Community discussions

MikroTik App
 
QwertyRB
just joined
Topic Author
Posts: 2
Joined: Wed Aug 03, 2022 12:57 am

VLANS BY PORTS AND ONE WIRELESS

Wed Aug 03, 2022 1:26 am

Hello everyone, sorry for my English and lack of knowledge in networks.
I've been configuring it for 3 days and I've almost finished it.


With a router "RB962UiGS-5HacT2HnT" have two networks that do not have communication between them. One of them will have internet access and the other will not. Having a single SSID of 2.4GHz and 5 GHz, when users connect to it, if it is registered in the access list, it will go to the corresponding VLAN, otherwise to the default, which is without internet. What has been said so far works fine for me.
I still need to configure the ethernet ports, if something similar like Wi-Fi can be done, if it is not possible, configure the ports to a VLAN.

Any link or explanation would be very helpful. Thank you very much to all.
Diagrama sin título.drawio.png
Captura.PNG
You do not have the required permissions to view the files attached to this post.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: VLANS BY PORTS AND ONE WIRELESS

Wed Aug 03, 2022 2:29 am

Post your current config..
/export but just ensure you dont use real numbers for your ISP info, WANIP, WAN Gateway IP etc.
 
QwertyRB
just joined
Topic Author
Posts: 2
Joined: Wed Aug 03, 2022 12:57 am

Re: VLANS BY PORTS AND ONE WIRELESS

Wed Aug 03, 2022 2:56 am

/interface bridge
add name=BRIDGE_VLAN
add name=BRIDGE_WAN
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n country=spain disabled=no mode=\
    ap-bridge ssid=WIFIONE vlan-id=100 vlan-mode=use-tag wireless-protocol=\
    802.11 wps-mode=disabled
set [ find default-name=wlan2 ] country=spain default-forwarding=no disabled=no \
    mode=ap-bridge ssid=WIFIONE vlan-id=100 vlan-mode=use-tag wps-mode=disabled
/interface vlan
add interface=BRIDGE_VLAN name=VLAN_100 vlan-id=100
add interface=BRIDGE_VLAN name=VLAN_200 vlan-id=200
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys \
    supplicant-identity=MikroTik wpa2-pre-shared-key=12345678
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/ip pool
add name=dhcp_pool0 ranges=192.168.100.2-192.168.100.254
add name=dhcp_pool1 ranges=192.168.200.2-192.168.200.254
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=VLAN_100 name=dhcp1
add address-pool=dhcp_pool1 disabled=no interface=VLAN_200 name=dhcp2
/interface bridge port
add bridge=BRIDGE_WAN interface=ether1
add bridge=BRIDGE_VLAN interface=ether2
add bridge=BRIDGE_VLAN interface=ether3
add bridge=BRIDGE_VLAN interface=ether4
add bridge=BRIDGE_VLAN interface=ether5 pvid=200
add bridge=BRIDGE_VLAN interface=wlan1
add bridge=BRIDGE_VLAN interface=wlan2
/interface wireless access-list
add interface=wlan2 mac-address=3A:52:25:E7:C0:2D vlan-id=200 vlan-mode=use-tag
/ip address
add address=192.168.100.1/24 interface=VLAN_100 network=192.168.100.0
add address=192.168.200.1/24 interface=VLAN_200 network=192.168.200.0
/ip dhcp-client
add disabled=no interface=BRIDGE_WAN
/ip dhcp-server network
add address=192.168.100.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.100.1
add address=192.168.200.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.200.1
/ip firewall nat
add action=masquerade chain=srcnat out-interface=BRIDGE_WAN
/system clock
set time-zone-name=Europe/Madrid
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: VLANS BY PORTS AND ONE WIRELESS

Wed Aug 03, 2022 3:23 am

(1) There typically is no need to have a bridge WAN.

(2) There is no need to add vlans to wifi settings, its better to let the vlans do the walking.

(3) You are missing firewall rules????
Is there a router in front of the mikrotik and not a modem device (Do you get a public IP on the Mikrotik)

(4) Your config is confused during wifi settings (/interface wireless) I did notice you referred to WAN2 and vlan100.
However later, on an access list setting, which I am not sure why you are using, you refer to WAN2 and VLAN200

Okay it looks like your diagram cleared up the mystery, your /interface wireless settings are incorrect but luckily by following the correct format, you will remove the wifi vlan settings anyway.
Also, remove the access list entry, not required.

(5) It looks like there are no smart devices downstream, (separate AP or switch that can read vlan tags etc.) and thus all ports are access ports.

(6) I have a modified config once I get some clarity on firewall rules and other missing rules.

Did you export the complete config (minus public ISP IP info)????

Who is online

Users browsing this forum: Ahrefs [Bot], Bing [Bot], giovanniv and 36 guests