Community discussions

MikroTik App
 
jvincze84
just joined
Topic Author
Posts: 14
Joined: Mon Apr 29, 2024 10:22 am

Passthrough Network Via Mikrotiks

Tue Sep 10, 2024 10:26 am

Dear All,

I have a interesting (interesting for me) question.
I got a Router from my ISP (Telekom HU), call it R1, and two Mikrotik: HAP Ac3 (R2) and a Hap lite (R3).

R1 has its own network: 192.168.1.1/24. Android TV boxes are connected to this network via WiFi.
R2 connects to the internet via the R1 using PPPoE connection, so it has it's own public IP Address. This is my main network I use (172.16.0.1/22).
The R3 router is in another building and connected to R2, bridged all interface to the same bridge, so every client connected to the R3 got the ip address from R2 dhcp server. (So R3 is kind of wifi repeater)

But I need to connect to R1 network (192.168.1.0/24) using the R3 (via WiFI).
    R1   --->      R2 ---> R3 (wifi) --> Client (192.168.1.X/24)
192.168.1.0/24    
I need to create a slave Wifi Interface on the R3 router which (somehow) directly connect the the R1 network (192.168.1.0/24) and assign ip addresses with DHCP on R1.
Is this even possible? Between R2 and R3 I have only one ETH cable.

Any help would be appreciated!

Thx,
Janos Vincze
.



.
 
jvincze84
just joined
Topic Author
Posts: 14
Joined: Mon Apr 29, 2024 10:22 am

Re: Passthrough Network Via Mikrotiks

Tue Sep 10, 2024 11:23 am

I was thinking about a something like this:
Create MACVLAN interface on R2-ETH1. (ETH1 connected to R1)
Create EOIP tunnel between R2 and R3.
Bridge EOIP and MACVLAN on R2.
Bridge EOIP and WiFi Slave on R3. And set up Dhcp Relay on the brige interface.
 
User avatar
sindy
Forum Guru
Forum Guru
Posts: 11115
Joined: Mon Dec 04, 2017 9:19 pm

Re: Passthrough Network Via Mikrotiks

Tue Sep 10, 2024 11:54 am

I think the above would be unnecessarily complicated. I would set the master wireless interface of R3 to station-bridge mode, make it a trunk port for multiple VLANs, and use the "single common bridge with vlan-filtering=yes for all VLANs" mode also on R2, so that its WAN would be yet another VLAN on that common bridge. And on R3, I would make two slave wireless interfaces in AP mode access ports to two VLANs, one hosting 192.168.1.0/24 and the other one hosting 172.16.0.0/22.

That way, everything would stay in the L2 domain, no EoIP interfaces and associated MTU issues, no mac-vlan interfaces...
 
User avatar
TheCat12
Member
Member
Posts: 429
Joined: Fri Dec 31, 2021 9:13 pm

Re: Passthrough Network Via Mikrotiks

Tue Sep 10, 2024 2:45 pm

A question out of pure curiosity - how would the PPPoE work in conjunction with a VLAN aware bridge? Should the PPPoE interface run on top of a VLAN interface or how?
 
MMH
just joined
Posts: 1
Joined: Tue Sep 10, 2024 2:40 pm

Radius Manager issue with Mikrotik RB 1200

Tue Sep 10, 2024 4:13 pm

Hello @ALL
hope you're doing well,

We have an issue on our system, Radius Manager showing user is offline and on that time the customers are using internet from the Mikrotik RB1200.
Can you please tell me the issue?
Nas Changed in Radius Manager, and Public IP changed in RB1200 but issue is not solved.
Mikrotik Version > 7.15.3

Thanks
 
User avatar
sindy
Forum Guru
Forum Guru
Posts: 11115
Joined: Mon Dec 04, 2017 9:19 pm

