Community discussions

Frequent Visitor
Frequent Visitor
Topic Author
Posts: 84
Joined: Sun Mar 29, 2015 3:58 pm

Please help me configure VLANs on mikrotik

Sun Mar 29, 2015 4:18 pm

Hello i have a problem with configuring VLANs on mikrotik,

I have a WiFi network configured on routerboard 1100AHx2
And 3 APs RouterBoard RB951Ui-2HnD

Capsman is connceted to firewall watchguard.

And i would like to have configured:

On evry AP I have networks:

Vlan10 ==> Network ==> AP Zaposleni
Vlan20 ==> Network ==> AP Gosti
Vlan30 ==> Network ==> AP Press

And now i have problem that Vlans doesnt work, clients can comunicate from one vlan to another. And i dont get any traffic on vlans, can you please help me with configurations.

export from mikrotik:

/interface bridge
add name=Vlan10_Bridge
add name=Vlan20_Bridge
add name=Vlan30_Bridge
/interface ethernet
set [ find default-name=ether3 ] master-port=ether2
set [ find default-name=ether4 ] master-port=ether2
set [ find default-name=ether6 ] disabled=yes
set [ find default-name=ether7 ] disabled=yes
set [ find default-name=ether8 ] disabled=yes
set [ find default-name=ether9 ] disabled=yes
set [ find default-name=ether10 ] disabled=yes
set [ find default-name=ether11 ] disabled=yes
set [ find default-name=ether12 ] disabled=yes
set [ find default-name=ether13 ] disabled=yes
/interface vlan
add interface=ether1 l2mtu=1594 name=Vlan10 vlan-id=10
add interface=ether1 l2mtu=1594 name=Vlan20 vlan-id=20
add interface=ether1 l2mtu=1594 name=Vlan30 vlan-id=30
/caps-man security
add authentication-types=wpa-psk,wpa2-psk encryption=aes-ccm,tkip name=Gosti passphrase=namestu123
add authentication-types=wpa-psk,wpa2-psk encryption=aes-ccm,tkip name=Zaposleni passphrase=namestu123
add authentication-types=wpa-psk,wpa2-psk encryption=aes-ccm,tkip name=Press passphrase=namestu123
/caps-man configuration
add name=Zaposleni rx-chains=0,1 security=Zaposleni ssid=Zaposleni tx-chains=0,1
add name=Gosti rx-chains=0,1 security=Gosti ssid=Gosti tx-chains=0,1
add name=Press rx-chains=0,1 security=Press ssid=Press tx-chains=0,1
/caps-man interface
add arp=enabled configuration=Zaposleni configuration.ssid="" disabled=no l2mtu=1600 mac-address=4C:5E:0C:CE:D2:0C master-interface=none mtu=1500 name=\
AP1-Zaposleni radio-mac=4C:5E:0C:CE:D2:11 security=Zaposleni
add arp=enabled configuration=Zaposleni disabled=no l2mtu=1600 mac-address=4C:5E:0C:BE:44:49 master-interface=none mtu=1500 name=AP2-Zaposleni \
radio-mac=4C:5E:0C:BE:44:49 security=Zaposleni
add arp=enabled configuration=Zaposleni disabled=no l2mtu=1600 mac-address=4C:5E:0C:D0:0F:3F master-interface=none mtu=1500 name=AP3-Zaposleni \
radio-mac=4C:5E:0C:D0:0F:3F security=Zaposleni
add arp=enabled configuration=Gosti configuration.ssid="" disabled=no l2mtu=1600 mac-address=4E:5E:0C:CE:D2:0D master-interface=AP1-Zaposleni mtu=1500 \
name=AP1-Gosti radio-mac=00:00:00:00:00:00 security=Gosti
add arp=enabled configuration=Press configuration.ssid="" disabled=no l2mtu=1600 mac-address=4E:5E:0C:CE:D2:0C master-interface=AP1-Zaposleni mtu=1500 \
name=AP1-Press radio-mac=00:00:00:00:00:00 security=Press
add arp=enabled configuration=Gosti disabled=no l2mtu=1600 mac-address=4E:5E:0C:BE:44:49 master-interface=AP2-Zaposleni mtu=1500 name=AP2-Gosti \
