Community discussions

 
nashchris
just joined
Topic Author
Posts: 1
Joined: Thu Jul 12, 2018 11:46 am

UBNT and Mikrotik VLAN solution

Thu Jul 12, 2018 12:11 pm

Hi.
My boss wants to start using VLANs on one of our networks - so I have been thrown into the deep end here a bit.
I think my biggest problem is that I don't seem to quite grasp how VLAN tagging works (it anyone has a link to a free video that would be great).

I have successfully setup-by-YouTube the UBNT Edgeswitch and the 7 VLANs are working fine. Now I need to push the VLANs through to the outside buildings which are connected by a Mikrotik Nstream network.

The setup is basically as follows (attached as file):

Edgeswitch ---> RB1 (SXT) ---> RB2 (433 - Highsite) ---> RB3 (LHG) ---> UniFi AP (VLAN3)
---> RB4 (LHG) ---> UniFi AP (VLAN4)
---> RB5 (LHG) ---> UniFi AP (VLAN5)

The port on the Edgeswitch is set up in VLAN6 as a U Trunk port with VLANs 3, 4, and 5 as T.
WLAN and Eth1 on RB1 and RB2 are bridged, so they should pass the VLAN info through???
If I then on the LHG's add the WLAN to VLAN6 U and then the ETH1 to VLAN4 T I don't get any traffic.

Clearly I am not doing this right. Can someone perhaps point me in the right direction?
You do not have the required permissions to view the files attached to this post.
 
Sob
Forum Guru
Forum Guru
Posts: 3225
Joined: Mon Apr 20, 2009 9:11 pm

Re: UBNT and Mikrotik VLAN solution

Fri Jul 13, 2018 8:54 pm

Find out how far they get from SW1. Use Tools->Torch on RB1 and looks for tagged packets coming from SW1 (they'll have a number in VLAN column). You'll need to make sure that SW1 is sending some. I don't know what exactly you configured, but if you have some device connected to SW1 in given VLAN, there should be some broadcast traffic. If you don't do VLAN filtering on RB, tagged packets will pass to other bridged interfaces. So look for them on interface connected to RB2, then on RB on interface from RB1, etc...
 
sindy
Forum Guru
Forum Guru
Posts: 1751
Joined: Mon Dec 04, 2017 9:19 pm

Re: UBNT and Mikrotik VLAN solution

Fri Jul 13, 2018 9:52 pm

I think my biggest problem is that I don't seem to quite grasp how VLAN tagging works (it anyone has a link to a free video that would be great).
VLAN tagging inserts four bytes between the MAC addresses at the very beginning of an Ethernet frame and the rest of that frame, the first two bytes inserted are an Ethertype code indicating that the other two bytes contain 12 bits of VLAN ID, 3 bits of CoS (priority) marker and one bit whose purpose I don't remember.

On "access" ports, frames coming from the wire are marked with a tag carrying the ID of the VLAN to which the port belongs; in the opposite direction, the tag is removed from frames bearing a tag with the access port's VLAN ID. Frames tagged with any other VLAN ID are not forwarded to the wire.

On "trunk" ports, only tagged frames are let in and out without modification (tagging or untagging).

"Hybrid" ports are a combination of the two above - one VLAN ID, called the "default" one or pvid, is handled like on an access port, all the other ones are handled like on a trunk port.

VLAN ID 0 is reserved for cases where the frame doesn't belong to any VLAN but you need the tag to transport the CoS bits. VLAN ID 1 is handled various ways by various vendors so better avoid using it.

End of video.

The port on the Edgeswitch is set up in VLAN6 as a U Trunk port with VLANs 3, 4, and 5 as T.
That sounds like it is a hybrid port on which VLANs 3 to 6 are permitted, and out of these four, VLAN 6 is the default one, i.e. is handled like on an access port.

WLAN and Eth1 on RB1 and RB2 are bridged, so they should pass the VLAN info through???
This is true if both member ports of the bridge are Ethernet ones. Standard wireless frames do not support VLAN tags because their structure is different than that of the wired Ethernet frames, and use of nstreme or nv2 doesn't seem to change anything about that. So to transport VLANs over a wireless link, you need to use this setup which makes the Mikrotiks use a proprietary wireless frame structure. The key is to set wireless interface mode to bridge at one end of the link and to station-bridge on the other; in your case, RB2 will be in bridge mode (AP) and RB1, RB3, RB4, RB5 in station-bridge.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace each occurrence of any public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
doush
Long time Member
Long time Member
Posts: 580
Joined: Thu Jun 04, 2009 3:11 pm

Re: UBNT and Mikrotik VLAN solution

Sat Jul 14, 2018 10:33 am

Dont create any VLANS etc.. on your Mikrotik equipment !
Just bridge the WLAN and ETH ports of all of them.
 
User avatar
Steveocee
Long time Member
Long time Member
Posts: 607
Joined: Tue Jul 21, 2015 10:09 pm
Location: UK
Contact:

Re: UBNT and Mikrotik VLAN solution

Sat Jul 14, 2018 8:47 pm

^^^ This.

Let the UBNT kit do the tagging and untagging and leave the MikroTik kit in the middle effectively as "dumb" for bridging.

On my home setup I have vlans attached to my main LAN bridge on the main router, all other kit is "dumb" switched and my Unifi AP's do VLAN tagging on wifi entering via various SSID's. Works perfectly.
Steve "Steveocee" Carter
PC Gamer, Airsofter, Networking Nerd
My Website - My MikroTik Tutorials

Who is online

Users browsing this forum: No registered users and 11 guests