Greetings,

I'm wondering how you might go about setting up a common management vlan so that all backhaul radios would be on a single IP block while having a dedicated IP Block (DHCP) for each interface?

So I want to be able to configure all backhaul radius on any interface to all be managed from a single IP block, but want to keep the client IP Blocks separate for each interface. That way I don't have to deal with the problems associated with sharing IP Blocks across multiple interfaces later down the road.

For example:

Bridge -> backhaul_radio_mgnt_bridge:
Bridge Port -> backhaul_mgnt_bridge:Eth2, Eth3, Eth4

IP Addr -> backhaul_mgnt_bridge:10.10.0.1/28
IP Addr -> Eth2:172.25.0.1/24 (w/ DHCP configured to offer from Pool)
IP Addr -> Eth3:172.26.0.1/24 (w/ DHCP configured to offer from Pool)
IP Addr -> Eth4:172.27.0.1/24 (w/ DHCP configured to offer from Pool)

Thank you for your input and recommendations based on your experience with MTR

td

Clarification, not so much how to set up a vlan, I know the procedure. But how to use a bridge and/or a vlan to accomplish my functionality?

Thank you

Hello,

Does anybody have an idea of how this would be accomplished? Or this this not possible with the Mikrotik product?

Thank you very much

Your explanation is confusing to me. What is the end goal? When you say management bridge port are you talking about wireless bridge between locations or an actual bridge interface in the MikroTik?

Hi bkuhn,

Sorry for any confusion. Let me see if I can better explain. There are no mikrotik wireless links in this equation nor does the router itself have a wireless card. All links from the router are either a UBNT, Cambium, Siklu, or Dragonwave. These are APs or PtP links connected to eth ports. We are only talking about the router and routing itself. I would like to use one common IP block to manage the backbone radios and APs. However, I want separate IP blocks serving the customers from those APs.

For example:
I want to put my mgmt IP block on vlan 10. All of my radios will look for tagged traffic (id 10) or I would have an out of band eth link where radios have two eth port for out of band mgmt.
vlan 10 - mgmt - 10.10.0.0/28

All of my APs:
Eth2 - vlan 101 - Cust AP1 - 172.25.0.1/24
Eth3 - vlan 102 - Cust AP2 - 172.26.0.1/24
Eth4 - vlan 103 - Cust AP3 - 172.27.0.1/24

Okay, that makes more sense.

I believe this will work, but I can verify when I get home. This weekend I didn't have any UBNT radios at home to test with and now at work all I have available are a couple of MT x86 boxes and a few RB411 that don't have enough ethernet ports to set up a lab here.

This is a walkthrough using winbox:
Interfaces > VLAN Tab > Add
You want to create the management vlan for each interface and the "customer" vlans on their respective interfaces. For example:
name=eth2-vlan10
vlan id=10
interface=eth2

name=eth3-vlan10
vlan id=10
interface=eth3

name=eth2-vlan101
vlan id=101
interface=eth2

name=eth3-vlan102
vlan id=102
interface=eth3

etc...
Next, create a bridge interface:
Bridge > Bridge Tab > Add
name=bridge1-management (or whatever you would like)
Bridge > Ports Tab > Add
interface=eth2-vlan10, bridge=bridge1-management
interface=eth3-vlan10, bridge=bridge1-management

Next, add IP addresses:
IP > Addresses > Add
address=10.10.0.0/28, interface=bridge1-management
address=172.25.0.1/24, interface=eth2-vlan101
address=172.26.0.1/24, interface=eth3-vlan102

That should get you close, you would still have DHCP server setup, NAT, and adding a default gateway to the MT. Hopefully this helps. I can setup a lab tonight and test if that would help. Not sure if you're making these changes to a production environment, but it sounds like it.

This will depend on each wireless device's ability to create a tagged in-band management VLAN.

The Mikrotik portion is straightforward -
Create a bridge, and call it "Mgmt" - put the management network on this interface e.g. 10.0.0.1/24
Now choose some vlan tag e.g. 10 -
Every interface which will use tagged vlan 10 for in-band management will need a vlan interface created on it.
To help keep things straight, name them something like ether3.v10 / ether5.v10 / etc.
Any device that has a dedicated, out-of-band management interface will need an un-tagged interface on the Mikrotik, which is included in the management bridge - let's say ether 4 is connected to such a device's management interface.

Now, on the management bridge, add ports ether3.v10, ether4, and ether5.v10
Now you will have one management network which is tagged as vlan 10 on ports 3 and 5, and un-tagged on ether4.

So the devices on ports ether3 and ether5 should consider "un-tagged" traffic as customer access network traffic, and traffic tagged vlan 10 = management traffic.

Finally, create your customer IP blocks directly on interfaces ether3 and ether5.
Now, any access traffic will interact with ether3 and ether5 as seperate isolated interfaces, but traffic that is tagged vlan10 will interact with the vlan sub-interfaces and get bridged together into one management vlan.

Again, the details on how to set this up in the various wireless equipment will vary from vendor to vendor.

I just setup a quick lab with a couple of PicoStation M2HP's I had sitting around. My instructions above will do exactly what you are looking for.

To build on the explanation, on the UBNT side, network tab you want to select advanced as your configuration type.

Expand VLAN down the page and add vlan 10 to LAN0 and vlan 101 to LAN0 and WAN0.

Expand bridge and delete the default LAN0, WAN0 bridge. Add LAN0.101 and WAN0 to the bridge.

Select LAN0.10 as your management interface and save changes.

You should be up and running with a tagged vlan of 10 for management of the devices and a tagged vlan of 101 for clients.

To help the community, be sure to post your results back here.

This will depend on each wireless device's ability to create a tagged in-band management VLAN.

The Mikrotik portion is straightforward -
Create a bridge, and call it "Mgmt" - put the management network on this interface e.g. 10.0.0.1/24
Now choose some vlan tag e.g. 10 -
Every interface which will use tagged vlan 10 for in-band management will need a vlan interface created on it.
To help keep things straight, name them something like ether3.v10 / ether5.v10 / etc.
Any device that has a dedicated, out-of-band management interface will need an un-tagged interface on the Mikrotik, which is included in the management bridge - let's say ether 4 is connected to such a device's management interface.

Now, on the management bridge, add ports ether3.v10, ether4, and ether5.v10
Now you will have one management network which is tagged as vlan 10 on ports 3 and 5, and un-tagged on ether4.

So the devices on ports ether3 and ether5 should consider "un-tagged" traffic as customer access network traffic, and traffic tagged vlan 10 = management traffic.

Finally, create your customer IP blocks directly on interfaces ether3 and ether5.
Now, any access traffic will interact with ether3 and ether5 as seperate isolated interfaces, but traffic that is tagged vlan10 will interact with the vlan sub-interfaces and get bridged together into one management vlan.

Again, the details on how to set this up in the various wireless equipment will vary from vendor to vendor.

Is this the thread?, if it is it is, I will save it, not ready for it yet

Is this the thread?, if it is it is, I will save it, not ready for it yet

Yep.

Hi All, Thank you for your responses and additional efforts to test. I've been out of the states for a couple of weeks. I will review your comments and let you know how this works out.

!! =)