Community discussions

MikroTik App
 
SSteve
just joined
Topic Author
Posts: 4
Joined: Sun Aug 21, 2022 9:40 pm

Missing a step getting guest WiFi enabled?

Sun Aug 21, 2022 11:00 pm

I have an SXT LTE router. I've been using an Apple Time Capsule as my router but I want to switch it to just a wireless access point. The Time Capsule uses VLAN 1003 for the guest network. I'm trying to use that information to configure the MikroTik router.

Here's what I've done so far.
/interface vlan
add interface=ether1 name=guest_network vlan-id=1003

/ip pool
add name=guest_dhcp ranges=192.168.30.100-192.168.30.200

/ip dhcp-server
add address-pool=guest_dhcp disabled=no interface=guest_network lease-time=1h name=\
    guest_server

/ip address
add address=192.168.30.1/24 comment="For guest wireless network" interface=\
    guest_network network=192.168.30.0

/ip dhcp-server network
add address=192.168.30.0/24 dns-server=8.8.8.8 domain=omthego.local gateway=192.168.30.1 \
    netmask=24

When I connect a device to the guest wireless network, it gets an IP address in the 192.168.30.x range but it doesn't see an internet connection. I can see traffic on the guest_network interface in RouterOS.

It seems like I've missed the step that connects the vlan to the internet. I'm a software developer, not a networking expert, so a lot of these concepts are foreign to me. I know the basics for keeping a consumer home network running, but I've never worked with VLANs before. How can I get the 1003 VLAN to see the internet?
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19107
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Missing a step getting guest WiFi enabled?

Tue Aug 23, 2022 3:12 pm

To recap the time capsule will accept normal untagged traffic for wifi output and on top of that WIILL accept a tagged stream of data vlan in the same port for guest wifi?
In other words the time capsule input port can act as a hybrid port??

From quick search.......
If you are asking about the Guest Network feature on the AirPort, this feature only will work correctly when the AirPort is set up as a DHCP and NAT router.
The AirPort Extreme is simply not designed to work with VLAN from another router, if that might be what you are asking about.


I suspect what you are asking is not possible.
 
SSteve
just joined
Topic Author
Posts: 4
Joined: Sun Aug 21, 2022 9:40 pm

Re: Missing a step getting guest WiFi enabled?

Tue Aug 23, 2022 8:06 pm

Oops. I forgot to add a link to this blog post where the author is doing exactly what I'm trying to do but with an ActionTech router. I'm not sure how to translate the ActionTech configuration to the MikroTik.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19107
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Missing a step getting guest WiFi enabled?

Tue Aug 23, 2022 9:44 pm

Okay so you are saying that the apple airport can be viewed as providing a hybrid port.
Untagged traffic from the LAN reaches the time capsule as the main wifi.
Internally if you activate guest wifi, the apple handles this a a tagged vlan1003 ......

So lets say you had the main subnet as vlan10
Add the guest vlan1003 on the router just like any other vlan.........

Lets say port 5 was the port to the apple. We will have to treat this as a hybrid port as the apple cannot handle vlans in general but we know it can work with vlan1003

Add bridge=bridgerouter
/interface vlans
add interface=bridgerouter name=mainsubnet10 vlan-ids=10
add interface=bridgerouter name=appleguest1003 vlan-ids=1003

/interface bridge ports
add bridge=bridgerouter interface=ether5 pvid=10

/interface bridge vlans
add bridge=bridgerouter tagged=bridgerouter,ether2 untagged=ether5,ether3 vlan-ids=10
add bridge=bridgerouter tagged=bridgerouter,ether5 vlan-id=1003

Assuming mainsubnet is used in other places............. ( pc on port 3 and to smart switch on port 2)
 
User avatar
k6ccc
Forum Guru
Forum Guru
Posts: 1490
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)
Contact:

Re: Missing a step getting guest WiFi enabled?

Tue Aug 23, 2022 9:50 pm

Yes anav, lots of APs handle a guest network just that way. There are other ways that are also used as well.
You just need to set up the port as a hybred with the main lan untagged and a VLAN that will become the guest SSID.
I could describe in detail how to do that in SwitchOS, but not RouterOS.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19107
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Missing a step getting guest WiFi enabled?

Tue Aug 23, 2022 9:58 pm

Its not that common, Apple hides this feature and I am only aware of Ubiquiti that has this bastardized outlook on life.
A smart device should be able to trunk port in all vlans period or have the option to do it either way of course.
 
User avatar
k6ccc
Forum Guru
Forum Guru
Posts: 1490
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)
Contact:

Re: Missing a step getting guest WiFi enabled?

Tue Aug 23, 2022 10:39 pm

I assume the logic is that for the vast majority of users who have no idea what a VLAN is, nor have any hardware that supports VLANs, having non-tagged traffic become the "normal" SSID means that it will just work. Advanced users are more likely to have the VLAN hardware and enough knowledge to make use of it.
Personally, my WiFi uses non-tagged traffic for management, and all the SSIDs are assigned to various VLANs. But I am NOT using consumer WiFi (using Meraki enterprise hardware).
 
SSteve
just joined
Topic Author
Posts: 4
Joined: Sun Aug 21, 2022 9:40 pm

Re: Missing a step getting guest WiFi enabled?

Fri Aug 26, 2022 11:20 pm

Lets say port 5 was the port to the apple. We will have to treat this as a hybrid port as the apple cannot handle vlans in general but we know it can work with vlan1003
I realize I left out another important piece of information which is my hardware configuration. It's frustrating and humbling to be the guy people usually call with their computer questions but to be so completely lacking in knowledge about this area that I leave out essential information.

The MikroTik router is in the cell antenna on my roof. A cable connected to ether1 comes into my house. That's plugged in (through a PoE adapter) to the Time Capsule's WAN port. Two of its LAN ports connect to hubs which my devices are plugged in to. The third LAN port goes to a NAS.

I'm not sure how to convert the ether2 and ether3 ports in your instructions to my setup. I doubt I can just change all the ports to "ether1".

Thanks for your continued assistance. I truly appreciate it. I feel like I'm almost there.
 
SSteve
just joined
Topic Author
Posts: 4
Joined: Sun Aug 21, 2022 9:40 pm

Re: Missing a step getting guest WiFi enabled?

Tue Dec 20, 2022 3:54 am

I finally got this figured out with some help from my ISP. In case it's helpful to someone else in the future, here are the settings I used:
/interface vlan
add interface=ether1 name=guest_network vlan-id=1003
		
/ip pool
add name=dhcp ranges=192.168.88.40-192.168.88.200
add name=guest_dhcp ranges=192.168.30.100-192.168.30.200
		
/ip dhcp-server
add address-pool=dhcp disabled=no interface=ether1 lease-time=1d1h name=server1
add address-pool=guest_dhcp disabled=no interface=guest_network lease-time=1h name=guest_server
		
/ip address
add address=192.168.88.1/24 interface=ether1 network=192.168.88.0
add address=192.168.30.1/24 comment="For guest wireless network" interface=guest_network network=192.168.30.0
		
/ip dhcp-server network
add address=192.168.30.0/24 dns-server=8.8.8.8 domain=omthego.local gateway=192.168.30.1 netmask=24
add address=192.168.88.0/24 dns-server=192.168.88.1 domain=omthego.local gateway=192.168.88.1 netmask=24
		
/ip firewall nat
add action=masquerade chain=srcnat src-address=192.168.30.0/24
The final step to getting it working was adding the
/ip firewall nat
setting.

Who is online

Users browsing this forum: No registered users and 26 guests