Let me start by saying, I come from a Cisco background, and RouterOS's way of treating vlans/trunk/access ports is a little new to me.
I've been setting up a network for a client of mine and i have run into some problems. My intent is to setup a "simple" network consisting of a main Mikrotik Router, 2 cisco switches, and 3 mikrotik wifi routers as access points.
The network is setup with 3 vlans. Vlan 10 for general access (pcs, printers, etc), vlan 20 for guests (with access to each other and internet), and vlan 100 for management only.
On the main router, I have assigned 2 physical ports (eth2 and eth3) as trunk links (one to each cisco sw), so when a link goes down, the gateway for each vlan is still accessible . Each trunk physical port has 3 vlan interfaces "under" it. The vlan interfaces have been bound in 3 separate bridge interfaces. Each bridge interface has an ip address assigned to it (which serves as a gateway for that specific vlan) Each bridge interface has a dhcp server on it. I have added some access ports to the bidges (general access vlan and management vlan)
The cisco switches have int vlan 100 set for management purposes and default gateway set as the ip address of vlan 100's bridge on the main router. Each sw has a trunk port to the router, another to the other sw, and another to the access point (router as access point)
On the access points, there is eth1 connected to a switch as a trunk port. There is a virtual ap created, for the guest wifi. "Under" the physical trunk port (eth1) there are 3 vlan interfaces set. Each ap has a bridge for its non trunk ports and the wlan1 interface set as access ports to vlan 10. Another bridge is for the virtual ap (for guests) and vlan 20. There is a management ip set on the vlan 100 interface. There is also a default route to the main router's bridge ofor vlan 100
here is the diagrame:
My network is working but i have some problems:
1) First of all, the management interfaces on the APs work sporadically. When i ping them from the main router, about 50% of the packets are lost. The users (on vlan 10 and 20) connected to that ap experience normal internet access (no drops)
A traceroute of AP1 from the main router shows the other APs responding from time to time (weird)
[multipoint@EDGE] /tool> traceroute 192.168.100.10
# ADDRESS LOSS SENT LAST AVG BEST WORST
1 192.168.100.10 0% 42 0.3ms 0.3 0.2 0.5
-- [Q quit|D dump|C-z pause]
And a ping looks like this
[multipoint@EDGE] > ping 192.168.100.10
SEQ HOST SIZE TTL TIME STATUS
0 192.168.100.12 84 64 0ms redirect host
0 192.168.100.10 56 64 1ms
1 192.168.100.12 84 64 0ms redirect host
1 192.168.100.11 84 64 0ms redirect host
2 192.168.100.11 84 64 0ms redirect host
3 192.168.100.11 84 64 0ms redirect host
4 192.168.100.11 84 64 0ms redirect host
5 192.168.100.12 84 64 0ms redirect host
6 192.168.100.12 84 64 0ms redirect host
7 192.168.100.11 84 64 0ms redirect host
8 192.168.100.11 84 64 0ms redirect host
9 192.168.100.10 timeout
10 192.168.100.10 56 64 0ms
sent=11 received=2 packet-loss=81% min-rtt=0ms avg-rtt=0ms max-rtt=1ms
It appears the packet is bouncing around most of the time.
This makes connecting via winbox very problematic (the ap gets disconnected allot )
2) the root bridge election process is not going as expected. I have set the main router to have a bridge priority of hex 2000 (8192) on every vlan bridge. On vlan 1 (which is the native vlan of the cisco SWs) the root bridge is the main router. But on the other vlans, one of the SWs is the bridge. is there a way to force the router to be the root brige for every vlan ? ? Or how can i convince the cisco SWs to elect the routerboard as Root Bridge for each vlan ?
(configs in next post)