I am quite lost in the configuration jungle and would be very happy about any input/help
I recently got an RB2011UiAS-2HnD and an RB941-2ND-TC (aka Home AP Lite). There is also an Netgear GS108-T around, but that one is not relevant for my question.
What I want to achieve is splitting my network into multiple VLANs for
- guests wifi (vid 80)
- intranet (vid 10)
- management (vid 30) (this is for later and not important right now
- dmz (vid 20 for some internet services, not important right now)
The RB2011 acts als Router and has the internet on eth0.
eth1 and eth2 are trunk to the hAP and netgear.
Both RB2011 and hAP have wireless APs defined for guest and intranet.
Question:
"Why do the vlan not work and my devices connect to the default network?"
At one time I was able to be connected from the hAP both over wire and wireless and I was in vlan 10 (intranet). However, nothing works from hAP right now and I cannot get into vlan 10 even on the RB2011.
Current situation
Confusingly enough, I managed to be in the intranet vlan when I was connected to the hAP. However, not even that works now. The connection between hAP and RB2011 don't work anymore
When I connect to the RB2011 I am joining the default network, regardless of the chosen port (192.168.88.x)
Here is my configuration, which is kinda based on Rob's "Switching without bridging" tutorial
Let's ignore all devices but the RB2011, I need to fix this one first. I don't care about switch2 on the RB2011 right now either
Configuration on the RB2011 Router:
Code: Select all
/interface> /interface ethernet print
Flags: X - disabled, R - running, S - slave
# NAME MTU MAC-ADDRESS ARP MASTER-PORT SWITCH
0 R ether01-outside 1500 6C:3B:6B:8C:7D:9F enabled none switch1
1 RS ;;; trunk to bureau
ether02-trunk1-master 1500 6C:3B:6B:8C:7D:A0 enabled none switch1
2 RS ;;; trunk to living room
ether03-trunk2 1500 6C:3B:6B:8C:7D:A1 enabled ether02-trunk1-master switch1
3 S ether04 1500 6C:3B:6B:8C:7D:A2 enabled ether02-trunk1-master switch1
4 S ether05 1500 6C:3B:6B:8C:7D:A3 enabled ether02-trunk1-master switch1
5 S ether06-master 1500 6C:3B:6B:8C:7D:A4 enabled none switch2
6 S ether07 1500 6C:3B:6B:8C:7D:A5 enabled ether06-master switch2
7 S ether08 1500 6C:3B:6B:8C:7D:A6 enabled ether06-master switch2
8 S ether09 1500 6C:3B:6B:8C:7D:A7 enabled ether06-master switch2
9 S ether10 1500 6C:3B:6B:8C:7D:A8 enabled ether06-master switch2
10 X sfp1 1500 6C:3B:6B:8C:7D:9E enabled none switch1Code: Select all
/interface ethernet switch vlan print
Flags: X - disabled, I - invalid
# SWITCH VLAN-ID PORTS
0 switch1 10 ether02-trunk1-master
ether03-trunk2
switch1-cpu
ether04
ether05
1 switch1 30 ether02-trunk1-master
ether03-trunk2
switch1-cpu
2 switch1 80 ether02-trunk1-master
ether03-trunk2
switch1-cpu
3 switch2 10 ether06-master
ether07
ether08
ether09
switch2-cpu
/interface ethernet switch port print
Flags: I - invalid
# NAME SWITCH VLAN-MODE VLAN-HEADER DEFAULT-VLAN-ID
0 sfp1 switch1 disabled leave-as-is auto
1 ether01-outside switch1 disabled leave-as-is auto
2 ether02-trunk1-master switch1 fallback add-if-missing 10
3 ether03-trunk2 switch1 secure add-if-missing 10
4 ether04 switch1 secure always-strip 10
5 ether05 switch1 secure always-strip 10
6 ether06-master switch2 disabled leave-as-is 0
7 ether07 switch2 disabled leave-as-is 0
8 ether08 switch2 disabled leave-as-is 0
9 ether09 switch2 disabled leave-as-is 0
10 ether10 switch2 disabled leave-as-is 0
11 switch1-cpu switch1 disabled leave-as-is auto
12 switch2-cpu switch2 disabled leave-as-is 0
/interface ethernet switch rule print
