Community discussions

MikroTik App
 
rrojasc
just joined
Topic Author
Posts: 5
Joined: Thu Jun 23, 2022 11:11 pm

Problems with AP and Vlans

Thu Jun 23, 2022 11:25 pm

Greetings

I have an wAP AC conneceted to a CRS326 and configured with trunk port between them usin the bridge-Vlan Filtering metod showed in https://wiki.mikrotik.com/wiki/Manual:Bridge_VLAN_Table, I have the same configuration in all my other switches and it works fine. but, when I set up the wAP with the wireless interfaces with an SSID Untagged (taggen in the trunk ether port) it works fine 5 minutes, the clients connected receive an IP address and have Internet. but then the clients stuck in obtaining IP Address, if I shut down the wireless interfaces and power on again it works for other 5 minutes and then the same.

I've tried every Vlan method in the wAP like bridges with vlan and so on, the only thing that worked good is creating a LAN at the wAP with it's own DHCP and work as a normal Wireless Router, Obviously this doesn't work form my network structure because I need the Wireless Vlan work well in every AP.

Hope someone can help me with this
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11433
Joined: Thu Mar 03, 2016 10:23 pm

Re: Problems with AP and Vlans

Fri Jun 24, 2022 12:09 pm

Post (full) configuration of one of your APs.
 
rrojasc
just joined
Topic Author
Posts: 5
Joined: Thu Jun 23, 2022 11:11 pm

Re: Problems with AP and Vlans

Fri Jun 24, 2022 3:54 pm

thanks por the reply

/interface bridge
add name="LAN UCB"
add ingress-filtering=yes name=TRONCAL vlan-filtering=yes
/interface bridge port
add bridge=TRONCAL interface=ether1
add bridge=TRONCAL interface=wlan1 pvid=45
add bridge=TRONCAL interface=wlan2 pvid=45
/interface bridge vlan
add bridge=TRONCAL tagged=ether1,TRONCAL vlan-ids=9
add bridge=TRONCAL tagged=ether1 vlan-ids=45

/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n default-forwarding=no \
disabled=no distance=indoors frequency=2422 max-station-count=100 mode=\
ap-bridge preamble-mode=long ssid=WIFI tx-power=16 tx-power-mode=\
all-rates-fixed wireless-protocol=802.11
set [ find default-name=wlan2 ] adaptive-noise-immunity=ap-and-client-mode \
band=5ghz-a/n basic-rates-a/g=24Mbps,36Mbps,48Mbps,54Mbps channel-width=\
20/40mhz-eC country=bolivia default-forwarding=no disabled=no distance=\
indoors frequency=5260 frequency-mode=superchannel installation=outdoor \
max-station-count=100 mode=ap-bridge multicast-helper=disabled \
preamble-mode=short ssid=WIFI supported-rates-a/g=\
24Mbps,36Mbps,48Mbps,54Mbps wireless-protocol=802.11 wps-mode=disabled

/interface vlan
add interface=TRONCAL name="Vlan 9" vlan-id=9

/ip address
add address=192.168.8.15/23 interface="Vlan 9" network=192.168.8.0
/ip dns
set servers=8.8.8.8
/ip route
add distance=1 gateway=192.168.9.30

this is the configuration I've tried. The IP address is only for administration.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11433
Joined: Thu Mar 03, 2016 10:23 pm

Re: Problems with AP and Vlans

Fri Jun 24, 2022 5:01 pm

I don't see enything that would explain the weird behaviour. Is there anything in log? Which ROS version do you use?
 
rrojasc
just joined
Topic Author
Posts: 5
Joined: Thu Jun 23, 2022 11:11 pm

Re: Problems with AP and Vlans

Fri Jun 24, 2022 5:34 pm

I have this log after the time when it starts to fail
XX:XX:XX:XX:XX:XX@wlan1: disconnected, received deauth: sending station leaving (3), signal strength -XX
XX:XX:XX:XX:XX:XX@wlan2: disconnected, received deauth: sending station leaving (3), signal strength -XX

the vertion is 6.49.6

but when I use a local LAN created in the AP as a normal Router it works normally and the I dont recieve that log
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11433
Joined: Thu Mar 03, 2016 10:23 pm

Re: Problems with AP and Vlans

Fri Jun 24, 2022 8:26 pm

XX:XX:XX:XX:XX:XX@wlan1: disconnected, received deauth: sending station leaving (3), signal strength -XX
This is saying that wireless client was disconnected. Obfuscating the value of signal strength doesn't improve any of security, it rather prevents us from further trouble shooting ... so skim through logs and write us a typical (min, max, average) value of signal strength mentioned in logs of those events. If you choose to show us exact log entries, you may want to obfuscate device MAC addresses, but please only hide first 3 octects (which bear information about device manufacturer), but leave to other 3 octets intact ... this would allow us to see device behaviour (e.g. does it ping-pong between wireless interfaces? does it leave and re-associate after a while on same interface?).

