Community discussions

MikroTik App
 
mada3k
Long time Member
Long time Member
Topic Author
Posts: 687
Joined: Mon Jul 13, 2015 10:53 am
Location: Sweden

Correct way of Virutal SSIDs & VLANs

Mon Aug 15, 2022 9:30 pm

Hi,

I'm a bit unsure here. What is the correct way of setting up virtual SSID's that related to some VLANs? I'm using two wAPs at home and would like to create a guest SSI and maybe some IoT SSID as well, that ends up on separate VLANs.

Current setup:
/interface bridge
add name=bridge1 protocol-mode=none vlan-filtering=yes

/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=wlan1 pvid=30
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=wlan2 pvid=30

/interface bridge vlan
add bridge=bridge1 tagged=bridge1,ether1 vlan-ids=39
add bridge=bridge1 tagged=bridge1,ether1 untagged=wlan1,wlan2 vlan-ids=30
The wlan1/wlan2 are just standard configured.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Correct way of Virutal SSIDs & VLANs

Tue Aug 16, 2022 12:36 am

When you create virtual AP for new SSID, you get new interface. You can either use it as untagged bridge port, same as any other interface. Or it can be combined with wireless VLAN settings (vlan-mode=use-tag vlan-id=X), where traffic would be configured as tagged on that port. The latter is mainly useful if you'd want common SSID for multiple VLANs, where clients can be assigned to different VLANs using access list.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19107
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Correct way of Virutal SSIDs & VLANs

Tue Aug 16, 2022 4:16 am

Ignore the complications added by SOb,
You are on the right track.
Vwlan are created on the wireless settings.
The difference mainly is that you have to choose the MASTER wireless interface be it WLAN1 or WLAN2.
The only difference in settings between the MASTER and the virtual is the SSID and security setting associated with SSID.

Then on the interface bridge ports treat them exactly like you do WLANs, pvid=???? the vlan you want that virtual WLAN to be using.
Same for interface bridge vlans as for the wlans.
/interface vlan
add name=wlan1  interface=bridge1 vlan-id=30
add name=wlan2  interface=bridge1 vlan-id=30
add name= virtualwlan1  interface=bridge1  vlan-id=50
add name=virtualwlan2  interface=bridge1 vlan-id=80
and name=unknownvlan  interface=bridge1  vlan-id=39
/interface bridge
add name=bridge1 protocol-mode=none vlan-filtering=yes
/interface bridge port
add bridge=bridge1 interface=ether1  { assuming this is NOT the WAN port ?? )
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=wlan1 pvid=30
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=wlan2 pvid=30
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=virtualwlan1 pvid=50
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=virtualwlan2 pvid=80
/interface bridge vlan
add bridge=bridge1 tagged=bridge1,ether1 vlan-ids=39
add bridge=bridge1 tagged=bridge1,ether1 untagged=wlan1,wlan2 vlan-ids=30
add bridge=bridge1 tagged=bridge(maybe ether1)  untagged=virtualwlan1  vlan-ids=50
add bridge=bridge1 tagged=bridge(maybe ether1)  untagged=virtualwlan2  vlan-ids=80
This is basically the concept for the main wifi router.
If you have other Mikrotik devices that are wifi capable and they are connected to a main MT router via cable then they will not be needed as routers but will be acting as an AP/Switch.
If so then this article covers that........
viewtopic.php?t=182276
 
User avatar
Ca6ko
Member
Member
Posts: 499
Joined: Wed May 04, 2022 10:59 pm
Location: Kharkiv, Ukraine

Re: Correct way of Virutal SSIDs & VLANs

Tue Aug 16, 2022 3:57 pm

I would set up a capsman and route the traffic on the head router without a vlan.
But everyone uses the method they are most comfortable with.
 
mada3k
Long time Member
Long time Member
Topic Author
Posts: 687
Joined: Mon Jul 13, 2015 10:53 am
Location: Sweden

Re: Correct way of Virutal SSIDs & VLANs

Tue Aug 16, 2022 5:09 pm

Thanks,

I'm aware of CAPSMAN but it's overkill for my home. ether1 runs to my central switch. 30 is currently for all clients, 39 is for management.

