Community discussions

MikroTik App
 
thurin
just joined
Topic Author
Posts: 7
Joined: Tue Jul 19, 2022 9:57 pm

VLANs on Hap AC3 as access point.

Tue Jul 19, 2022 10:09 pm

Hello. I've just bought a hap ac3, and I've been trawling the forum, the wiki, and various YT videos, but I still can't seem to figure out how to do this.

Here is a (crappy) diagram of what I'm trying to achieve.

I'm trying to use a bridge, but I'm struggling to understand what needs to be assigned to the bridge, how vlans should be assigned & tagged and untagged, how net address should be assigned and/or if I need dhcp forwarder. It's a bit of a nightmare so far. I'm hoping someone can help or point me in the right direction. Pretty sure you guys could configure this in about 5 minutes.

Thanks.
networkDiagram.png
You do not have the required permissions to view the files attached to this post.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19125
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: VLANs on Hap AC3 as access point.

Wed Jul 20, 2022 6:08 am

If the hapac is the item of concern, you basically want an AP/Switch setup not a router setup.
In addition you should know which is the trusted subnet (vlan) as it may be a separate management vlan or simply one of the vlans being used.
The hapac will get an IP address on this subnet (best done by manually setting it).

I highly recommend doing your configuring OFF the bridge to avoid locking yourself out.
This means take ether5 for starters and remove it from any bridge and plug in your laptop to it etc.......
This is the idea.......
viewtopic.php?t=181718

Then you can apply a reasonably basic setup to the hapac that will work fine, the example provided will be close to the mark!
viewtopic.php?t=182276

If you have any questions about the config shown EXAMPLE (ANY RoS) DEVICE SETUP, dont hesitate to ask!

Once you have a config and need some tweaking come back post your config /export.....
 
thurin
just joined
Topic Author
Posts: 7
Joined: Tue Jul 19, 2022 9:57 pm

Re: VLANs on Hap AC3 as access point.

Wed Jul 20, 2022 11:58 am

Thank you anav, I'm very grateful. I will try with the information you've linked and then come back with a config if I am still struggling. Cheers!
 
thurin
just joined
Topic Author
Posts: 7
Joined: Tue Jul 19, 2022 9:57 pm

Re: VLANs on Hap AC3 as access point.

Thu Jul 21, 2022 1:59 pm

Ok, so I followed the linked guides - the AP setup was straightforward but I think I'm still falling down on the VLAN config. I haven't set up a management VLAN yet, I'm just trying to get these running as a VLAN tagging AP, I'm connecting with Winbox via eth & MAC. I can worry about embellishments later when I become more familiar with the device. Please could you take a look & comment? Greatly appreciated.
# jul/21/2022 02:09:29 by RouterOS 7.3.1
# software id = ****-****
#
# model = RBD53iG-5HacD2HnD
# serial number = ************
/interface bridge
add name=BR1 protocol-mode=none vlan-filtering=yes
/interface wifiwave2
set [ find default-name=wifi1 ] configuration.country="Some Place" \
    .hide-ssid=yes .mode=ap .ssid=Wifi_Private_Slow disabled=no \
    security.authentication-types=wpa2-psk
set [ find default-name=wifi2 ] configuration.country="Some Place" \
    .hide-ssid=yes .mode=ap .ssid=Wifi_Private_Fast disabled=no \
    security.authentication-types=wpa2-psk
add configuration.country="Some Place" .mode=ap .ssid=Wifi_Guest_Slow \
    disabled=no mac-address=DE:AD:BE:EF:CA:FE master-interface=wifi1 name=\
    wifi3 security.authentication-types=wpa2-psk
add configuration.country="Some Place" .hide-ssid=yes .mode=ap .ssid=\
    Wifi_Guest_Fast disabled=no mac-address=DE:AD:BE:EF:CA:FE \
    master-interface=wifi2 name=wifi4 security.authentication-types=wpa2-psk
/interface vlan
add interface=BR1 name=VLAN10 vlan-id=10
add interface=BR1 name=VLAN20 vlan-id=20
/interface bridge port
add bridge=BR1 interface=ether3
add bridge=BR1 interface=wifi1 pvid=10
add bridge=BR1 interface=wifi2 pvid=10
add bridge=BR1 interface=wifi3 pvid=20
add bridge=BR1 interface=wifi4 pvid=20
/ip settings
set ip-forward=no
/interface bridge vlan
add bridge=BR1 tagged=BR1,wifi1,wifi2,ether3 vlan-ids=10
add bridge=BR1 tagged=BR1,wifi3,wifi4,ether3 vlan-ids=20
/ip address
add address=10.10.10.2/24 interface=VLAN10 network=10.10.10.0
add address=20.20.20.2/24 interface=VLAN20 network=20.20.20.0
/ip dhcp-relay
add dhcp-server=10.10.10.1 disabled=no interface=VLAN10 name=VLAN10-RELAY
add dhcp-server=20.20.20.1 disabled=no interface=VLAN20 name=VLAN20-RELAY
/system identity
set name=SOME_AP
 
