Community discussions

MikroTik App
 
omiex
just joined
Topic Author
Posts: 1
Joined: Sun Mar 20, 2022 5:25 am

hap ac3 as RoaS and Switch?

Wed Apr 13, 2022 1:16 am

I'm trying to set-up my hap ac3 as an inner router (r2) connected to my ISP modem/router. I'd like to set-up a guest wifi and ethernet port on the hap ac3 with a vlan to help isolate traffic between my work computer and my personal computers. My ISP modem/router does not have VLAN options and I was wondering if the hap ac3 can be configured to handle both the switch and RoaS on the same unit.

The connected devices can get individual IPs via the DHCP on the VLAN but they can't access the internet. They are able to ping the bridge the VLAN is on and an IP assigned to ether1 (which is connected to a LAN port on the ISP router). It might be obvious, but I'm pretty new to networking and configuration. I'm not sure how to assign an IP from the ISP router/modem to the devices on the VLAN. Does this require a DHCP relay or is there something I'm overlooking?

I've used viewtopic.php?f=23&t=143620 and tried a few different configurations but am wondering if it's not possible with a single hap ac3 unit. I would appreciate any help I can get.

Thanks!

Text Diagram of Setup
VLANs (1,2,3) --> Bridge on Hap Ac3 --> Ether 1 from HAP ac3 to LAN port --> ISP router/modem

Adding my current export below...
/interface bridge
add ingress-filtering=no name=bridge0 vlan-filtering=yes
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-g/n channel-width=20/40mhz-XX \
    disabled=no frequency=auto mode=ap-bridge scan-list=2437,2412,2462 ssid=\
    WIFI2 wps-mode=disabled
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
    20/40/80mhz-XXXX disabled=no frequency=auto installation=indoor \
    keepalive-frames=disabled mode=ap-bridge scan-list=5200,5240,5180,5220 \
    ssid=WIFI1 wps-mode=disabled
/interface vlan
add interface=bridge0 name=vlan_base vlan-id=40
add interface=bridge0 name=vlanW vlan-id=30
add interface=bridge0 name=vlanX vlan-id=10
/interface list
add name=WAN
add name=VLAN
add name=BASE

/interface wireless
add default-forwarding=no disabled=no keepalive-frames=disabled mac-address=\
    "" master-interface=wlan2 multicast-buffering=disabled \
    name=wlan3 security-profile=workey ssid=WORKWIFI wds-cost-range=0 \
    wds-default-cost=0 wps-mode=disabled
/ip pool
add name=dhcp_pool4 ranges=192.168.40.2-192.168.40.254
add name=dhcp_pool5 ranges=192.168.30.2-192.168.30.254
add name=dhcp_pool6 ranges=192.168.10.2-192.168.10.254
/ip dhcp-server
add address-pool=dhcp_pool4 interface=vlan_base name=dhcp1
add address-pool=dhcp_pool5 interface=vlanW name=dhcp2
add address-pool=dhcp_pool6 interface=vlanX name=dhcp3
/interface bridge port
add bridge=bridge0 frame-types=admit-only-untagged-and-priority-tagged \
    interface=wlan1 pvid=10
add bridge=bridge0 frame-types=admit-only-untagged-and-priority-tagged \
    interface=wlan2 pvid=10
add bridge=bridge0 frame-types=admit-only-untagged-and-priority-tagged \
    interface=wlan3 pvid=30
add bridge=bridge0 frame-types=admit-only-untagged-and-priority-tagged \
    interface=ether4 pvid=10
add bridge=bridge0 frame-types=admit-only-untagged-and-priority-tagged \
    interface=ether3 pvid=40
add bridge=bridge0 frame-types=admit-only-untagged-and-priority-tagged \
    interface=ether2 pvid=40
add bridge=bridge0 frame-types=admit-only-untagged-and-priority-tagged \
    interface=ether5 pvid=30
add bridge=bridge0 hw=no interface=ether1
/interface bridge vlan
add bridge=bridge0 tagged=bridge0,ether2 vlan-ids=40
add bridge=bridge0 tagged=bridge0 vlan-ids=30
add bridge=bridge0 tagged=bridge0 vlan-ids=10
/interface list member
add interface=ether1 list=WAN
add interface=vlan_base list=VLAN
add interface=vlanW list=VLAN
add interface=vlanX list=VLAN
add interface=vlan_base list=BASE
add interface=vlanX list=BASE
/ip address
add address=192.168.10.1/24 interface=vlanX network=192.168.10.0
add address=192.168.30.1/24 interface=vlanW network=192.168.30.0
add address=192.168.40.1/24 interface=vlan_base network=192.168.40.0
add address=192.168.0.2/24 interface=bridge0 network=192.168.0.0
/ip dhcp-server network
add address=192.168.10.0/24 dns-server=192.168.0.2 gateway=192.168.10.1
add address=192.168.30.0/24 gateway=192.168.30.1
add address=192.168.40.0/24 gateway=192.168.40.1
/ip firewall filter
add action=accept chain=input comment="Allow Estab & Related" \
    connection-state=established,related
add action=accept chain=input comment="Allow VLAN" in-interface-list=VLAN
add action=accept chain=input comment="Allow BASE Full Access" \
    in-interface-list=BASE
add action=drop chain=input comment=Drop
add action=accept chain=forward comment="Allow Estab & Related" \
    connection-state=established,related
add action=accept chain=forward comment="VLAN Internet Access only" \
    connection-state=new in-interface-list=VLAN out-interface-list=WAN
add action=drop chain=forward comment=Drop
/ip firewall nat
add action=masquerade chain=srcnat comment="Default masquerade" \
    out-interface-list=WAN
/ip route
add disabled=no dst-address=0.0.0.0/0 gateway=192.168.0.1 routing-table=main \
    suppress-hw-offload=no
add disabled=no distance=1 dst-address=192.168.0.2/24 gateway=192.168.0.1 \
    pref-src=0.0.0.0 routing-table=main scope=30 suppress-hw-offload=no \
    target-scope=10
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: hap ac3 as RoaS and Switch?

Sat Apr 16, 2022 11:57 pm

Yes, is the hapac getting a public IP or a private IP from the ISP devices.

viewtopic.php?t=143620

Who is online

Users browsing this forum: hatred, kolinsmk, PBondurant and 47 guests