Community discussions

 
loran
just joined
Topic Author
Posts: 3
Joined: Fri Jul 05, 2019 12:22 pm

Problems with setting up AP's with VLAN

Fri Jul 05, 2019 12:30 pm

Hello All,

We are trying to set-up cAP AC AP's, but we are running into problems with VLAN's. I've used different tutorials online but at the end none of them helped.
The setup is as following:
mikrotik-support.png
The problem that we are getting is that when connecting with the Virtual SSID we don't get a IP-address from the DHCP servers (runs on the ASA).
And after some time our internal network will have problems because of the bridged created (package drop)

I've tried the following tutorials:
- https://blog.ligos.net/2018-01-01/Mikro ... -VLAN.html (till routing setup)
- https://www.marthur.com/networking/mikr ... wifi/2582/
- https://www.virtualizationhowto.com/201 ... aps-vlans/
You do not have the required permissions to view the files attached to this post.
 
mkx
Forum Guru
Forum Guru
Posts: 3212
Joined: Thu Mar 03, 2016 10:23 pm

Re: Problems with setting up AP's with VLAN

Fri Jul 05, 2019 2:20 pm

Post the whole of current cAP's config (run /export hide-sensitive in terminal window and copy-paste result into [ code] environment).
BR,
Metod
 
loran
just joined
Topic Author
Posts: 3
Joined: Fri Jul 05, 2019 12:22 pm

Re: Problems with setting up AP's with VLAN

Fri Jul 05, 2019 5:22 pm

# model = RBcAPGi-5acD2nD
/interface bridge
add name=BRIDGE-100
add name=BRIDGE-400
add admin-mac=74:4D:28:65:72:XX auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
disabled=no distance=indoors frequency=auto mode=ap-bridge ssid=\
MikroTik-657224 wireless-protocol=802.11
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-XXXX \
disabled=no distance=indoors frequency=auto mode=ap-bridge ssid=\
MikroTik-657225 wireless-protocol=802.11
/interface vlan
add interface=ether1 name=VLAN-1-MAIN vlan-id=1
add interface=ether1 name=VLAN-100-GAST use-service-tag=yes vlan-id=100
add interface=ether1 name=VLAN-400-DEVELOPMENT use-service-tag=yes vlan-id=400
/interface wireless
add disabled=no keepalive-frames=disabled mac-address=76:4D:28:65:72:25 \
master-interface=wlan2 multicast-buffering=disabled name=VWAL-1-5GHZ ssid=\
VerjoSecure wds-cost-range=0 wds-default-cost=0 wps-mode=disabled
add disabled=no keepalive-frames=disabled mac-address=76:4D:28:65:72:29 \
master-interface=wlan2 multicast-buffering=disabled name=VWAL-400-5GHZ \
ssid=VerjoDevelopment vlan-id=400 vlan-mode=use-tag wds-cost-range=0 \
wds-default-cost=0 wps-mode=disabled
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk eap-methods="" management-protection=allowed \
mode=dynamic-keys name=SP-1-MAIN supplicant-identity=""
add authentication-types=wpa2-psk eap-methods="" management-protection=allowed \
mode=dynamic-keys name=SP-100-GAST supplicant-identity=""
add authentication-types=wpa2-psk eap-methods="" management-protection=allowed \
mode=dynamic-keys name=SP-400-DEVELOPMENT supplicant-identity=""
/interface wireless
add disabled=no keepalive-frames=disabled mac-address=76:4D:28:65:72:24 \
master-interface=wlan1 multicast-buffering=disabled name=VWAL-1-2GHZ \
security-profile=SP-1-MAIN ssid=VerjoSecure wds-cost-range=0 \
wds-default-cost=0 wps-mode=disabled
add disabled=no keepalive-frames=disabled mac-address=76:4D:28:65:72:26 \
master-interface=wlan1 multicast-buffering=disabled name=VWAL-100-2GHZ \
security-profile=SP-100-GAST ssid=VerjoGast vlan-id=100 vlan-mode=use-tag \
wds-cost-range=0 wds-default-cost=0 wps-mode=disabled
add disabled=no keepalive-frames=disabled mac-address=76:4D:28:65:72:27 \
master-interface=wlan2 multicast-buffering=disabled name=VWAL-100-5GHZ \
security-profile=SP-100-GAST ssid=VerjoGast vlan-id=100 wds-cost-range=0 \
wds-default-cost=0 wps-mode=disabled
add disabled=no keepalive-frames=disabled mac-address=76:4D:28:65:72:28 \
master-interface=wlan1 multicast-buffering=disabled name=VWAL-400-2GHZ \
security-profile=SP-400-DEVELOPMENT ssid=VerjoDevelopment vlan-id=400 \
vlan-mode=use-tag wds-cost-range=0 wds-default-cost=0 wps-mode=disabled
/interface bridge port
add bridge=bridge comment=defconf interface=ether1
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
add bridge=BRIDGE-100 interface=VWAL-100-5GHZ
add bridge=BRIDGE-100 interface=VWAL-100-2GHZ
add bridge=BRIDGE-100 interface=VLAN-100-GAST
add bridge=BRIDGE-400 interface=VWAL-400-5GHZ
add bridge=BRIDGE-400 interface=VWAL-400-2GHZ
add bridge=BRIDGE-400 interface=VLAN-400-DEVELOPMENT
/ip address
add address=10.1.10.1/24 disabled=yes interface=ether1 network=10.1.10.0
add address=10.1.40.1/24 disabled=yes interface=ether1 network=10.1.40.0
add address=10.52.72.1/24 disabled=yes interface=ether1 network=10.52.72.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=bridge
/system routerboard mode-button
set enabled=yes on-event=dark-mode
/system script
add comment=defconf dont-require-permissions=no name=dark-mode owner=*sys \
policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
source="\r\
\n :if ([system leds settings get all-leds-off] = \"never\") do={\r\
\n /system leds settings set all-leds-off=immediate \r\
\n } else={\r\
\n /system leds settings set all-leds-off=never \r\
\n }\r\
\n "
 