Zacharias
Forum Guru
Forum Guru
Posts: 3459
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: VLANs on Hap AC3 as access point.

Thu Jul 21, 2022 3:11 pm

You have mistakes in your VLAN configuration.
The most important, you have PVID set on your wifi ports but at the same time you have set those ports as Tagged.
By setting PVID we declare a port as an Access Port, meaning untagged traffic.
A port that has both PVID set and at the same time is tagged for a VID different than the PVID is a Hybrid port... But even in that case, its wrong , since your PVID = VID of the Tagged Port.

Also you don't need your Bridge interface to be Tagged for every VLAN, but only for your management VLAN or in case we talk about a Router setup. But thats another thing. supposing you configure hap as a switch-AP.

Is ether3 your Trunk port ?
 
thurin
just joined
Topic Author
Posts: 7
Joined: Tue Jul 19, 2022 9:57 pm

Re: VLANs on Hap AC3 as access point.

Thu Jul 21, 2022 3:30 pm

Ah, ok, thanks Zacharias!

Yes, eth3 is the trunk, and yes I only want it as AP. So do I need to set tags on the trunk interface (eth3) and then PVID on access ports and PVID for management VLAN on bridge?

So more like this:
/interface bridge
add name=BR1 protocol-mode=none vlan-filtering=yes
/interface wifiwave2
set [ find default-name=wifi1 ] configuration.country="Some Place" \
    .hide-ssid=yes .mode=ap .ssid=Wifi_Private_Slow disabled=no \
    security.authentication-types=wpa2-psk
set [ find default-name=wifi2 ] configuration.country="Some Place" \
    .hide-ssid=yes .mode=ap .ssid=Wifi_Private_Fast disabled=no \
    security.authentication-types=wpa2-psk
add configuration.country="Some Place" .mode=ap .ssid=Wifi_Guest_Slow \
    disabled=no mac-address= master-interface=wifi1 name=\
    wifi3 security.authentication-types=wpa2-psk
add configuration.country="Some Place" .hide-ssid=yes .mode=ap .ssid=\
    Wifi_Guest_Fast disabled=no mac-address= \
    master-interface=wifi2 name=wifi4 security.authentication-types=wpa2-psk
/interface vlan
add interface=ether3 name=VLAN10 vlan-id=10
add interface=ether3 name=VLAN20 vlan-id=20
/interface bridge port
add bridge=BR1 interface=ether3
add bridge=BR1 interface=wifi1 pvid=10
add bridge=BR1 interface=wifi2 pvid=10
add bridge=BR1 interface=wifi3 pvid=20
add bridge=BR1 interface=wifi4 pvid=20
/ip settings
set ip-forward=no
/ip address
add address=10.10.10.2/24 interface=VLAN10 network=10.10.10.0
add address=20.20.20.2/24 interface=VLAN20 network=20.20.20.0
add address=192.168.1.2 interface=BR1 network=192.168.1.2
/ip dhcp-relay
add dhcp-server=10.10.10.1 disabled=no interface=VLAN10 name=VLAN10-RELAY
add dhcp-server=20.20.20.1 disabled=no interface=VLAN20 name=VLAN20-RELAY
/system identity
set name=SOME_AP
Appreciate the help.
 
erlinden
Forum Guru
Forum Guru
Posts: 1921
Joined: Wed Jun 12, 2013 1:59 pm
Location: Netherlands

Re: VLANs on Hap AC3 as access point.