Re: Passthrough Network Via Mikrotiks

Tue Sep 10, 2024 4:44 pm

If the question was for me - if R1 presents 192.168.1.0/24 and the path to the PPPoE server on the same physical interface, then indeed the PPPoE client has to be connected to the VLAN interface on the common bridge. If there are two separate interfaces on R1, one for LAN and another one for the PPPoE, only the first one needs to be connected to an access port to the "R1 to R3 VLAN", and the PPPoE stays attached to the port to which it is attached now. It's up to the OP to clarify this. The ISP boxes come in many flavors :)
 
jvincze84
just joined
Topic Author
Posts: 14
Joined: Mon Apr 29, 2024 10:22 am

Re: Passthrough Network Via Mikrotiks

Tue Sep 10, 2024 5:26 pm

I think the above would be unnecessarily complicated. I would set the master wireless interface of R3 to station-bridge mode, make it a trunk port for multiple VLANs, and use the "single common bridge with vlan-filtering=yes for all VLANs" mode also on R2, so that its WAN would be yet another VLAN on that common bridge. And on R3, I would make two slave wireless interfaces in AP mode access ports to two VLANs, one hosting 192.168.1.0/24 and the other one hosting 172.16.0.0/22.

That way, everything would stay in the L2 domain, no EoIP interfaces and associated MTU issues, no mac-vlan interfaces...
Thanks for the answer.
I have a little probmlems with vlans. First of all i have a switch between r2 and r3 which does not support vlan taggning.
Another problem is that I'm using R3's main Wifi interface for access my "main" network.: R1 (192.168.1.0/24) --> R2 (pppoe / 172.16.0.0/24) --> R3 (bridge) ==wifi==> client (172.16.0.0/24).
That's why I need slave wifi interface on R3.

PPPOE client config:
[admin@MikroTikAc3] /interface/pppoe-client> export hide-sensitive 
# 2024-09-10 16:17:03 by RouterOS 7.14.3
# software id = 51LK-FL29
#
# model = RBD53iG-5HacD2HnD
# serial number = 
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 name=pppoe-out1 user=55500000000000057864@t-online.hu
Bridge:
[admin@MikroTikAc3] /interface/pppoe-client> /interface/bridge/port/export       
# 2024-09-10 16:18:24 by RouterOS 7.14.3
# software id = 51LK-FL29
#
# model = RBD53iG-5HacD2HnD
# serial number = 
/interface bridge port
add bridge=bridge1 interface=ether2 internal-path-cost=10 path-cost=10
add bridge=bridge1 interface=ether3 internal-path-cost=10 path-cost=10
add bridge=bridge1 interface=ether4 internal-path-cost=10 path-cost=10
add bridge=bridge1 interface=ether5 internal-path-cost=10 path-cost=10
add bridge=bridge1 interface=wifi1-2ghz internal-path-cost=10 path-cost=10
add bridge=bridge1 interface=wifi2-5ghz
And even the DHCP Client on ETH1 works:
admin@MikroTikAc3] /interface/pppoe-client> /ip/dhcp-client/print 
Columns: INTERFACE, USE-PEER-DNS, ADD-DEFAULT-ROUTE, STATUS, ADDRESS
# INTERFACE  USE-PEER-DNS  ADD-DEFAULT-ROUTE  STATUS  ADDRESS         
0 ether1     no            no                 bound   192.168.1.250/24
I don't know how and why but over the ETH1 I can get IP address from R1 and also the pppoe client connection is working fine.

