Community discussions

MikroTik App
 
satennallc
just joined
Topic Author
Posts: 2
Joined: Wed Feb 24, 2021 3:58 am

Wireless VLAN Bridge

Wed Feb 24, 2021 4:09 am

Hello All,

New to the MikroTik world. Have to say I'm impressed with all the options to configure, but as the story go's, the more options, the more complicated it gets. So here is what I am dealing with.

Retirement Community Wireless Setup using Cambian WAP's, VLANS, and L2TP. Each Resident unit has it's own VLAN. Devices can authenticate using either credentials, or manually authorizing the MAC to the VLAN.

I would like to connect to the wireless VLAN, and bridge it natively or untagged to the ethernet ports on an hAP ac lite TC, so that all connected devices will fall into the same authorized VLAN.

I would also like to be able to remotely access them via reverse NAT for support purposes. Not sure if that's even on the table.

Is this possible, and how? I currently just have a basic WiFi Bridge with NAT'd ethernet ports, and is working, but would prefer the above setup.

Thanks all for any help.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: Wireless VLAN Bridge

Wed Feb 24, 2021 11:26 am

If I understand you right, then AP sends tagged packets over wifi?

The idea is this: wlan interface happily passes tagged frames, you just have to deal with tags on bridge. The wlan interface should not be configured with any of vlan-related properties, those are onky necessary if wlan interface itself is supposed to tag frames in tirection towars bridge (i.e. frames are untagged over the air). E.g. if you have frames with VID 555 and you want to see those frames untagged on ether1 port, you need a bridge set up something like this:

/interface bridge
add bridge=bridge vlan-filtering=yes
/interface bridge port
add bridge=bridge interface=ether1 pvid=555
add bridge=bridge interface=wlan1
/interface bridge vlan
add bridge=bridge tagged=wlan1 vlan-ids=555 # ether1 will be added as untagged automatically

(you can add interdace bridge as tagged member port if you want to make router interact with traffic in this VLAN. In this case you'll also need corresponding vlan interface).

After devices, connected to ether1 (or other ports if you add those to bridge in same manner), are part of said VLAN, remote access us up to configuration of router upstream, your hAP does not interfere (i.e. its firewall doesn't affect traffic passing hAP in any way). If you'd like to use hAP as firewall (shielding your own devices from outside access), then hAP should be configured completely differently - probably the same way you have it currently.
 
satennallc
just joined
Topic Author
Posts: 2
Joined: Wed Feb 24, 2021 3:58 am

Re: Wireless VLAN Bridge

Wed Feb 24, 2021 8:57 pm

Thats awesome. I will try to get this implemented to see how well it works.

Who is online

Users browsing this forum: cyrq, holvoetn and 34 guests