Difference between revisions of "Manual:VLANs on Wireless"

From MikroTik Wiki
Jump to: navigation, search
Line 16: Line 16:
 
[admin@R1] >
 
[admin@R1] >
 
/interface vlan
 
/interface vlan
add interface=ether1 name=vlan110 vlan-id=110
+
add interface=ether1 name=vlan111 vlan-id=111
add interface=ether1 name=vlan220 vlan-id=220
+
add interface=ether1 name=vlan222 vlan-id=222
  
 
/ip address
 
/ip address
add address=192.168.1.1/24 interface=vlan110 network=192.168.1.0
+
add address=192.168.1.1/24 interface=vlan111 network=192.168.1.0
add address=172.168.1.1/24 interface=vlan220 network=172.168.1.0
+
add address=172.168.1.1/24 interface=vlan222 network=172.168.1.0
 
</pre>
 
</pre>
  
Line 30: Line 30:
 
[admin@R2] >
 
[admin@R2] >
 
/interface wireless
 
/interface wireless
set [ find default-name=wlan1 ] disabled=no mode=ap-bridge security-profile=vlan110 ssid=vlan110
+
set [ find default-name=wlan1 ] disabled=no mode=ap-bridge security-profile=vlan111 ssid=vlan111
add disabled=no master-interface=wlan1 name=wlan2 security-profile=vlan220 ssid=vlan220
+
add disabled=no master-interface=wlan1 name=wlan2 security-profile=vlan222 ssid=vlan222
 
</pre>
 
</pre>
  
Line 41: Line 41:
 
[admin@R2] >
 
[admin@R2] >
 
/interface vlan
 
/interface vlan
add interface=ether1 name=vlan110-ether1 vlan-id=110
+
add interface=ether1 name=vlan111-ether1 vlan-id=111
add interface=ether1 name=vlan220-ether1 vlan-id=220
+
add interface=ether1 name=vlan222-ether1 vlan-id=222
  
 
/interface bridge
 
/interface bridge
add name=bridge-vlan110
+
add name=bridge-vlan111
add name=vlan220-bridge
+
add name=vlan222-bridge
  
 
/interface bridge port
 
/interface bridge port
add bridge=bridge-vlan110 interface=vlan110-ether1
+
add bridge=bridge-vlan111 interface=vlan111-ether1
add bridge=bridge-vlan110 interface=wlan1
+
add bridge=bridge-vlan111 interface=wlan1
add bridge=vlan220-bridge interface=vlan220-ether1
+
add bridge=vlan222-bridge interface=vlan222-ether1
add bridge=vlan220-bridge interface=wlan2
+
add bridge=vlan222-bridge interface=wlan2
 
</pre>
 
</pre>
  
Line 64: Line 64:
  
 
/interface wireless
 
/interface wireless
set [ find default-name=wlan1 ] disabled=no security-profile=vlan110
+
set [ find default-name=wlan1 ] disabled=no security-profile=vlan111
 
</pre>
 
</pre>
  
Line 76: Line 76:
  
 
/interface wireless
 
/interface wireless
set [ find default-name=wlan1 ] disabled=no security-profile=vlan220
+
set [ find default-name=wlan1 ] disabled=no security-profile=vlan222
 
</pre>
 
</pre>
  
Line 88: Line 88:
 
[admin@R1] >
 
[admin@R1] >
 
/interface vlan
 
/interface vlan
add interface=ether1 name=vlan110 vlan-id=110
+
add interface=ether1 name=vlan111 vlan-id=111
add interface=ether1 name=vlan220 vlan-id=220
+
add interface=ether1 name=vlan222 vlan-id=222
  
 
/ip address
 
/ip address
add address=192.168.1.1/24 interface=vlan110 network=192.168.1.0
+
add address=192.168.1.1/24 interface=vlan111 network=192.168.1.0
add address=172.168.1.1/24 interface=vlan220 network=172.168.1.0
+
add address=172.168.1.1/24 interface=vlan222 network=172.168.1.0
 
