Community discussions

 
User avatar
sjoram
Member Candidate
Member Candidate
Topic Author
Posts: 116
Joined: Sun Feb 10, 2013 8:47 pm
Location: Essex, UK

RB750 - VLANs/Bridges/Interfaces

Sun Feb 10, 2013 8:55 pm

Hi guys,

Relatively new to RouterOS and need some help.
Working with a RB750 and need to know if there's a solution to the below, or whether I'm trying to do the impossible.

I'm going to be running two RB750s in two separate locations, one of which is running VLAN-capable switches, one of which is not. So essentially, I'm trying to 'fudge' a solution to avoid the need for a VLAN-capable switch at this location.

Port 1 - as default (WAN, DHCP client etc)

Now, the problem I'm having is that one of the devices I'm attaching is a Cisco WAP, so this needs to see several VLANs, carrying the tags (no problem), but also a native VLAN (no tag), and other devices on other ports need to run on one of these VLANs with no tags.

I've managed to get one VLAN operational with no issues - Create a Bridge, Add the physical interfaces to the bridge, Create the VLAN & assign the VLAN to the bridge interface. No problems.

When I try to connect a client to one of the other VLANs on the WAP (so WAP talking to RB750 via tag on this VLAN) the wireless client fails to get an IP address from the RB750 DHCP server.

The management interface and one of the SSIDs on the WAP are on the VLAN that is working with other clients with no tags, so is part of the Bridge. I suspect this is where the problem lies (for some reason) with the tagged VLAN.

Can anyone suggest a solution?

Please ask me to explain better if the above is unclear - my brain is feeling a little frazzled right now!

Cheers
Home user, working in IT. Home network is my lab.
ISP: Uno Communications
Hardware:
RB750 - Draytek Vigor 120v2 ADSL2+ Annex M
RB750Gr3 - Draytek Vigor 130 FTTC (VDSL) & RBD52G-5HacD2HnD
 
dragon2611
Member Candidate
Member Candidate
Posts: 152
Joined: Fri Sep 25, 2009 12:06 am

Re: RB750 - VLANs/Bridges/Interfaces

Sun Feb 10, 2013 9:36 pm

If it's just the one port on the RB that needs to carry the Vlan tagging it might be better to place the Vlans directly on that port and not the bridge.


Also if you don't need to firewall or record traffic stats between the internal ports it might be better to shove them on the switch instead of using a bridge.

Ports 2-5 can grouped over the switch if I remember rightly. (Pick a Primary and slave the others to it)
 
User avatar
sjoram
Member Candidate
Member Candidate
Topic Author
Posts: 116
Joined: Sun Feb 10, 2013 8:47 pm
Location: Essex, UK

Re: RB750 - VLANs/Bridges/Interfaces

Sun Feb 10, 2013 9:43 pm

Essentially what I'm trying to do is:

Port 1 - WAN
Port 2 - VLAN10 client (no tag)
Port 3 - VLAN10 client (no tag)
Port 4 - VLAN10 client (no tag)
Port 5 - Cisco WAP (VLAN10 no tag, VLANs20,40,60,80 with tags)

No need to firewall between VLAN10 clients, but I'd want to firewall off the VLANs from communicating with each other.

Also, I will be adding in a VPN to the other RB750 at later date, want to be able to set up the VLANs to individually VPN to their corresponding VLANs on the remote RB750.

Does this help clarify what I'm trying to do?

