Community discussions

MikroTik App
 
bylie
just joined
Topic Author
Posts: 12
Joined: Sat Jan 08, 2022 2:54 pm

Use Mikrotik hAP AC3 as combined AP/switch

Sat Jan 08, 2022 3:35 pm

Hi,

I was wondering if it's possible to configure a Mikrotik hAP AC3 as follows:
  • Use ROS 7 with newer wave2 wifi package and thus features.
  • Configure eth1 as a VLAN trunk to an upstream switch.
  • Configure eth2-5 as VLAN access ports bridged to one of the trunked upstream VLAN's.
  • Configure multiple SSID's (virtual AP's) on the 2.4 and 5 GHz radios bridged to one of the trunked upstream VLAN's.
  • Use the switch chip for intra VLAN forwarding on the eth1-5 interfaces, instead of software bridge VLAN filtering, to make use of L2 hardware offloading.
  • Configure an IP in one the trunked upstream VLAN's for device management (SSH/webfig).

So essentially I'd like to use the hAP AC3 as a small VLAN capable wave2 AC accesspoint combined with a 5 port VLAN capable switch with full L2 intra VLAN hardware offloading using the switch chip functionality instead of software bridge VLAN filtering. I already have an existing device that does all the routing (internet/inter VLAN) and firewalling.

The documentation does not really provide me with enough confidence that all this is possible without hitting a limitation somewhere such as having to fall back to software bridge VLAN filtering or the older non-wave2 wifi package.

Anyone using this device in the above fashion and willing to share existing configuration and/or experiences?
 
bylie
just joined
Topic Author
Posts: 12
Joined: Sat Jan 08, 2022 2:54 pm

Re: Use Mikrotik hAP AC3 as combined AP/switch

Wed Jan 12, 2022 4:59 pm

No one using the Mikrotik hAP AC3 this way or have any experience to add?

Going from the numerous complaints regarding Mikrotik and wifi on this forum and elsewhere I'm now starting to wonder if this is even something I'd like to undertake and maybe I'd be better off getting a separate VLAN capable switch and accesspoint?
 
tdw
Forum Guru
Forum Guru
Posts: 2032
Joined: Sat May 05, 2018 11:55 am

Re: Use Mikrotik hAP AC3 as combined AP/switch

Wed Jan 12, 2022 5:39 pm

Other hAP with 6.x can do this so it should be possible, just somewhat fiddly.

As RouterOS doesn't support hardware offloading for vlan-aware bridges using the Atheros 8327 switch chip you must:
1. use a non-VLAN-aware bridge (so no setting pvid= or adding anything under /interface bridge vlan)
2. configure the switch chip https://help.mikrotik.com/docs/display/ ... upExamples
3. ensure that vlan-id= and vlan-mode=use-tag are set on any wlan interfaces, remember to include these VLANs for the switch1_cpu switch port
 
bylie
just joined
Topic Author
Posts: 12
Joined: Sat Jan 08, 2022 2:54 pm

Re: Use Mikrotik hAP AC3 as combined AP/switch

Wed Jan 12, 2022 5:57 pm

1. use a non-VLAN-aware bridge (so no setting pvid= or adding anything under /interface bridge vlan)
2. configure the switch chip https://help.mikrotik.com/docs/display/ ... upExamples

I already have such a VLAN config running on a Mikrotik HEX PoE, using switch chip for offloading instead of VLAN filtering on the bridge, so I'm familiar with the (convoluted) config.

3. ensure that vlan-id= and vlan-mode=use-tag are set on any wlan interfaces, remember to include these VLANs for the switch1_cpu switch port

Is this also possible using ROS 7 and wave2 wifi package?
 
tdw
Forum Guru
Forum Guru
Posts: 2032
Joined: Sat May 05, 2018 11:55 am

Re: Use Mikrotik hAP AC3 as combined AP/switch

Wed Jan 12, 2022 6:59 pm

I don't have one to test, however there is no mention of configuring tagged wlan interfaces in https://help.mikrotik.com/docs/display/ROS/WifiWave2. Until this is fixed you can work around it by creating an /interface vlan attached to the existing bridge for the desired VLAN ID, then add this vlan interface plus the wlan interface to a new bridge.
There are potential issues with this setup but if you ensure that the additional bridge has spanning tree disabled to avoid https://help.mikrotik.com/docs/display/ ... linterface, and potentially use an additional bridge and VLAN interface for each wlan interface to avoid https://help.mikrotik.com/docs/display/ ... einabridge it should work.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 12980
Joined: Thu Mar 03, 2016 10:23 pm

Re: Use Mikrotik hAP AC3 as combined AP/switch

Wed Jan 12, 2022 7:21 pm

My experience with hAP ac2 (pretty similar to hAP ac3, it's got less RAM and less storage than hAP ac3) running ROS v6 is that device is capable of bridging wire-speed without much sweat. I'd expect performance in ROS v7 to be similar to performance in v6.
In order to avoid convoluted config, go with normal vlan-filtered bridge and see if it performs fine. Could be that device will start to sweat under full wireless load (running wave2 driver) ... but the difference will only be when there will be high ether-to-ether traffic ... wireless to ether will be the same, CPU will have to do most of work anyway.
 
gotsprings
Forum Guru
Forum Guru
Posts: 2307
Joined: Mon May 14, 2012 9:30 pm

Re: Use Mikrotik hAP AC3 as combined AP/switch

Thu Jan 13, 2022 1:16 am

I did that to an Audience.

I also have used the WAVE2 Driver on a hap AC3 as a wap only.

But I think you need a Ruckus h510.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 21908
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Use Mikrotik hAP AC3 as combined AP/switch

Thu Jan 13, 2022 1:23 am

THis is dirt simple.
one bridge
trunk in port
trunk out ports to any other smart devices
access ports out to dumb devices
access wlans out as required.

identify vlans to bridge
assign bridge ports
assign bridge vlans

one interface=manage
trusted vlan is list member
Use manage for ip neighbours and tools winmacserver

Simple IP route to gateway of trusted vlan.
Basically done.
 
bylie
just joined
Topic Author
Posts: 12
Joined: Sat Jan 08, 2022 2:54 pm

Re: Use Mikrotik hAP AC3 as combined AP/switch

Thu Jan 13, 2022 12:17 pm

Hmmm, I was looking into going with Mikrotik again after a good experience using a HEX PoE as home internet router but in this case there are too many unknowns for my taste coupled with the not too stellar consumer wifi performance of Mikrotik it seems. I'm going to go with a standalone switch and accesspoint to separate both functions and be able to select both products on merit.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 21908
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Use Mikrotik hAP AC3 as combined AP/switch

Sat Jan 15, 2022 8:10 pm

I use my hex as a switch works fine. :-)
Get a better router RB5009, and then something like a TPLINK eap245 if you want plain jane wifi5 or the eap660HD if you want wifi6 for example.
 
gotsprings
Forum Guru
Forum Guru
Posts: 2307
Joined: Mon May 14, 2012 9:30 pm

Re: Use Mikrotik hAP AC3 as combined AP/switch

Sat Jan 15, 2022 10:31 pm

I have a hAP AC2 on my desk as a switch. 1-4 are local area network. Port 5 is EoIP to my office.
 
karabojkov
just joined
Posts: 4
Joined: Sun Feb 19, 2023 11:41 pm

Re: Use Mikrotik hAP AC3 as combined AP/switch

Sun Feb 19, 2023 11:55 pm

Other hAP with 6.x can do this so it should be possible, just somewhat fiddly.

As RouterOS doesn't support hardware offloading for vlan-aware bridges using the Atheros 8327 switch chip you must:
1. use a non-VLAN-aware bridge (so no setting pvid= or adding anything under /interface bridge vlan)
2. configure the switch chip https://help.mikrotik.com/docs/display/ ... upExamples
3. ensure that vlan-id= and vlan-mode=use-tag are set on any wlan interfaces, remember to include these VLANs for the switch1_cpu switch port
I'm very interested in this setup but unfortunately I couldn't get it working.
I think I cannot make the correct connection between the VLAN aware switch and WLANs through the bridge.
I'm using RouterOS 7.7 without any additional packages, including WAVE2.
Perhaps I should just give up trying to benefit from the switch chip hardware offloading?
 
maigonis
Member Candidate
Member Candidate
Posts: 211
Joined: Sat Jul 20, 2019 8:16 pm

