Manual:VLANs on Wireless

From MikroTik Wiki
Revision as of 11:56, 11 January 2017 by Artursc (talk | contribs)
Jump to navigation Jump to search


Summary

Configuration examples for VLAN cooperation with wireless interface features.

Example with separate bridges

Alt text
Vlan forwarding over wireless interface

R1:

  • Add necessary VLAN interfaces on ethernet interface to make it as a VLAN trunk port. Add ip addresses on VLAN interfaces.
[admin@R1] >
/interface vlan
add interface=ether1 name=vlan110 vlan-id=110
add interface=ether1 name=vlan220 vlan-id=220

/ip address
add address=192.168.1.1/24 interface=vlan110 network=192.168.1.0
add address=172.168.1.1/24 interface=vlan220 network=172.168.1.0

R2:

  • Add VirtualAP under wlan1 interface. (Also create wireless security-profiles for wlan1 and wlan2)
[admin@R2] >
/interface wireless
set [ find default-name=wlan1 ] disabled=no mode=ap-bridge security-profile=vlan110 ssid=vlan110
add disabled=no master-interface=wlan1 name=wlan2 security-profile=vlan220 ssid=vlan220
  • Add necessary VLAN interfaces on ethernet interface to make it as a VLAN trunk port.
  • Add bridges for each VLAN.
  • Add VLAN interfaces to their corresponding bridges and wireless interfaces to each bridge.
[admin@R2] >
/interface vlan
add interface=ether1 name=vlan110-ether1 vlan-id=110
add interface=ether1 name=vlan220-ether1 vlan-id=220

/interface bridge
add name=bridge-vlan110
add name=vlan220-bridge

/interface bridge port
add bridge=bridge-vlan110 interface=vlan110-ether1
add bridge=bridge-vlan110 interface=wlan1
add bridge=vlan220-bridge interface=vlan220-ether1
add bridge=vlan220-bridge interface=wlan2

R3:

  • Add ip address on wlan1 interface.
  • Create wireless security-profile compatible with R2 wlan1.
[admin@R3] >
/ip address
add address=192.168.1.3/24 interface=wlan1 network=192.168.1.0

/interface wireless
set [ find default-name=wlan1 ] disabled=no security-profile=vlan110

R4:

  • Add ip address on wlan1 interface.
  • Create wireless security-profile compatible with R2 wlan2.
[admin@R4] >
/ip address
add address=172.168.1.4/24 interface=wlan1 network=172.168.1.0

/interface wireless
set [ find default-name=wlan1 ] disabled=no security-profile=vlan220


Example with vlan-mode usage

R1:

  • Add necessary VLAN interfaces on ethernet interface to make it as a VLAN trunk port. Add ip addresses on VLAN interfaces.
[admin@R1] >
/interface vlan
add interface=ether1 name=vlan110 vlan-id=110
add interface=ether1 name=vlan220 vlan-id=220

/ip address
add address=192.168.1.1/24 interface=vlan110 network=192.168.1.0
add address=172.168.1.1/24 interface=vlan220 network=172.168.1.0

R2:

  • Add VirtualAP under wlan1 interface. (Also create wireless security-profiles for wlan1 and wlan2)
[admin@R2] >
/interface wireless
set [ find default-name=wlan1 ] disabled=no mode=ap-bridge security-profile=vlan110 ssid=vlan110 vlan-id=110 vlan-mode=use-tag
add disabled=no master-interface=wlan1 name=wlan2 security-profile=vlan220 ssid=vlan220 vlan-id=220 vlan-mode=use-tag

Note: It is important to set wlan1,wlan2 vlan-mode to "use-tag".


  • Add necessary VLAN interfaces on ethernet,wlan1,wlan2 interfaces.
  • Add bridge for VLAN interfaces.
  • Add all VLAN interfaces to bridge1.
[admin@R2] >
/interface vlan
add interface=ether1 name=vlan110-ether1 vlan-id=110
add interface=ether1 name=vlan220-ether1 vlan-id=220

/interface bridge
add name=bridge1

/interface bridge port
add bridge=bridge1 interface=vlan110-wlan1
add bridge=bridge1 interface=vlan220-wlan2
add bridge=bridge1 interface=vlan110-ether1
add bridge=bridge1 interface=vlan220-ether1

R3:

  • Add ip address on wlan1 interface.
  • Create wireless security-profile compatible with R2 wlan1.
[admin@R3] >
/ip address
add address=192.168.1.3/24 interface=wlan1 network=192.168.1.0

/interface wireless
set [ find default-name=wlan1 ] disabled=no security-profile=vlan110

R4:

  • Add ip address on wlan1 interface.
  • Create wireless security-profile compatible with R2 wlan2.
[admin@R4] >
/ip address
add address=172.168.1.4/24 interface=wlan1 network=172.168.1.0

/interface wireless
set [ find default-name=wlan1 ] disabled=no security-profile=vlan220