Hello,
I am a beginner here. I have my 4415U + intel 6 port 82574L mini PC installed Router OS
I don't know if this is possible or not, please give me some advice.
My Router OS is connected to a Wifi AP (Xiaomi Ax 9000 - in AP mode and it doesn't support VLAN function), and it broadcasts wifi networks (5G and 2.4G SSID)
I have PCs, cellphones, Wifi cameras, NAS... connected to that Xiaomi AP using Wifi or ethernet cable.
So the question is, can I configure 2 VLANs on the Router, one for NAS and cameras only, and one for all other devices (regardless of which SSID is connected, devices defined by MAC or static IP addresses) without using any Network switch?
If a network switch is required, which one should I use?
Thanks in advance
-
-
thylawrence
just joined
- Posts: 11
- Joined:
Configuring VLAN for Dumb Wifi Access Point
Last edited by thylawrence on Thu Jan 27, 2022 8:59 pm, edited 1 time in total.
Re: Configuring VLAN for Wifi Access Point
NO, is the quick answer.
If you have multiple vlans and want to be able to send them out wifi you have two options.
a. get an access point that can read vlans (in which case all is possible)
b. get more 'dumb" access points (one for each vlan) if you dont have enough ports for the number of APs, then get a managed switch.
If you need recommendations for APs, cheap but good wifi 5 is the TPLINK EAP245v3
If you want better at least wifi6, TPLINK 620 or 660HD or slightly better Engenius ews357 or ews377
If you have multiple vlans and want to be able to send them out wifi you have two options.
a. get an access point that can read vlans (in which case all is possible)
b. get more 'dumb" access points (one for each vlan) if you dont have enough ports for the number of APs, then get a managed switch.
If you need recommendations for APs, cheap but good wifi 5 is the TPLINK EAP245v3
If you want better at least wifi6, TPLINK 620 or 660HD or slightly better Engenius ews357 or ews377
-
-
thylawrence
just joined
- Posts: 11
- Joined:
Re: Configuring VLAN for Wifi Access Point
Thanks for quick reply.NO, is the quick answer.
So even I get a Switch, that will do nothing because the Switch can read Vlan sent from Router, but my Xiaomi AP can not read VLAN from the Switch, unless it support VLAN function.
Instead of that, if I buy one more AP (also No VLAN supported), beside the Xiaomi AX9000, then connect 2 of them to two Ports of router. After that, configure VLAN by these 2 ports, not by MAC addresses.
Can I setup the VLAN on my router running Routeros without buying a managed switch, my router has 6 port, it seems more than enough.
As I know, most of Mikrotik router can work like a managed switch, in this case my router is just a mini PC running Routeros, I am not sure if it has required hardwares
Last edited by thylawrence on Fri Dec 31, 2021 3:35 pm, edited 1 time in total.
Re: Configuring VLAN for Wifi Access Point
Yes you have multiple choices on configuring the MT device.
You could use one subnet dedicated to each port
OR
What I prefer is to
a. create one bridge
b. create all the vlans required including the main lan, with interface the bridge
c. each vlan gets Ip address,IP pool, dhcp server, dhcp server network
d. then using interface bridge ports and interface bridge vlan settings you push and pull traffic to the ports that you desire.
a port setup as a trunk port is when you flow tagged traffic through a port (one or more vlans) to a smart device (switch, capable AP), a port setup as an
access port tags the traffic coming from the device with the right vlan and untags the traffic before sending it back through the port to the dumb device.
So yes, if buy multiple AP, you can easily do what you want with the router. very flexible.
You could use one subnet dedicated to each port
OR
What I prefer is to
a. create one bridge
b. create all the vlans required including the main lan, with interface the bridge
c. each vlan gets Ip address,IP pool, dhcp server, dhcp server network
d. then using interface bridge ports and interface bridge vlan settings you push and pull traffic to the ports that you desire.
a port setup as a trunk port is when you flow tagged traffic through a port (one or more vlans) to a smart device (switch, capable AP), a port setup as an
access port tags the traffic coming from the device with the right vlan and untags the traffic before sending it back through the port to the dumb device.
So yes, if buy multiple AP, you can easily do what you want with the router. very flexible.
-
-
thylawrence
just joined
- Posts: 11
- Joined:
Re: Configuring VLAN for Wifi Access Point [SOLVED]
Yes you have multiple choices on configuring the MT device.
You could use one subnet dedicated to each port
OR
What I prefer is to
a. create one bridge
b. create all the vlans required including the main lan, with interface the bridge
c. each vlan gets Ip address,IP pool, dhcp server, dhcp server network
d. then using interface bridge ports and interface bridge vlan settings you push and pull traffic to the ports that you desire.
a port setup as a trunk port is when you flow tagged traffic through a port (one or more vlans) to a smart device (switch, capable AP), a port setup as an
access port tags the traffic coming from the device with the right vlan and untags the traffic before sending it back through the port to the dumb device.
So yes, if buy multiple AP, you can easily do what you want with the router. very flexible.
