Dobry den.
uz asi mesiac sa pokusam spojazdnit vlan siet na 3mikrotik zariadeniach, ale bez vyrazneho uspechu.
o co ide, potrebujem rozdelit celu siet na 1router a 2x AP na 2 rozdelene siete. sukromnu a verejnu. z routeru ide lan do ap1 a z neho do ap2.
kazda siet ma vlastny dhcp server. po pripojeni na router mi verejna aj sukromna siet funguje sprave, na ap mi uz ale nejde. skusal som uz hadam vsetko mozne ale nevyslo mi to.
najdalej som sa dostal ked mi islo aj ap1, ale ap 2 mi uz neslo nikdy, po resete som vsak prisiel o zalohy nastaveni, a tak to skusam a hladam zatial bez vysledku.
nastavenie routra
[admin@MikroTik] > export compact
# feb/18/2017 19:52:15 by RouterOS 6.38.1
# software id = 3E4L-8T9Z
#
/interface bridge
add name=br_Sukromna
add name=br_Verejna
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce disabled=no distance=indoors frequency=auto mode=ap-bridge ssid=MikroTik-7C76DB wireless-protocol=802.11
/interface ethernet
set [ find default-name=ether2 ] name=ether2-VLAN_AP
set [ find default-name=sfp1 ] master-port=ether2-VLAN_AP
/ip neighbor discovery
set ether1 discover=no
/interface vlan
add interface=ether2-VLAN_AP name=vl_Sukromna vlan-id=100
add interface=ether2-VLAN_AP name=vl_Verejna vlan-id=200
/interface wireless
add disabled=no keepalive-frames=disabled mac-address=6E:3B:6B:7C:76:DB master-interface=wlan1 mode=ap-bridge multicast-buffering=disabled name=wifi_Verejna ssid=heslo1 \
wds-cost-range=0 wds-default-cost=0 wps-mode=disabled
/interface wireless security-profiles
add authentication-types=wpa-psk,wpa2-psk eap-methods="" management-protection=allowed mode=dynamic-keys name=hesielko supplicant-identity="" wpa-pre-shared-key=hesielko \
wpa2-pre-shared-key=hesielko
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
add name=dhcp_pool1 ranges=192.168.200.2-192.168.200.254
add name=dhcp_pool2 ranges=192.168.200.2-192.168.200.254
add name=dhcp_pool3 ranges=192.168.100.2-192.168.100.254
add name=dhcp_pool4 ranges=192.168.200.2-192.168.200.254
/ip dhcp-server
add address-pool=dhcp_pool3 disabled=no interface=br_Sukromna name=dhcp2
add address-pool=dhcp_pool4 disabled=no interface=br_Verejna name=dhcp1
/interface bridge port
add bridge=br_Sukromna interface=wlan1
add bridge=br_Verejna interface=wifi_Verejna
add bridge=br_Verejna interface=vl_Verejna
add bridge=br_Sukromna interface=vl_Sukromna
/interface ethernet switch vlan
add ports=ether2-VLAN_AP,switch1-cpu vlan-id=100
add ports=ether2-VLAN_AP,switch1-cpu vlan-id=200
/ip address
add address=192.168.100.1/24 interface=br_Sukromna network=192.168.100.0
add address=192.168.200.1/24 interface=br_Verejna network=192.168.200.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.100.0/24 gateway=192.168.100.1
add address=192.168.200.0/24 gateway=192.168.200.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router
/ip firewall filter
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept established,related" connection-state=established,related
add action=drop chain=input comment="defconf: drop all from WAN" in-interface=ether1
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related" connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface=ether1
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" out-interface=ether1
/system clock
set time-zone-name=Europe/Bratislava
/tool mac-server
set [ find default=yes ] disabled=yes
add
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add
[admin@MikroTik] >
nastavenie ap1
[admin@AP1] > export compact
# jan/03/1970 23:37:48 by RouterOS 6.35.4
# software id = 3Y4Z-2E70
#
/interface bridge
add name=br_Sukromna
add name=br_Verejna
add admin-mac=6C:3B:6B:89:8F:D8 auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=ether2 ] name=ether2-master
set [ find default-name=ether5 ] advertise=100M-full,1000M-full
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce disabled=no distance=indoors frequency=auto mode=ap-bridge ssid=MikroTik-898FDC wireless-protocol=802.11
/ip neighbor discovery
set ether1 discover=no
set bridge comment=defconf
/interface vlan
add interface=ether1 name=vl_Sukromna_in vlan-id=100
add interface=ether5 name=vl_Sukromna_out vlan-id=100
add interface=ether1 name=vl_Verejna_in vlan-id=200
add interface=ether5 name=vl_Verejna_out vlan-id=200
/interface wireless
add disabled=no keepalive-frames=disabled mac-address=6E:3B:6B:89:8F:DC master-interface=wlan1 multicast-buffering=disabled name=wifi_Verejna ssid=heslo2 wds-cost-range=0 \
wds-default-cost=0 wps-mode=disabled
/interface ethernet switch port
set 0 vlan-mode=fallback
set 4 vlan-mode=fallback
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=wlan1
add bridge=br_Verejna interface=vl_Verejna_in
add bridge=br_Sukromna interface=vl_Sukromna_in
add bridge=br_Verejna interface=wifi_Verejna
add bridge=br_Sukromna interface=vl_Sukromna_out
add bridge=br_Verejna interface=vl_Verejna_out
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=192.168.88.0
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router
/ip firewall filter
add chain=input comment="defconf: accept ICMP" protocol=icmp
add chain=input comment="defconf: accept established,related" connection-state=established,related disabled=yes
add action=drop chain=input comment="defconf: drop all from WAN" disabled=yes in-interface=ether1
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related disabled=yes
add chain=forward comment="defconf: accept established,related" connection-state=established,related disabled=yes
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid disabled=yes
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new disabled=yes in-interface=ether1
/ip firewall nat
# br_VLAN not ready
add action=masquerade chain=srcnat comment="defconf: masquerade" out-interface=*D
/system identity
set name=AP1
/system leds
set 5 interface=wlan1
/system routerboard settings
set cpu-frequency=650MHz protected-routerboot=disabled
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=bridge
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=bridge
[admin@AP1] >
na ap1 mam namiesto sukromnej siete na wifi povodnu bridge lebo ak to zamenim uz sa rozumne na to ap z winbox nepripojim.