Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

Asking for help: a rather typical SOHO LAN w/ VLANs and CAPsMAN

Locked
 
NetworkMeister
just joined
Topic Author
Posts: 13
Joined: Thu Feb 12, 2015 8:59 pm

Asking for help: a rather typical SOHO LAN w/ VLANs and CAPsMAN

Thu Feb 12, 2015 10:12 pm

I work with Cisco network equipment for a couple of years now to earn my daily bread and I've recently decided to give Mikrotik a spin in my home network. I bought 2 RB951G-2HnD to cover my flat with WiFi and provide gigabit connectivity for all devices, set up CAPsMAN, VPN, QoS and all that. It was fairly easy to set up and works great, until I decided to partition my network with VLANs and multiple SSIDs.

I've spent numerous hours trying to achieve the setup on the picture, resulting in nothing but lost management connectivity, some router hard-resets and more than a couple of hours of unsuccessful troubleshooting.

Now I would like to get to the end solution step by step - with your help.

Desired state is as following:
mikrotik.png
  1. 1x RB951G-2HnD in the role of a router, AP, NAT, firewall, CAPsMAN, DHCP server, VPN server
  2. 1x RB951G-2HnD in the role of a switch and AP (controlled by CAPsMAN)
  3. 3 VLANs: 10 (Management, CAPsMAN signalization; 10.0.10.0/24), 20 (Users; 10.0.20.0/24), 30 (Guests; 10.0.30.0/24)
  4. 2 SSIDs: WiFi20 (Users, same subnet as VLAN20), WiFi30 (Guests, same subnet as VLAN30)
  5. APs configured with Local forwarding
  6. All Inter-VLAN routing is done on the router
  7. Switching should be done on switch chip if possible
You do not have the required permissions to view the files attached to this post.
Last edited by NetworkMeister on Fri Feb 13, 2015 12:12 pm, edited 1 time in total.
Top
 
NetworkMeister
just joined
Topic Author
Posts: 13
Joined: Thu Feb 12, 2015 8:59 pm

Re: A rather typical SOHO LAN w/ VLANs and CAPsMAN

Fri Feb 13, 2015 10:59 am

Step 1: Set up the VLANs & DHCP server


Both router and switch have switch port groups with master port set to eth2:
Code: Select all
/interface ethernet
set eth3 master-port=eth2
set eth4 master-port=eth2
set eth5 master-port=eth2
Both router and switch have eth2, eth3 and eth4 set as access ports with their respective VLANs assigned, and eth5 as trunk port, carrying all 3 VLANs in question:
Code: Select all
/interface ethernet switch port
set eth2 vlan-mode=secure vlan-header=always-strip default-vlan-id=10
set eth3 vlan-mode=secure vlan-header=always-strip default-vlan-id=20
set eth4 vlan-mode=secure vlan-header=always-strip default-vlan-id=30
set eth5 vlan-mode=secure vlan-header=add-if-missing
Code: Select all
/interface ethernet switch vlan
add ports=eth2,eth5 switch=switch1 vlan-id=10
add ports=eth3,eth5 switch=switch1 vlan-id=20
add ports=eth4,eth5 switch=switch1 vlan-id=30
I believe this is all the configuration needed on the switch.

On the router, we need to configure 3 DHCP pools:
Code: Select all
/ip pool
add name=dhcp-vlan10 ranges=10.0.10.100-10.0.10.199
add name=dhcp-vlan20 ranges=10.0.20.100-10.0.20.199
add name=dhcp-vlan30 ranges=10.0.30.100-10.0.30.199
... for 3 subnets:
Code: Select all
/ip dhcp-server network add address=10.0.10.0/24 gateway=10.0.10.1
/ip dhcp-server network add address=10.0.20.0/24 gateway=10.0.20.1
/ip dhcp-server network add address=10.0.30.0/24 gateway=10.0.30.1
Next, we need to bring up one interface per each VLAN, assign the IP address to id, and confgure DHCP server with appropriate pool.

What is the correct way to do it? What kind of interface does need to be created - VLAN?
Top
Locked

Who is online

Users browsing this forum: Amazon [Bot], diajad, Dude2048, mkx and 34 guests
  4. RouterOS
  5. Beginner Basics