Community discussions

 
merdenoms
just joined
Topic Author
Posts: 6
Joined: Mon May 28, 2018 8:51 am

How to set up vlan on it's own subnet?

Sun Oct 14, 2018 7:25 am

I have been trying to figure this out all day. I have a Ubiquiti Edgerouter X that I am using for my primary router. I have a Mikrotik CRS109 that I am using as an AP which is connected to the Edgerouter.

I have basic functionality working but I cannot get VLANS working. I have the Mikrotik connected to 1 port on the Edgerouter. The Edgerouter port uses 192.168.84.0/24 for DHCP and a gateway of 192.168.84.1.

I just want to want to be able to plug into a specific Eth port on my Mikro and connect to a different subnet that I specify. Or put wlan1 on it's own VLAN and subnet. In the example I'm posting below, I tried putting wlan1 on VLAN 90 with the network 192.168.90.x

If I connect to WIFI with a device, it is still given an IP of 192.168.84.x
I want an IP of 192.168.90.x
Can someone look at my config?
/interface bridge
add admin-mac=00:00:00:00:00:00 auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \
    disabled=no distance=indoors frequency=auto mode=ap-bridge ssid=MYAP \
    vlan-id=90 vlan-mode=use-tag wireless-protocol=802.11
/interface ethernet
set [ find default-name=ether1 ] speed=100Mbps
set [ find default-name=ether2 ] speed=100Mbps
set [ find default-name=ether3 ] speed=100Mbps
set [ find default-name=ether4 ] speed=100Mbps
set [ find default-name=ether5 ] speed=100Mbps
set [ find default-name=ether6 ] speed=100Mbps
set [ find default-name=ether7 ] speed=100Mbps
set [ find default-name=ether8 ] speed=100Mbps
set [ find default-name=sfp1 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
/interface vlan
add interface=wlan1 name="VLAN 90" vlan-id=90
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=\
    dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=\
    "WIFIPASS" wpa2-pre-shared-key="WIFIPASS"
/ip pool
add name=dhcp ranges=192.168.88.81-192.168.88.139
add comment="This is the address scope for VLAN 90 network." name=vlan90_pool \
    ranges=192.168.90.2-192.168.90.100
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
add address-pool=vlan90_pool disabled=no interface="VLAN 90" lease-time=5m \
    name=DHCP_VLAN90 relay=192.168.90.1
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=sfp1
add bridge=bridge comment=defconf interface=wlan1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether2 network=\
    192.168.88.0
add address=192.168.90.1/24 interface="VLAN 90" network=192.168.90.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=\
    ether1
add dhcp-options=hostname,clientid disabled=no interface=bridge
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
add address=192.168.90.0/24 gateway=192.168.90.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
/lcd pin
set hide-pin-number=yes pin-number=1337
/lcd interface pages
set 0 interfaces=wlan1
/system clock
set time-zone-name=America/Chicago
/system routerboard settings
set silent-boot=no
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
 
User avatar
xvo
Member
Member
Posts: 321
Joined: Sat Mar 03, 2018 1:12 am
Location: Moscow, Russia

Re: How to set up vlan on it's own subnet?

Sun Oct 14, 2018 11:09 am

You don't need VLANs for what you are trying to achieve: just remove wlan1 from the bridge and attach ip configuration to it directly.

Who is online

Users browsing this forum: No registered users and 22 guests