtu=1600 mac-address=xx:xx:xx:xx:xx:xx master-interface=\
    2.4G name=iot_link radio-mac=00:00:00:00:00:00 radio-name=xxxxxxxxxxxx \
    security.authentication-types=wpa-psk,wpa2-psk security.encryption=\
    aes-ccm

/interface vlan
add interface=bridge name=MGMT vlan-id=99
add interface=bridge name=VLAN1001 vlan-id=1001
add interface=bridge name=VLAN1002 vlan-id=1002
add interface=bridge name=VLAN1003 vlan-id=1003

/caps-man datapath
add bridge=bridge client-to-client-forwarding=no name=datapath1

/interface list
add name=WAN
add name=LAN

/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik

/ip pool
add name=dhcp ranges=10.10.10.20-10.10.10.100
add name=PPTP-Pool ranges=192.168.99.10-192.168.99.200
add name=VLAN1001_pool ranges=192.168.1.100-192.168.1.200
add name=VLAN1002_pool ranges=192.168.2.100-192.168.2.200
add name=VLAN1003_pool ranges=192.168.3.100-192.168.3.200

/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge lease-time=2d name=dhcp1
add address-pool=VLAN1001_pool disabled=no interface=VLAN1001 name=\
    VLAN1001_DHCP
add address-pool=VLAN1002_pool disabled=no interface=VLAN1002 name=\
    VLAN1002_DHCP
add address-pool=VLAN1003_pool disabled=no interface=VLAN1003 name=\
    VLAN1003_DHCP

/ppp profile
add change-tcp-mss=yes dns-server=8.8.8.8,8.8.4.4 local-address=PPTP-Pool \
    name=PPTP-Profile only-one=yes remote-address=PPTP-Pool use-encryption=\
    yes

/caps-man manager
set enabled=yes

/caps-man provisioning
add action=create-dynamic-enabled

/interface bridge port
add bridge=bridge interface="ether1 - wan in"
add bridge=bridge interface="ether2 - ap"
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4
add bridge=bridge interface=ether5
add bridge=bridge interface=ether6
add bridge=bridge interface=ether7
add bridge=bridge interface=ether8
add bridge=bridge interface=ether9
add bridge=bridge interface=ether10
add bridge=bridge interface=ether11
add bridge=bridge interface=ether12
add bridge=bridge interface=ether13
add bridge=bridge interface=ether14
add bridge=bridge interface=ether15
add bridge=bridge interface=ether16 pvid=1003
add bridge=bridge interface=ether17 pvid=1003
add bridge=bridge interface=ether18 pvid=1003
add bridge=bridge interface=ether19 pvid=1003
add bridge=bridge interface=ether20 pvid=1003
add bridge=bridge interface=ether21 pvid=1003
add bridge=bridge interface=ether22 pvid=1003
add bridge=bridge interface=ether23 pvid=1003
add bridge=bridge interface=ether24 pvid=1003

/ip neighbor discovery-settings
set discover-interface-list=!dynamic

/interface bridge vlan
add bridge=bridge tagged=bridge,ether3,ether11 vlan-ids=99

/interface list member
add interface=pppoe-out1 list=WAN
add interface=bridge list=LAN

/interface pptp-server server
set authentication=chap,mschap1,mschap2 default-profile=PPTP-Profile enabled=yes

/ip address
add address=10.10.10.1/24 interface=bridge network=10.10.10.0
add address=10.0.2.1/24 interface="ether2 - ap" network=10.0.2.0
add address=10.0.3.1/24 interface="ether2 - ap" network=10.0.3.0
add address=192.168.99.1/24 interface=MGMT network=192.168.99.0
add address=192.168.1.1/24 interface=VLAN1001 network=192.168.1.0
add address=192.168.2.1/24 interface=VLAN1002 network=192.168.2.0
add address=192.168.3.1/24 interface=VLAN1003 network=192.168.3.0

/ip cloud
set ddns-enabled=yes

/ip dhcp-server lease
add address=10.0.2.11 comment=poe_cam1 mac-address=xx:xx:xx:xx:xx:xx server=dhcp1
add address=10.0.2.12 comment=poe_cam2 mac-address=xx:xx:xx:xx:xx:xx server=dhcp1
add address=10.0.2.13 comment=poe_cam3 mac-address=xx:xx:xx:xx:xx:xx server=dhcp1
add address=10.0.2.14 comment=poe_cam4 mac-address=xx:xx:xx:xx:xx:xx server=dhcp1
add address=10.0.3.11 comment=iot1 mac-address=xx:xx:xx:xx:xx:xx server=dhcp1
add address=10.0.3.12 comment=iot2 mac-address=xx:xx:xx:xx:xx:xx server=dhcp1
add address=10.0.3.13 comment=iot3 mac-address=xx:xx:xx:xx:xx:xx server=dhcp1
add address=10.0.3.14 comment=iot4 mac-address=xx:xx:xx:xx:xx:xx server=dhcp1

/ip dhcp-server network
add address=10.0.2.0/24 dns-server=9.9.9.9 gateway=10.0.2.1 netmask=24
add address=10.0.3.0/24 dns-server=9.9.9.9 gateway=10.0.3.1 netmask=24
add address=10.10.10.0/24 dns-server=9.9.9.9 gateway=10.10.10.1 netmask=24
add address=192.168.1.0/24 dns-server=9.9.9.9 gateway=192.168.1.1
add address=192.168.2.0/24 dns-server=9.9.9.9 gateway=192.168.2.1
add address=192.168.3.0/24 dns-server=9.9.9.9 gateway=192.168.3.1

/ip dns
set servers=9.9.9.9

/ip firewall filter
add action=fasttrack-connection chain=forward connection-state=\
    established,related
add action=accept chain=forward connection-state=established,related
add chain=input comment="PPTP VPN" dst-port=1723 protocol=tcp

/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
add action=masquerade chain=srcnat
add action=dst-nat chain=dstnat comment=poe_cam1 dst-port=23211 protocol=tcp to-addresses=10.0.2.11 to-ports=8000
add action=dst-nat chain=dstnat comment=poe_cam2 dst-port=23212 protocol=tcp to-addresses=10.0.2.12 to-ports=8000
add action=dst-nat chain=dstnat comment=poe_cam2 dst-port=23212 protocol=tcp to-addresses=10.0.2.12 to-ports=8000
add action=dst-nat chain=dstnat comment=poe_cam2 dst-port=23212 protocol=tcp to-addresses=10.0.2.12 to-ports=8000

Who is online

Users browsing this forum: Bing [Bot], BrateloSlava and 44 guests