Community discussions

MikroTik App
 
kuiera
just joined
Topic Author
Posts: 16
Joined: Mon Feb 14, 2022 12:02 pm

VLan forward to eth port

Mon Feb 14, 2022 12:15 pm

Hello guys,

I need your help about a problem that I have in my company network. I dont know if it is possible to achieve thats Im here asking your for suggestions.

I created for my company a couple of VLANs to segment my network. I created the vlans on the right switch on different ports as Access ports and I have eth1 from switch side as trunk port.
I created 2 other vlans for the wifi devices so I can use different networks for guests and users of the company. The switch(eth1) of the right side is connected with router (fiber connection) to a router(router eth 5 port).
So my question is, If I can somehow forward the vlan 50 and vlan 60 that are the wifi vlans to the other switch on the left side because I have there unifi controller.

Thank guys in advance.
You do not have the required permissions to view the files attached to this post.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11439
Joined: Thu Mar 03, 2016 10:23 pm

Re: VLan forward to eth port

Mon Feb 14, 2022 9:32 pm

The answer to your (pretty general) description is: yes, you can forward a few VLANs from left to right. To get some concrete advice you'll have to post some concrete infornation, accompanied with existing configuration of mikrotik router 2 ...
 
kuiera
just joined
Topic Author
Posts: 16
Joined: Mon Feb 14, 2022 12:02 pm

Re: VLan forward to eth port

Tue Feb 15, 2022 12:17 pm

Hello MKX,
here are the configuration of the SWitch right side and the mikrotik Router 2

Router 2 configuration
# feb/15/2022 11:06:31 by RouterOS 6.29.1
# software id = GASL-42V9
#
/interface bridge
add name=bridge
/interface ethernet
set [ find default-name=ether2 ] comment="Main WAN"
set [ find default-name=ether5 ] comment=LAN
set [ find default-name=ether6 ] comment="Wifi Controller"
/ip neighbor discovery
set ether2 comment="Main WAN"
set ether5 comment=LAN
set ether6 comment="Wifi Controller"
/interface vlan
add interface=ether5 l2mtu=1594 name=vlan-10 vlan-id=10
add interface=ether5 l2mtu=1594 name=vlan-20 vlan-id=20
add interface=ether5 l2mtu=1594 name=vlan-30 vlan-id=30
add interface=ether5 l2mtu=1594 name=vlan-40 vlan-id=40
add interface=ether5 l2mtu=1594 name=vlan-99 vlan-id=99
add interface=ether5 l2mtu=1594 name=vlan-200 vlan-id=200
add interface=ether5 l2mtu=1594 name=vlan-201 vlan-id=201
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name="Wifi pool" ranges=192.168.200.50-192.168.200.200
add name=dhcp_pool1 ranges=192.168.110.50-192.168.110.200
add name=dhcp_pool2 ranges=192.168.120.50-192.168.120.200
add name=dhcp_pool3 ranges=192.168.130.50-192.168.130.200
add name=dhcp_pool4 ranges=192.168.130.50-192.168.130.200
add name=dhcp_pool5 ranges=192.168.140.50-192.168.140.200
add name=dhcp_pool6 ranges=192.168.201.50-192.168.201.200
/ip dhcp-server
add address-pool="Wifi pool" authoritative=yes disabled=no interface=vlan-200 \
    lease-time=10h10m name="Vlan200-Wifi dhcp"
add address-pool=dhcp_pool1 disabled=no interface=vlan-10 lease-time=8h10m \
    name="Vlan10 DHCP"
add address-pool=dhcp_pool2 disabled=no interface=vlan-20 lease-time=8h10m \
    name="Vlan20 DHCP"
add address-pool=dhcp_pool3 disabled=no interface=vlan-30 lease-time=8h10m \
    name="Vlan30 DHCP"
add address-pool=dhcp_pool5 disabled=no interface=vlan-40 lease-time=8h10m \
    name="Vlan40 DHCP"
add address-pool=dhcp_pool6 disabled=no interface=vlan-201 lease-time=1h10m \
    name="Vlan201-WifiGuest dhcp"
/port
set 0 name=serial0
/ppp profile
set [ find name=default ] name=default
set [ find name=default-encryption ] name=default-encryption
/interface bridge port
add bridge=bridge interface=ether5
add bridge=bridge interface=ether4
/ip address
add address=192.168.200.1/24 comment="Wifi Gateway" interface=vlan-200 \
    network=192.168.200.0
add address=192.168.110.1/24 comment="Vlan10 gateway" interface=vlan-10 \
    network=192.168.110.0
add address=192.168.120.1/24 comment="Vlan20 gateway" interface=vlan-20 \
    network=192.168.120.0
add address=192.168.130.1/24 comment="Vlan30 gateway" interface=vlan-30 \
    network=192.168.130.0
add address=192.168.199.1/24 comment="Mgt Vlan99 gateway" interface=vlan-99 \
    network=192.168.199.0
add address=192.168.140.1/24 comment="Vlan40 gateway" interface=vlan-40 \
    network=192.168.140.0
add address=192.168.201.1/24 comment="Wifi Guest Gateway" interface=vlan-201 \
    network=192.168.201.0
/ip dhcp-client
add default-route-distance=0 dhcp-options=hostname,clientid disabled=no \
    interface=ether2
/ip dhcp-server network
add address=192.168.110.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.110.1
add address=192.168.120.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.120.1
add address=192.168.130.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.130.1
add address=192.168.140.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.140.1
add address=192.168.200.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.200.1 \
    netmask=24
add address=192.168.201.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.201.1
/ip dns
set servers=8.8.8.8,8.8.4.4
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether2
/system routerboard settings
set cpu-frequency=500MHz protected-routerboot=disabled
/tool romon port
add disabled=no

