Community discussions

MikroTik App
 
User avatar
azurtem
Trainer
Trainer
Topic Author
Posts: 217
Joined: Mon May 16, 2011 5:35 pm
Location: Nice, France
Contact:

Virtual AP and VLAN

Thu Feb 26, 2015 5:39 am

Hi

I set up four RB912 and a central RB2011 (which is the default gateway, connected to the Internet)
On each router I setup a virtual AP in order to have two SSIDs per router WifiA and WifiB
I created two VLANs, Vlan10 and Vlan11 - on interface ether1 for the RB912, and on localbridge for RB2011
I created two bridges, BriA for (WifiA + Vlan10), and BriB for (WifiB + Vlan11)
I assigned an IP address to each bridge (localbridge for the RB2011 LAN, BriA and BriB)

Access to and through WifiA works great

With WifiB however access to and through doesn't work (no pinging whatsoever) between the RB912s or between the RB912s and the RB2011

After reviewing the various parameters I came across the bridge STP setting
On BriA, this was set to none, while on BriB and Localbridge it was set to RSTP

I consequently set BriB's STP setting to none and traffic began to flow unhindered.
I'm not sure how that setting came to be altered for BriA, but all seems to be well now

Any thoughts ?

thanks
yann
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4051
Joined: Wed May 11, 2011 6:08 pm

Re: Virtual AP and VLAN

Thu Feb 26, 2015 7:20 am

It definitely sounds like you did it correctly for what you're doing.
So the APs are connected with Ethernet and not Wireless / WDS, right?

Things to look for:
Forwarding states on the interfaces when STP is enabled.
Identity and location of root bridge (should be the 2011 - adjust priorities if needed, lower number = higher priority)
I would say sniff packets on the physical ethernet interfaces to make sure the dot1Q tags are right, but if disabling STP makes everything work like it should, then it likely isn't a problem there.

Also interesting: If you're trying to enforce client isolation, you can use split horizon on the bridge on the 2011 to keep clients from AP1 seeing clients on the other 3 APs. (set all 4 vlan subinterfaces and virtualAP on the bridge to the same horizon number)
When given a spoon,
you should not cling to your fork.
The soup will get cold.
 
User avatar
azurtem
Trainer
Trainer
Topic Author
Posts: 217
Joined: Mon May 16, 2011 5:35 pm
Location: Nice, France
Contact:

Re: Virtual AP and VLAN

Thu Feb 26, 2015 9:29 am

It definitely sounds like you did it correctly for what you're doing.
So the APs are connected with Ethernet and not Wireless / WDS, right?

Things to look for:
Forwarding states on the interfaces when STP is enabled.
Identity and location of root bridge (should be the 2011 - adjust priorities if needed, lower number = higher priority)
I would say sniff packets on the physical ethernet interfaces to make sure the dot1Q tags are right, but if disabling STP makes everything work like it should, then it likely isn't a problem there.

Also interesting: If you're trying to enforce client isolation, you can use split horizon on the bridge on the 2011 to keep clients from AP1 seeing clients on the other 3 APs. (set all 4 vlan subinterfaces and virtualAP on the bridge to the same horizon number)
Thanks ZeroByte
Yes, all APs are linked using Ethernet cabling
I hadn't looked at that aspect yet, client isolation, but will do, thanks

yann
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4051
Joined: Wed May 11, 2011 6:08 pm

Re: Virtual AP and VLAN

Thu Feb 26, 2015 2:58 pm

Thanks ZeroByte
Yes, all APs are linked using Ethernet cabling
I hadn't looked at that aspect yet, client isolation, but will do, thanks

yann
Client isolation is definitely an optional thing - but good in a "public WiFi" scenario. Of course, the first thing your users will want to do is set up printers on the WLAN and Chromecast.... :?
When given a spoon,
you should not cling to your fork.
The soup will get cold.

Who is online

Users browsing this forum: DL7JP, thekrzos and 78 guests