Community discussions

 
AutoEmocion
just joined
Topic Author
Posts: 10
Joined: Sat Apr 14, 2018 5:27 pm

RB2011UAS-2HnD-IN v6.4.1 VLAN Trunk with WLAN

Mon Apr 30, 2018 12:35 pm

I owned a RB2011LS (ether1 connects to internet, DHCP Servers) and RB2011UAS-2HD-IN, both with v6.4.1

I have successfully configure the SFP port to be a VLAN Trunk Port carrying Vlan 5,10,20,30,40.

I have problems trying to configure the wireless (interface=wlan) to join the VLAN, I have include. It just can't obtain IP Address from the RB2011LS

Attached is current configuration

Can anyone help?

Code: Select all

/interface bridge
add name=bridge igmp-snooping=no protocol-mode=none
/interface bridge port
add bridge=bridge interface=sfp1 hw=yes
add bridge=bridge interface=ether1 hw=yes
add bridge=bridge interface=ether2 hw=yes
add bridge=bridge interface=ether3 hw=yes
add bridge=bridge interface=ether4 hw=yes
add bridge=bridge interface=ether5 hw=yes

/interface ethernet switch vlan
add ports=sfp1,ether1,ether2,ether3,ether4,ether5 switch=switch1 vlan-id=5
add ports=sfp1,ether1,ether2,ether3,ether4,ether5 switch=switch1 vlan-id=10
add ports=sfp1,ether1,ether2,ether3,ether4,ether5 switch=switch1 vlan-id=20
add ports=sfp1,ether1,ether2,ether3,ether4,ether5 switch=switch1 vlan-id=30
add ports=sfp1,ether1,ether2,ether3,ether4,ether5 switch=switch1 vlan-id=40

/interface ethernet switch port
set spf1 vlan-mode=secure vlan-header=add-if-missing
set ether1 vlan-mode=secure vlan-header=always-strip default-vlan-id=10
set ether2 vlan-mode=secure vlan-header=always-strip default-vlan-id=20
set ether3 vlan-mode=secure vlan-header=always-strip default-vlan-id=30
set ether4 vlan-mode=secure vlan-header=always-strip default-vlan-id=40
set ether5 vlan-mode=secure vlan-header=always-strip default-vlan-id=5
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 1398
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Randburg
Contact:

Re: RB2011UAS-2HnD-IN v6.4.1 VLAN Trunk with WLAN

Mon Apr 30, 2018 3:31 pm

In wireless (WLAN) config, specify VLAN Mode as "use tag" and specify the VLAN ID
MTCNA, MTCTCE, MTCRE & MTCINE
 
AutoEmocion
just joined
Topic Author
Posts: 10
Joined: Sat Apr 14, 2018 5:27 pm

Re: RB2011UAS-2HnD-IN v6.4.1 VLAN Trunk with WLAN

Mon Apr 30, 2018 3:51 pm

In wireless (WLAN) config, specify VLAN Mode as "use tag" and specify the VLAN ID
thanks for the prompt reply, I am still not getting a DHCP on the wlan from RB2011LS (works on my ether5 port).

Code: Select all

/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk eap-methods="" management-protection=\
allowed mode=dynamic-keys name=profile1 supplicant-identity="" \
wpa2-pre-shared-key=qwertyuiop
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n bridge-mode=disabled \
disabled=no mode=ap-bridge security-profile=profile1 ssid=\
MikroTik-Management vlan-id=5 vlan-mode=use-tag wps-mode=disabled
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 1398
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Randburg
Contact:

Re: RB2011UAS-2HnD-IN v6.4.1 VLAN Trunk with WLAN

Mon Apr 30, 2018 4:44 pm

I think you need to also add vlan 5 to interface wlan under interface vlan
MTCNA, MTCTCE, MTCRE & MTCINE
 
AutoEmocion
just joined
Topic Author
Posts: 10
Joined: Sat Apr 14, 2018 5:27 pm

Re: RB2011UAS-2HnD-IN v6.4.1 VLAN Trunk with WLAN

Mon Apr 30, 2018 4:50 pm

I think you need to also add vlan 5 to interface wlan under interface vlan
thanks again,

Code: Select all

/interface vlan
add interface=wlan1 name=vlan5-wlan1 vlan-id=5
No Go,,,, not able to get IP....
Do i need to bridge it?
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 1398
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Randburg
Contact:

Re: RB2011UAS-2HnD-IN v6.4.1 VLAN Trunk with WLAN

Mon Apr 30, 2018 5:03 pm

Did you assign the DHCP server to WLAN or VLAN 5? If on WLAN, change to VLAN 5 and feedback
MTCNA, MTCTCE, MTCRE & MTCINE
 
AutoEmocion
just joined
Topic Author
Posts: 10
Joined: Sat Apr 14, 2018 5:27 pm

Re: RB2011UAS-2HnD-IN v6.4.1 VLAN Trunk with WLAN

Mon Apr 30, 2018 5:14 pm

Hi.

