I have 3 vlan
1) vlan 11 lan 10.0.11.0/24
2) vlan 22 wifi 10.0.22.0/24
3) vlan 33 management 10.0.33.0/24
In the unifi AP I set up the static ip management vlan 33 with the address 10.0.33.100. In the same UniFi I have a second vlan 22 set to wifi.
In mikrotik in dhcp leasses I see a dynamic address with the same mac address as in vlan management.
It looks like AP that has vlan22 and vlan 33 (management) in dhcp leasses appears twice. Should it be like that?
Re: Dhcp leases - double mac address
No, the whole idea of VLANs is that they are separated from each other on L2 (below IP). Unless connecting device is VLAN aware (such example are your wifi APs).
Why it is not like that in your case? It could be configuration on router. It could be configuration on wifi APs. Impossible to tell without seeing complete configuration. Post router's configuration for starters ... execute /export hide-sensitive file=anynameyouwish, fetch resulting file, open it in text editor, redact sensitive information (wifi PSKs, public IP address, ...) and copy-paste contents here inside [code] [/code] environment.
Why it is not like that in your case? It could be configuration on router. It could be configuration on wifi APs. Impossible to tell without seeing complete configuration. Post router's configuration for starters ... execute /export hide-sensitive file=anynameyouwish, fetch resulting file, open it in text editor, redact sensitive information (wifi PSKs, public IP address, ...) and copy-paste contents here inside [code] [/code] environment.
Re: Dhcp leases - double mac address
Why it is not like that in your case? It could be configuration on router. It could be configuration on wifi APs. Impossible to tell without seeing complete configuration. Post router's configuration for starters ... execute /export hide-sensitive file=anynameyouwish, fetch resulting file, open it in text editor, redact sensitive information (wifi PSKs, public IP address, ...) and copy-paste contents here inside [code] [/code] environment.
Thank you for the quick reply. Forward-> drop-> all vlan but it's the same again
I have vlans created on mikrotik, and unifi ap has several vlan networks configured on wifi
Code: Select all
/interface bridge
add admin-mac=4C:5E:0C:3F:31:35 auto-mac=no name=bridge_sample_test \
protocol-mode=none
add name=bridge_vlan_140/150/160
/interface ethernet
set [ find default-name=ether1 ] name=ether1_wan
set [ find default-name=ether2 ] name=ether2_TRUNK_110
set [ find default-name=ether3 ] name=ether3_TRUNK_120
set [ find default-name=ether4 ] name=ether4_TRUNK_130
set [ find default-name=ether5 ] name=ether5_TRUNK_140/150/160
set [ find default-name=ether6 ] disabled=yes
set [ find default-name=ether7 ] disabled=yes
set [ find default-name=ether8 ] disabled=yes
set [ find default-name=ether9 ] disabled=yes
set [ find default-name=ether10 ] disabled=yes
set [ find default-name=ether11 ] disabled=yes
set [ find default-name=ether12 ] disabled=yes
set [ find default-name=ether13 ] disabled=yes
/interface vlan
add comment=DRUKARKI interface=bridge_vlan_140/150/160 name=DRUKARKI_VLAN_150 \
vlan-id=150
add interface=ether4_TRUNK_130 name=GOSCIE_WIFI_VLAN_130 vlan-id=130
add comment=MANAGEMENT interface=bridge_vlan_140/150/160 name=\
MANAGEMENT_VLAN_160 vlan-id=160
add interface=bridge_vlan_140/150/160 name=MONITORING_VLAN_140 vlan-id=140
add interface=ether2_TRUNK_110 name=NAUCZYCIELE_LAN vlan-id=110
add interface=ether3_TRUNK_120 name=NAUCZYCIELE_WIFI vlan-id=120
add interface=ether1_wan name=vlan989_Kolokacja_SSM vlan-id=989
/ip dhcp-server
add add-arp=yes address-pool=NAUCZYCIELE_WIFI disabled=no interface=\
NAUCZYCIELE_WIFI name=NAUCZYCIELE_WIFI
add add-arp=yes address-pool=GOSCIE_WIFI disabled=no interface=\
GOSCIE_WIFI_VLAN_130 lease-time=2m name=GOSCIE_WIFI