It's the vlan-mode=use-tag vlan-id=X bits I'm a bit unsure of. Should it be used or not, and then how?

/interface wireless
add master-interface=wlan1 name=wlan1-ssid30 ssid=ssid30 vlan-mode=use-tag vlan-id=30
add master-interface=wlan1 name=wlan1-ssid31 ssid=ssid31 vlan-mode=use-tag vlan-id=31
add master-interface=wlan1 name=wlan1-ssid32 ssid=ssid32 vlan-mode=use-tag vlan-id=32

/interface bridge vlan
add bridge=bridge1 tagged=bridge1,ether1,wlan1 vlan-ids=30,31,32
OR
/interface wireless
add master-interface=wlan1 name=wlan1-ssid30 ssid=ssid30
add master-interface=wlan1 name=wlan1-ssid31 ssid=ssid31
add master-interface=wlan1 name=wlan1-ssid32 ssid=ssid32

/interface bridge vlan
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=wlan1-ssid30 pvid=30
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=wlan1-ssid31 pvid=31
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=wlan1-ssid32 pvid=32
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11439
Joined: Thu Mar 03, 2016 10:23 pm

Re: Correct way of Virutal SSIDs & VLANs

Tue Aug 16, 2022 7:46 pm

These two options are (more or less) equal. If there are other ports on vlan-enabled bridge then I suggest to go with second way of doing it, reason being to keep all VLAN-related config in single place (under /interface bridge).

The first one comes handy if one doesn't use vlan-enabled bridge for any reason (e.g because device runs switch chip that can be configured for VLAN functions but ROS doesn't support HW offload, example are CRS1xx/2xx or devices with Qualcomm switch chips. Or because one doesn't configure VLANs elsewhere on device at all, which works for pretty simple multi-SSID APs connected to VLAN-enabled LAN ... not that I endorse such deployment in any way).
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19107
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Correct way of Virutal SSIDs & VLANs

Wed Aug 17, 2022 2:25 pm

Keep it simple,
the wireless settings for wireless parameters, not vlans
the bridge does not provide DHCP services etc, just bridging and thus vlans (other than the default vlan1) carry all data traffic.

Why, for three reasons.
a. because sob doesnt like it when I push my own config preferences
b. because mkx doesnt like it when I push my own config preferences
c. I am partial to my config preference because I know squat about networking and yet I have success.

Seriously there are two ways to do vlans,
The method I use is the easiest IMHO and it works in all cases.
It may not be the most efficient if one has a specific chip architecture but it will still work just fine for any home application.
There is another method, but will leave that to others to flog.............. but it will take optimal advantage of chip architecture if so equipped.

P. SWITCH CHIP VLANS
https://help.mikrotik.com/docs/display/ ... p+Features
https://help.mikrotik.com/docs/display/ ... switchchip

other refs:
https://www.youtube.com/watch?v=Rj9aPoyZOPo - Vlans using the Switch Chip
https://www.youtube.com/watch?v=rvQ6o4RfnoU - Configure Vlan on Switch Chip
https://www.youtube.com/watch?v=YLtGQAQ8iS0 - CRS3XX Step by Step
 
mada3k
Long time Member
Long time Member
Topic Author
Posts: 687
Joined: Mon Jul 13, 2015 10:53 am
Location: Sweden

Re: Correct way of Virutal SSIDs & VLANs

Wed Aug 17, 2022 5:34 pm

As I mentioned earlier, we are talking about a wAP AC - so there is no switch chip to take in consideration.

DHCP and firewalling is done on another device behind the switch, so that's outside this topic.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19107
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Correct way of Virutal SSIDs & VLANs

Wed Aug 17, 2022 8:39 pm

In that case for an Ikea table and meat balls I give you this.........
viewtopic.php?t=182276

Who is online

Users browsing this forum: eddieb, ITwannaBE, maxslug, phascogale and 24 guests