The hAP lite is working in a simple bridge mode:
[admin@hap-ws] > /interface/bridge/port/export
# 2024-09-10 16:21:26 by RouterOS 7.14.3
# software id = J5LQ-36NV
#
# model = RB941-2nD
# serial number = 
/interface bridge port
add bridge=bridge comment=defconf ingress-filtering=no interface=ether2 internal-path-cost=10 path-cost=10
add bridge=bridge comment=defconf ingress-filtering=no interface=ether3 internal-path-cost=10 path-cost=10
add bridge=bridge comment=defconf ingress-filtering=no interface=ether4 internal-path-cost=10 path-cost=10
add bridge=bridge comment=defconf ingress-filtering=no interface=pwr-line1 internal-path-cost=10 path-cost=10
add bridge=bridge comment=defconf ingress-filtering=no interface=wlan1 internal-path-cost=10 path-cost=10
add bridge=bridge interface=ether1
Adresses:
admin@hap-ws] > /ip/address/print 
Flags: D - DYNAMIC
Columns: ADDRESS, NETWORK, INTERFACE
#   ADDRESS        NETWORK     INTERFACE
0 D 172.16.0.2/22  172.16.0.0  bridge   
Wireless:
admin@hap-ws] /interface/wireless> export
# 2024-09-10 16:23:14 by RouterOS 7.14.3
# software id = J5LQ-36NV
#
# model = RB941-2nD
# serial number = 
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk mode=dynamic-keys name=jfsz-sb-33-net supplicant-identity=MikroTik
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n country=hungary disabled=no distance=indoors installation=indoor mode=ap-bridge security-profile=jfsz-sb-33-net ssid=\
    jfsz-sb-33-net wireless-protocol=802.11 wps-mode=disabled
/interface wireless cap
set bridge=bridge certificate=request discovery-interfaces=bridge interfaces=wlan1
Last edited by jvincze84 on Tue Sep 10, 2024 5:35 pm, edited 1 time in total.
 
jvincze84
just joined
Topic Author
Posts: 14
Joined: Mon Apr 29, 2024 10:22 am

Re: Passthrough Network Via Mikrotiks

Tue Sep 10, 2024 5:34 pm

If the question was for me - if R1 presents 192.168.1.0/24 and the path to the PPPoE server on the same physical interface, then indeed the PPPoE client has to be connected to the VLAN interface on the common bridge. If there are two separate interfaces on R1, one for LAN and another one for the PPPoE, only the first one needs to be connected to an access port to the "R1 to R3 VLAN", and the PPPoE stays attached to the port to which it is attached now. It's up to the OP to clarify this. The ISP boxes come in many flavors :)
It is possble to connect the R1 and R2 with 2 enthernet cable if this helps or make the setup easier. But the R2 and R3 connected this way: R1-->R2-->switch-->R3 This switch is a not magaged one, not support VLANs. And I could not put additional eth cable between the SW (or r2) and R3

So I need some "tricky" solution.

Unfortunatelly the ISP box has poor variately of configuration options. And the Andriod TV box works only if it is connected to this router's network (192.168.1.0/24).
 
User avatar
TheCat12
Member
Member
Posts: 429
Joined: Fri Dec 31, 2021 9:13 pm

Re: Passthrough Network Via Mikrotiks

Tue Sep 10, 2024 8:42 pm

I think adding a second Ethernet cable between R1 and R2 would simplify the configuration if possible. Since R1 is in bridge mode it won't matter whether you're receiving PPPoE from one port and DHCP from another or both from the same port. In the case with two Ethernet cables you would need to remove the DHCP client from ether1 and put it on a created VLAN interface. After that, transfer the DHCP server over to a second VLAN interface, configure the switch-facing port as trunk port (don't worry about your switch not handling VLAN traffic, it should forward it without acknowledging it as such) and then configuring VLAN and a virtual AP on R3. All in all, it should look something like this:
# R2

/interface vlan
add interface=bridge1 name=Main vlan-id=10
add interface=bridge1 name=ISP_network vlan-id=20

/ip dhcp-client
set [ find interface=ether1 ] interface=ISP_network

/ip address
set [ find network=192.168.1.0 ] interface=Main

/ip dhcp-server
set [ find interface=bridge1 ] interface=Main

/interface bridge port
set [ find interface=ether2 ] pvid=20
set [ find interface=ether3 ] pvid=10
set [ find interface=ether5 ] pvid=10

/interface bridge vlan
add bridge=bridge1 tagged=bridge1,wifi1-2ghz,ether4,wifi2-5ghz vlan-ids=10
add bridge=bridge1 tagged=bridge1,wifi1-2ghz,ether4,wifi2-5ghz vlan-ids=20

