VLAN Check
Posted: Wed Oct 06, 2021 10:06 am
Hi,
im just switching from my hEX to a RB5009 and want to use VLANs.
VLAN 2 - for almost anything
VLAN10 - for Work
VLAN20 - for Guests
At the moment my Network is ike this:
On the RB5009
eth1 goes to the crs309
eth2 to wan
eth3 is a port for a end-device(access-port)
eth4 goes to a unifi ap
eth8 is outside the bridge as a emergency port
eth1 and eth4 need all 3 vlans
eth3 only need vlan2
my current router config:
my current switch config:
Does this all look ok, or do i have a error in that? Tried my best after the guides from pcunite.
im just switching from my hEX to a RB5009 and want to use VLANs.
VLAN 2 - for almost anything
VLAN10 - for Work
VLAN20 - for Guests
At the moment my Network is ike this:
On the RB5009
eth1 goes to the crs309
eth2 to wan
eth3 is a port for a end-device(access-port)
eth4 goes to a unifi ap
eth8 is outside the bridge as a emergency port
eth1 and eth4 need all 3 vlans
eth3 only need vlan2
my current router config:
Code: Select all
[admin@rb5009] > exp
# jan/01/2002 06:34:05 by RouterOS 7.0.5
# software id = 56R5-PRTF
#
# model = RB5009UG+S+
# serial number = EC190E3732EA
/interface bridge
add name=bridge1 protocol-mode=none vlan-filtering=yes
/interface vlan
add interface=bridge1 name=vlan2 vlan-id=2
add interface=bridge1 name=vlan10 vlan-id=10
add interface=bridge1 name=vlan20 vlan-id=20
/interface list
add name=LAN
add name=WAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=ether4
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=ether3 pvid=2
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface bridge vlan
add bridge=bridge1 tagged=bridge1,ether1,ether4 vlan-ids=10
add bridge=bridge1 tagged=bridge1,ether1,ether4 vlan-ids=20
add bridge=bridge1 tagged=bridge1 vlan-ids=2
/interface list member
add interface=ether1 list=LAN
add interface=ether2 list=WAN
add interface=ether3 list=LAN
add interface=ether4 list=LAN
add interface=ether5 list=LAN
add interface=ether6 list=LAN
add interface=ether7 list=LAN
add interface=ether8 list=LAN
/ip address
add address=192.168.55.1/24 interface=ether8 network=192.168.55.0
add address=192.168.2.1/24 interface=vlan2 network=192.168.2.0
add address=192.168.20.1/24 interface=vlan20 network=192.168.20.0
add address=192.168.10.1/24 interface=vlan10 network=192.168.10.0
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/system identity
set name=rb5009
/system ntp client
set enabled=yes
/system ntp client servers
add address=192.168.2.43
add address=176.9.157.155
/tool mac-server
set allowed-interface-list=none
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool mac-server ping
set enabled=no
Code: Select all
# oct/02/2021 18:39:34 by RouterOS 6.48.4
# software id = 5F4H-LU84
#
# model = CRS309-1G-8S+
# serial number = D8480D98FA47
/interface ethernet
set [ find default-name=ether1 ] comment=arbeitszimmer l2mtu=1592
set [ find default-name=sfp-sfpplus1 ] l2mtu=1592
set [ find default-name=sfp-sfpplus2 ] l2mtu=1592
set [ find default-name=sfp-sfpplus3 ] comment=pve2-sfp l2mtu=1592
set [ find default-name=sfp-sfpplus4 ] advertise=1000M-half,1000M-full auto-negotiation=no comment=pve2-ipmi l2mtu=1592
set [ find default-name=sfp-sfpplus5 ] auto-negotiation=no comment="zum hEX" l2mtu=1592
set [ find default-name=sfp-sfpplus6 ] l2mtu=1592
set [ find default-name=sfp-sfpplus7 ] l2mtu=1592
set [ find default-name=sfp-sfpplus8 ] l2mtu=1592
/interface bridge
add dhcp-snooping=yes name=bridge1
/interface vlan
add interface=bridge1 name=vlan2 vlan-id=2
/interface list
add name=LAN
/system logging action
set 3 target=memory
/user group
set full policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,tikapp
/interface bridge port
add bridge=bridge1 interface=ether1 pvid=2
add bridge=bridge1 interface=sfp-sfpplus1
add bridge=bridge1 interface=sfp-sfpplus2
add bridge=bridge1 interface=sfp-sfpplus3 pvid=2
add bridge=bridge1 interface=sfp-sfpplus4 pvid=2
add bridge=bridge1 comment="\"trusted\" fur dhcp-snooping" interface=sfp-sfpplus5 trusted=yes
add bridge=bridge1 interface=sfp-sfpplus6
add bridge=bridge1 interface=sfp-sfpplus7
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface bridge vlan
add bridge=bridge1 tagged=sfp-sfpplus5 vlan-ids=2
add bridge=bridge1 tagged=sfp-sfpplus5 vlan-ids=10
add bridge=bridge1 tagged=sfp-sfpplus5 vlan-ids=20
/interface list member
add interface=ether1 list=LAN
add interface=sfp-sfpplus1 list=LAN
add interface=sfp-sfpplus2 list=LAN
add interface=sfp-sfpplus3 list=LAN
add interface=sfp-sfpplus4 list=LAN
add interface=sfp-sfpplus5 list=LAN
add interface=sfp-sfpplus6 list=LAN
add interface=sfp-sfpplus7 list=LAN
add interface=sfp-sfpplus8 list=LAN
/ip address
add address=192.168.2.223/24 interface=bridge1 network=192.168.2.0
add address=192.168.55.3/24 interface=sfp-sfpplus8 network=192.168.55.0
add address=192.168.2.224 interface=vlan2 network=192.168.2.224
/ip cloud
set update-time=no
/ip dns
set servers=192.168.2.1
/ip firewall filter
add action=accept chain=input connection-state=established,related
add action=accept chain=input dst-port=8291 protocol=tcp src-address=192.168.2.0/24
add action=accept chain=input dst-port=22 protocol=tcp src-address=192.168.2.0/24
add action=drop chain=input
/ip route
add distance=1 gateway=192.168.2.1
/ip service
set ftp disabled=yes
set www disabled=yes
/ip ssh
set strong-crypto=yes
/system clock
set time-zone-name=Europe/Berlin
/system identity
set name=crs309
/system ntp client
set enabled=yes primary-ntp=192.168.2.43
/system routerboard settings
set boot-os=router-os
/tool bandwidth-server
set enabled=no
/tool mac-server
set allowed-interface-list=none
/tool mac-server mac-winbox
set allowed-interface-list=LAN
Does this all look ok, or do i have a error in that? Tried my best after the guides from pcunite.