Community discussions

MikroTik App
 
mongobongo
newbie
Topic Author
Posts: 34
Joined: Fri Jul 28, 2017 5:13 pm

CCR1009 VLAN and Wi-Tek POE Switch

Sat Jun 25, 2022 11:05 am

Hi peeps,

hopefully someone can shed some light on what I am doing wrong as I cant work this out at all.

I have the following equipment in a working config that has been in place for 3 years with no issues what so ever

CCR1009-7G-1C-1S+
CRS328-24P-4S+RM
RBcAPL-2nD

Here I am running CAPSMan using VLANs on the CCR with the "bridge" method.
On the CRS328 switches I am not doing anything in the VLAN sections.
CAPLite devices are able to successfully get DHCP address from the DHCP servers that are associated with the VLANs from the CCR1009.

Now due to the Worldwide shortage in Miktotik POE switches, I looked for a temporary cost effective solution for POE switch until the shortage is over and found from a local supplier the following switch

Wi-Tek WI-PMS318GF - http://wireless-tek.com/product_show.php?id=47

I thought, seeing that I am not doing "anything special" on the CCR with regards to VLANs, that, just as with the CRS switches, I would be able to simply add this Wi-Tek switch in place and the VLANs would pass over, but this is not the case.

So far ive spent 5 hours, trying different things on the Wi-Tek and CCR router to see if I can get the VLANs to pass, but nada.

Basically, the CAPLites get a DHCP address for the mac address of the LAN adapter, however the VLAN that is serverd via CAPSMan to the CAPSLite looks to not be passed as any device connecting to the CAPLite cannot get a DHCP address.

Something of note, the Wi-Tek to CAPlite connection required a cross over cable to work...

If anybody has any ideas on what I should be looking at to get over this obstacle I would really much appreciate their help.
Last edited by mongobongo on Mon Jun 27, 2022 7:24 pm, edited 1 time in total.
 
tdw
Forum Guru
Forum Guru
Posts: 1843
Joined: Sat May 05, 2018 11:55 am

Re: CCR1009 VLAN and Wi-Tek POE Switch

Sat Jun 25, 2022 1:03 pm

Here I am running CAPSMan using VLANs on the CCR with the "bridge" method.
Do you mean local forwarding mode?
On the CRS328 switches I am not doing anything in the VLAN sections.
Configured with a single bridge having vlan-filtering=no so VLAN tags are not treated differently to any other ethertypes?

I thought, seeing that I am not doing "anything special" on the CCR with regards to VLANs, that just as with the CRS switches I would be able to simply add this Wi-Tek switch in place and the VLANs would pass over, but this is not the case.

Basically, the CAPLites get a DHCP address for the mac address of the LAN adapter, however the VLAN that is serverd via CAPSMan to the CAPSLite looks to not be passed as any device connecting to the CAPLite cannot get a DHCP address.
I would suspect that VLAN support is always enabled on this new switch so you have to configure the VLAN IDs and membership for every VLAN which will be transiting it.
Something of note, the Wi-Tek to CAPlite connection required a cross over cable to work...
Doesn't inspire confidence as to the design quality of the switch
 
mongobongo
newbie
Topic Author
Posts: 34
Joined: Fri Jul 28, 2017 5:13 pm

Re: CCR1009 VLAN and Wi-Tek POE Switch

Sat Jun 25, 2022 6:27 pm

Here I am running CAPSMan using VLANs on the CCR with the "bridge" method.
Do you mean local forwarding mode?
On the CRS328 switches I am not doing anything in the VLAN sections.
Configured with a single bridge having vlan-filtering=no so VLAN tags are not treated differently to any other ethertypes?

I thought, seeing that I am not doing "anything special" on the CCR with regards to VLANs, that just as with the CRS switches I would be able to simply add this Wi-Tek switch in place and the VLANs would pass over, but this is not the case.

Basically, the CAPLites get a DHCP address for the mac address of the LAN adapter, however the VLAN that is serverd via CAPSMan to the CAPSLite looks to not be passed as any device connecting to the CAPLite cannot get a DHCP address.
I would suspect that VLAN support is always enabled on this new switch so you have to configure the VLAN IDs and membership for every VLAN which will be transiting it.
Something of note, the Wi-Tek to CAPlite connection required a cross over cable to work...
Doesn't inspire confidence as to the design quality of the switch
Hi!

