Community discussions

 
User avatar
nano94
just joined
Topic Author
Posts: 14
Joined: Wed Oct 03, 2018 5:32 pm

2 VLANS with one WAN Uplink

Sat Nov 10, 2018 12:16 pm

Hi guys,

currently I try to setup the following on MikroTik RB2011UiAS-2HnD-IN.

1 WAN Uplink on ether1

Ports 2-5 on Switch1 with VLAN-ID 1 untagged

Ports 6-10 on Switch2 with VLAN-ID 2 untagged

WLAN1 with VLAN-ID1 untagged
Virtual-WLAN2 with VLAN-ID2 untagged

DHCP-Server with Network 192.168.2.0/24 on VLAN1
DHCP-Server with Network 192.168.1.0/24 on VLAN2

IP on VLAN1 (Company and MGMT of Router): 192.168.2.1
IP on VLAN2 (Private): 192.168.1.1

No connection between the VLANs (separation of company and private network).
Allow booth VLANs to use the WAN connection on ether1


I'm not able to setup this with a few articles from the internet. Currently it works with 2 bridges only. But this should not be the latest solution.

I hope someone is able to assist here :-)
Last edited by nano94 on Sun Nov 11, 2018 12:51 pm, edited 1 time in total.
 
anav
Forum Veteran
Forum Veteran
Posts: 952
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: 2 VLANS with one WAN Uplink

Sat Nov 10, 2018 9:34 pm

Both your VLANS have the same DHCP SErver??

By using two bridges, one for each LAN (say LAN1 LAN2) or one LAN on a bridge and one LAN by itself, there is no need for VLANS.
They will be separated. In firewall rules if your last forward rule is DROP ALL else, then your are good to go.
If you dont have this rule then simply state LAN1 to LAN2 drop and d LAN2 to LAN1 drop.
 
User avatar
nano94
just joined
Topic Author
Posts: 14
Joined: Wed Oct 03, 2018 5:32 pm

Re: 2 VLANS with one WAN Uplink

Sun Nov 11, 2018 12:51 pm

Both your VLANS have the same DHCP SErver??

By using two bridges, one for each LAN (say LAN1 LAN2) or one LAN on a bridge and one LAN by itself, there is no need for VLANS.
They will be separated. In firewall rules if your last forward rule is DROP ALL else, then your are good to go.
If you dont have this rule then simply state LAN1 to LAN2 drop and d LAN2 to LAN1 drop.

No, i want to use a DHCP-server for each VLAN. It was my fault :-)
 
anav
Forum Veteran
Forum Veteran
Posts: 952
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: 2 VLANS with one WAN Uplink  [SOLVED]

Sun Nov 11, 2018 7:14 pm

Turn safe mode ON.

Create new Bridge
Name: mybridge
(and keep VLAN filtering option oFF for now)

Vlan config (dont use vlan1 very confusing bad idea)
VLAN10 - company
VLAN20 - private

Bridge port config
eth2-10
interface: mybridge

Standard stuff:
ip addresses (for ex. address: 192.168.10.1/24 network: 192.168.10.0 inteface: mybridge)
ip pool (dhcp-work (192.168.10.2-192.168.10.100)
ip DHCP Server: DHCP (link to VLAN interface as required and IP pool), DHCP Network (as required format for address here is 192.168.10.0/24),

Go back to Bridge menu and select to the right the VLAN Tab
Double click on bridge name or add bridge name if not there,
- add VLANs (10, 20)
- add the bridge itself as tagged (mybridge)
- add all physical ports containing at least one VLAN (2-10)
(just to be clear there is only one bridge entry under this tab, in this case, so you use the add lines feature to add a single column of entries so to speak.)

Go back to the Bridge Tab on the Bridge Menu
double click on the Bridge name itself
Select the VLAN tab in the popup menu and select filtering (checkmark in the box).

If all is good, then its safe to UNDO Safe mode and try out the setup.
 
anav
Forum Veteran
Forum Veteran
Posts: 952
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: 2 VLANS with one WAN Uplink

Sun Nov 11, 2018 7:17 pm

one WAN means a simple masquerade rule assuming its a dynamic WANIP.
add chain=srcnat out-interface=wan action=masquerade

For firewall rules;
Depends
a. drop all else rule at end of forward chain you are good to go.
b. No such rule then you will need a VLAN10 to VLAN20 drop rule and a VLAN20 to VLAN10 drop rule.
 
User avatar
nano94
just joined
Topic Author
Posts: 14
Joined: Wed Oct 03, 2018 5:32 pm

Re: 2 VLANS with one WAN Uplink

Mon Nov 12, 2018 2:54 pm

Thank you all guys, so much. I've got it configured and working with a new bridge and 2 VLANs.

I've set the ip-addresses to the VLAN interfaces and configured PVIDs to the ports as well.

Have a great day!

Who is online

Users browsing this forum: mkx, RizONE and 13 guests