</pre>
 
</pre>
  
Line 102: Line 102:
 
[admin@R2] >
 
[admin@R2] >
 
/interface wireless
 
/interface wireless
set [ find default-name=wlan1 ] disabled=no mode=ap-bridge security-profile=vlan110 ssid=vlan110 vlan-id=110 vlan-mode=use-tag
+
set [ find default-name=wlan1 ] disabled=no mode=ap-bridge security-profile=vlan111 ssid=vlan111 vlan-id=111 vlan-mode=use-tag
add disabled=no master-interface=wlan1 name=wlan2 security-profile=vlan220 ssid=vlan220 vlan-id=220 vlan-mode=use-tag
+
add disabled=no master-interface=wlan1 name=wlan2 security-profile=vlan222 ssid=vlan222 vlan-id=222 vlan-mode=use-tag
 
</pre>
 
</pre>
  
Line 115: Line 115:
 
[admin@R2] >
 
[admin@R2] >
 
/interface vlan
 
/interface vlan
add interface=ether1 name=vlan110-ether1 vlan-id=110
+
add interface=ether1 name=vlan111-ether1 vlan-id=111
add interface=ether1 name=vlan220-ether1 vlan-id=220
+
add interface=ether1 name=vlan222-ether1 vlan-id=222
add interface=wlan1 name=vlan110-wlan1 vlan-id=110
+
add interface=wlan1 name=vlan111-wlan1 vlan-id=111
add interface=wlan2 name=vlan220-wlan2 vlan-id=220
+
add interface=wlan2 name=vlan222-wlan2 vlan-id=222
  
 
/interface bridge
 
/interface bridge
Line 124: Line 124:
  
 
/interface bridge port
 
/interface bridge port
add bridge=bridge1 interface=vlan110-wlan1
+
add bridge=bridge1 interface=vlan111-wlan1
add bridge=bridge1 interface=vlan220-wlan2
+
add bridge=bridge1 interface=vlan222-wlan2
add bridge=bridge1 interface=vlan110-ether1
+
add bridge=bridge1 interface=vlan111-ether1
add bridge=bridge1 interface=vlan220-ether1
+
add bridge=bridge1 interface=vlan222-ether1
 
</pre>
 
</pre>
  
Line 139: Line 139:
  
 
/interface wireless
 
/interface wireless
set [ find default-name=wlan1 ] disabled=no security-profile=vlan110
+
set [ find default-name=wlan1 ] disabled=no security-profile=vlan111
 
</pre>
 
</pre>
  
Line 151: Line 151:
  
 
/interface wireless
 
/interface wireless
set [ find default-name=wlan1 ] disabled=no security-profile=vlan220
+
set [ find default-name=wlan1 ] disabled=no security-profile=vlan222
 
</pre>
 
</pre>

Revision as of 17:18, 13 January 2017


Summary

RouterOS supports VLAN on wireless interfaces. Configuration examples contains information about VLAN cooperation with wireless interface features. Both cases work the same way but examples show different approaches how to forward VLANs over wireless interfaces. For example we use wlan1 (Cafe Wifi users) and VirtualAP wlan2 (Wifi for company employees) on one device, and we want to separate both traffics with VLANs.

Example with separate bridges

Alt text

R1:

  • Add necessary VLAN interfaces on ethernet interface to make it as a VLAN trunk port. Add IP addresses on VLAN interfaces.
[admin@R1] >
/interface vlan
add interface=ether1 name=vlan111 vlan-id=111
add interface=ether1 name=vlan222 vlan-id=222

/ip address
add address=192.168.1.1/24 interface=vlan111 network=192.168.1.0
add address=172.168.1.1/24 interface=vlan222 network=172.168.1.0

R2:

  • Add VirtualAP under wlan1 interface. (Also create wireless security-profiles for wlan1 and wlan2)
[admin@R2] >
/interface wireless
set [ find default-name=wlan1 ] disabled=no mode=ap-bridge security-profile=vlan111 ssid=vlan111
add disabled=no master-interface=wlan1 name=wlan2 security-profile=vlan222 ssid=vlan222
  • Add necessary VLAN interfaces on ethernet interface to make it as a VLAN trunk port.
  • Add bridges for each VLAN.
  • Add VLAN interfaces to their corresponding bridges and wireless interfaces to each bridge.
[admin@R2] >
/interface vlan
add interface=ether1 name=vlan111-ether1 vlan-id=111
add interface=ether1 name=vlan222-ether1 vlan-id=222

/interface bridge
add name=bridge-vlan111
add name=vlan222-bridge

/interface bridge port
add bridge=bridge-vlan111 interface=vlan111-ether1
add bridge=bridge-vlan111 interface=wlan1
add bridge=vlan222-bridge interface=vlan222-ether1
add bridge=vlan222-bridge interface=wlan2

R3:

  • Add IP address on wlan1 interface.
  • Create wireless security-profile compatible with R2 wlan1.
[admin@R3] >
/ip address
add address=192.168.1.3/24 interface=wlan1 network=192.168.1.0

/interface wireless
set [ find default-name=wlan1 ] disabled=no security-profile=vlan111

R4:

  • Add IP address on wlan1 interface.
  • Create wireless security-profile compatible with R2 wlan2.
[admin@R4] >
/ip address
add address=172.168.1.4/24 interface=wlan1 network=172.168.1.0

/interface wireless
set [ find default-name=wlan1 ] disabled=no security-profile=vlan222


Example with vlan-mode usage

R1:

  • Add necessary VLAN interfaces on ethernet interface to make it as a VLAN trunk port. Add ip addresses on VLAN interfaces.
[admin@R1] >
/interface vlan
add interface=ether1 name=vlan111 vlan-id=111
add interface=ether1 name=vlan222 vlan-id=222

/ip address
add address=192.168.1.1/24 interface=vlan111 network=192.168.1.0
add address=172.168.1.1/24 interface=vlan222 network=172.168.1.0

R2:

  • Add VirtualAP under wlan1 interface. (Also create wireless security-profiles for wlan1 and wlan2)
[admin@R2] >
/interface wireless
set [ find default-name=wlan1 ] disabled=no mode=ap-bridge security-profile=vlan111 ssid=vlan111 vlan-id=111 vlan-mode=use-tag
add disabled=no master-interface=wlan1 name=wlan2 security-profile=vlan222 ssid=vlan222 vlan-id=222 vlan-mode=use-tag
Icon-note.png

Note: It is important to set wlan1,wlan2 vlan-mode to "use-tag".


  • Add necessary VLAN interfaces on ethernet,wlan1,wlan2 interfaces.
  • Add bridge for VLAN interfaces.
  • Add all VLAN interfaces to bridge1.
[admin@R2] >
/interface vlan
add interface=ether1 name=vlan111-ether1 vlan-id=111
add interface=ether1 name=vlan222-ether1 vlan-id=222
add interface=wlan1 name=vlan111-wlan1 vlan-id=111
add interface=wlan2 name=vlan222-wlan2 vlan-id=222

/interface bridge
add name=bridge1

/interface bridge port
add bridge=bridge1 interface=vlan111-wlan1
add bridge=bridge1 interface=vlan222-wlan2
add bridge=bridge1 interface=vlan111-ether1
add bridge=bridge1 interface=vlan222-ether1

R3:

  • Add IP address on wlan1 interface.
  • Create wireless security-profile compatible with R2 wlan1.
[admin@R3] >
/ip address
add address=192.168.1.3/24 interface=wlan1 network=192.168.1.0

/interface wireless
set [ find default-name=wlan1 ] disabled=no security-profile=vlan111

R4:

  • Add ip address on wlan1 interface.
  • Create wireless security-profile compatible with R2 wlan2.
[admin@R4] >
/ip address
add address=172.168.1.4/24 interface=wlan1 network=172.168.1.0

/interface wireless
set [ find default-name=wlan1 ] disabled=no security-profile=vlan222