HAPac VLAN IP address

WzL · Thu Nov 02, 2017 4:15 pm

I have a setup with a CRS125-24G-1S and a HAPac 962UiGS-5HacT2HnT. I have two vlans I am sharing between the two devices using a trunk port.
vlan20 - 172.18.8.0/28
vlan21 - 172.18.9.0/26

As an example for the trunk port config I looked at the VLAN Example 1 (Trunk and Access Ports) part of this example config. For the wireless tagged traffic I looked at the VLAN mode usage part of this example configuration.

On the CRS i have a IP address assigned to VLAN21 -> 172.18.9.1 which I use to access the webfig env. I configured the HAPac according to the beneatch config but i am unable to successfully connect to the HAPac using the IP adress 172.18.9.2. From the crs125 i am unable to ping 172.18.9.2 and from the HAPac i am unable to ping 172.18.9.1. Strange thing is, the trunk is working fine and because I receive an IP on the HAPac ether2 from the DHCP server on vlan20 from CRS125. I would like to bridge the whole thing together but until now I am running into this issue :-/

Config CRS125:

Code: Select all

/interface ethernet

set [ find default-name=ether3 ] master-port=ether2

/interface vlan

add interface=ether2 name=lantrusted vlan-id=20

add interface=ether2 name=wlantrusted vlan-id=21

/interface ethernet switch egress-vlan-tag

add tagged-ports=ether3,switch1-cpu vlan-id=20

add tagged-ports=ether3,switch1-cpu vlan-id=21

/interface ethernet switch vlan

add ports=ether3,switch1-cpu vlan-id=20

add ports=ether3,switch1-cpu vlan-id=21

/ip address

add address=172.18.8.1/28 interface=lantrusted network=172.18.8.0

add address=172.18.9.1/26 interface=wlantrusted network=172.18.9.0

Config HAPac:

Code: Select all

/interface bridge

add name=bridge_trunk protocol-mode=none

add name=bridge_wlan

/interface ethernet

set [ find default-name=ether2 ] master-port=ether1

set [ find default-name=ether3 ] master-port=ether1

set [ find default-name=ether4 ] master-port=ether1

set [ find default-name=ether5 ] master-port=ether1

/interface wireless

set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-Ceee disabled=no distance=indoors frequency=auto mode=ap-bridge ssid=Nowyouseeme vlan-id=21 vlan-mode=use-tag wireless-protocol=802.11 wps-mode=disabled 

/interface vlan

add interface=ether1 name=vlan21-ether1 vlan-id=21

add interface=wlan2 name=vlan21-wlan2 vlan-id=21

/interface ethernet switch port

set 0 vlan-header=add-if-missing vlan-mode=secure

set 1 default-vlan-id=20 vlan-header=always-strip vlan-mode=secure

/interface bridge port

add bridge=bridge_trunk interface=ether1

add bridge=bridge_wlan interface=vlan21-ether1

add bridge=bridge_wlan interface=vlan21-wlan2

/interface ethernet switch vlan

add independent-learning=yes ports=ether1,ether2 switch=switch1 vlan-id=20

add independent-learning=yes ports=ether1 switch=switch1 vlan-id=21

/ip address

add address=172.18.9.2/26 interface=vlan21-ether1 network=172.18.9.0

WzL · Sun Nov 12, 2017 1:32 pm

I managed to find out what my issue was. So for the sake of getting this topic marked as "Solved", here my config to successfully connect 2 tagged vlans across one cable between the CRS125 and the HAPac both on routerOS version 6.40.5. Vlan21 is used to bridge wlan traffic between the CRS125 and the HAPac. Vlan20 and Vlan16 are exposed on the HAPac as untagged, both of them as separate accessports.

My issue was that I was trying to get the problem solved using bridges while I should have used the HAPac switch features in the first place as is described here.

Relevant config CRS125

/interface ethernet
set [ find default-name=ether3 ] master-port=ether2

/interface vlan
add interface=ether2 name=backup vlan-id=16
add interface=ether2 name=lan vlan-id=20
add interface=ether2 name=wlan vlan-id=21

/ip pool
add name=dhcp_poollan ranges=172.18.8.4-172.18.8.14
add name=dhcp_pool_wlan ranges=172.18.9.10-172.18.9.55

/ip dhcp-server
add address-pool=dhcp_poollan disabled=no interface=lan name=dhcplan
add address-pool=dhcp_pool_wlan disabled=no interface=wlan name=dhcp_wlan

/interface ethernet switch egress-vlan-tag
add tagged-ports=ether3,switch1-cpu vlan-id=20
add tagged-ports=ether3,switch1-cpu vlan-id=21
add tagged-ports=ether3,switch1-cpu vlan-id=16

/interface ethernet switch vlan
add ports=ether3,switch1-cpu vlan-id=16
add ports=ether3,switch1-cpu vlan-id=20
add ports=ether3,switch1-cpu vlan-id=21

/ip address
add address=10.222.0.193/29 interface=backup network=10.222.0.192
add address=172.18.8.1/28 interface=lan network=172.18.8.0
add address=172.18.9.1/26 interface=wlan network=172.18.9.0

/ip dhcp-server network
add address=172.18.8.0/28 dns-server=10.201.0.195,10.201.0.196 gateway=172.18.8.1
add address=172.18.9.0/26 dns-server=10.201.0.195,10.201.0.196 gateway=172.18.9.1

Relevant config HAPac:

/interface bridge
add name=bridge-vlan21 protocol-mode=none

/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \
    disabled=no distance=indoors frequency=auto mode=ap-bridge ssid=Tweakers \
    wireless-protocol=802.11 wps-mode=disabled
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
    20/40/80mhz-Ceee disabled=no distance=indoors frequency=auto mode=\
    ap-bridge ssid=Tweakers-5ghz wireless-protocol=802.11 wps-mode=disabled

/interface vlan
add interface=ether1 name=vlan21 vlan-id=21

/interface ethernet switch port
set 0 vlan-header=add-if-missing vlan-mode=secure
set 1 default-vlan-id=20 vlan-header=always-strip vlan-mode=secure
set 2 default-vlan-id=16 vlan-header=always-strip vlan-mode=secure
set 5 vlan-mode=secure

/interface bridge port
add bridge=bridge-vlan21 interface=wlan2
add bridge=bridge-vlan21 interface=wlan1
add bridge=bridge-vlan21 interface=vlan21

/interface ethernet switch vlan
add independent-learning=yes ports=ether1,ether3,switch1-cpu switch=switch1 vlan-id=16
add independent-learning=yes ports=ether1,ether2,switch1-cpu switch=switch1 vlan-id=20
add independent-learning=yes ports=ether1,switch1-cpu switch=switch1 vlan-id=21

/ip address
add address=172.18.9.2/26 interface=vlan21 network=172.18.9.0

/ip dns
set allow-remote-requests=yes servers=10.201.0.195,10.201.0.196

/ip route
add distance=1 gateway=172.18.9.1

HAPac VLAN IP address

HAPac VLAN IP address

Re: HAPac VLAN IP address