Obviously on my other RB750 where I have a VLAN-capable switch, I'll likely have Port 1 WAN and then shove all the VLANs down Port 2 and let the switch worry about the rest. (I'll be using the hotspot on one VLAN there but that's outside the scope of what I'm worried about here)
Home user, working in IT. Home network is my lab.
ISP: Uno Communications
Hardware:
RB750 - Draytek Vigor 120v2 ADSL2+ Annex M
RB750Gr3 - Draytek Vigor 130 FTTC (VDSL) & RBD52G-5HacD2HnD
 
dragon2611
Member Candidate
Member Candidate
Posts: 152
Joined: Fri Sep 25, 2009 12:06 am

Re: RB750 - VLANs/Bridges/Interfaces

Sun Feb 10, 2013 9:48 pm

Essentially what I'm trying to do is:

Port 1 - WAN
Port 2 - VLAN10 client (no tag)
Port 3 - VLAN10 client (no tag)
Port 4 - VLAN10 client (no tag)
Port 5 - Cisco WAP (VLAN10 no tag, VLANs20,40,60,80 with tags)

No need to firewall between VLAN10 clients, but I'd want to firewall off the VLANs from communicating with each other.

Also, I will be adding in a VPN to the other RB750 at later date, want to be able to set up the VLANs to individually VPN to their corresponding VLANs on the remote RB750.

Does this help clarify what I'm trying to do?

Obviously on my other RB750 where I have a VLAN-capable switch, I'll likely have Port 1 WAN and then shove all the VLANs down Port 2 and let the switch worry about the rest. (I'll be using the hotspot on one VLAN there but that's outside the scope of what I'm worried about here)
Why?

Are you planning to create an L2 domain that spans multiple sites that would get messy fast.

You just need a single VPN and appropriate entries in the routing tables at each end to reach the various vlan's, then use the firewall to control traffic between the sites.
 
User avatar
sjoram
Member Candidate
Member Candidate
Topic Author
Posts: 116
Joined: Sun Feb 10, 2013 8:47 pm
Location: Essex, UK

Re: RB750 - VLANs/Bridges/Interfaces

Sun Feb 10, 2013 9:56 pm

I don't think that's what I'm trying to do.

Essentially over my two sites I would have:
VLAN 10 = 10.0.0.0/16 <--> 10.5.0.0/16
VLAN 20 = 10.1.0.0/16 <--> 10.6.0.0/16
VLAN 40 = 10.2.0.0/16 <--> 10.7.0.0/16
VLAN 60 = 10.3.0.0/16 <--> 10.8.0.0/16
VLAN 80 = 10.4.0.0/16 <--> 10.9.0.0/16

I don't need to have any wired clients on any VLAN other than VLAN10 on the RB750 here but would want wireless clients to able to hit the other VLANs via the Cisco WAP.

I think the issue I'm having is because I have the physical ports bridged on VLAN 10 (including the port for the Cisco WAP as the BVI1 interface and native VLAN on the WAP don't carry tags - unless it's possible to get them to use the tags? Aironet 1231)
Home user, working in IT. Home network is my lab.
ISP: Uno Communications
Hardware:
RB750 - Draytek Vigor 120v2 ADSL2+ Annex M
RB750Gr3 - Draytek Vigor 130 FTTC (VDSL) & RBD52G-5HacD2HnD
 
dragon2611
Member Candidate
Member Candidate
Posts: 152
Joined: Fri Sep 25, 2009 12:06 am

Re: RB750 - VLANs/Bridges/Interfaces

Sun Feb 10, 2013 9:58 pm

I'd have thought a cisco AP could send Vlan Tagged packets.
 
User avatar
sjoram
Member Candidate
Member Candidate
Topic Author
Posts: 116
Joined: Sun Feb 10, 2013 8:47 pm
Location: Essex, UK

Re: RB750 - VLANs/Bridges/Interfaces

Sun Feb 10, 2013 10:07 pm

I'd have thought a cisco AP could send Vlan Tagged packets.
It can, other than the native VLAN as far as I can tell...(which is the problem!)
Home user, working in IT. Home network is my lab.
ISP: Uno Communications
Hardware:
RB750 - Draytek Vigor 120v2 ADSL2+ Annex M
RB750Gr3 - Draytek Vigor 130 FTTC (VDSL) & RBD52G-5HacD2HnD

Who is online

Users browsing this forum: No registered users and 17 guests