Community discussions

MikroTik App
  4. RouterOS
  5. General

CRS326 6.41.1 VLAN trunk to WAPAC no traffic

Post Reply
 
gerakon
Member Candidate
Member Candidate
Topic Author
Posts: 105
Joined: Sat May 24, 2014 8:14 am

CRS326 6.41.1 VLAN trunk to WAPAC no traffic

Wed Feb 07, 2018 5:29 am

This is my first CRS326 and first attempt at using the new VLAN/hw offload configuration in 6.41. Configs are below. VLAN 100 on the wired ports are working fine. I'm having trouble with VLAN101 and the WAPAC's connected to ports 22 and 23. I get no connectivity between 192.168.0.1(CRS326) and 192.168.0.2(WAPAC). I've been through a few articles from the manual and a few forum posts however I can't seem to get it working. Any help would be greatly appreciated. I've mostly been trying to get the east AP working, and then I'll fix the west AP when I figure out what I did wrong.

CRS326
Code: Select all
# jan/06/1970 01:01:00 by RouterOS 6.41.1
# model = CRS326-24G-2S+

/interface bridge
add admin-mac=34:65:24:F3:56:82 auto-mac=no name=bridge1 vlan-filtering=yes
/interface ethernet
set [ find default-name=ether23 ] comment=ManagementPort
set [ find default-name=ether24 ] comment=WAN
/interface vlan
add comment=PrivateLAN interface=bridge1 mtu=1504 name=vlan100 vlan-id=100
add comment=PublicWireless interface=bridge1 mtu=1504 name=vlan101 vlan-id=101

/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik

/ip pool
add name=pool-PrivateLAN ranges=192.168.0.10-192.168.0.254
add name=pool-PublicWireless ranges=192.168.1.10-192.168.1.254
add name=dhcp_pool3 ranges=10.10.2.2-10.10.2.254
/ip dhcp-server
add add-arp=yes address-pool=pool-PrivateLAN always-broadcast=yes disabled=no interface=vlan100 lease-time=10h name=PrivateLAN-DHCP
add add-arp=yes address-pool=pool-PublicWireless always-broadcast=yes disabled=no interface=vlan101 lease-time=10h name=PublicEast-DHCP
add address-pool=dhcp_pool3 disabled=no interface=ether23 name=dhcp1

/interface bridge port
add bridge=bridge1 interface=ether1 pvid=100
add bridge=bridge1 interface=ether2 pvid=100
add bridge=bridge1 interface=ether3 pvid=100
add bridge=bridge1 interface=ether4 pvid=100
add bridge=bridge1 interface=ether5 pvid=100
add bridge=bridge1 interface=ether6 pvid=100
add bridge=bridge1 interface=ether7 pvid=100
add bridge=bridge1 interface=ether8 pvid=100
add bridge=bridge1 interface=ether9 pvid=100
add bridge=bridge1 interface=ether10 pvid=100
add bridge=bridge1 interface=ether11 pvid=100
add bridge=bridge1 interface=ether12 pvid=100
add bridge=bridge1 interface=ether13 pvid=100
add bridge=bridge1 interface=ether14 pvid=100
add bridge=bridge1 interface=ether15 pvid=100
add bridge=bridge1 interface=ether16 pvid=100
add bridge=bridge1 interface=ether17 pvid=100
add bridge=bridge1 interface=ether18 pvid=100
add bridge=bridge1 interface=ether19 pvid=100
add bridge=bridge1 interface=ether20 pvid=100
add bridge=bridge1 interface=ether21
add bridge=bridge1 interface=ether22
/interface bridge vlan
add bridge=bridge1 tagged=bridge1 untagged=ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10,ether11,ether12,ether13,ether14,ether15,ether16,ether17,ether18,ether19,ether20,ether21,ether22 vlan-ids=100
add bridge=bridge1 tagged=ether21,ether22 vlan-ids=101
/ip address
add address=192.168.0.1/24 comment=PrivateLAN interface=vlan100 network=192.168.0.0
add address=10.1.100.1/24 comment=ManagementPort interface=ether23 network=10.1.100.0
add address=192.168.1.1/24 comment=PublicWireless interface=vlan101 network=192.168.1.0

/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether24

/ip dhcp-server network
add address=10.10.2.0/24 dns-server=10.10.2.1 gateway=10.10.2.1
add address=192.168.0.0/24 dns-server=192.168.0.1 gateway=192.168.0.1
add address=192.168.1.0/24 dns-server=192.168.1.1 gateway=192.168.1.1

