Community discussions

MikroTik App
 
pspasov
just joined
Topic Author
Posts: 2
Joined: Thu Jun 30, 2022 8:43 am

Problem with VLAN on WAN port

Tue Aug 30, 2022 1:01 pm

Hi Mikrotik Community,,

I have a MIkrotik hex router in our head office with the following configuration:
ether1 - WAN with static IP address
VLAN with ID 3050 assigned to ether1(WAN) with IP address 192.168.2.1
bridge(ether2-ether4) with ip 192.168.1.1
DHCP server with pool from 192.168.1.0/24 assigned to the bridge
DHCP server with pool from 192.168.2.0/24 assigned to the VLAN interface

Our ISP which is the same in our head and our branch offices, has configured a VLAN to connect our branch office to our head office. In the branch office there is a VLAN switch configured by the ISP.

The current configuration is working by now with m0n0wall router which I want to replace with this Mikrotik hex router.

The problem with Mikrotik router is that the computers in a branch office receives correctly IP addresses from 192.168.2.0/24 but they neither have connection to Internet nor to the LAN network in head office - 192.168.1.0/24.

I have configured VLANs in the past assigned to the bridge and there is no such a problem, so I suppose that the reason is that the VLAN is on the WAN port.

What I have to do so the VLAN network have connection to the internet(masquaraded by Mikrotik router) and have access to resources in 192.168.1.0?

Best Regards,
Pavlin
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Problem with VLAN on WAN port

Tue Aug 30, 2022 2:52 pm

You would be well served to provide a network diagram. I dont understand the written part.
For example, why do you have a dhcp server for your WAN side, you are the client ?????
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: Problem with VLAN on WAN port

Tue Aug 30, 2022 5:52 pm

There are two ways, the "old" one and the "new" one.

In the old one, you set
/interface vlan add interface=ether1 vlan-id=3050 name=ether1.3050
/interface bridge port add bridge=your-lan-bridge-name interface=ether1.3050

and that's it, but it's not "nice".

In the new one, you have to make ether1 another member port of the common bridge, create an /interface vlan with some VLAN ID like 1234 as the WAN interface and another one with VLAN ID 3050 for LAN, and make ether1 an access port to VLAN 1234 and all the remaining ports access ports to VLAN 3050, and activate vlan-filtering on the bridge. But this requires to temporarily use one of the Ethernet interfaces as a management one with its own IP subnet, otherwise you will lose connection to the device. In order not to lose it, you would have to make VLAN 3050 the pvid of the router-facing port of the bridge rather than creating an /interface vlan for VLAN 3050.

But first of all, having a VLAN provided by an ISP is not secure.
 
pspasov
just joined
Topic Author
Posts: 2
Joined: Thu Jun 30, 2022 8:43 am

Re: Problem with VLAN on WAN port

Tue Sep 20, 2022 8:38 am

Thank you very much for your help!

Best regards,
Pavlin

Who is online

Users browsing this forum: JDF, johnson73, ramirez and 82 guests