Flags: X - disabled, I - invalid
Code: Select all
/interface bridge print
Flags: X - disabled, R - running
0 R name="bridge-guest-80" mtu=auto actual-mtu=1500 l2mtu=1594 arp=enabled arp-timeout=auto mac-address=6C:3B:6B:8C:7D:A0
protocol-mode=rstp fast-forward=yes priority=0x8000 auto-mac=yes admin-mac=00:00:00:00:00:00 max-message-age=20s
forward-delay=15s transmit-hold-count=6 ageing-time=5m
1 R name="bridge-int-10" mtu=auto actual-mtu=1500 l2mtu=1594 arp=enabled arp-timeout=auto mac-address=6C:3B:6B:8C:7D:A0
protocol-mode=rstp fast-forward=yes priority=0x8000 auto-mac=yes admin-mac=00:00:00:00:00:00 max-message-age=20s
forward-delay=15s transmit-hold-count=6 ageing-time=5m
2 R ;;; defconf
name="bridge-main" mtu=auto actual-mtu=1500 l2mtu=1598 arp=enabled arp-timeout=auto mac-address=6C:3B:6B:8C:7D:A0
protocol-mode=rstp fast-forward=no priority=0x8000 auto-mac=no admin-mac=6C:3B:6B:8C:7D:A0 max-message-age=20s forward-delay=15s
transmit-hold-count=6 ageing-time=5m
/interface bridge port print
Flags: X - disabled, I - inactive, D - dynamic
# INTERFACE BRIDGE PRIORITY PATH-COST HORIZON
0 I ;;; switch2 into main network
ether06-master bridge-main 0x80 10 none
1 I wlan-int bridge-int-10 0x80 10 none
2 vlan-guest-80 bridge-guest-80 0x80 10 none
3 I wlan-guest bridge-guest-80 0x80 10 none
4 vlan-int-10 bridge-int-10 0x80 10 none
5 ether02-trunk1-master bridge-main 0x80 10 none
6 D ether03-trunk2 bridge-main 0x80 10 none
7 ID ether04 bridge-main 0x80 10 none
8 ID ether05 bridge-main 0x80 10 none
Code: Select all
/interface wireless print
Flags: X - disabled, R - running
0 name="wlan-guest" mtu=1500 l2mtu=1600 mac-address=6E:3B:6B:8C:7D:A9 arp=enabled interface-type=virtual master-interface=wlan-int
mode=ap-bridge ssid="Earl Grey \F0\9F\9A\80\F0\9F\86\93" vlan-mode=no-tag vlan-id=1 wds-mode=disabled wds-default-bridge=none
wds-ignore-ssid=no bridge-mode=enabled default-authentication=yes default-forwarding=yes default-ap-tx-limit=0
default-client-tx-limit=0 hide-ssid=no security-profile=profile-wlan-guest
1 name="wlan-int" mtu=1500 l2mtu=1600 mac-address=6C:3B:6B:8C:7D:A9 arp=enabled interface-type=Atheros AR9300 mode=ap-bridge
ssid="Earl \F0\9F\90\99 \F0\9F\90\B7 \F0\9F\90\B9" frequency=auto band=2ghz-b/g/n channel-width=20/40mhz-Ce scan-list=default
wireless-protocol=802.11 vlan-mode=no-tag vlan-id=1 wds-mode=disabled wds-default-bridge=none wds-ignore-ssid=no
bridge-mode=enabled default-authentication=yes default-forwarding=yes default-ap-tx-limit=0 default-client-tx-limit=0
hide-ssid=no security-profile=profile-wlan-int compression=no
Code: Select all
/ip address print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK INTERFACE
0 ;;; defconf
192.168.88.1/24 192.168.88.0 ether02-trunk1-master
1 10.10.10.1/24 10.10.10.0 bridge-int-10
2 10.10.80.1/24 10.10.80.0 bridge-guest-80
3 D 192.168.42.184/24 192.168.42.0 ether01-outside
/ip dhcp-server print
Flags: X - disabled, I - invalid
# NAME INTERFACE RELAY ADDRESS-POOL LEASE-TIME ADD-ARP
0 defconf bridge-main dhcp 10m
1 dhcp-guest-80 bridge-guest-80 dhcp_pool-guest-80 10m yes
2 dhcp-int-10 bridge-int-10 dhcp_pool5 10m
/ip dhcp-server network print
# ADDRESS GATEWAY DNS-SERVER WINS-SERVER DOMAIN
0 10.10.10.0/24 10.10.10.1
1 ;;; guest 80 vlan
10.10.80.0/24 10.10.80.1
2 ;;; defconf
192.168.88.0/24 192.168.88.1
/ip route print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 ADS 0.0.0.0/0 192.168.42.1 1
1 ADC 10.10.10.0/24 10.10.10.1 bridge-int-10 0
2 ADC 10.10.80.0/24 10.10.80.1 bridge-guest-80 0
3 ADC 192.168.42.0/24 192.168.42.184 ether01-outside 0
4 ADC 192.168.88.0/24 192.168.88.1 bridge-main 0