Thu Jul 21, 2022 3:52 pm

I think that:
  • /interface vlan
    add interface=BR1 name=VLAN10 vlan-id=10
    add interface=BR1 name=VLAN20 vlan-id=20
  • /interface bridge port
    add bridge=BR1 interface=ether3 frame-types=admit only VLAN tagged
    add bridge=BR1 interface=wifi1 pvid=10 frame-types=admit only untagged and priority tagged
    add bridge=BR1 interface=wifi2 pvid=10 frame-types=admit only untagged and priority tagged
    add bridge=BR1 interface=wifi3 pvid=20 frame-types=admit only untagged and priority tagged
    add bridge=BR1 interface=wifi4 pvid=20 frame-types=admit only untagged and priority tagged
  • /ip settings
    set ip-forward=no
    /ip address
    add address=10.10.10.2/24 interface=VLAN10 network=10.10.10.0
    add address=20.20.20.2/24 interface=VLAN20 network=20.20.20.0
    add address=192.168.1.2 interface=BR1 network=192.168.1.2
    /ip dhcp-relay
    add dhcp-server=10.10.10.1 disabled=no interface=VLAN10 name=VLAN10-RELAY
    add dhcp-server=20.20.20.1 disabled=no interface=VLAN20 name=VLAN20-RELAY


    ...can all be removed (just may want to add a DHCP client or manage on MAC ADDRESS)
That's it.
 
Zacharias
Forum Guru
Forum Guru
Posts: 3459
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: VLANs on Hap AC3 as access point.

Thu Jul 21, 2022 3:59 pm

can all be removed
I don't agree.
Everything except, the Relay, the set ip-forward=no and the add address=192.168.1.2 interface=BR1 network=192.168.1.2, look totally fine to me.
Including the corrections i made in my previous post.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19125
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: VLANs on Hap AC3 as access point.  [SOLVED]

Thu Jul 21, 2022 7:01 pm

Never mind the bickering of the side help......... ;-)))
Although zach is pretty close to the mark!
interface bridge
add name=BR1 protocol-mode=none vlan-filtering=yes
/interface wifiwave2
set [ find default-name=wifi1 ] configuration.country="Some Place" \
    .hide-ssid=yes .mode=ap .ssid=Wifi_Private_Slow disabled=no \
    security.authentication-types=wpa2-psk
set [ find default-name=wifi2 ] configuration.country="Some Place" \
    .hide-ssid=yes .mode=ap .ssid=Wifi_Private_Fast disabled=no \
    security.authentication-types=wpa2-psk
add configuration.country="Some Place" .mode=ap .ssid=Wifi_Guest_Slow \
    disabled=no mac-address= master-interface=wifi1 name=\
    wifi3 security.authentication-types=wpa2-psk
add configuration.country="Some Place" .hide-ssid=yes .mode=ap .ssid=\
    Wifi_Guest_Fast disabled=no mac-address= \
    master-interface=wifi2 name=wifi4 security.authentication-types=wpa2-psk
/interface vlan
add interface=BR1 name=VLAN10 vlan-id=10
add interface=BR1 name=VLAN20 vlan-id=20  {Optional - only need to define trusted subnet,  no harm to put this here }
/interface list
add name=MANAGE
/interface list members
add interface=VLAN10 list=MANAGE
/ip neighbor discovery-settings
set discover-interface-list= MANAGE
/interface bridge port
add bridge=BR1 interface=ether3  ingress-filtering=yes  frame-types=admit-only-vlan-tagged
add bridge=BR1 interface=wifi1 pvid=10  ingress-filtering=yes  frame-types=admit-priority-and-untagged
add bridge=BR1 interface=wifi2 pvid=10  ingress-filtering=yes  frame-types=admit-priority-and-untagged
add bridge=BR1 interface=wifi3 pvid=20  ingress-filtering=yes  frame-types=admit-priority-and-untagged
add bridge=BR1 interface=wifi4 pvid=20   ingress-filtering=yes  frame-types=admit-priority-and-untagged
/interface bridge vlan
add bridge=BR1 tagged=BR1,ether3 untagged=wifi1,wifi2  vlan-ids=10
add bridge=BR1 tagged=ether3 untagged=wifi3,wifi4  vlan-ids=20
/ip address
add address=10.10.10.2/24 interface=VLAN10 network=10.10.10.0
/ip dns
set allow-remote-requests=yes servers=10.10.10.1 comment="dns through trusted subnet gateway"
/ip route
add disabled=no dst-address=0.0.0.0/0 gateway=10.10.10.1 comment="ensures route avail through trusted subnet gateway"
/tool mac-server
set allowed-interface-list=none
/tool mac-server mac-winbox
set allowed-interface-list=MANAGE
 