/ip dns
set allow-remote-requests=yes

/ip firewall filter
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add chain=input comment="Respond to ICMP Default" protocol=icmp src-address-list=management-servers
add chain=input comment="Input Established,Related Default" connection-state=established,related
add action=accept chain=input comment="Allow input udp DNS-53, 67-68-DHCP, MTDiscovery-5678" dst-port=53,67,68,5678 protocol=udp src-address=192.168.0.0/23
add action=accept chain=input comment="Allow input from management TCP 21,22,23,80,443,8291" dst-port=21,22,23,80,443,8291 protocol=tcp src-address-list=management-servers
add action=accept chain=input comment="Input management udp SNMP-161,162" dst-port=161,162 protocol=udp src-address-list=management-servers
add action=drop chain=input comment="Drop Input" log=yes log-prefix="Drop Input"
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add chain=forward comment="Forward Established, Related Default" connection-state=established,related
add action=drop chain=forward comment="defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface=ether24
/ip firewall nat
add action=masquerade chain=srcnat comment="Masquerade Gateway Default" out-interface=ether24
WAPAC
Code: Select all

jan/01/1970 21:23:24 by RouterOS 6.41.1

#
# model = RouterBOARD wAP G-5HacT2HnD

/interface bridge
add fast-forward=no name=bridgeVLAN100
add fast-forward=no name=bridgeVLAN101

/interface vlan
add interface=ether1 name=vlan100 vlan-id=100
add interface=ether1 name=vlan101 vlan-id=101

/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=dynamic-keys supplicant-identity=Router wpa2-pre-shared-key=Removed
add authentication-types=wpa2-psk eap-methods="" management-protection=allowed mode=dynamic-keys name=StaffProfile supplicant-identity="" wpa2-pre-shared-key=Removed
add authentication-types=wpa2-psk eap-methods="" management-protection=allowed mode=dynamic-keys name=OpenProfile supplicant-identity="" wpa2-pre-shared-key=Removed
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-onlyn disabled=no distance=indoors frequency=auto hide-ssid=yes mode=ap-bridge security-profile=StaffProfile ssid=Unused vlan-id=100 wireless-protocol=802.11 wps-mode=disabled
set [ find default-name=wlan2 ] band=5ghz-a/n/ac bridge-mode=disabled disabled=no distance=indoors frequency=auto hide-ssid=yes mode=ap-bridge security-profile=StaffProfile ssid=Unused vlan-id=100 wireless-protocol=802.11 wps-mode=disabled
add disabled=no keepalive-frames=disabled mac-address=E6:8D:64:44:31:2C master-interface=wlan1 multicast-buffering=disabled name=wlan3-Open security-profile=OpenProfile ssid=Open vlan-id=101 wds-cost-range=0 wds-default-cost=0 wps-mode=disabled
add disabled=no keepalive-frames=disabled mac-address=6E:3B:74:7D:B1:00 master-interface=wlan2 multicast-buffering=disabled name=wlan4-Open security-profile=OpenProfile ssid=Open vlan-id=101 wds-cost-range=0 wds-default-cost=0 wps-mode=disabled

/interface bridge port
add bridge=bridgeVLAN100 interface=vlan100
add bridge=bridgeVLAN100 interface=wlan1
add bridge=bridgeVLAN100 interface=wlan2
add bridge=bridgeVLAN101 interface=vlan101
add bridge=bridgeVLAN101 interface=wlan3-Open
add bridge=bridgeVLAN101 interface=wlan4-Open
/ip address
add address=192.168.0.2/24 comment=defconf interface=vlan100 network=192.168.0.0
/ip dns
set servers=192.168.0.1
/ip firewall filter
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept established,related" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related" connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept establieshed,related" connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
/ip route
add distance=1 gateway=192.168.0.1
Last edited by gerakon on Sat Feb 10, 2018 12:17 am, edited 1 time in total.
Top
 
User avatar
pcunite
Forum Guru
Forum Guru
Posts: 1345
Joined: Sat May 25, 2013 5:13 am
Location: USA

Re: CRS326 6.41.1 VLAN trunk to WAPAC no traffic

Fri Feb 09, 2018 1:04 am

Trim this down some more. You have the wAP config on network 192.168.0.x, yet the CSR326 says that vlan-id 102 is 192.168.2.x. Your firewall rules seem to be for a router, not a switch.

Simplify for me.

:-)
Top
 
gerakon
Member Candidate
Member Candidate
Topic Author
Posts: 105
Joined: Sat May 24, 2014 8:14 am

Re: CRS326 6.41.1 VLAN trunk to WAPAC no traffic

Sat Feb 10, 2018 12:21 am

I'm sorry, I meant VLAN101 is causing me problems. I've edited the original post to reflect that. I've also had second thoughts about about the VLAN102 and removed it from the configuration. It is being used as both a switch and a router. Wan port is ether24. I will isolate the private LAN with firewall rules once we get the VLAN problem figured out. Thanks for helping.
Top
 
gerakon
Member Candidate
Member Candidate
Topic Author
Posts: 105
Joined: Sat May 24, 2014 8:14 am

Re: CRS326 6.41.1 VLAN trunk to WAPAC no traffic

Wed Feb 28, 2018 4:34 pm

The CRS326 is routing to the internet on port 24. Port 21 and and 22 are supposed to be vlan trunks to 2 WAPACs. Ports 1-20 are access ports on VLAN100. Port 23 I just left for management in case I mess up the config an lock myself out. Any help would be appreciated.
Top
Post Reply

Who is online

Users browsing this forum: Bing [Bot], Google [Bot], tarfox and 155 guests
  4. RouterOS
  5. General