Community discussions

MikroTik App
 
weldox
just joined
Topic Author
Posts: 12
Joined: Mon Mar 06, 2017 2:35 pm

SXT5ac managment VLAN

Wed May 13, 2020 4:39 pm

I have 2 Ubiquity M5 and 1 SXT5ac.

I have more VLANs passing thorugh these antennas. The main VLAN (that I use for managment) is VLAN 10 (10.10.10.0/24).

I can look at my 2 Ubiquity because they have an option:

Image

Is there something of similar in SXT5ac? Or there is some workaround for it?

Or I Cannot "see" the SXT5ac.

Thank You very much!
Maurizio
 
User avatar
floaty
Member Candidate
Member Candidate
Posts: 231
Joined: Sat Oct 20, 2018 1:24 am
Location: 52°08'32.34"N 14°39'05.0"E

Re: SXT5ac managment VLAN

Thu May 14, 2020 4:16 pm

just add a vlan-interface and choose your ethernet-interface as source-interface
in case you need this vlan on multiple ports, you have to interconnect the vlan-interface(s) with a bridge
... (there are more options if a hardware-switch in your plattform is involved ... but above option should work on every MTik-device ...
.
~~
We know what happens to people who stay in the middle of the road. They get run over.
 
weldox
just joined
Topic Author
Posts: 12
Joined: Mon Mar 06, 2017 2:35 pm

Re: SXT5ac managment VLAN

Tue May 19, 2020 5:08 pm

just add a vlan-interface and choose your ethernet-interface as source-interface
in case you need this vlan on multiple ports, you have to interconnect the vlan-interface(s) with a bridge
... (there are more options if a hardware-switch in your plattform is involved ... but above option should work on every MTik-device ...
.
Thank You Floaty,

this is my config:

/interface bridge
add fast-forward=no name=bridge1
/interface ethernet
set [ find default-name=ether1 ] speed=100Mbps
/interface vlan
add interface=ether1 name=vlan10 vlan-id=10
/interface list
add exclude=dynamic name=discover
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk group-ciphers=\
tkip,aes-ccm mode=dynamic-keys supplicant-identity=MikroTik \
unicast-ciphers=tkip,aes-ccm wpa-pre-shared-key=xxxxxx \
wpa2-pre-shared-key=xxxxxxx
add authentication-types=wpa-psk,wpa2-psk eap-methods="" group-ciphers=\
tkip,aes-ccm management-protection=allowed mode=dynamic-keys name=\
"Security xxxxxxx" supplicant-identity="" unicast-ciphers=tkip,aes-ccm \
wpa-pre-shared-key=xxxxxxx wpa2-pre-shared-key=xxxxxxxx
/interface wireless
set [ find default-name=wlan1 ] band=5ghz-a/n channel-width=20/40mhz-Ce \
country=no_country_set disabled=no frequency-mode=manual-txpower mode=\
station-pseudobridge multicast-helper=disabled security-profile=\
"Security xxxxxx" ssid=xxxxxxxx vlan-id=10 wireless-protocol=802.11 \
wps-mode=disabled
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
sword,web,sniff,sensitive,api,romon,dude,tikapp"
/interface bridge port
add bridge=bridge1 interface=wlan1
add bridge=bridge1 hw=no interface=ether1
/ip neighbor discovery-settings
set discover-interface-list=discover
/interface list member
add interface=ether1 list=discover
add interface=bridge1 list=discover
/ip address
add address=10.10.10.122/24 interface=bridge1 network=10.10.10.0
/ip dhcp-client
add interface=bridge1
/ip dns
set servers=10.10.10.11,9.9.9.9
/ip route
add distance=1 gateway=10.10.10.1

but I still cannot "ping" the SXT....
 
sindy
Forum Guru
Forum Guru
Posts: 5689
Joined: Mon Dec 04, 2017 9:19 pm

Re: SXT5ac managment VLAN

Tue May 19, 2020 5:45 pm

Two things. You cannot attach an /interface vlan to a member interface of a bridge (ether1 in your case), you must attach the /interface vlan to the bridge itself instead. It works "somehow, sometimes" the way you've configured it, but it's not reliable.

And second, you haven't attached any IP configuration to the /interface vlan (neither a static one nor a DHCP client), so no wonder you cannot access the SXT via that VLAN.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.

Who is online

Users browsing this forum: mbethers and 87 guests