Community discussions

MikroTik App
 
micro4lpha
just joined
Topic Author
Posts: 4
Joined: Tue Mar 15, 2022 6:27 am

RB 3011 + EAP610 - Unable to get internet access on AP using VLAN

Sun Nov 27, 2022 6:25 am

I managed to get the devices connected to the EAP610 and get an IP address, but they do not receive internet access. Currently my ISP gave me an hAC with no access and I am bridging with a RB 3011 and adding the EAP610 on Ether10.

Any ideas what I could be missing?
/interface bridge
add name=bridge1 vlan-filtering=yes
/interface ethernet
set [ find default-name=ether10 ] poe-out=off
/interface vlan
add interface=ether10 name=vlan10 vlan-id=10
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=10.0.0.2-10.0.0.254
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=vlan10 name=dhcp1
/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=ether6
add bridge=bridge1 interface=ether7
add bridge=bridge1 interface=ether8
add bridge=bridge1 interface=ether9
add bridge=bridge1 interface=ether10 pvid=10
add bridge=bridge1 interface=sfp1
add bridge=bridge1 interface=ether1
/interface bridge vlan
add bridge=bridge1 tagged=ether1 untagged=ether10 vlan-ids=10
/interface list member
add interface=ether1 list=WAN
add interface=ether2 list=LAN
add interface=ether3 list=LAN
add interface=ether4 list=LAN
add interface=ether5 list=LAN
add interface=ether6 list=LAN
add interface=ether7 list=LAN
add interface=ether8 list=LAN
add interface=ether9 list=LAN
add interface=ether10 list=LAN
add interface=sfp1 list=LAN
/ip address
add address=192.168.20.2/24 interface=bridge1 network=192.168.20.0
add address=10.0.0.1/24 interface=vlan10 network=10.0.0.0
/ip dhcp-server network
add address=10.0.0.0/24 gateway=10.0.0.1
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11383
Joined: Thu Mar 03, 2016 10:23 pm

Re: RB 3011 + EAP610 - Unable to get internet access on AP using VLAN

Sun Nov 27, 2022 11:25 am

The vlan10 interface should be anchored on bridge, not ether10 (which is bridge port member).

You didn't actually explain the WAN situation. Config says that WAN interface is ether1 which is supposed to be tagged with VID 10 ... should it be? (the device on the other side has to be configured appropriately) Config also doesn't show any NAT setup ... which means that upstream router should be aware of 10.0.0.0/24 subnet some way. At the same time your RB3011 doesn't have upstream gateway configured (and neither has DHCP client running on WAN interface to get that piece of setup automatically) so it can't reach internet itself. Neither can it offer internet to connected devices.

So basically everything is wrong.
Unless shown config is a (small) subset of complete setup in which case show it all or else we can play whack-a-mole for next few centuries.
 
micro4lpha
just joined
Topic Author
Posts: 4
Joined: Tue Mar 15, 2022 6:27 am

Re: RB 3011 + EAP610 - Unable to get internet access on AP using VLAN

Sun Nov 27, 2022 5:53 pm

I do have internet to all ports in my RB 3011 which are bridged, not a problem there. The only problem there is the VLAN not getting internet access. The AP and the devices assigned to the AP get the private IP from the DHCP server correctly. Why would I need to have a DHCP client if the AP is getting the IPs from the DHCP server on the RB 3011?

Currently I have:

- Mikrotik ISP router which gets a private IP from the ISP: 192.168.20.1 (subnet 192.168.20.0/24)
- Mikrotik RB 3011 which is set as bridge and sets the same private IP subnet to all connected devices. NAT/Firewall is being done by the ISP mikrotik, to avoid double NAT, do not have access to the ISP router config.
- EAP610 is connected to ether10 to try and create a WLAN with VLAN.

ISP Router -> RB 3011 -> EAP610
Last edited by micro4lpha on Sun Nov 27, 2022 6:01 pm, edited 2 times in total.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: RB 3011 + EAP610 - Unable to get internet access on AP using VLAN

Sun Nov 27, 2022 5:56 pm

So you have access to your ISP router to set DHCP and all other things??????
Confused on your setup explanation............
 
micro4lpha
just joined
Topic Author
Posts: 4
Joined: Tue Mar 15, 2022 6:27 am

Re: RB 3011 + EAP610 - Unable to get internet access on AP using VLAN

Sun Nov 27, 2022 5:58 pm

No, I do not have any access to the ISP router, and I have to use their shitty ass router or pay like 10x times to get my own IP and use my router to connect to their network.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: RB 3011 + EAP610 - Unable to get internet access on AP using VLAN

Sun Nov 27, 2022 7:23 pm

No, I do not have any access to the ISP router, and I have to use their shitty ass router or pay like 10x times to get my own IP and use my router to connect to their network.
Okay so you do have double NAT as you get a private IP on your wan input port, unless you are simply using the router as a switch???
 
micro4lpha
just joined
Topic Author
Posts: 4
Joined: Tue Mar 15, 2022 6:27 am

Re: RB 3011 + EAP610 - Unable to get internet access on AP using VLAN

Sun Nov 27, 2022 9:23 pm

No, I do not have double NAT. As I explained in my previous post, and as you see in the RB 3011, it's configured as BRIDGE. It's bridging the ISP router connection and providing the ISPs router subnet IPs to my devices, yes, like a switch, thought it was visible in my configuration above.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11383
Joined: Thu Mar 03, 2016 10:23 pm

Re: RB 3011 + EAP610 - Unable to get internet access on AP using VLAN

Sun Nov 27, 2022 9:41 pm

For untagged traffic, your device is configured just fine.

However, if I understand the description of the status, for VLAN 10 traffic your device will have to act as router/firewall and also perform NAT (because main router knows nothing about both VLAN10 and 10.0.0.0/24 subnet). Currently it's not ... and as I already wrote, the setup misses a few basic things already.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: RB 3011 + EAP610 - Unable to get internet access on AP using VLAN

Sun Nov 27, 2022 11:46 pm

mkx could the op do this.... In other words, the ISP router may not need to know about the vlan if it just sees the IP of the known entity ???
...
add chain=srcnat action=masquerade src-address=10.0.0.0/24 out-interface=192.168.20.2
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11383
Joined: Thu Mar 03, 2016 10:23 pm

Re: RB 3011 + EAP610 - Unable to get internet access on AP using VLAN

Mon Nov 28, 2022 9:41 pm

OP could do it (your example is incorrect BTW). But there are two things about it:

  1. /interface bridge vlan
    add bridge=bridge1 tagged=ether1 untagged=ether10 vlan-ids=10
    Port towards ISP's router should not be part of VLAN10, neither tagged nor untagged.
    .
  2. missing default route, something like
    /ip route
    add dst-address=0.0.0.0/0 gateway=192.168.20.1
    
    Without it this device can not successfully perform SRC-NAT for VLAN10 clients.

Who is online

Users browsing this forum: Google [Bot], stevencameron16 and 90 guests