/interface wireless
set [ find name=wifi1-2ghz ] vlan-mode=use-tag vlan-id=10
set [ find name=wifi2-5ghz ] vlan-mode=use-tag vlan-id=10

/interface bridge
set bridge1 vlan-filtering=yes

# R3

/interface vlan
add interface=bridge name=Main vlan-id=10

/interface dhcp-client 
set [ find interface=bridge ] interface=Main

/interface wireless security-profiles
add name=ISP_network mode=dynamic-keys authentication-types=wpa2-psk wpa2-pre-shared-key=***

/interface wireless
set [ find name=wlan1 ] vlan-mode=use-tag vlan-id=10
add master-interface=wlan1 name=wlan3 ssid=ISPNet security-profile=ISP_network vlan-mode=use-tag vlan-id=20

/interface bridge port
set [ find interface=ether2 ] pvid=10
set [ find interface=ether3 ] pvid=10
set [ find interface=ether4 ] pvid=10

/interface bridge vlan
add bridge=bridge tagged=bridge,ether1,wlan1 vlan-ids=10
add bridge=bridge tagged=ether1,wlan3 vlan-ids=20

/interface bridge
set bridge vlan-filtering=yes
In the following config I assume that the switch-facing port on R2 is ether4
 
User avatar
sindy
Forum Guru
Forum Guru
Posts: 11115
Joined: Mon Dec 04, 2017 9:19 pm

Re: Passthrough Network Via Mikrotiks

Tue Sep 10, 2024 9:09 pm

Apparently I was reading too diagonally today :) My impression from your OP was that R3 was a wireless client of R2. Since it is not, there is no need to configure its wireless interface(s) to station-bridge mode. Just two AP mode interfaces, one master and one slave, each linked to another VLAN.

As for the "dumb" switch between between R2 and R3, dumb switches are normally so dumb that they don't care about anything else but MAC addresses, so tagged VLAN frames pass through them transparently as good as any other frames, and also the supported frame size is usually large enough to accommodate a frame carrying a 1500-byte IP packet that has at least one VLAN tag (so 1518 bytes in total). You can easily check that if you attach an /interface/vlan with the same vlan-id (let's say 111) to the bridges on both R2 and R3, attach IP addresses from the same non-conflicting subnet to it (like 10.20.30.1/30 to R2 and 10.20.30.2/30 to R3), and then ping one from the other - first just ping 10.20.30.2 from R2 to check that there is no mistake, and then ping 10.20.30.2 size=1500 do-not-fragment to check that the supported frame size is large enough.

And since the ISP box (R1) apparenty works, at the same physical interface, as a router and DHCP server for IP & ARP packets as well as a bridge for PPPoE & PPPoE Discovery frames, the subsequent step will consist in removing the test addresses from the newly created VLAN interfaces, activating vlan-filtering on the bridge on R2, moving the PPPoE client and the DHCP client from ether1 to the vlan interface, and making ether1 an access port to that VLAN on the bridge. On R3, you will keep vlan-filtering off on the bridge, add a wireless interface with a different SSID, vlan-mode=use-tag and vlan-id=111 as a slave of the existing one, remove the /interface/vlan, and make the newly added slave AP another port of the bridge.
 
jvincze84
just joined
Topic Author
Posts: 14
Joined: Mon Apr 29, 2024 10:22 am

Re: Passthrough Network Via Mikrotiks

Thu Sep 12, 2024 4:45 pm

Hi All,
Thank you very much for the suggestions.
I'm going to try it and come back with the result.
Br,
JVincze84
 
jvincze84
just joined
Topic Author
Posts: 14
Joined: Mon Apr 29, 2024 10:22 am

Re: Passthrough Network Via Mikrotiks

Sat Sep 14, 2024 9:01 pm

Hi All,

I want to share my experiences.
It seems I managed to successfully configure the VLANs according to suggestions.
There was some modification, and first I used a "test" router (hAP) as R3. This is because R3 is far away from me and I did not want to walk from one building to another and back, everytime I screw up the config. :) (Yes I, know the "Safe Mode", but sometimes I forget to use it.)