BTW, this has nothing to do with VLANs, it's about wireless part of AP.
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 2983
Joined: Mon Apr 08, 2019 1:16 am

Re: Problems with AP and Vlans

Fri Jun 24, 2022 9:15 pm

There are some things that makes me wonder: Freq 5260 and Country Bolivia is no match.
Superchannel may allow it, outside the legal range of frequencies.
Klembord-2.jpg
The high basic rate (24Mbps) may make the connection more vulnerable to disconnects.
Test basic rate at 6Mbps, at least as one of the possible basic rates.
Not using the multicast helper, will not convert multicasts to unicasts (unicasts are acked and do retransmits if an attempt fails, multicast/broadcast has to always succeed)
You do not have the required permissions to view the files attached to this post.
 
rrojasc
just joined
Topic Author
Posts: 5
Joined: Thu Jun 23, 2022 11:11 pm

Re: Problems with AP and Vlans

Fri Jun 24, 2022 10:00 pm

Thanks for the reply:

26:3F:@wlan1: disconnected, received deauth: sending station leaving (3), signal strength -67
1C:CC:@wlan1: disconnected, received deauth: sending station leaving (3), signal strength -47

this is log with the strength. the problem is that the clients disconect even if signal is -47 or -90
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 2983
Joined: Mon Apr 08, 2019 1:16 am

Re: Problems with AP and Vlans

Sat Jun 25, 2022 12:31 am

"station leaving (3)" is a hard one to crack.

"Station leaving (8)" is easier. The client device has found a better connection, or just decides to roam or use another SSID.

(3) and (8) both happen with good signal strength. Even -47 is quite common.
The reason for disconnect is not the signal strength.
In the case of signal strength problems, there is either "too weak signal" for an access-list value violation, or "extensive data loss" in the log when the default 7 retries and the interface rate step downs could not make for a good transmission. Be aware , the supported rates define how deep the interface rate can be reduced. By setting only higher supported rates disconnects for "extensive data loss" will happen much more often, as the devices cannot take measures to restore the communication.
For a client, failing the built in internet test (software dependent test), is a reason to go away - leaving(8). Failing DNS or DHCP are also reasons to leaving (8).
4-way handshake timeout is just another possible reason.
Even a bridge port that has "learning" on disabled, wil trigger disconnects, because there is no internet.
For leaving (3) it is not clear what the possible reasons are, maybe just lack of traffic.

So even errors in the ISP uplink, can trigger a wifi disconnect, because no 'good' internet.
Not to forget busy wifi channel-contention, interference , or noise (like from a microwave oven) are just reasons enough to disconnect, without hints in the log.

If the disconnect is immediately and repeatedly one might find the cause. https://solveforum.com/forums/threads/m ... ing.51291/
If it is intermittent it can be very hard to find.
 
rrojasc
just joined
Topic Author
Posts: 5
Joined: Thu Jun 23, 2022 11:11 pm

Re: Problems with AP and Vlans

Fri Jul 01, 2022 2:46 am

Thank for the reply

I've been testing many data rates and I thing I'm close to the solution with the logs I had sent, but now I have the initial problem, when I power on the ap clients connect succeful, past 5 to 10 min the mobile clients stucks with obtaining ip address from the vlan in which the wireless is configured, if I setup a local lan from the ap with either routed or Nat configuración they have service normally all the time, I've swiched configuración between local lan and vlan filtering and is the same, in local lan clients connect normally with ip and Internet, with vlan filtering they only work for 10 min and then they stuck in obtaining ip address, is the same vlan I use with my cisco ubiquiti and ruckus aps and only with the mikrotik I have the problem

Who is online

Users browsing this forum: cyrq, markom and 31 guests