thurin
just joined
Topic Author
Posts: 7
Joined: Tue Jul 19, 2022 9:57 pm

Re: VLANs on Hap AC3 as access point.

Thu Jul 21, 2022 8:05 pm

Lol anav! side help....

Really appreciate all of the input guys, and thanks for supplying a whole config anav, above and beyond amigo. I'll have another crack at it, fingers crossed....

Hopefully this thread will be of use to other newbies wondering how to make this configuration work. I'll be sure to mark it solved when I'm up and running.
 
Zacharias
Forum Guru
Forum Guru
Posts: 3459
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: VLANs on Hap AC3 as access point.

Thu Jul 21, 2022 9:23 pm

Although zach is pretty close to the mark!
:lol:
I don't see anything different in your config than what i suggested...
 
thurin
just joined
Topic Author
Posts: 7
Joined: Tue Jul 19, 2022 9:57 pm

Re: VLANs on Hap AC3 as access point.

Thu Jul 21, 2022 9:37 pm

It works! Hallelujah!

Thank you so much anav, zach and erlinden.

I can get on with my life now. And I no longer have an expensive paperweight. Oh, and I can toss that crappy TPLink in the trash too. Brilliant! :D
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19125
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: VLANs on Hap AC3 as access point.

Thu Jul 21, 2022 9:40 pm

Although zach is pretty close to the mark!
:lol:
I don't see anything different in your config than what i suggested...
Details minor details..............
 
Zacharias
Forum Guru
Forum Guru
Posts: 3459
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: VLANs on Hap AC3 as access point.

Thu Jul 21, 2022 9:42 pm


:lol:
I don't see anything different in your config than what i suggested...
Details minor details..............
Like ?
You mean not posting a working config ?
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19125
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: VLANs on Hap AC3 as access point.

Thu Jul 21, 2022 10:24 pm

Lets just say, some have a habit of not finishing things,............
 
thurin
just joined
Topic Author
Posts: 7
Joined: Tue Jul 19, 2022 9:57 pm

Re: VLANs on Hap AC3 as access point.

Thu Jul 21, 2022 11:44 pm

Oops - just one more question - how do I grab dhcp from my router/gw @ 10.10.10.1? Thanks.

Edit: ah wait, my bad, my firewall is blocking bogons on the lan gw. Doh!
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19125
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: VLANs on Hap AC3 as access point.

Fri Jul 22, 2022 6:59 am

Firewall?
Do you mean on the main router? Is it also an MT device if so, you should have posted the config as well.

Personally I would set up the IP address of the AP/Switch manually, which is in effect what you have done
by setting up the IP address of the Management VLAN on the AP/Switch. This is the address for the ap/switch.
Just ensure its a vlan IP not in use.
Then copy the mac address, and on the main router add the IP address and mac manually to DHCP leases and make it permanent/static.

Who is online

Users browsing this forum: Bing [Bot] and 17 guests