Currently I use this config on R2:

Interface Config:
/interface vlan
add interface=bridge1 name=vlan100 vlan-id=100
add interface=bridge1 name=vlan200 vlan-id=200
(VLAN 100 - R1 Network, VLAN 200 - Isolated Network For IP Cameras)

Ethernet:
/interface ethernet
set [ find default-name=ether1 ] name=ether1-pppoe  <- This interface is connected to R1 (pppoe)
set [ find default-name=ether2 ] name=ether2-switch <- dummy switch (R2->SW->R3)
set [ find default-name=ether4 ] name=ether4-telekom  <- This interface connected to R1 (separet eth cable for VLAN)
Bridge Config:
/interface bridge
add name=bridge1 port-cost-mode=short vlan-filtering=yes
/interface bridge port
add bridge=bridge1 interface=ether2-switch internal-path-cost=10 path-cost=10
add bridge=bridge1 interface=ether3 internal-path-cost=10 path-cost=10
add bridge=bridge1 interface=wifi1-2ghz internal-path-cost=10 path-cost=10
add bridge=bridge1 interface=wifi2-5ghz
add bridge=bridge1 interface=ether5
add bridge=bridge1 ingress-filtering=no interface=ether4-telekom pvid=100 trusted=yes

/interface bridge vlan
add bridge=bridge1 tagged=bridge1,ether2-switch untagged=ether4-telekom vlan-ids=100
add bridge=bridge1 tagged=ether2-switch,bridge1 vlan-ids=200
Please note that I have my original network untouched (VLAN ID 1, by default). This is the next in the todo list.
Additionally I've set a DHCL clinet for vlan100 interface, insted of adding IP Address manually.
[admin@MikroTikAc3] > /ip/dhcp-client/print
Columns: INTERFACE, USE-PEER-DNS, ADD-DEFAULT-ROUTE, STATUS, ADDRESS
# INTERFACE  USE-PEER-DNS  ADD-DEFAULT-ROUTE  STATUS  ADDRESS
0 vlan100    no            no                 bound   192.168.1.246/24
[admin@MikroTikAc3] > /ip/dhcp-client/export
/ip dhcp-client
add add-default-route=no interface=vlan100 use-peer-dns=no use-peer-ntp=no
And also I set up a DHCP server for camera van:
[admin@MikroTikAc3] > /ip/dhcp-server/print
Columns: NAME, INTERFACE, ADDRESS-POOL, LEASE-TIME
# NAME   INTERFACE  ADDRESS-POOL  LEASE-TIME
0 dhcp1  bridge1    dynamic dhcp  30m
1 dhcp2  vlan200    dhcp_pool4    30m


R3 Configuration:
/interface vlan
add interface=bridge1 name=vlan100 vlan-id=100
add interface=bridge1 name=vlan200 vlan-id=200

/interface bridge
add name=bridge1 vlan-filtering=yes
/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=ether2 pvid=100
add bridge=bridge1 interface=wlan1 pvid=100
add bridge=bridge1 interface=ether3 pvid=200

/interface bridge vlan
add bridge=bridge1 tagged=ether1,bridge1 vlan-ids=100
add bridge=bridge1 tagged=bridge1,ether1 vlan-ids=200


DHCP Clients:
[admin@MikroTik] > /ip/dhcp-client/print
Columns: INTERFACE, USE-PEER-DNS, ADD-DEFAULT-ROUTE, STATUS, ADDRESS
# INTERFACE  USE-PEER-DNS  ADD-DEFAULT-ROUTE  STATUS  ADDRESS
0 bridge1    no            no                 bound   172.16.3.198/22
1 vlan100    no            no                 bound   192.168.1.227/24
2 vlan200    no            no                 bound   10.200.0.2/24
But there are some part of the suggested configuraition I don't really understand. (Or I don't understand how VLANs works....)
This part of suggested configuration did not worked:
/interface bridge vlan
add bridge=bridge tagged=bridge,ether1,wlan1 vlan-ids=10
add bridge=bridge tagged=ether1,wlan3 vlan-ids=20
What is the point behind adding WLAN* interface as tagged? If I understand well, tagging interface means that the interface is a "trunk" interface not an "access" one.
Insted of this I configured wlan1 PVID to 100.