Switch right side
# jan/17/1970 01:47:13 by RouterOS 6.47.9
# software id = 23E2-7FNY
#
# model = CRS326-24G-2S+
# serial number = DA750E0BD954
/interface bridge
add admin-mac=2C:C8:1B:E0:3A:B2 auto-mac=no comment=defconf name=bridge \
    vlan-filtering=yes
/interface ethernet
set [ find default-name=sfp-sfpplus1 ] disabled=yes
set [ find default-name=sfp-sfpplus2 ] disabled=yes
/interface vlan
add interface=bridge name=vlan-99 vlan-id=99
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface bridge port
add bridge=bridge comment=defconf interface=ether1
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=ether9 pvid=10
add bridge=bridge comment=defconf interface=ether10
add bridge=bridge comment=defconf interface=ether11 pvid=20
add bridge=bridge comment=defconf interface=ether12
add bridge=bridge comment=defconf interface=ether13 pvid=30
add bridge=bridge comment=defconf interface=ether14
add bridge=bridge comment=defconf interface=ether15 pvid=40
add bridge=bridge comment=defconf interface=ether16
add bridge=bridge comment=defconf interface=ether17
add bridge=bridge comment=defconf interface=ether18 pvid=200
add bridge=bridge comment=defconf interface=ether19
add bridge=bridge comment=defconf interface=ether20 pvid=200
add bridge=bridge comment=defconf interface=ether21
add bridge=bridge comment=defconf interface=ether22 pvid=200
add bridge=bridge comment=defconf interface=ether23 pvid=200
add bridge=bridge comment=defconf interface=ether24 pvid=200
/interface bridge vlan
add bridge=bridge tagged=ether1 untagged=ether9 vlan-ids=10
add bridge=bridge tagged=ether1 untagged=ether11 vlan-ids=20
add bridge=bridge tagged=ether1 untagged=ether13 vlan-ids=30
add bridge=bridge tagged=ether1 untagged=ether15 vlan-ids=40
add bridge=bridge tagged=ether1,bridge vlan-ids=99
add bridge=bridge tagged=ether1 untagged=\
    ether18,ether20,ether22,ether23,ether24 vlan-ids=200
/ip address
add address=192.168.199.11/24 interface=vlan-99 network=192.168.199.0
/system routerboard settings
set boot-os=router-os
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11439
Joined: Thu Mar 03, 2016 10:23 pm

Re: VLan forward to eth port

Wed Feb 16, 2022 8:23 am

Router is running ROS v 6.29 ... which is ancient. Even though it seems to be in LAN core and thus doesn't need firewall, I'd still install recent software (6.49.3) and configure it from scratch. The best way of doing it (from performance point of view) is not clear as we don't know the router model (yet).

And the diagram from your initial post doesn't correspond with configuration shown (diagram says WAN is ether9, configuration mentions ether2)

But if you want to keep running router at current SW version and assuming left side is connected to ether9, then you could do this:
/interface vlan
add interface=ether5 name=e5v50 vlan-id=50
add interface=ether5 name=e5v60 vlan-id=60
add interface=ether9 name=e9v50 vlan-id=50
add interface=ether9 name=e9v60 vlan-id=60

/interface bridge
add name=bridge_v50
add name=bridge_v60

/interface bridge port
add bridge=bridge_v50 interface=e5v50
add bridge=bridge_v50 interface=e9v50
add bridge=bridge_v60 interface=e5v60
add bridge=bridge_v60 interface=e9v60

But, as I wrote above, depending on router type and ROS version, there are at least two more configuration variants which might give much better performance and/or cleaner configuration.
 
kuiera
just joined
Topic Author
Posts: 16
Joined: Mon Feb 14, 2022 12:02 pm

Re: VLan forward to eth port  [SOLVED]

Fri Sep 30, 2022 8:32 am

Hello Mkx,
your solution didnt worked for me, but what I did was I connected 2 routers together directly and did a static route between them. So I managed to solve this problem like this.

Who is online

Users browsing this forum: dervomsee, Google [Bot] and 31 guests