radio-mac=00:00:00:00:00:00 security=Gosti
add arp=enabled configuration=Press disabled=no l2mtu=1600 mac-address=4E:5E:0C:BE:44:4A master-interface=AP2-Zaposleni mtu=1500 name=AP2-Press \
radio-mac=00:00:00:00:00:00 security=Press
add arp=enabled configuration=Gosti disabled=no l2mtu=1600 mac-address=4E:5E:0C:D0:0F:3F master-interface=AP3-Zaposleni mtu=1500 name=AP3-Gosti \
radio-mac=00:00:00:00:00:00 security=Gosti
add arp=enabled configuration=Press disabled=no l2mtu=1600 mac-address=4E:5E:0C:D0:0F:40 master-interface=AP3-Zaposleni mtu=1500 name=AP3-Press \
radio-mac=00:00:00:00:00:00 security=Press
/interface ethernet switch port
set 5 default-vlan-id=auto
set 6 default-vlan-id=auto
set 7 default-vlan-id=auto
set 8 default-vlan-id=auto
set 9 default-vlan-id=auto
set 10 default-vlan-id=auto
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=
add name=dhcp_pool2 ranges=
add name=dhcp_pool3 ranges=
add name=dhcp_pool4 ranges=
/ip dhcp-server
add address-pool=dhcp interface=ether2 lease-time=3d name=dhcp1
add address-pool=dhcp_pool2 disabled=no interface=Vlan10_Bridge lease-time=3d name=Dhcp_Zaposleni
add address-pool=dhcp_pool3 disabled=no interface=Vlan20_Bridge lease-time=3d name=Dhcp_Gosti
add address-pool=dhcp_pool4 disabled=no interface=Vlan30_Bridge lease-time=3d name=Dhcp_Press
set 0 name=serial0
set 1 name=serial1
/caps-man manager
set enabled=yes
/interface bridge port
add bridge=Vlan10_Bridge interface=AP1-Zaposleni
add bridge=Vlan10_Bridge interface=AP2-Zaposleni
add bridge=Vlan10_Bridge interface=AP3-Zaposleni
add bridge=Vlan20_Bridge interface=AP1-Gosti
add bridge=Vlan20_Bridge interface=AP2-Gosti
add bridge=Vlan20_Bridge interface=AP3-Gosti
add bridge=Vlan30_Bridge interface=AP3-Press
add bridge=Vlan30_Bridge interface=AP2-Press
add bridge=Vlan30_Bridge interface=AP1-Press
add bridge=Vlan10_Bridge interface=ether5
/ip address
add address= interface=ether1 network=
add address= interface=Vlan20_Bridge network=
add address= interface=Vlan30_Bridge network=
add address= disabled=yes interface=ether2 network=
add address= interface=Vlan10_Bridge network=
/ip dhcp-client
add default-route-distance=0 dhcp-options=hostname,clientid interface=ether1
/ip dhcp-server network
add address= gateway=
add address= dns-server= gateway=
add address= dns-server= gateway=
add address= dns-server= gateway=
/ip dns
set allow-remote-requests=yes servers=
/ip firewall mangle
add action=mark-routing chain=prerouting disabled=yes new-routing-mark=gosti src-address=
add action=mark-routing chain=prerouting disabled=yes new-routing-mark=press src-address=
add action=mark-routing chain=prerouting disabled=yes new-routing-mark=zaposleni src-address=
/ip firewall nat
add action=masquerade chain=srcnat disabled=yes out-interface=ether1
add action=masquerade chain=srcnat out-interface=ether1
/ip route
add distance=1 gateway=
/system clock
set time-zone-autodetect=no
/system identity
set name=MikroTik-TheBoss
/system routerboard settings
set protected-routerboot=disabled
You do not have the required permissions to view the files attached to this post.

Who is online

Users browsing this forum: Google [Bot] and 143 guests