Mikrotik RB3011 + two access points via vlan in the same ip range, the Internet disappears on WiFi clients, what could be the reason?

K

Konstantin2018-11-01 13:49:48

WiFi

Konstantin, 2018-11-01 13:49:48

Good day dear colleagues.
I ask for help, since I have been fighting for a week now and I can’t understand what is happening with my wifi through vlan.
The office has an RB3011, the Internet comes to its 1 port, and from 3 to 10 they are combined into a bridge (working network), a switch is connected to 3p after 20m, 10 machines and access point No. 2 are in turn connected to the switch, two computers to 4 and 5, port 6 goes to access point #1. Since I want to isolate wifi users from the working network, I raise vlans on interfaces 3 and 6 and combine these vlans into a separate bridge on which the second DHCP server hangs. It would seem that everything is simple, but it wasn’t there, users receive wifi addresses, but the Internet does not go to everyone, and it’s chaotic, then some have others and vice versa, users without the Internet can be both at one point and at different.
I will be grateful for any help. I'm attaching the schematic and config.
While I implemented everything through CAPsMAN, everything works well, but the question remains - why can't I do it through vlan?

config

#RB3011
/interface ethernet
set [ find default-name=ether1 ] name=ether1-Internet speed=100Mbps
set [ find default-name=ether2 ] speed=100Mbps disabled=yes
set [ find default-name=ether3 ] speed=100Mbps
set [ find default-name=ether4 ] speed=100Mbps
set [ find default-name=ether5 ] speed=100Mbps
set [ find default-name=ether6 ] speed=100Mbps
set [ find default-name=ether7 ] speed=100Mbps
set [ find default-name=ether8 ] speed=100Mbps
set [ find default-name=ether9 ] speed=100Mbps
set [ find default-name=ether10 ] speed=100Mbps
set [ find default-name=sfp1 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full disabled=yes
/interface vlan
add interface=ether3 name=wifiTO vlan-id=2
add interface=ether6 name=wifiTZ vlan-id=3
/interface bridge
add admin-mac=B8:67:F4:7F:64:55 auto-mac=no mtu=1500 name=bridge-local
add admin-mac=B8:67:F4:7F:64:58 auto-mac=no name=bridge-wifi
/interface bridge port
add bridge=bridge-local interface=ether3
add bridge=bridge-local interface=ether4
add bridge=bridge-local interface=ether5
add bridge=bridge-local interface=ether6
add bridge=bridge-local interface=ether7
add bridge=bridge-local interface=ether8
add bridge=bridge-local interface=ether9
add bridge=bridge-local interface=ether10
add bridge=bridge-wifi interface=wifiTO
add bridge=bridge-wifi interface=wifiTZ
/ip address
add address=192.168.4.1/24 interface=bridge-local network=192.168.4.0
add address=10.166.11.1/24 interface=bridge-wifi network=10.166.11.0
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge-local lease-time=8h10m \
name=defconf
add address-pool=wlan authoritative=after-2sec-delay disabled=no interface=\
bridge-wifi lease-time=8h10m name=wifi
/ip dhcp-server network
add address=10.166.11.0/24 dns-server=10.166.11.1 gateway=10.166.11.1
add address=192.168.4.0/24 dns-server=192.168.4.1 gateway=192.168.4.1
/ip pool
add name=dhcp ranges=192.168.4.10-192.168.4.254
add name=wlan ranges=10.166.11.2-10.166.11.254
#точка доступа, вторая однотипная
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \
default-forwarding=no disabled=no frequency=2417 mode=ap-bridge \
radio-name="" ssid=Office wireless-protocol=802.11 wmm-support=enabled \
wps-mode=disabled
/interface bridge
add admin-mac=4C:5E:0C:8C:AB:AB auto-mac=no comment=defconf mtu=1500 name=\
bridge1
/interface ethernet
set [ find default-name=ether1 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
/interface vlan
add interface=ether1 name=vlan1 vlan-id=2
/interface bridge port
add bridge=bridge1 interface=wlan1
add bridge=bridge1 interface=vlan1

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

K

Kirill Vasiliev, 2018-12-03
@Kotkech

well, let's go in order. You do not have mac-vlan learning very similar to that.
you have a third port in the bridge and vlan you remove from the port and not from the bridge. do everything on the breeches.
the second and rub the port in the same bridge as the total ports
and then in the settings

/interface bridge vlan
add bridge=Bridge-Local tagged=ether2,Bridge-Local vlan-ids=2
add bridge=Bridge-Local tagged=ether3,Bridge-Local vlan-ids=3

then remove vlan from the bridge

/interface vlan
add interface=Bridge-Local name=vlan2 vlan-id=2
add interface=Bridge-Local name=vlan3 vlan-id=3

then add these interfaces to the wifi bridge.
the only thing, on the bridges, assign any poppy address that you do not have on the network.
-----
on the points it is even easier in the wlan settings. indicate how to hang it and that's it.
well, so that everything works /interface bridge set vlan-filtering=yes

S

Sergey, 2018-11-01
@SuNbka

Try to connect 1 point to port 4 or 5 so that both points are in RB3011 on the same chip*

A

Andrey Barbolin, 2018-11-02
@dronmaxman

Can I look at the contents of the config.rsc file?
Run export file=config in terminal.
!I raise on interfaces 3 and 6 vlan! - it's no good. If the interface is in a bridge, then the VLAN must be configured on the bridge. You cannot put two interfaces with different VLANs into one bridge.
https://wiki.mikrotik.com/wiki/Manual:Interface/VLAN