Vlan

VLAN
& Wireless
Infrastructure
VLAN tagged over Wireless Uplink (PtMP)
&
CAPsMAN (Layer 3)
1/30/2019 Prepared by: Sun Sopheary
Who am I?
• Sun Sopheary
• Email: [email protected]
• Mobile phone: 012779158
• IT Manager at Angkor Hospital for Children for
more than 15 years
• RouterOS user since 2009
• MTCNA, MTCRE, and MTCINE
• Other works, part time work on project for SI
company to implement PtP, PtMP, and VLAN on
Mikrotik Products
Implementation of VLAN for my last
two projects
• International School of Siem Reap (ISSR)
• CRS317 (All ports are SFP+)
• CRS328 (Gigabit ports, PoE with two SFP+)
• CRS326 (Gigabit port with two SFP+)
• The Beige Resort
• RB951
• RB260GSP (SwOS)
Project Activities
Project Activities (Continue…)
Project Activities (Continue…)
Network Diagram
Network Diagram ‐ 01
IP Address Info
• Router ‐ CAPsMAN (Core‐RB):
• Bridge_Inter_VLANs (ether4) and Sub‐interface for inter‐VLAN routing:
• VLAN‐10: 192.168.10.1/24 (Office‐LAN)
• VLAN‐20: 192.168.20.1/24 (Guest WLAN)
• VLAN‐30: 192.168.30.1/24 (Staff WLAN)
• VLAN‐40: 192.168.40.1/24 (IP Camera)
• VLAN‐90: 192.168.99.1/24 (Management)
• Switch‐01:
• Management IP: 192.168.99.2/24
• Base‐01 (PtMP):
• Management IP: 192.168.99.3/24 (interface: VLAN‐99)
• CPE:
• Switch‐02:
• Management IP: 192.168.99.4/24
• AP‐01:
Steps of Configurations
1. Configure Router (RB951) for inter‐VLAN routing, DHCP
services for each VLAN, and CAPsMAN.
2. Configure Access Point (QRT 5) for PtMP and VLAN tagging
3. Configure CPE (SXT5‐ac) and VLAN tagging
4. Configure Switch‐01 (RB260GSP) for tag and untagged ports
which connect between AP (QRT 5) and Router (RB951)
5. Configure Switch‐02 (RB260GSP) for tag and untagged ports
which connect between CPE (SXT5‐ac) and endpoint devices
6. Configure AP‐01 (wAP) to provide WiFi for client’s devices
Step 1: Configure Router (RB951) for inter‐VLAN
routing & DHCP services for each VLAN
1‐ Add bridge interface and assign port ether4 to it:
/interface bridge
add name=bridge_Inter_VLANs
/interface bridge port
add bridge=bridge_Inter_VLANs interface=ether4
2‐ Add VLAN sub interface to bridge_Inter_VLANs:
/interface vlan
add interface=bridge_Inter_VLANs mtu=1508 name=VLAN‐10 vlan‐id=10
add interface=bridge_Inter_VLANs name=VLAN‐99 vlan‐id=99
Step 1: Configure Router (RB951) – Cont..
3‐ Assign IP address to each VLAN interface:
/ip address
add address=192.168.10.1/24 interface=VLAN‐10 network=192.168.10.0
4‐ Add IP Pools for each VLAN:
/ip pool
add name=pool‐VLAN10 ranges=192.168.10.20‐192.168.10.254
Step 1: Configure Router (RB951) – Cont..
5‐ Enable DHCP Sever for each VLAN:
/ip dhcp‐server
add address‐pool=pool‐VLAN10 disabled=no interface=VLAN‐10 lease‐time=1d name=DHCP‐VLAN10
add address‐pool=pool‐VLAN20 disabled=no interface=VLAN‐20 lease‐time=1d name=DHCP‐VLAN20
add address‐pool=pool‐VLAN‐30 disabled=no interface=VLAN‐30 lease‐time=1d name=DHCP‐VLAN30
add address‐pool=pool‐VLAN‐40 disabled=no interface=VLAN‐40 lease‐time=1d name=DHCP‐VLAN40
/ip dhcp‐server network
add address=192.168.10.0/24 dns‐server=192.168.10.1 gateway=192.168.10.1
6‐ Other Settings:
/ip dns
set allow‐remote‐requests=yes
/system clock set time‐zone‐name=Asia/Phnom_Penh
