Community discussions

MikroTik App
 
rosentorp
just joined
Topic Author
Posts: 4
Joined: Sat Jul 03, 2004 10:49 pm
Location: Halmstad / Sweden

Switch with mixed untagged and VLAN

Tue Dec 07, 2021 11:43 am

Dear Sir/Madam,

would like to have some help to revied my switch setup. The wanted configuration is as follows:

Port Usage
1-2 Isolated switch between the two ports
3-4 Untagged GUEST network
5-6 LAN network, GUEST network via VLAN 40
7-24 LAN netowork (not VLAN 40)

My settings: https://www.dropbox.com/sh/fjml1fuywv99 ... avQpa?dl=0

Thank you for any support!

/Anders
 
User avatar
k6ccc
Forum Guru
Forum Guru
Posts: 1490
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)
Contact:

Re: Switch with mixed untagged and VLAN

Tue Dec 07, 2021 9:14 pm

First of all, I would recommend against using VLAN 1 for your "normal" LAN. Too many things that default or treat VLAN 1 as special.
You have a few things that seem odd to me.
Ports 1 & 2 and also 3 & 4 are isolated via port isolation. But what is the point in running two ports into a switch. Other than being able to see traffic stats in the switch and maybe cable length issues, you might as well just plug the two devices together and not tie up switch ports.
Ports 1 & 2 are set to a default VLAN ID of 2 on the VLAN page, but there is no VLAN 2 on the VLANs page. Those are labeled as WAN. Will there be VLAN tagged traffic on them? You have them set to VLAN mode of Optional on the VLAN page.
Can I assume your Access Points either use different VLANs for different SSIDs or one VLAN for one SSID and untagged for another SSID and / or management? Assuming that is the case and that there will be a guest SSID that uses VLAN 40, but those can't communicate with the Guest LAN ports 3 & 4 because of port isolation.
Assuming that ports 7 - 24 are end use devices, I would assume that they would be untagged, so why have the ports set to VLAN mode Optional?

If it were me, I would eliminate the port isolations entirely and go back to the default on that page. Then set ports 1 & 2 to VLAN mode strict, VLAN receive to Only Untagged, and Default VLAN ID to some unique VLAN (let's say 12), and on the VLANs page set those two ports to VLAN 12 only and no other ports to VLAN 12.
Then I would do similar for ports 3 & 4 (and we'll use your VLAN 40). If the APs are intended to have the Guest VLAN become a Guest SSID, then those two ports also need to have VLAN 40 assigned on the VLANs page.
Lastly, I would assign ports 7 - 24 to whatever VLAN you use for "normal" operation (NOT 1 as you currently are - suggesting 11) with VLAN mode set to strict, VLAN Receive to Only untagged, and default VLAN ID to 11 (using my suggested VLAN). Ports 5 & 6 would also be assigned to VLAN 11 - assuming that you want "non-guest" and/or management on the APs.

Who is online

Users browsing this forum: No registered users and 9 guests