On the bridge vlan-filtering is enabled.

Regards having to use a crossover cable for PoE to work on the CAPLite was not a good sign, I was fortunate to have come across a post regarding a TP-Link PoE switch which also needed a crossover cable to provide PoE otherwise I would not have worked out why the PoE switch was not powering up the devices.

As a seperate test I hooked up a 10€ unmanaged TP-Link switch and this device has no issue letting the VLANs come across to the CAPLite.

Here is the VLAN section of the Wi-Tek switch.

Image

Ive tried to untag the VLANs on the ingress port (ether1) and then re-tagging the VLAN on the egress port (ether16), but it made no difference...

The manufacturer has the following in their FAQ section, but the example is for using two Wi-Tek switches I couldnt spot something here which could assist me resolve me issue

http://support.wireless-tek.com/en/supp ... ion-sample

I will post you the config so there is not misunderstanding with regards to terminology.
/interface bridge
add name=bridge1 vlan-filtering=yes

/interface bridge port
add bridge=bridge1 interface=ether13-to-crs
add bridge=bridge1 interface=ether12-to-witek

/interface bridge settings
set use-ip-firewall-for-pppoe=yes use-ip-firewall-for-vlan=yes

/interface bridge vlan
add bridge=bridge1 tagged=bridge1,ether12-to-witek,ether13-to-crsvlan-ids=80
add bridge=bridge1 tagged=ether12-to-witek,ether13-to-crs,bridge1 vlan-ids=81

/interface vlan
add interface=bridge1 name=vlan80-pavlinia vlan-id=80
add interface=bridge1 name=vlan81-pavlinia-guests vlan-id=81

/ip address
add address=192.168.88.1/24 interface=bridge1 network=192.168.88.0
add address=192.168.80.1/24 interface=vlan80-pavlinia network=192.168.80.0
add address=192.168.81.1/24 interface=vlan81-pavlinia-guests network=192.168.81.0

/ip dhcp-server network
add address=192.168.80.0/24 dns-server=192.168.88.1 gateway=192.168.80.1
add address=192.168.81.0/24 dns-server=192.168.88.1 gateway=192.168.81.1
add address=192.168.88.0/24 dns-server=192.168.88.1 gateway=192.168.88.1

/ip dhcp-server
add address-pool=pool-88 authoritative=after-2sec-delay disabled=no interface=bridge1 lease-time=30s name=server1
add address-pool=pool-80 authoritative=after-2sec-delay disabled=no interface=vlan80-pavlinia lease-time=30s name=server2
add address-pool=pool-81 authoritative=after-2sec-delay disabled=no interface=vlan81-pavlinia-guests lease-time=30s name=server3

/ip pool
add name=pool-88 ranges=192.168.88.2-192.168.88.254
add name=pool-81 ranges=192.168.81.2-192.168.81.254
add name=pool-80 ranges=192.168.80.2-192.168.80.254

/caps-man security
add authentication-types=wpa-psk,wpa2-psk comment="Pavlinia Password" name=Pavlinia passphrase="xxxxxxxx"
add authentication-types=wpa-psk,wpa2-psk comment="Pavlinia Guests Password" name="Pavlinia Guest" passphrase=xxxxxxx

/caps-man configuration
add country=no_country_set datapath.bridge=bridge1 datapath.client-to-client-forwarding=yes datapath.local-forwarding=yes datapath.vlan-id=81 datapath.vlan-mode=use-tag name=pavlinia-guest security="Pavlinia Guest" \
    ssid="Pavlinia Guest"
add channel.tx-power=15 country=no_country_set datapath.bridge=bridge1 datapath.client-to-client-forwarding=yes datapath.local-forwarding=yes datapath.vlan-id=80 datapath.vlan-mode=use-tag name=pavlinia security=\
    Pavlinia ssid=Pavlinia

