Toon posts:

Mikrotik Hex S + CRS326 Switch en VLANS

Pagina: 1
Acties:

Vraag

zondag 8 maart 2020 10:10

Acties:
  • 0 Henk 'm!

Verwijderd

Topicstarter
Hoi,

Ik heb een Hex S met vlans gedefineerd. Daarachter hangt een CRS326.
Op poort 16 hangt een unifi AP AC PRO met 3 vlans gedefineerd.
VLAN1 - Default internet
VLAN100 - Gasten
VLAN200 - IOT

Wat ik ook doe, default VLAN krijgt wel wifi en internet, vlans 100 en 200 niet. Ik vermoed dat ik ze niet goed bridge maar dat weet ik niet zeker.

Mijn Hex S config:

code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103

# mar/08/2020 09:30:41 by RouterOS 6.45.8
# software id = XXXXX
#
# model = RB760iGS
# serial number = AXXX
/interface bridge
add admin-mac=C4:AD:34:45:83:3F arp=proxy-arp auto-mac=no igmp-snooping=yes name=bridge-lan
add admin-mac=4E:5E:6A:2C:C5:75 auto-mac=no name=bridge-wifi-guests
add admin-mac=4E:5E:6A:2C:C5:75 auto-mac=no name=bridge-wifi-iot
/interface ethernet
set [ find default-name=ether1 ] name=ether1-naar-switch
set [ find default-name=sfp1 ] auto-negotiation=no name=sfp1-kpn-uplink
/interface vlan
add interface=sfp1-kpn-uplink name=vlan4-iptv vlan-id=4
add interface=sfp1-kpn-uplink name=vlan6-internet vlan-id=6
add interface=ether1-naar-switch name=vlan100-ether1 vlan-id=100
add interface=ether1-naar-switch name=vlan200-ether1 vlan-id=200
/interface pppoe-client
add add-default-route=yes disabled=no interface=vlan6-internet name=pppoe-out-kpn password=XXXX use-peer-dns=yes user=XXXX
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip dhcp-client option
add code=60 name=option60-vendorclass value="'IPTV_RG'"
/ip dhcp-server option
add code=60 name=option60-vendorclass value="'IPTV_RG'"
add code=28 name=option28-broadcast value="'10.13.13.255'"
/ip dhcp-server option sets
add name=IPTV options=option60-vendorclass,option28-broadcast
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=vlan1 ranges=10.13.13.2-10.13.13.254
add name=vlan100-guests ranges=10.14.14.2-10.14.14.254
add name=vlan200-iot ranges=10.15.15.2-10.15.15.254
/ip dhcp-server
add address-pool=vlan1 disabled=no interface=bridge-lan name=vlan1-dhcp-server
add address-pool=vlan100-guests disabled=no interface=bridge-wifi-guests name=vlan100-guests-dhcp-server
add address-pool=vlan200-iot disabled=no interface=bridge-wifi-iot name=vlan200-iot-dhcp-server
/interface bridge port
add bridge=bridge-lan interface=ether2
add bridge=bridge-lan interface=ether3
add bridge=bridge-lan interface=ether4
add bridge=bridge-lan interface=ether5
add bridge=bridge-lan interface=ether1-naar-switch
add bridge=bridge-wifi-guests interface=vlan100-ether1
add bridge=bridge-wifi-iot interface=vlan200-ether1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add interface=bridge-lan list=LAN
add interface=ether1-naar-switch list=WAN
add interface=pppoe-out-kpn list=WAN
/ip address
add address=10.14.14.1/24 interface=bridge-wifi-iot network=10.14.14.0
add address=10.15.15.1/24 interface=bridge-wifi-guests network=10.15.15.0
add address=10.13.13.1/24 interface=bridge-lan network=10.13.13.0
/ip dhcp-client
# DHCP client can not run on slave interface!
add dhcp-options=hostname,clientid disabled=no interface=ether1-naar-switch
add default-route-distance=210 dhcp-options=option60-vendorclass disabled=no interface=vlan4-iptv use-peer-dns=no use-peer-ntp=no
/ip dhcp-server lease
add address=10.13.13.6 comment=KPN_iTVBOX dhcp-option-set=IPTV mac-address=00:02:9B:F7:99:3E server=vlan1-dhcp-server
add address=10.13.13.5 client-id=1:c4:ad:34:2b:48:8 comment="Mikrotik Switch" mac-address=C4:AD:34:2B:48:08 server=vlan1-dhcp-server
/ip dhcp-server network
add address=10.13.13.0/24 dns-server=8.8.8.8 gateway=10.13.13.1
add address=10.14.14.0/24 dns-server=8.8.8.8 gateway=10.14.14.1
add address=10.15.15.0/24 dns-server=8.8.8.8 gateway=10.15.15.1
/ip dns
set allow-remote-requests=yes
/ip firewall filter
add action=accept chain=input dst-address=224.0.0.0/4 in-interface=vlan4-iptv protocol=udp
add action=accept chain=input dst-address=224.0.0.0/4 in-interface=vlan4-iptv protocol=igmp
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="KPN IPTV" dst-address=213.75.112.0/21 out-interface=vlan4-iptv
add action=masquerade chain=srcnat comment="KPN IPTV" dst-address=217.166.0.0/16 out-interface=vlan4-iptv
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
/routing igmp-proxy
set quick-leave=yes
/routing igmp-proxy interface
add alternative-subnets=0.0.0.0/0 interface=vlan4-iptv upstream=yes
add interface=bridge-lan
/system clock
set time-zone-name=Europe/Amsterdam
/system ntp client
set enabled=yes primary-ntp=185.255.55.20 secondary-ntp=174.138.107.7 server-dns-names=""
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN


Mijn CRS326 config:

code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44

# model = CRS326-24G-2S+
# serial number = XXXX
/interface bridge
add admin-mac=C4:AD:34:2B:48:08 auto-mac=no name=bridge-lan
add admin-mac=4A:7B:5E:F5:13:0B auto-mac=no name=bridge-wifi-guests
add admin-mac=0E:08:AF:5E:C3:AD auto-mac=no name=bridge-wifi-iot
/interface ethernet
set [ find default-name=ether1 ] name=ether1-naar-router
set [ find default-name=ether16 ] name=ether16-wit-blauwe-kamer
/interface vlan
add interface=ether1-naar-router name=vlan100-ether1 vlan-id=100
add interface=ether16-wit-blauwe-kamer name=vlan100-ether16 vlan-id=100
add interface=ether1-naar-router name=vlan200-ether1 vlan-id=200
add interface=ether16-wit-blauwe-kamer name=vlan200-ether16 vlan-id=200
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/interface bridge port
add bridge=bridge-lan interface=ether1-naar-router
add bridge=bridge-lan interface=ether16-wit-blauwe-kamer
add bridge=bridge-wifi-iot interface=vlan100-ether1
add bridge=bridge-wifi-iot interface=vlan100-ether16
add bridge=bridge-wifi-guests interface=vlan200-ether1
add bridge=bridge-wifi-guests interface=vlan200-ether16
/interface list member
add interface=ether16-wit-blauwe-kamer list=LAN
/ip address
add address=10.13.13.5/24 comment=defconf disabled=yes interface=ether2 network=10.13.13.0
/ip dhcp-client
add disabled=no interface=bridge-lan
/ip dns
set servers=8.8.8.8,8.8.4.4
/ip route
add disabled=yes distance=1 gateway=10.13.13.1
/system clock
set time-zone-name=Europe/Amsterdam
/system routerboard settings
set boot-os=router-os
/system swos
set address-acquisition-mode=dhcp-only allow-from-ports=p1,p2,p3,p4,p5,p6,p7,p8,p9,p10,p11,p12,p13,p14,p15,p16,p17,p18,p19,p20,p21,p22,p23,p24,p25,p26 identity=MikroTik static-ip-address=10.13.13.5

Alle reacties

dinsdag 10 maart 2020 19:15

Acties:
  • 0 Henk 'm!
  • MasterL
  • Registratie: Oktober 2003
  • Laatst online: 07:09

MasterL

Moderator Internet & Netwerken
Of ze goed bridgen of niet kun je bekijken in je bridge(s) zelf, /interface bridge host print uit mijn hoofd.
Zie je daar de MAC adressen (in de juiste bridge) van de clients? Zo kun je van CRS326 naar je Hex S toe werken. Als je ergens het mac adres niet ziet weet je dat je een layer-2 issue ergens hebt.

dinsdag 10 maart 2020 19:18

Acties:
  • 0 Henk 'm!

Verwijderd

Topicstarter
MasterL schreef op dinsdag 10 maart 2020 @ 19:15:
Of ze goed bridgen of niet kun je bekijken in je bridge(s) zelf, /interface bridge host print uit mijn hoofd.
Zie je daar de MAC adressen (in de juiste bridge) van de clients? Zo kun je van CRS326 naar je Hex S toe werken. Als je ergens het mac adres niet ziet weet je dat je een layer-2 issue ergens hebt.
Ik was er al uitgekomen maar inderdaad wat jij schrijft!, dank je wel!.
Reageer

Apple iPhone 17 LG OLED evo G5 Google Pixel 10 Samsung Galaxy S25 Star Wars: Outlaws Nintendo Switch 2 Apple AirPods Pro (2e generatie) Sony PlayStation 5 Pro

Tweakers is onderdeel van DPG Media B.V.
Alle rechten voorbehouden - Auteursrecht © 1998 - 2025 Hosting door TrueFullstaq