Main-vlan 100
iot-vlan 101
guest-vlan 102
family-vlan 103
VLAN 101-103 have own WiFi and I use an unifi ap lite.
In main-vlan I have proxmox with, among other things, unifi controller. My first thought was that I would use main-lan as my own network and also run wifi on it. To be able to manage unifi controller and run other virtual machines from proxmox. But when I do, I do not get it to work. No ip address is shared from dhcp and I can only run it wired. Is it because it's untagged? I have more questions but choose to stay here until I have clarified why I can not use the main vlan with WiFi.
An alternative is that I create another VLAN that will be able to communicate over all the other VLANs. How can I proceed after creating another VLAN? How do I get it to communicate with the others already existing. Especially with the main vlan where proxmox is located.
Code: Select all
# apr/23/2022 21:19:20 by RouterOS 6.49.6
# software id = FQCH-LUB0
#
# model = RB750Gr3
# serial number =
/interface bridge
add admin-mac=DC:2C:6E:53:3A:02 auto-mac=no comment=defconf name=bridge vlan-filtering=yes
/interface vlan
add interface=bridge name=family-vlan vlan-id=103
add interface=bridge name=guest-vlan vlan-id=102
add interface=bridge name=iot-vlan vlan-id=101
add interface=bridge name=main-vlan vlan-id=100
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
add name=VLAN
add name=MGMT
/ip pool
add name=main-pool ranges=192.168.100.10-192.168.100.254
add name=iot-pool ranges=192.168.101.10-192.168.101.254
add name=guest-pool ranges=192.168.102.10-192.168.102.254
add name=family-pool ranges=192.168.103.10-192.168.103.254
/ip dhcp-server
add address-pool=main-pool disabled=no interface=main-vlan name=main-dhcp
add address-pool=iot-pool disabled=no interface=iot-vlan name=iot-dhcp
add address-pool=guest-pool disabled=no interface=guest-vlan name=guest-dhcp
add address-pool=family-pool disabled=no interface=family-vlan name=family-dhcp
/interface bridge port
add bridge=bridge comment=defconf frame-types=admit-only-untagged-and-priority-tagged interface=ether2 pvid=100
add bridge=bridge comment=defconf frame-types=admit-only-untagged-and-priority-tagged interface=ether3 pvid=100
add bridge=bridge comment=defconf frame-types=admit-only-untagged-and-priority-tagged interface=ether4 pvid=101
add bridge=bridge comment=defconf interface=ether5 pvid=100
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface bridge vlan
add bridge=bridge comment=main-vlan tagged=bridge untagged=ether2,ether3,ether5 vlan-ids=100
add bridge=bridge comment=iot-vlan tagged=bridge,ether5 untagged=ether4 vlan-ids=101
add bridge=bridge comment=guest-vlan tagged=bridge,ether5 vlan-ids=102
add bridge=bridge comment=family-vlan tagged=bridge,ether5 vlan-ids=103
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=main-vlan list=LAN
add interface=iot-vlan list=LAN
add interface=guest-vlan list=LAN
add interface=main-vlan list=VLAN
add interface=iot-vlan list=VLAN
add interface=guest-vlan list=VLAN
add interface=main-vlan list=MGMT
add interface=family-vlan list=LAN
add interface=family-vlan list=VLAN
/ip address
add address=192.168.100.1/24 interface=main-vlan network=192.168.100.0
add address=192.168.101.1/24 interface=iot-vlan network=192.168.101.0
add address=192.168.102.1/24 interface=guest-vlan network=192.168.102.0
add address=192.168.103.1/24 interface=family-vlan network=192.168.103.0
/ip dhcp-client
add comment=defconf disabled=no interface=ether1 use-peer-dns=no
/ip dhcp-server network
add address=192.168.100.0/24 comment=main-dhcp-network gateway=192.168.100.1
add address=192.168.101.0/24 comment=iot-dhcp-network gateway=192.168.101.1
add address=192.168.102.0/24 comment=guest-dhcp-network gateway=192.168.102.1
add address=192.168.103.0/24 comment=family-dhcp-network gateway=192.168.103.1
/ip dns
set allow-remote-requests=yes servers=1.1.1.1,8.8.8.8,1.0.0.1,8.8.4.4
/ip dns static
add address=192.168.100.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="Allow main-vlan/MGMT access to all router services" in-interface-list=MGMT
add action=accept chain=input comment="Allow VLAN DHCP" dst-port=67 in-interface-list=VLAN protocol=udp
add action=accept chain=input comment="Allow VLAN DNS UDP" dst-port=53 in-interface-list=VLAN protocol=udp
add action=accept chain=input comment="Allow VLAN DNS TCP" dst-port=53 in-interface-list=VLAN protocol=tcp
add action=accept chain=input comment="Allow VLAN ICMP Ping" in-interface-list=VLAN protocol=icmp
add action=drop chain=input comment="Drop all other traffic"
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=accept chain=forward comment="VLAN Internet Access Only" connection-state=new in-interface-list=VLAN \
out-interface-list=WAN
add action=accept chain=forward comment="Allow Port Forwarding - DSTNAT - enable if need server" connection-nat-state=dstnat \
connection-state=new disabled=yes in-interface-list=WAN
add action=drop chain=forward comment="Drop all other traffic"
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
/ip ssh
set strong-crypto=yes
/system clock
/system identity
set name=RouterOS
/tool graphing interface
add allow-address=192.168.100.0/24 interface=ether1
add allow-address=192.168.100.0/24 interface=main-vlan
add allow-address=192.168.100.0/24 interface=iot-vlan
add allow-address=192.168.100.0/24 interface=guest-vlan
/tool graphing resource
add allow-address=192.168.100.0/24
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN