Code: Select all
add interface=ether2 l2mtu=1594 name=trunk-10-phones vlan-id=10
add interface=ether2 l2mtu=1594 name=trunk-21-network vlan-id=21
add interface=ether2 l2mtu=1594 name=trunk-30-lan vlan-id=30
trunk port
I have an access point connected to port2. This access point will be using native vlan of 21. How do I set the native vlan the MicroTik
Re: trunk port
I have an access point connected to port2. This access point will be using native vlan of 21. How do I set the native vlan the MicroTik
Code: Select alladd interface=ether2 l2mtu=1594 name=trunk-10-phones vlan-id=10 add interface=ether2 l2mtu=1594 name=trunk-21-network vlan-id=21 add interface=ether2 l2mtu=1594 name=trunk-30-lan vlan-id=30
What hardware? You either need to do it with the switch chip or bridges.
-
-
CelticComms
Forum Guru
- Posts: 1765
- Joined:
Re: trunk port
If the Engenius is using the "native VLAN" the its traffic will appear untagged - i.e. as normal Ethernet frames. Is there a reason that you can't have the Engenius traffic appear as tagged 802.1q traffic? Doing so would probably make life easier.
Re: trunk port
I have added vlan 21 as the native vlan on the access point. The access point is connected to port 2. I have two SSID's one on vlan 21 and the other on vlan 30.
I see the SSID's on the computer, but when I connect to them they wont give me an IP address and I can not ping the WAP either.
I see the SSID's on the computer, but when I connect to them they wont give me an IP address and I can not ping the WAP either.
-
-
CelticComms
Forum Guru
- Posts: 1765
- Joined:
Re: trunk port
Which Engenuis model is this? It will probably be easier if you use standard VLANs for both VLAN 21 & 30 - avoid the "native VLAN". If you use standard tagged VLANs then you can pick up the traffic on VLAN virtual interfaces in RouterOS.
Re: trunk port
Or you can use bridge.
Sent from my SCH-I545 using Tapatalk
Sent from my SCH-I545 using Tapatalk
-
-
CelticComms
Forum Guru
- Posts: 1765
- Joined:
Re: trunk port
If you simply want to pick up the untagged (native VLAN means untagged) traffic then pick it up directly from ether2.
Re: trunk port
It is the EAP350. I have it plugged into ether2. If I just leave it without a Native Vlan tag on it then I can ping the access point and the SSID on vlan 21 get the correct IP, but Vlan 30 doesnt work. Where do I set the native vlan to 21 on the MicroTik?
-
-
CelticComms
Forum Guru
- Posts: 1765
- Joined:
Re: trunk port
There is no direct command like there would be on a layer 2 VLAN-aware device. Some RouterBoard have switches which might help - or you can use bridges for some configurations but even that can't do everything that a VLAN-aware layer 2 device can typically do.Where do I set the native vlan to 21 on the MicroTik?
Is there a reason you need to use the native VLAN - which is just the untagged traffic on the 802.1q trunk? From security standpoint it is usually a bad idea anyway!
Re: trunk port
I had this device working like this on a Cisco 2950 switch. Since the 2950 is a 10/100 l2 switch I decided to get an 1100 AH which is a Gb L3 switch. Everything works fine except the access point. If I dont set the default VLAN on the access point I can connect to it through vlan21 and the ssid on vlan21 works fine, but the ssid on vlan30 doesnt work.
If you know of a better way of setting it up let me know.
If you know of a better way of setting it up let me know.
-
-
CelticComms
Forum Guru
- Posts: 1765
- Joined:
Re: trunk port
OK - The best way to get it to work with an RB1100 is to put each SSID on a tagged VLAN and pick those VLANs up on VLAN interfaces on the RB1100. If you do that and post the RB1100 config with observed symptoms it should be possible to debug.
The RB1100 is really a fairly traditional router with some layer 2 capabilities. It doesn't really merit being called a layer 3 switch since it does not really have wire speed layer 3 capabilities.
The RB1100 is really a fairly traditional router with some layer 2 capabilities. It doesn't really merit being called a layer 3 switch since it does not really have wire speed layer 3 capabilities.
Re: trunk port
Below is my config. I have the Access point now plugged into port 7 without the "Vlan Management" setting enabled and it is currently working only on Vlan21. The SSID on vlan 30 doesnt work. If I plug into port 2 it doesnt work. If I set the "Vlan Management" to vlan 21 then it wont work on any port.
Please help
Please help
Code: Select all
# jan/03/1970 09:15:49 by RouterOS 5.14
# software id = FP7P-M89C
#
/interface bridge
add l2mtu=1598 name=bridge-phones
add l2mtu=1598 name=bridge-network
add name=bridge-lan
add l2mtu=1600 name=bridge-public
/interface ethernet
set 1 speed=1Gbps
set 2 speed=1Gbps
set 3 speed=1Gbps
set 4 speed=1Gbps
set 5 speed=1Gbps
set 6 speed=1Gbps
/interface vlan
add interface=bridge-phones l2mtu=1594 name=vlan-10-phones vlan-id=10
add interface=bridge-network l2mtu=1594 name=vlan-21-network vlan-id=21
add interface=bridge-lan l2mtu=65531 name=vlan-30-lan vlan-id=30
add interface=ether2 l2mtu=1594 name=trunk-10-phones vlan-id=10
add interface=ether2 l2mtu=1594 name=trunk-21-network vlan-id=21
add interface=ether2 l2mtu=1594 name=trunk-30-lan vlan-id=30
/ip pool
add name=dhcp_pool2 ranges=10.105.10.100-10.105.10.199
add name=dhcp_pool3 ranges=10.105.30.100-10.105.30.199
add name=dhcp_pool4 ranges=10.105.21.100-10.105.21.199
/ip dhcp-server
add address-pool=dhcp_pool2 disabled=no interface=bridge-phones name=dhcp2
add address-pool=dhcp_pool3 disabled=no interface=bridge-lan name=dhcp3
add address-pool=dhcp_pool4 disabled=no interface=bridge-network name=dhcp4
/interface bridge port
add bridge=bridge-network interface=ether3
add bridge=bridge-network interface=ether4
add bridge=bridge-network interface=ether5
add bridge=bridge-network interface=ether6
add bridge=bridge-network interface=ether7
add bridge=bridge-network interface=ether8
add bridge=bridge-network interface=ether9
add bridge=bridge-phones interface=ether10
add bridge=bridge-public interface=ether13
add bridge=bridge-phones interface=ether1
/ip address
add address=10.105.10.254/24 interface=bridge-phones
add address=10.105.21.254/24 interface=bridge-network
add address=10.105.30.254/24 interface=bridge-lan
/ip dhcp-client
add disabled=no interface=bridge-public
/ip dhcp-server network
add address=10.105.10.0/24 dns-server=10.105.21.3,10.105.21.250 gateway=10.105.10.254
add address=10.105.21.0/24 dns-server=10.105.21.3,10.105.21.250 gateway=10.105.21.254
add address=10.105.30.0/24 dns-server=10.105.21.3,10.105.21.250 gateway=10.105.30.254
/ip dns
set allow-remote-requests=yes
/ip firewall filter
add chain=input comment="Accept established connections" connection-state=established
add chain=input comment="Accept related connections" connection-state=related
add action=drop chain=input comment="Drop invalid connections" connection-state=invalid
add chain=input comment=UDP protocol=udp
add chain=input comment="Allow limited pings" limit=50/5s,2 protocol=icmp
add action=drop chain=input comment="Drop excess pings" protocol=icmp
add chain=input comment=Phones in-interface=bridge-phones src-address=10.105.10.0/24
add chain=input comment=Network in-interface=bridge-network src-address=10.105.21.0/24
add chain=input comment=LAN in-interface=bridge-lan src-address=10.105.30.0/24
add action=log chain=input comment="Log everything else" log-prefix="DROP INPUT"
add action=drop chain=input comment="Drop everything else"
/ip firewall nat
add action=masquerade chain=srcnat src-address=10.105.10.0/24
add action=masquerade chain=srcnat src-address=10.105.21.0/24
add action=masquerade chain=srcnat src-address=10.105.30.0/24
-
-
CelticComms
Forum Guru
- Posts: 1765
- Joined:
Re: trunk port
If this is an RB1100 you should probably upgrade it to ROS6 and figure out how many trunk ports you need and how many access ports you need (untagged traffic) for each VLAN then figure out the most efficient way to achieve that using the switch chips where appropriate.