Re: Use Mikrotik hAP AC3 as combined AP/switch

Mon Feb 20, 2023 10:27 am

hap ac3 uses 4019 soc, it is capable of doing this. I have rg450g4 as main router whit wave2 package, all bridge ports are hw offloaded whit switch chip vlan config method. Of course wlan interfaces will not be hw offloaded.
 
karabojkov
just joined
Posts: 4
Joined: Sun Feb 19, 2023 11:41 pm

Re: Use Mikrotik hAP AC3 as combined AP/switch

Mon Feb 20, 2023 10:55 am

hap ac3 uses 4019 soc, it is capable of doing this. I have rg450g4 as main router whit wave2 package, all bridge ports are hw offloaded whit switch chip vlan config method. Of course wlan interfaces will not be hw offloaded.
I need exactly this. Of course I'm not expecting WLAN HW offloading, only for Ethernet. May I ask you for some directions how to configure this? I think I'm missing the part with VLAN aware switch chip config and the connection (bridge perhaps?) between it and VLAN aware WLANs. The radio connection to WiFi clients has to be not VLAN tagged.
 
maigonis
Member Candidate
Member Candidate
Posts: 211
Joined: Sat Jul 20, 2019 8:16 pm

Re: Use Mikrotik hAP AC3 as combined AP/switch

Tue Feb 21, 2023 9:52 am

hap ac3 uses 4019 soc, it is capable of doing this. I have rg450g4 as main router whit wave2 package, all bridge ports are hw offloaded whit switch chip vlan config method. Of course wlan interfaces will not be hw offloaded.
I need exactly this. Of course I'm not expecting WLAN HW offloading, only for Ethernet. May I ask you for some directions how to configure this? I think I'm missing the part with VLAN aware switch chip config and the connection (bridge perhaps?) between it and VLAN aware WLANs. The radio connection to WiFi clients has to be not VLAN tagged.
This is my code snippet form main router. As you can see, vlan interfaces are created on bridge, after that in switch chip menu vlans are tagged and ports configured. But be aware, this type of config can lock you out (switch chip tag must be added last, also rest of config must be correct), so have a config backup and use safe mode. This is overall concept, I suggest you to test in lab env if you can to understand how it functions.
/interface vlan
add comment=Pamata interface=bridge1 name=vlan_10_vadi vlan-id=10
add comment=IoT interface=bridge1 name=vlan_20_wifi vlan-id=20
add comment=Viesi interface=bridge1 name=vlan_30_wifi vlan-id=30
/interface ethernet switch port
set 1 default-vlan-id=10 vlan-header=always-strip vlan-mode=secure
set 2 default-vlan-id=10 vlan-header=always-strip vlan-mode=secure
set 3 vlan-header=add-if-missing vlan-mode=secure
set 4 vlan-header=add-if-missing vlan-mode=secure
set 5 vlan-mode=secure
/interface ethernet switch vlan
add independent-learning=yes ports=switch1-cpu,ether2,ether3,ether4,ether5 \
    switch=switch1 vlan-id=10
add independent-learning=yes ports=ether4,ether5,switch1-cpu switch=switch1 \
    vlan-id=20
add independent-learning=yes ports=ether4,ether5,switch1-cpu switch=switch1 \
    vlan-id=30
 