Dhcp has no issues as I am able to request IP on ether5 of the rb2011uas.

The wlan1 just doesn't get the vlan.

Sent from my SM-N9005 using Tapatalk
 
sindy
Forum Guru
Forum Guru
Posts: 3811
Joined: Mon Dec 04, 2017 9:19 pm

Re: RB2011UAS-2HnD-IN v6.4.1 VLAN Trunk with WLAN

Mon Apr 30, 2018 6:45 pm

You talk about trunk in the topic subject, and then you talk about adding a single VLAN. Is your intention to transport tagged packets over WiFi or you're fine with a dedicated SSID for each VLAN? Because wireless packets cannot accommodate the VLAN tag directly, you have to use an EoIP or VPLS tunnel to transport tagged L2 packets across wireless hops, or you have to use a single SSID per each VLAN so you cannot have the same wireless client in more than one VLAN (as a client won't associate to several SSIDs simultaneously).
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 1740
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: RB2011UAS-2HnD-IN v6.4.1 VLAN Trunk with WLAN

Mon Apr 30, 2018 7:21 pm

i think a practical way to do this is:

you have to clear all the vlan configuration on switch menu leave it as default

create and manage all vlans on bridge configuration, dont forget to enable vlan filtering to make vlans on bridge work
 
sindy
Forum Guru
Forum Guru
Posts: 3811
Joined: Mon Dec 04, 2017 9:19 pm

Re: RB2011UAS-2HnD-IN v6.4.1 VLAN Trunk with WLAN

Mon Apr 30, 2018 8:29 pm

dont forget to enable vlan filtering to make vlans on bridge work
I respectfully disagree here.
vlan-filtering
is exactly what it says - filtering. If it is set to
no
, all ports are members of all VLANs.
vlan-filtering=yes
allows you to control membership of ports in VLANs by means of the rules in
/interface bridge vlan
. If
vlan-filtering=no
, these rules are ignored and tagged packets are forwarded between any member ports of the bridge.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
AutoEmocion
just joined
Topic Author
Posts: 10
Joined: Sat Apr 14, 2018 5:27 pm

Re: RB2011UAS-2HnD-IN v6.4.1 VLAN Trunk with WLAN

Tue May 01, 2018 2:49 am

You talk about trunk in the topic subject, and then you talk about adding a single VLAN. Is your intention to transport tagged packets over WiFi or you're fine with a dedicated SSID for each VLAN? Because wireless packets cannot accommodate the VLAN tag directly, you have to use an EoIP or VPLS tunnel to transport tagged L2 packets across wireless hops, or you have to use a single SSID per each VLAN so you cannot have the same wireless client in more than one VLAN (as a client won't associate to several SSIDs simultaneously).
Hi sindy

Thanks for the reply.

I have a trunk coming from spf1 rb2011LS to spf1 rb2011uas, carrying vlan 5 10 20 30 40.

As you can see from my config in post 1, ether 1 to 5 together with spf1 of rb2011uas are configured using switch chip, and all the 5 ether ports have no problems getting IPs from DHCP server at rb2011LS.

My intention is to configure a multi ssid on the rb2011uas with various vlans connecting to the trunk. But I am stuck with the 1st wireless interface.....

Sent from my SM-N9005 using Tapatalk

 
AutoEmocion
just joined
Topic Author
Posts: 10
Joined: Sat Apr 14, 2018 5:27 pm

Re: RB2011UAS-2HnD-IN v6.4.1 VLAN Trunk with WLAN

Tue May 01, 2018 2:51 am

i think a practical way to do this is:

you have to clear all the vlan configuration on switch menu leave it as default

create and manage all vlans on bridge configuration, dont forget to enable vlan filtering to make vlans on bridge work
Thank you.

I suspect that could be the only way to get both switch chips & wlan to work in a vlan environment.