add add-arp=yes address-pool=MONITORING disabled=no interface=\
MONITORING_VLAN_140 name=MONITORING
add add-arp=yes address-pool=NAUCZYCIELE_LAN disabled=no interface=\
bridge_sample_test name=NAUCZYCIELE_LAN
add add-arp=yes address-pool=DRUKARKI disabled=no interface=DRUKARKI_VLAN_150 \
name=DRUKARKI
add add-arp=yes address-pool=MANAGEMENT disabled=no interface=\
MANAGEMENT_VLAN_160 name=MANAGEMENT
/interface bridge port
add bridge=bridge_sample_test interface=vlan989_Kolokacja_SSM
add bridge=bridge_sample_test interface=NAUCZYCIELE_LAN
add bridge=bridge_vlan_140/150/160 interface=ether5_TRUNK_140/150/160
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface bridge vlan
add bridge=bridge_vlan_140/150/160 tagged=ether5_TRUNK_140/150/160 vlan-ids=\
140
add bridge=bridge_vlan_140/150/160 tagged=ether5_TRUNK_140/150/160 vlan-ids=\
150
add bridge=bridge_vlan_140/150/160 tagged=ether5_TRUNK_140/150/160 vlan-ids=\
160
/ip address
add address=10.0.4.1/24 comment=NAUCZYCIELE_LAN interface=\
bridge_sample_test network=10.0.4.0
add address=10.0.6.1/24 comment=NAUCZYCIELE_WIFI interface=NAUCZYCIELE_WIFI \
network=10.0.6.0
add address=10.0.7.1/24 comment=GOSCIE_WIFI interface=GOSCIE_WIFI_VLAN_130 \
network=10.0.7.0
add address=10.0.8.1/24 comment=MONITORING interface=MONITORING_VLAN_140 \
network=10.0.8.0
add address=172.19.000.000/23 interface=ether1_wan network=172.19.555.0
add address=10.0.9.1/24 comment=DRUKARKI interface=DRUKARKI_VLAN_150 network=\
10.0.9.0
add address=10.0.10.1/24 comment=MANAGEMENT interface=MANAGEMENT_VLAN_160 \
network=10.0.10.0
/ip dhcp-server network
add address=10.0.4.0/24 comment=NAUCZYCIELE_LAN dns-server=10.0.4.4,10.0.4.1 \
gateway=10.0.4.1 netmask=24
add address=10.0.6.0/24 comment=NAUCZYCIELE_WIFI dns-server=10.0.6.1 gateway=\
10.0.6.1 netmask=24
add address=10.0.7.0/24 comment=GOSCIE_WIFI dns-server=10.0.7.1 gateway=\
10.0.7.1 netmask=24
add address=10.0.8.0/24 comment=MONITORING dns-server=10.0.8.1 gateway=\
10.0.8.1 netmask=24
add address=10.0.9.0/24 comment=DRUKARKI dns-server=10.0.9.1 gateway=10.0.9.1 \
netmask=24
add address=10.0.10.0/24 comment=MANAGEMENT dns-server=10.0.10.1 gateway=\
10.0.10.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip firewall filter
add action=accept chain=input comment="X akceptuj ICMP" protocol=icmp
add action=accept chain=input comment="X akceptuj SSH" dst-port=22 protocol=\
tcp
add action=accept chain=input comment="X akceptuj polaczenia zestawione" \
connection-state=established
add action=accept chain=input comment="X akceptuj polaczenia powiazane" \
connection-state=related
add action=accept chain=input comment="X akceptuj WinBox" dst-port=8299 \
protocol=tcp
add action=accept chain=input comment="allow L2TP VPN (500,4500,1701/udp)" \
dst-port=500,1701,4500 in-interface=ether1_wan protocol=udp
add action=accept chain=input comment="XXXXkceptuj zapytania DNS (UDP)" \
dst-port=53 in-interface=ether1_wan protocol=udp
add action=accept chain=input comment="XXXXakceptuj zapytania DNS (TCP)" \
dst-port=53 in-interface=ether1_wan protocol=tcp
add action=accept chain=input comment="allow L2TP VPN (ipsec-esp)" \
in-interface=ether1_wan protocol=ipsec-esp
add action=accept chain=input src-address=10.0.7.0/24
add action=drop chain=input comment="X blokuj wszystko inne"
add action=drop chain=forward in-interface=all-vlan in-interface-list=all \
out-interface=all-vlan
add action=accept chain=forward
Re: Dhcp leases - double mac address
The setup of bridge_vlan_140/150/160 is incomplete ... it should have vlan-filtering=yes. It should be tagged member of itself (under /interface bridge vlan). You may want to check this excelent tutorial to see how VLANs are done in ROS. And this thread to better understand different bridge personalities.
Who is online
Users browsing this forum: Bing [Bot], GoogleOther [Bot] and 105 guests