/system identity set name=Core‐RB
Step 1: Router (RB951) – CAPsMAN ‐ Cont..
7‐ Add Channel:
/caps‐man channel
add band=2ghz‐b/g/n control‐channel‐width=20mhz frequency=2412 name=channel1
add band=5ghz‐a/n/ac control‐channel‐width=20mhz frequency=5180 name=\
channel_5G_36
add band=5ghz‐a/n/ac control‐channel‐width=20mhz frequency=5220 name=\
channel_5G_44
8‐ Add datapath for VLAN20 and VLAN30:
/caps‐man datapath
add bridge=bridge_Inter_VLANs local‐forwarding=yes name=guest_VLAN20 vlan‐id=20
vlan‐mode=use‐tag
add bridge=bridge_Inter_VLANs client‐to‐client‐forwarding=yes \
local‐forwarding=yes name=staff_VLAN30 vlan‐id=30 vlan‐mode=use‐tag
9‐ Add Security Configuration:
/caps‐man security
add authentication‐types=wpa‐psk,wpa2‐psk encryption=aes‐ccm \
group‐encryption=aes‐ccm name=security_conf_VLAN20 passphrase=12345678
add authentication‐types=wpa‐psk,wpa2‐psk encryption=aes‐ccm \
group‐encryption=aes‐ccm name=security_conf_VLAN30 passphrase=12345678
10‐ Add CAPsMAN Configuration:
/caps‐man configuration
add datapath=guest_VLAN20 mode=ap name=conf_VLAN20 security=\
security_conf_VLAN20 ssid=VLAN20
add datapath=staff_VLAN30 mode=ap name=conf_VLAN30 security=\
security_conf_VLAN30 ssid=VLAN30
11‐ Add Access List:
/caps‐man access‐list
add action=accept allow‐signal‐out‐of‐range=10s disabled=no interface=any \
signal‐range=‐80..10 ssid‐regexp=""
add action=reject allow‐signal‐out‐of‐range=10s disabled=no interface=any \
signal‐range=‐120..81 ssid‐regexp=""
12‐ Add Provisioning:
/caps‐man provisioning
add action=create‐enabled master‐configuration=conf_VLAN20 name‐format=\
identity slave‐configurations=conf_VLAN30
12‐ Enable CAPsMAN Manager:
/caps‐man manager
set enabled=yes package‐path=/capsman upgrade‐policy=suggest‐same‐version
Step 2: Configure Access Point (QRT 5) for PtMP and
VLAN tagging
1‐ Setup wireless AP bridge:
/interface wireless
set [ find default‐name=wlan1 ] band=5ghz‐n/ac country=cambodia disabled=no
frequency‐mode=superchannel mode=ap‐bridge mtu=1508 nv2‐preshared‐
key=012779158 nv2‐security=enabled radio‐name=AP‐01 ssid=AP‐01 wireless‐
protocol=nv2
2‐ Add bridge interface and add ether ports to bridge
/interface bridge add name=bridge1
add bridge=bridge1 interface=wlan1
add bridge=bridge1 interface=ether1
Step 2: Configure Access Point (QRT 5) – Cont..
3‐ Add VLAN 99 interface for device management:
/interface vlan
add interface=bridge1 mtu=1508 name=VLAN99 vlan‐id=99
4‐ Assign IP address to VLAN‐99 interface:
/ip address
add address=192.168.99.3/24 interface=VLAN99 network=192.168.99.0
5‐ Tag VLAN 10, 20, 30, 40, 99 to bridge1, ether1, wlan1 (In Cisco term called trunk port):
/interface bridge vlan
add bridge=bridge1 tagged=bridge1,ether1,wlan1 vlan‐ids=99
add bridge=bridge1 tagged=ether1,bridge1,wlan1 vlan‐ids=10
Step 2: Configure Access Point (mANTBox 19s) – Cont..
6‐ Add Default Route:
/ip route
add distance=1 gateway=192.168.99.1
7‐ Set Time Zone:
/system clock
set time‐zone‐name=Asia/Phnom_Penh
8‐ Set System Identity:
/system identity set name=Base‐01
9‐ Enable VLAN Filtering:
/interface bridge
set bridge1 vlan‐filtering=yes
Step 3: Configure CPE (SXT5‐ac) and VLAN tagging
1‐ Add bridge interface and add ether ports to bridge:
