Community discussions

MikroTik App
 
fdrcrtl
just joined
Topic Author
Posts: 3
Joined: Fri May 22, 2020 5:39 pm

First office lab setup, need help with VLANs

Thu Apr 13, 2023 8:26 pm

Hi forum, I'm trying to achieve this configuration and in the meantime some questions arise..

Image

I'd like to use the "ISP ROUTER" subnet for:
- default gateway (double nat isn't a problem, just for testing)
- management subnet for all the RB and APs
- static ip for the CAPsMAN manager (CRS112)

The CRS112 will be used for serving VLANs + DHCP and will be the default gateway for them. Port 1-7 will be trunk and 8 for WAN uplink to ISP ROUTER.
The APs will have separate SSID associated with the VLANs (PVID?), i'd like to use the hAP AC2 as AP + switch (2+2 port for VLAN11 and 12)

First question: I can't really understand where put VLAN interfaces. On each eth without bridge? On the eth1 then bridge the others eth? On the bridge (port member 1-7)? On bridge menu / VLANs?
Second question: How can I "extend" the default ISP ROUTER subnet to the other APs?

I'm not fully confident about this setup, any help or advice is appreciated :wink:
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: First office lab setup, need help with VLANs

Thu Apr 13, 2023 9:52 pm

I think requirements drive both design and config but keeping your design as is....

Sure just assign the LAN subnet coming from the ISP router a vlan tag on the way into the CRS.
Then you can distribute it tagged or untagged as you require.
 
fdrcrtl
just joined
Topic Author
Posts: 3
Joined: Fri May 22, 2020 5:39 pm

Re: First office lab setup, need help with VLANs

Fri Apr 14, 2023 10:34 pm

Ty anav, I'm moving forward and I would like to keep you updated so as to improve or correct any errors.
Next step will be configure CAPsMAN on the CSR112 and setup ssid with separate VID

Some other questions/improvements:
- For CAPsMAN manager i'd like to use an internal management, how to do it? Dhcp client of the APs need to be different?
- Using the ISP ROUTER subnet from a port of an access port of a remote AP, the ingress of that port need a PVID set?
- For blocking inter-VLAN routing is better to use vlan filtering or firewall?

Thank you!

CSR112
/interface bridge
add admin-mac=48:A9:8A:73:8F:B5 auto-mac=no name=bridge
/interface vlan
add interface=bridge name=vlan10 vlan-id=10
add interface=bridge name=vlan11 vlan-id=11
add interface=bridge name=vlan12 vlan-id=12
/ip pool
add name=dhcp_pool0 ranges=192.168.11.2-192.168.11.254
add name=dhcp_pool1 ranges=192.168.12.2-192.168.12.254
/ip dhcp-server
add address-pool=dhcp_pool0 interface=vlan11 name=dhcp1
add address-pool=dhcp_pool1 interface=vlan12 name=dhcp2
/interface bridge port
add bridge=bridge interface=ether1
add bridge=bridge interface=ether2
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4
add bridge=bridge interface=ether5
add bridge=bridge interface=ether6
add bridge=bridge interface=ether7
add bridge=bridge interface=ether8 pvid=10
/interface bridge vlan
add bridge=bridge tagged=ether1,ether2,ether3,ether4,ether5,ether6,ether7 vlan-ids=10
add bridge=bridge tagged=ether1,ether2,ether3,ether4,ether5,ether6,ether7 vlan-ids=11
add bridge=bridge tagged=ether1,ether2,ether3,ether4,ether5,ether6,ether7 vlan-ids=12
/ip address
add address=192.168.11.1/24 interface=vlan11 network=192.168.11.0
add address=192.168.12.1/24 interface=vlan12 network=192.168.12.0
/ip dhcp-server network
add address=192.168.11.0/24 dns-server=192.168.11.1 gateway=192.168.11.1
add address=192.168.12.0/24 dns-server=192.168.12.1 gateway=192.168.12.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,1.1.1.1

cAP XL AC
/interface bridge
add name=bridge1
/interface bridge port
add bridge=bridge1 ingress-filtering=no interface=ether1
add bridge=bridge1 ingress-filtering=no interface=ether2
add bridge=bridge1 interface=wlan1
add bridge=bridge1 interface=wlan2
/interface bridge vlan
add bridge=bridge1 tagged=ether1,ether2,wlan1,wlan2 vlan-ids=11
add bridge=bridge1 tagged=ether1,ether2,wlan1,wlan2 vlan-ids=12
add bridge=bridge1 tagged=ether1,ether2 vlan-ids=10
/ip dhcp-client
add interface=bridge1

hAP AC2
/interface bridge
add ingress-filtering=no name=bridge1 vlan-filtering=yes
/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4 pvid=11
add bridge=bridge1 interface=ether5 pvid=12
add bridge=bridge1 interface=wlan1
add bridge=bridge1 interface=wlan2
/interface bridge vlan
add bridge=bridge1 tagged=ether1 untagged=ether4 vlan-ids=11
add bridge=bridge1 tagged=ether1 untagged=ether5 vlan-ids=12
add bridge=bridge1 tagged=ether1 untagged=ether3 vlan-ids=10
/ip dhcp-client
add interface=bridge1

Who is online

Users browsing this forum: Amazon [Bot], LTS12 and 36 guests