I'm facing the huge VLAN world and just came acroos an issue.
I have a test device were I created a bridge and 2 VLANs (10=LAN, 20=VOICE)
Each network is a /24 subnet and own a DHCP server.
I've created also 2 virtual WiFi, one for each VLAN.
Vlans works correctly... port is assigned and dhcp bound the correct ip to the correct vlan.
Unfortunately I'm facing the issue that VLANs does not see eachother
here is the configuration I made
Code: Select all
[admin@MikroTik] > /export
# jan/02/1970 02:12:49 by RouterOS 6.49.1
# software id = Y6M3-5V8C
#
# model = RB952Ui-5ac2nD
# serial number =
/interface bridge
add dhcp-snooping=yes igmp-snooping=yes name=br-trunk vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] name=eth1-LAN
set [ find default-name=ether2 ] name=eth2-LAN
set [ find default-name=ether3 ] name=eth3-LAN
set [ find default-name=ether4 ] name=eth4-VOICE
set [ find default-name=ether5 ] name=eth5-MGMT
/interface wireless
set [ find default-name=wlan1 ] country=italy default-authentication=no default-forwarding=no disabled=no frequency=auto hide-ssid=\
yes mode=ap-bridge skip-dfs-channels=all ssid=MikroTik
set [ find default-name=wlan2 ] ssid=MikroTik
/interface vlan
add interface=br-trunk name=vlan10-LAN vlan-id=10
add interface=br-trunk name=vlan20-VOICE vlan-id=20
/interface wireless
add disabled=no keepalive-frames=disabled mac-address=4A:8F:5A:14:DB:BA master-interface=wlan1 multicast-buffering=disabled name=\
wlan-LAN ssid=mk10 wds-cost-range=0 wds-default-cost=0 wps-mode=disabled
add disabled=no keepalive-frames=disabled mac-address=4A:8F:5A:14:DB:BB master-interface=wlan1 multicast-buffering=disabled name=\
wlan-VOICE ssid=mk20 wds-cost-range=0 wds-default-cost=0 wps-mode=disabled
/interface list
add name=vlan-trust
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=192.168.10.1-192.168.10.253
add name=dhcp_pool1 ranges=192.168.20.1-192.168.20.253
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=vlan10-LAN name=dhcp1
add address-pool=dhcp_pool1 disabled=no interface=vlan20-VOICE name=dhcp2
/interface bridge port
add bridge=br-trunk ingress-filtering=yes interface=eth1-LAN pvid=10 trusted=yes
add bridge=br-trunk ingress-filtering=yes interface=eth2-LAN pvid=10 trusted=yes
add bridge=br-trunk ingress-filtering=yes interface=eth3-LAN pvid=10 trusted=yes
add bridge=br-trunk ingress-filtering=yes interface=eth4-VOICE pvid=20 trusted=yes
add bridge=br-trunk ingress-filtering=yes interface=wlan-LAN pvid=10 trusted=yes
add bridge=br-trunk ingress-filtering=yes interface=wlan-VOICE pvid=20 trusted=yes
/interface bridge settings
set use-ip-firewall-for-vlan=yes
/ip settings
set max-neighbor-entries=2048
/interface bridge vlan
add bridge=br-trunk tagged=br-trunk untagged=eth1-LAN,eth2-LAN,eth3-LAN,wlan-LAN vlan-ids=10
add bridge=br-trunk tagged=br-trunk untagged=wlan-VOICE,eth4-VOICE vlan-ids=20
/interface list member
add interface=vlan10-LAN list=vlan-trust
add list=vlan-trust
add interface=br-trunk list=vlan-trust
/ip address
add address=192.168.10.254/24 interface=vlan10-LAN network=192.168.10.0
add address=192.168.20.254/24 interface=vlan20-VOICE network=192.168.20.0
add address=192.168.99.1/24 interface=br-trunk network=192.168.99.0
/ip dhcp-server lease
add address=192.168.10.100 client-id=iphone lease-time=20m server=dhcp1
/ip dhcp-server network
add address=192.168.10.0/24 dns-none=yes gateway=192.168.10.254 netmask=24
add address=192.168.20.0/24 dns-none=yes gateway=192.168.20.254 netmask=24
/ip firewall address-list
add address=192.168.10.0/24 list=vlan-trust
add address=192.168.20.0/24 list=vlan-trust
also Bridge filter did not suceeded.
ping simply fail.
thanks for your support
M