Here is a desired setup:
https://drive.google.com/file/d/1P_qHvS ... QJcCsM2_ox
The goal is:
1) to have 3 different VLANs (59, 69 and 79)
2) 3 Access Points that broadcast 3 different WLANs (corresponding to VLANs)
3) 3 APs to be part VLAN 69
4) Almost all physical ports to be part of VLAN-69, except two: one for VLAN-79 and one for mgmt purposes.
I was able to create a bridge, vlans, assign ports to vlans, configure dhcp over wlans etc. The issue I challenged is: I'm not able to ping AP, even though I run the ping from the PC that is in the same subnet: 10.69.0.0/24. That blocks AP from being managed by the controller. I can ping any other device from 10.69.0.x, but not AP. All access points get properly IP addresses from DHCP server, just like any other devices. Ether1 is my WAN line.
Router: CRS125-24G-1S with RouterOS 6.46.4
AP: UBIQUITI UNIFI UAP-AC-LITE
Here is my configuration up to now:
Code: Select all
/interface bridge
add mtu=1500 name=vbridge pvid=69 vlan-filtering=yes
/interface bridge port
add bridge=vbridge interface=ether2 pvid=69
add bridge=vbridge interface=ether3 pvid=69
add bridge=vbridge interface=ether4 pvid=69
add bridge=vbridge interface=ether5 pvid=69
add bridge=vbridge interface=ether6 pvid=69
add bridge=vbridge interface=ether8 pvid=69
add bridge=vbridge interface=ether9 pvid=69
add bridge=vbridge interface=ether10 pvid=69
add bridge=vbridge interface=ether11 pvid=69
add bridge=vbridge interface=ether12 pvid=69
add bridge=vbridge interface=ether13 pvid=79
add bridge=vbridge interface=ether14 pvid=69
add bridge=vbridge interface=ether15 pvid=69
add bridge=vbridge interface=ether16 pvid=69
add bridge=vbridge interface=ether18 pvid=69
add bridge=vbridge interface=ether19 pvid=69
add bridge=vbridge interface=ether20 pvid=69
add bridge=vbridge interface=ether21 pvid=69
add bridge=vbridge interface=ether7 learn=yes pvid=69
add bridge=vbridge interface=ether22 learn=yes pvid=69
add bridge=vbridge interface=ether23 learn=yes pvid=69
/interface bridge vlan
add bridge=vbridge tagged=vbridge,ether7,ether22,ether23 untagged=ether2,ether3,ether4,ether5,ether6,ether8,ether9,ether10,ether11,ether12,ether14,ether15,ether16,ether18,ether19,ether20,ether21 vlan-ids=69
add bridge=vbridge tagged=vbridge,ether7,ether22,ether23 untagged=ether13 vlan-ids=79
add bridge=vbridge tagged=vbridge,ether7,ether22,ether23 vlan-ids=59
/interface vlan
add interface=vbridge name=vlan-59 vlan-id=59
add interface=vbridge name=vlan-69 vlan-id=69
add interface=vbridge name=vlan-79 vlan-id=79
/ip address
add address=10.100.0.1/30 interface=ether17 network=10.100.0.0
add address=10.69.0.1/24 interface=vlan-69 network=10.69.0.0
add address=10.79.0.1/24 interface=vlan-79 network=10.79.0.0
add address=10.59.0.1/24 interface=vlan-59 network=10.59.0.0
/ip dhcp-server
add address-pool=pool-69 authoritative=after-2sec-delay disabled=no interface=vlan-69 lease-time=1d name=dhcp-69
add address-pool=pool-79 disabled=no interface=vlan-79 lease-time=1d name=dhcp-79
add address-pool=pool-59 disabled=no interface=vlan-59 lease-time=00:30:00 name=dhcp-59
add address-pool=pool-mgmt disabled=no interface=ether17 lease-time=1d name=dhcp-mgmt
/ip dhcp-server lease
add address=10.69.0.253 client-id=1:24:5e:be:2f:b1:58 mac-address=24:5E:BE:2F:B1:58 server=dhcp-69 // PC
add address=10.69.0.252 client-id=1:30:5:5c:c4:1:87 mac-address=30:05:5C:C4:01:87 server=dhcp-69 // PRINTER
add address=10.69.0.251 client-id=1:f0:1f:af:60:9a:6e mac-address=F0:1F:AF:60:9A:6E server=dhcp-69 // ACCESS POINT
/ip dhcp-server network
add address=10.59.0.0/24 dns-server=10.59.0.1,8.8.8.8 gateway=10.59.0.1 netmask=24
add address=10.69.0.0/24 dns-server=10.69.0.1,8.8.8.8 gateway=10.69.0.1 netmask=24
add address=10.79.0.0/24 dns-server=10.79.0.1,8.8.8.8 gateway=10.79.0.1 netmask=24
add address=10.100.0.0/30 dns-server=10.100.0.1,8.8.8.8 gateway=10.100.0.1 netmask=30
/ip pool
add name=pool-mgmt ranges=10.100.0.2
add name=pool-69 ranges=10.69.0.10-10.69.0.254
add name=pool-79 ranges=10.79.0.1-10.79.0.254
add name=pool-59 ranges=10.59.0.1-10.59.0.254