All I wanted so far is to create 2 VLANs on an X86 Mikrotik router (no managed switch or any other smart device):
dumb WifiAP1 on Ether port 4 <-> VLAN 10
dumb WifiAP2 on Ether port 5 <-> VLAN 20.
PC, printers, cellphones, cameras will connect to these 2 Dumb wifi APs
I tried a lot but without success, here are what I tried:
1, create a bridge_vlan
2, create VLAN_10, VLAN_20 with interface: bridge_vlan
3, setup IP address, DHCP, IP Pool for VLAN_10 and VLAN_20 (192.168.10.1/24 and 192.168.20.1/24)
4, at Bridge/ Ports, add Ether port 4 and Ether port 5 to interface: bridge_vlan
5, at Bridge/ VLANs, set
VLAN IDs: 10, tagged: none, untagged: Ether port 4
VLAN IDs: 20, tagged: none, untagged: Ether port 5
(edit: tagged: bridge_vlan also not working)
6, Turn on bridge_vlan's VLAN filtering
unfortunately, both my computer and cellphone that connect to port 4 and port 5 via two dumb APs, can't obtain the right ip address, showing Unidentified network.
Please let me know where the problem is?
Last edited by thylawrence on Thu Jan 27, 2022 5:58 pm, edited 2 times in total.
Re: Configuring VLAN for Wifi Access Point
Wrong: tagged: none
Correct: tagged: bridge_vlan
Correct: tagged: bridge_vlan
-
-
thylawrence
just joined
- Posts: 11
- Joined:
Re: Configuring VLAN for Wifi Access Point
I tried this, too, but still not working.Wrong: tagged: none
Correct: tagged: bridge_vlan
Re: Configuring VLAN for Wifi Access Point
It's also possible that you made some mistake and your config is not exactly as you describe it. You can export and post it, and we can help you look.
Code: Select all
/export hide-sensitive file=myconfigRe: Configuring VLAN for Wifi Access Point
One more thing, when you added ethernets as bridge ports, did you set their PVID to correct numbers (10/20 based on VLAN)?
-
-
thylawrence
just joined
- Posts: 11
- Joined:
Re: Configuring VLAN for Wifi Access Point
Yeah, Thank you. I had reset all the configurations and started from the beginning, things seem working to me now. I am not sure what I was wrong with.It's also possible that you made some mistake and your config is not exactly as you describe it. You can export and post it, and we can help you look.
Code: Select all/export hide-sensitive file=myconfig
here is my output config. Please take a look and help me figure out if something's wrong
# jan/27/2022 23:46:43 by RouterOS 7.1.1
Code: Select all
/interface bridge
add ingress-filtering=no name=bridge_vlan vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] name=ether0_ISP_PPPoE
set [ find default-name=ether4 ] name=ether3_AP_N300RH
set [ find default-name=ether5 ] name=ether4_AP_AX9000
set [ find default-name=ether6 ] name=ether5_PC
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether0_VNPT_PPPoE name=\
pppoe-vnpt-out1 user=thylawrence
/interface vlan
add interface=bridge_vlan name=VLAN_10 vlan-id=10
add interface=bridge_vlan name=VLAN_20 vlan-id=20
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool2 ranges=192.168.10.2-192.168.10.254
add name=dhcp_pool3 ranges=192.168.20.2-192.168.20.254
/ip dhcp-server
add address-pool=dhcp_pool2 interface=VLAN_10 name=dhcp1
add address-pool=dhcp_pool3 interface=VLAN_20 name=dhcp2
/port
set 0 name=serial0
/interface bridge port
add bridge=bridge_vlan interface=ether4_AP_AX9000 pvid=10
add bridge=bridge_vlan interface=ether3_AP_N300RH pvid=20
/interface bridge vlan
add bridge=bridge_vlan tagged=bridge_vlan untagged=ether4_AP_AX9000 vlan-ids=\
10
add bridge=bridge_vlan tagged=bridge_vlan untagged=ether3_AP_N300RH vlan-ids=\
20
/ip address
add address=192.168.10.1/24 interface=VLAN_10 network=192.168.10.0
add address=192.168.20.1/24 interface=VLAN_20 network=192.168.20.0
/ip cloud
set update-time=no
/ip dhcp-server network
add address=192.168.10.0/24 gateway=192.168.10.1
add address=192.168.20.0/24 gateway=192.168.20.1
/ip dns
set servers=8.8.8.8,1.1.1.1
/ip firewall nat
add action=masquerade chain=srcnat out-interface=pppoe-isp-out1
/ip service
set ftp disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip smb users
add name=guest
/system hardware
set allow-x86-64=yes
Re: Configuring VLAN for Wifi Access Point
It looks good on the surface, its working now right??
-
-
thylawrence
just joined
- Posts: 11
- Joined:
Re: Configuring VLAN for Wifi Access Point
Yes, it is working now. I'll put all cameras and IoT switches to VLAN 10, Guests to VLAN20, My computer, and personal things to VLAN30. 3VLAN / 3 Dumb Wifi AP.It looks good on the surface, its working now right??
Hope everything is properly functional.
Thank you all again for your assistance
Who is online
Users browsing this forum: No registered users and 50 guests