Sent from my SM-N9005 using Tapatalk

 
AutoEmocion
just joined
Topic Author
Posts: 10
Joined: Sat Apr 14, 2018 5:27 pm

Re: RB2011UAS-2HnD-IN v6.4.1 VLAN Trunk with WLAN

Tue May 01, 2018 2:54 am

I have Google very hard and found this blog.

https://blog.ligos.net/2018-01-01/Mikro ... -VLAN.html

This could be the type config I am after. Put vlan on the bridge.

What do u guys think?



Sent from my SM-N9005 using Tapatalk

 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 1740
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: RB2011UAS-2HnD-IN v6.4.1 VLAN Trunk with WLAN

Tue May 01, 2018 3:23 am

dont forget to enable vlan filtering to make vlans on bridge work
I respectfully disagree here.
vlan-filtering
is exactly what it says - filtering. If it is set to
no
, all ports are members of all VLANs.
vlan-filtering=yes
allows you to control membership of ports in VLANs by means of the rules in
/interface bridge vlan
. If
vlan-filtering=no
, these rules are ignored and tagged packets are forwarded between any member ports of the bridge.

Are you sure that without having that marked the vlan work?

taken from
https://wiki.mikrotik.com/wiki/Manual:I ... face_Setup
vlan-filtering (yes | no; Default: no) Globally enables or disables VLAN functionality for bridge.
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 1740
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: RB2011UAS-2HnD-IN v6.4.1 VLAN Trunk with WLAN

Tue May 01, 2018 3:28 am

i think a practical way to do this is:

you have to clear all the vlan configuration on switch menu leave it as default

create and manage all vlans on bridge configuration, dont forget to enable vlan filtering to make vlans on bridge work
Thank you.

I suspect that could be the only way to get both switch chips & wlan to work in a vlan environment.

Sent from my SM-N9005 using Tapatalk
Today is the simplest way to do it

im sorry not being of more help, i have clear how to do use of switch chip vlan and bridge in integration with vlans in old bridge 6.40.x

i have not tested that config in new bridge implementation
 
AutoEmocion
just joined
Topic Author
Posts: 10
Joined: Sat Apr 14, 2018 5:27 pm

Re: RB2011UAS-2HnD-IN v6.4.1 VLAN Trunk with WLAN

Tue May 01, 2018 9:30 am

i think a practical way to do this is:

you have to clear all the vlan configuration on switch menu leave it as default

create and manage all vlans on bridge configuration, dont forget to enable vlan filtering to make vlans on bridge work
Thank you.

I suspect that could be the only way to get both switch chips & wlan to work in a vlan environment.

Sent from my SM-N9005 using Tapatalk
Today is the simplest way to do it

im sorry not being of more help, i have clear how to do use of switch chip vlan and bridge in integration with vlans in old bridge 6.40.x

i have not tested that config in new bridge implementation
Thanks Chechito and Sindy,

I believed I have found the correct way of running vlan over bridges in 6.41.3
please have a look.