The situation is similar in R2 configuration.
I had to configure PVID for the ISP's (ether4) interface:
/interface bridge port
.....
add bridge=bridge1 ingress-filtering=no interface=ether4-telekom pvid=100 trusted=yes
In the suggested configration ether4 is added as tagged interface:
/interface bridge vlan
add bridge=bridge1 tagged=bridge1,wifi1-2ghz,ether4,wifi2-5ghz vlan-ids=10
add bridge=bridge1 tagged=bridge1,wifi1-2ghz,ether4,wifi2-5ghz vlan-ids=20
R1 is not aware of VLANs, so I don't see the meanings of adding as tagged.
Can you see anything bad in my configuration? I'm not so familiar with VLANs (yet), so there my be some configuration parts which could be antipatern.

Interesting thing that my first thought is also working: Creating EOIP tunnel between the R2 and R3 and separate bridges on both side. (R2: EOIP and ether4, R3: EOIP and WIFI+ETH2)

Thanks for the help.!
 
User avatar
TheCat12
Member
Member
Posts: 429
Joined: Fri Dec 31, 2021 9:13 pm

Re: Passthrough Network Via Mikrotiks

Sat Sep 14, 2024 10:09 pm

This part of suggested configuration did not worked:
/interface bridge vlan
add bridge=bridge tagged=bridge,ether1,wlan1 vlan-ids=10
add bridge=bridge tagged=ether1,wlan3 vlan-ids=20
What is the point behind adding WLAN* interface as tagged? If I understand well, tagging interface means that the interface is a "trunk" interface not an "access" one.
Your understanding is correct but there is a small detail you're missing - if you define vlan-id in the wireless interface settings, it'll untag all traffic with the defined VLAN ID but to untag it it needs tagged traffic. Hence, the wireless interface is added as a trunk port in the bridge VLAN for the respective VLAN.
I had to configure PVID for the ISP's (ether4) interface:
/interface bridge port
.....
add bridge=bridge1 ingress-filtering=no interface=ether4-telekom pvid=100 trusted=yes
In the suggested configration ether4 is added as tagged interface:
/interface bridge vlan
add bridge=bridge1 tagged=bridge1,wifi1-2ghz,ether4,wifi2-5ghz vlan-ids=10
add bridge=bridge1 tagged=bridge1,wifi1-2ghz,ether4,wifi2-5ghz vlan-ids=20
R1 is not aware of VLANs, so I don't see the meanings of adding as tagged.
A minor misconfiguration from my side. Oops. :lol:
 
jvincze84
just joined
Topic Author
Posts: 14
Joined: Mon Apr 29, 2024 10:22 am

Re: Passthrough Network Via Mikrotiks

Sun Sep 15, 2024 6:10 pm

This part of suggested configuration did not worked:
/interface bridge vlan
add bridge=bridge tagged=bridge,ether1,wlan1 vlan-ids=10
add bridge=bridge tagged=ether1,wlan3 vlan-ids=20
What is the point behind adding WLAN* interface as tagged? If I understand well, tagging interface means that the interface is a "trunk" interface not an "access" one.
Your understanding is correct but there is a small detail you're missing - if you define vlan-id in the wireless interface settings, it'll untag all traffic with the defined VLAN ID but to untag it it needs tagged traffic. Hence, the wireless interface is added as a trunk port in the bridge VLAN for the respective VLAN.
I had to configure PVID for the ISP's (ether4) interface:
/interface bridge port
.....
add bridge=bridge1 ingress-filtering=no interface=ether4-telekom pvid=100 trusted=yes
In the suggested configration ether4 is added as tagged interface:
/interface bridge vlan
add bridge=bridge1 tagged=bridge1,wifi1-2ghz,ether4,wifi2-5ghz vlan-ids=10
add bridge=bridge1 tagged=bridge1,wifi1-2ghz,ether4,wifi2-5ghz vlan-ids=20
R1 is not aware of VLANs, so I don't see the meanings of adding as tagged.
A minor misconfiguration from my side. Oops. :lol:

Thanks!
But, I'm afaraid I don't 100% uderstand the WLAN part. :(
If I configure the WLAN interface (telekom-guest) like thits:
/interface bridge
add name=bridge1 vlan-filtering=yes
/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=ether2 pvid=100
add bridge=bridge1 interface=wlan1
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=telekom-guest
/interface bridge vlan
add bridge=bridge1 tagged=ether1,bridge1 vlan-ids=100
add bridge=bridge1 tagged=bridge1,ether1,telekom-guest vlan-ids=200
Without setting the PVID, the device get IP Address from the "defult" vlan.
Device get the appropiate IP address only if I set PVID=100 to the bridge interface:
[admin@hAP-bedroom] > /interface/bridge/port/print
Flags: I - INACTIVE
Columns: INTERFACE, BRIDGE, HW, PVID, PRIORITY, HORIZON
#   INTERFACE      BRIDGE   HW   PVID  PRIORITY  HORIZON
0   ether1         bridge1  yes     1  0x80      none
1   ether2         bridge1  yes   100  0x80      none
2   wlan1          bridge1          1  0x80      none
3   ether3         bridge1  yes     1  0x80      none
4   ether4         bridge1  yes     1  0x80      none
5 I ether5         bridge1  yes     1  0x80      none
6   telekom-guest  bridge1          1  0x80      none
[admin@hAP-bedroom] > /interface/bridge/port/set numbers=6 pvid=100
I can configure VLAN in three places:
1. In the Interface configuration (vlan-mode and vlan-id):
[admin@hAP-bedroom] > /interface/wireless/print
Flags: X - disabled; R - running
 0  R name="telekom-guest" mtu=1500 l2mtu=1600 mac-address=DE:2C:6E:25:88:49 arp=enabled interface-type=virtual master-interface=wlan1 mode=ap-bridge ssid="telekom-guest" vlan-mode=no-tag vlan-id=1
      wds-mode=disabled wds-default-bridge=none wds-ignore-ssid=no bridge-mode=enabled default-authentication=yes default-forwarding=yes default-ap-tx-limit=0 default-client-tx-limit=0 hide-ssid=no
      security-profile=default
2. In the bridge port (PVID).
3. And in the "/interface bridge vlan" as taggad or untagged port.

What is the right configuration I should use?

Thanks a lot!
 
User avatar
TheCat12
Member
Member
Posts: 429
Joined: Fri Dec 31, 2021 9:13 pm

Re: Passthrough Network Via Mikrotiks

Sun Sep 15, 2024 6:33 pm


I can configure VLAN in three places:
1. In the Interface configuration (vlan-mode and vlan-id):
[admin@hAP-bedroom] > /interface/wireless/print
Flags: X - disabled; R - running
 0  R name="telekom-guest" mtu=1500 l2mtu=1600 mac-address=DE:2C:6E:25:88:49 arp=enabled interface-type=virtual master-interface=wlan1 mode=ap-bridge ssid="telekom-guest" vlan-mode=no-tag vlan-id=1
      wds-mode=disabled wds-default-bridge=none wds-ignore-ssid=no bridge-mode=enabled default-authentication=yes default-forwarding=yes default-ap-tx-limit=0 default-client-tx-limit=0 hide-ssid=no
      security-profile=default
2. In the bridge port (PVID).
3. And in the "/interface bridge vlan" as taggad or untagged port.

What is the right configuration I should use?
You configure the VLAN in places 1 (vlan-mode=use-tag vlan-id=100) and 3 as tagged port. Try to read the following MikroTik Docs page in hopes of assimilating the suggested from me config easier:

https://help.mikrotik.com/docs/display/ ... n+Wireless

Who is online

Users browsing this forum: CGGXANNX and 35 guests