karabojkov
just joined
Posts: 4
Joined: Sun Feb 19, 2023 11:41 pm

Re: Use Mikrotik hAP AC3 as combined AP/switch

Tue Feb 21, 2023 12:31 pm

Thank you very much for your kind cooperation!
I *think* I've managed to get the vlans working, perhaps I've missed VLAN tagging on Wireless interfaces and non-VLAN aware bridge. At least VLAN 99 on WiFi and access ethernet ports works as expected.
Now I have another problem. The device is not accessible by IP address via its management interface (VLAN 111 on the snippet below):
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n country=no_country_set disabled=no frequency=auto frequency-mode=manual-txpower installation=indoor mode=ap-bridge ssid=INT vlan-id=99 vlan-mode=use-tag \
    wireless-protocol=802.11 wps-mode=disabled
set [ find default-name=wlan2 ] band=5ghz-a/n/ac country=no_country_set disabled=no frequency=auto frequency-mode=manual-txpower installation=indoor mode=ap-bridge ssid=INT vlan-id=99 vlan-mode=use-tag wps-mode=\
    disabled
add disabled=no master-interface=wlan1 name=wlan3 security-profile=teacher ssid=WiFi_1 vlan-id=9 vlan-mode=use-tag
add disabled=no master-interface=wlan2 name=wlan4 security-profile=teacher ssid=WiFi_1 vlan-id=9 vlan-mode=use-tag
add disabled=no master-interface=wlan1 name=wlan5 security-profile=guest ssid=WiFi_Guest vlan-id=10 vlan-mode=use-tag
add disabled=no master-interface=wlan2 name=wlan6 security-profile=guest ssid=WiFi_Guest vlan-id=10 vlan-mode=use-tag
/interface bridge
add name=BR1 protocol-mode=none
/interface vlan
add interface=BR1 name=guest vlan-id=10
add interface=BR1 name=mgmt vlan-id=111
add interface=BR1 name=int vlan-id=99
add interface=BR1 name=wifi1 vlan-id=9
/interface ethernet switch port
set 0 default-vlan-id=111 vlan-mode=secure #The port should be hybrid with VLAN 111 untagged
set 1 default-vlan-id=99 vlan-header=always-strip vlan-mode=secure #Untagged ports
set 2 default-vlan-id=99 vlan-header=always-strip vlan-mode=secure
set 3 default-vlan-id=99 vlan-header=always-strip vlan-mode=secure
set 5 default-vlan-id=111 vlan-mode=secure #Backup access port for LAB tests
/interface list
add name=MGMT
/interface bridge port
add bridge=BR1 interface=ether1
add bridge=BR1 interface=ether2
add bridge=BR1 interface=ether3
add bridge=BR1 interface=ether4
add bridge=BR1 interface=ether5
add bridge=BR1 interface=wlan1
add bridge=BR1 interface=wlan2
add bridge=BR1 interface=wlan3
add bridge=BR1 interface=wlan4
add bridge=BR1 interface=wlan5
add bridge=BR1 interface=wlan6
/interface ethernet switch vlan
add independent-learning=yes ports=ether1,switch1-cpu switch=switch1 vlan-id=111
add independent-learning=yes ports=ether1,ether2,ether3,ether4,switch1-cpu switch=switch1 vlan-id=99
add independent-learning=yes ports=ether1,switch1-cpu switch=switch1 vlan-id=10
add independent-learning=yes ports=ether1,switch1-cpu switch=switch1 vlan-id=9
/interface list member
add interface=mgmt list=MGMT
/ip address
add address=192.168.10.7/24 interface=mgmt network=192.168.10.0
 
karabojkov
just joined
Posts: 4
Joined: Sun Feb 19, 2023 11:41 pm

Re: Use Mikrotik hAP AC3 as combined AP/switch

Tue Feb 21, 2023 9:19 pm

It turned out I forgot to enable VLAN filtering on CPU switch port (no.5 in this case):
/interface ethernet switch port set 5 vlan-mode=secure
In my case the device is AP and VLAN-aware switch, it doesn't route and only management IP is needet. Thus all the VLAN interfaces seem unnecessary and now I have only:
/interface vlan add interface=BR1 name=mgmt vlan-id=111
A note about Atheros 8237 says, that the default vlan-header=leave-as-is property should be used. I removed
vlan-header=always-strip
from
/interface ethernet switch port
config.
Now everything works as expected.
Thanks again! I strongly appreciate your help!
 
maigonis
Member Candidate
Member Candidate
Posts: 211
Joined: Sat Jul 20, 2019 8:16 pm

Re: Use Mikrotik hAP AC3 as combined AP/switch

Thu Feb 23, 2023 11:33 am

It turned out I forgot to enable VLAN filtering on CPU switch port (no.5 in this case):
/interface ethernet switch port set 5 vlan-mode=secure
In my case the device is AP and VLAN-aware switch, it doesn't route and only management IP is needet. Thus all the VLAN interfaces seem unnecessary and now I have only:
/interface vlan add interface=BR1 name=mgmt vlan-id=111
A note about Atheros 8237 says, that the default vlan-header=leave-as-is property should be used. I removed
vlan-header=always-strip
from
/interface ethernet switch port
config.
Now everything works as expected.
Thanks again! I strongly appreciate your help!
Glan it helped. Key here is to follow tag thru the path.

Who is online

Users browsing this forum: tombs and 14 guests