Code: Select all

# jan/02/2002 02:15:45 by RouterOS 6.41.3
# software id = ISEF-IIMI
#
# model = 2011UAS-2HnD
# serial number = 3F0702EC61D0
/interface bridge
add fast-forward=no name=Sfp1-Vlan-Trunk
add fast-forward=no name="Vlan05 Bridge"
add fast-forward=no name="Vlan10 Bridge"
add fast-forward=no name="Vlan20 Bridge"
add fast-forward=no name="Vlan30 Bridge"
add fast-forward=no name="Vlan40 Bridge"
/interface vlan
add interface=Eth1-Vlan-Trunk name=Sfp1-Vlan05 vlan-id=5
add interface=Eth1-Vlan-Trunk name=Sfp1-Vlan10 vlan-id=10
add interface=Eth1-Vlan-Trunk name=Sfp1-Vlan20 vlan-id=20
add interface=Eth1-Vlan-Trunk name=Sfp1-Vlan30 vlan-id=30
add interface=Eth1-Vlan-Trunk name=Sfp1-Vlan40 vlan-id=40
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk eap-methods="" management-protection=\
allowed mode=dynamic-keys name=wlan1-profile supplicant-identity="" \
wpa2-pre-shared-key=12345678
add authentication-types=wpa2-psk eap-methods="" management-protection=\
allowed mode=dynamic-keys name=wlan2-profile supplicant-identity="" \
wpa2-pre-shared-key=12345678
add authentication-types=wpa2-psk eap-methods="" management-protection=\
allowed mode=dynamic-keys name=wlan3-profile supplicant-identity="" \
wpa2-pre-shared-key=12345678
add authentication-types=wpa2-psk eap-methods="" management-protection=\
allowed mode=dynamic-keys name=wlan4-profile supplicant-identity="" \
wpa2-pre-shared-key=12345678
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n disabled=no mode=ap-bridge \
name=wlan05 security-profile=wlan05-profile ssid=MikroTik-Management \
wps-mode=disabled
add disabled=no keepalive-frames=disabled mac-address=D6:CA:6D:6E:91:CF \
master-interface=wlan05 multicast-buffering=disabled name=wlan10 \
security-profile=wlan10-profile ssid=Smurfs wds-cost-range=0 \
wds-default-cost=0 wps-mode=disabled
add disabled=no keepalive-frames=disabled mac-address=D6:CA:6D:6E:91:D0 \
master-interface=wlan05 multicast-buffering=disabled name=wlan20 \
security-profile=wlan20-profile ssid=IOT wds-cost-range=0 \
wds-default-cost=0 wps-mode=disabled
add disabled=no keepalive-frames=disabled mac-address=D6:CA:6D:6E:91:D1 \
master-interface=wlan05 multicast-buffering=disabled name=wlan30 \
security-profile=wlan30-profile ssid=Watching_You wds-cost-range=0 \
wds-default-cost=0 wps-mode=disabled
add disabled=no keepalive-frames=disabled mac-address=D6:CA:6D:6E:91:D2 \
master-interface=wlan05 multicast-buffering=disabled name=wlan40 ssid=\
Guest wds-cost-range=0 wds-default-cost=0 wps-mode=disabled
/interface bridge port
add bridge=Sfp1-Vlan-Trunk interface=Sfp1
add bridge="Vlan05 Bridge" interface=ether1
add bridge="Vlan10 Bridge" interface=ether2
add bridge="Vlan20 Bridge" interface=ether3
add bridge="Vlan30 Bridge" interface=ether4
add bridge="Vlan40 Bridge" interface=ether5
add bridge="Vlan05 Bridge" interface=ether6
add bridge="Vlan10 Bridge" interface=ether7
add bridge="Vlan20 Bridge" interface=ether8
add bridge="Vlan30 Bridge" interface=ether9
add bridge="Vlan40 Bridge" interface=ether10
add bridge="Vlan05 Bridge" interface=Sfp1-Vlan05
add bridge="Vlan10 Bridge" interface=Sfp1-Vlan10
add bridge="Vlan20 Bridge" interface=Sfp1-Vlan20
add bridge="Vlan30 Bridge" interface=Sfp1-Vlan30
add bridge="Vlan40 Bridge" interface=Sfp1-Vlan40
add bridge="Vlan05 Bridge" interface=wlan05
add bridge="Vlan10 Bridge" interface=wlan10
add bridge="Vlan20 Bridge" interface=wlan20
add bridge="Vlan30 Bridge" interface=wlan30
add bridge="Vlan40 Bridge" interface=wlan40
 
sindy
Forum Guru
Forum Guru
Posts: 3811
Joined: Mon Dec 04, 2017 9:19 pm

Re: RB2011UAS-2HnD-IN v6.4.1 VLAN Trunk with WLAN

Tue May 01, 2018 9:38 am

As you can see from my config in post 1, ether 1 to 5 together with spf1 of rb2011uas are configured using switch chip, and all the 5 ether ports have no problems getting IPs from DHCP server at rb2011LS.

My intention is to configure a multi ssid on the rb2011uas with various vlans connecting to the trunk. But I am stuck with the 1st wireless interface.....
What I have missed in your first post (as I have concentrated on the "VLAN trunk over wireless" thought) is that you haven't permitted the vlans to the CPU port:
/interface ethernet switch vlan
add ports=sfp1,ether1,ether2,ether3,ether4,ether5 switch=switch1 vlan-id=x

should read
/interface ethernet switch vlan
add ports=sfp1,ether1,ether2,ether3,ether4,ether5,switch1-cpu switch=switch1 vlan-id=x


The point is that the wireless interface has no direct connection to the switch chip, so the packets must be bridged via the CPU.

Of course you can clear the switch configuration and do everything using bridging as @chechito suggests, but that would cost you quite some CPU power wasted on forwarding traffic between the Ethernet ports.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.

Who is online

Users browsing this forum: No registered users and 81 guests