/caps-man interface
add configuration=pavlinia-guest l2mtu=1600 mac-address=4E:5E:0C:36:7A:71 master-interface=cap3 name=cap-3-1 radio-mac=00:00:00:00:00:00 radio-name=""
add configuration=pavlinia l2mtu=1600 mac-address=2C:C8:1B:7E:AA:3B master-interface=none name=cap1 radio-mac=2C:C8:1B:7E:AA:3B radio-name=2CC81B7EAA3B
add configuration=pavlinia-guest l2mtu=1600 mac-address=2E:C8:1B:7E:AA:3B master-interface=cap1 name=cap1-1 radio-mac=00:00:00:00:00:00 radio-name=""
add configuration=pavlinia l2mtu=1600 mac-address=4C:5E:0C:36:7A:71 master-interface=none name=cap3 radio-mac=4C:5E:0C:36:7A:71 radio-name=4C5E0C367A71

/caps-man manager
set ca-certificate=auto certificate=auto enabled=yes

/caps-man provisioning
add action=create-enabled identity-regexp=pavlinia-021 master-configuration=pavlinia name-format=identity slave-configurations=pavlinia-guest
add action=create-enabled identity-regexp=pavlinia-009 master-configuration=pavlinia name-format=identity slave-configurations=pavlinia-guest
 
tdw
Forum Guru
Forum Guru
Posts: 1843
Joined: Sat May 05, 2018 11:55 am

Re: CCR1009 VLAN and Wi-Tek POE Switch

Sun Jun 26, 2022 2:03 pm

Configured with a single bridge having vlan-filtering=no so VLAN tags are not treated differently to any other ethertypes?
On the bridge vlan-filtering is enabled.
This was with reference to your statement about the CRS, but you posted the CCR configuration. That looks fine except
/interface bridge settings
set use-ip-firewall-for-pppoe=yes use-ip-firewall-for-vlan=yes

is likely unnecessary, it is only required in some very specific use cases.

As a seperate test I hooked up a 10€ unmanaged TP-Link switch and this device has no issue letting the VLANs come across to the CAPLite.

Ive tried to untag the VLANs on the ingress port (ether1) and then re-tagging the VLAN on the egress port (ether16), but it made no difference...

The manufacturer has the following in their FAQ section, but the example is for using two Wi-Tek switches I couldnt spot something here which could assist me resolve me issue
So the Mikrotik configuration is fine. On any device port you can only have one VLAN untagged, you require hybrid ports (one untagged plus one-or-more tagged VLANs) with VLAN 1 default/untagged and VLANs 80 & 81 tagged. It doesn't help that the example has the When Port Receiving Frame columns labels for Tagged Frame and Untagged Frame swapped.
 
mongobongo
newbie
Topic Author
Posts: 34
Joined: Fri Jul 28, 2017 5:13 pm

Re: CCR1009 VLAN and Wi-Tek POE Switch

Mon Jun 27, 2022 3:31 pm


On the bridge vlan-filtering is enabled.
This was with reference to your statement about the CRS, but you posted the CCR configuration. That looks fine except
/interface bridge settings
set use-ip-firewall-for-pppoe=yes use-ip-firewall-for-vlan=yes

is likely unnecessary, it is only required in some very specific use cases.

As a seperate test I hooked up a 10€ unmanaged TP-Link switch and this device has no issue letting the VLANs come across to the CAPLite.

Ive tried to untag the VLANs on the ingress port (ether1) and then re-tagging the VLAN on the egress port (ether16), but it made no difference...

The manufacturer has the following in their FAQ section, but the example is for using two Wi-Tek switches I couldnt spot something here which could assist me resolve me issue
So the Mikrotik configuration is fine. On any device port you can only have one VLAN untagged, you require hybrid ports (one untagged plus one-or-more tagged VLANs) with VLAN 1 default/untagged and VLANs 80 & 81 tagged. It doesn't help that the example has the When Port Receiving Frame columns labels for Tagged Frame and Untagged Frame swapped.
Hi!

Sorry about the reference to the CRS, I should have been more explicit with my explanation as then you would have understood more easily, the CRS is in SWOS mode.

Regards the "use-ip-firewall-for-vlan=yes" that should not have been in the config (I had the testbed setup on a RB1100Ah which has other configs running on it).

And finally, thank you ever so much for the information you provided, everything now works as intended with the advice you gave "VLAN 1 default/untagged and VLANs 80 & 81 tagged". The amount of hours i spent on this, while not understranding the "swapped" columns meant I may never have come across the answer.

:)

Who is online

Users browsing this forum: sybadi and 79 guests