anav
Forum Guru
Forum Guru
Posts: 3130
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: Problems with setting up AP's with VLAN

Fri Jul 05, 2019 8:26 pm

Not sure why you need two bridges as vlans are vlans and dont need extra bridge separation.
However the bigger issue may be that you dont use the bridge interface when defining the vlans.

How bout you have a good review of this resource, change your config accordingly and then post back with further inquiries.
viewtopic.php?f=13&t=143620

This one may also provide some benefit as a secondary source.
https://wiki.mikrotik.com/wiki/Manual:Bridge_VLAN_Table
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
mkx
Forum Guru
Forum Guru
Posts: 3212
Joined: Thu Mar 03, 2016 10:23 pm

Re: Problems with setting up AP's with VLAN

Fri Jul 05, 2019 10:51 pm

There are a few more or less serious flaws in the config. So I'm with @anav: read (and understand) tutorial in his first link. After you reconfigure cAP according to that tutorial and if it still doesn't work right, come back and we'll try to help.
BR,
Metod
 
loran
just joined
Topic Author
Posts: 3
Joined: Fri Jul 05, 2019 12:22 pm

Re: Problems with setting up AP's with VLAN

Fri Jul 05, 2019 10:54 pm

Thank you both for the reply. I'll try your idea's on Monday. Have a good weekend

~ Loran
 
anav
Forum Guru
Forum Guru
Posts: 3130
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: Problems with setting up AP's with VLAN

Sat Jul 06, 2019 1:21 am

Good plan, do come back and let us know how it goes. The "A" team comprised of Jekkyl (me) and the evil My Hyde (mkx) are here to help! ;-)
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)

Who is online

Users browsing this forum: mivsek and 22 guests