/interface bridge add name=bridge1
2‐ Setup CPE wireless as Station Bridge:
/interface wireless
set [ find default‐name=wlan1 ] band=5ghz‐a/n/ac country=cambodia
disabled=no frequency‐mode=superchannel mode=station‐bridge mtu=1508
nv2‐preshared‐key=012779158 nv2‐security=enabled radio‐name=CPE‐01
ssid=AP‐01 wireless‐protocol=nv2
Step 3: Configure CPE (SXT5‐ac) – Cont..
3‐ Add VLAN 99 interface for device management:
/interface vlan
add interface=bridge1 mtu=1508 name=VLAN99 vlan‐id=99
4‐ Assign IP address to VLAN‐99 interface:
/ip address
5‐ Tag VLAN 10, 20, 30, 40, 99 to bridge1, ether1, wlan1 (In Cisco term called trunk port):
add bridge=bridge1 tagged=bridge1,ether1,wlan1 vlan‐ids=10,20, 30, 40, 99
Step 3: Configure CPE (SXT5‐ac) – Cont..
6‐ Add Default Route:
/ip route
add distance=1 gateway=192.168.99.1
7‐ Set Time Zone:
/system clock
set time‐zone‐name=Asia/Phnom_Penh
8‐ Set System Identity:
/system identity set name=CPE‐01
9‐ Enable VLAN Filtering:
/interface bridge
set bridge1 vlan‐filtering=yes
Step 4: Configure Switch‐01 (RB260GSP) for tag and
untagged ports which connect between AP (mANTBox
19s) and Router (RB951)
1‐ SwitchOS VLAN Configuration on Interfaces (IP Address: 192.168.99.2/24):
VLAN 10 VLAN 20 Trunk port Trunk port
Step 4: Configure Switch‐01 – Cont..
2‐ SwitchOS VLAN table Configuration:
VLAN 10
VLAN 20
Trunk port Trunk port
Step 5: Configure Switch‐02 (RB260GSP) for tag and
untagged ports which connect between CPE and
endpoint devices
1‐ SwitchOS VLAN Configuration on Interfaces (IP Address: 192.168.99.4/24):
VLAN 10 VLAN 40 Trunk port Trunk port
Step 5: Configure Switch‐01 – Cont..
2‐ SwitchOS VLAN table Configuration:
VLAN 10
VLAN 40 Trunk port Trunk port
Step 6: Configure AP‐01 to provide WiFi for client’s
devices
1‐ Add bridge interface with disabled VLAN filtering & add ports to bridge:
/interface bridge
add name=bridge1 vlan‐filtering=no
2‐ Add VLAN99 as sub‐interface of bridge interface:
/interface vlan
add interface=bridge1 name=VLAN99 vlan‐id=99
3‐ Assign IP address to VLAN99:
/ip address
Step 6: Configure AP‐01 – Cont..
4‐ : Tagged VLAN 10, 20, 30, 40, 99
add bridge=bridge1 tagged=ether1,wlan1,bridge1 vlan‐ids=10,20,30,40,99
5‐ : Enable CAP client
/interface wireless cap
set bridge=bridge1 caps‐man‐addresses=192.168.99.1 caps‐man‐names=Core‐RB \
discovery‐interfaces=bridge1 enabled=yes interfaces=wlan1 static‐virtual=yes
6‐ : Other Settings
/ip dns set allow‐remote‐requests=yes servers=192.168.99.1

/ip route add distance=1 gateway=192.168.99.1
/system clock set time‐zone‐name=Asia/Phnom_Penh
/system identity set name=AP‐01
Show prepared LAB & Try it
WiFi Info:
SSID‐1: VLAN20
SSID‐2: VLAN30
Password: 12345678
Note:
VLAN20: 192.168.20.0/24
VLAN30: 192.168.30.0/24
Thank you!
Q & A
(I LOVE RouterBoard)

Vlan

Uploaded by

Copyright:

Available Formats

Vlan

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Vlan

Uploaded by

Copyright:

Available Formats

VLAN

10‐ Add CAPsMAN Configuration:

12‐ Enable CAPsMAN Manager:

VLAN 10 VLAN 20 Trunk port Trunk port

VLAN 10 VLAN 40 Trunk port Trunk port

VLAN 40 Trunk port Trunk port

/ip dns set allow‐remote‐requests=yes servers=192.168.99.1

You might also like