The Book

User Tools

Site Tools

Trace:
networking:mikrotik:wireless_vlan

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
networking:mikrotik:wireless_vlan [2019/11/27 06:57] adminnetworking:mikrotik:wireless_vlan [2020/02/27 06:49] (current) rplecko
Line 1: Line 1:
-===== Mikrotik wireless with dual band / dual SSID =====+===== Mikrotik wireless with dual band / dual SSID / multiple VLANs =====
  
-[[http://wiki.tuturutu.eu/lib/exe/detail.php?id=networking:mikrotik:wireless_vlan&media=networking:mikrotik:vlan_wlan.png|{{  :networking:mikrotik:vlan_wlan.png?1200  }}]]+[[http://wiki.tuturutu.eu/lib/exe/detail.php?id=networking:mikrotik:wireless_vlan&media=networking:mikrotik:vlan_wlan.png|{{  http://wiki.tuturutu.eu/lib/exe/fetch.php/networking/mikrotik/vlan_wlan.png?1200  }}]]
  
-The purpose of this example is to explain how to create dual SSID AP with separated traffic. How to transport the separated traffic to another device via VLAN-s and finaly how to disable trafic between VLAN-s but enable them both to access Internet. We are using two Mikrotik devices. First is "hEX S" (Router_1) which is connected to internet, and taking care of traffic separation, and second is "cAP ac" (AP_1) acting as dual band AP with separated private and public SSID.+The purpose of this example is to explain how to create dual SSID on dual band AP with separated traffic. How to transport the separated traffic to another device via VLAN-s and finaly how to disable trafic between VLAN-s but enable them both to access Internet. We are using two Mikrotik devices. First is "hEX S" (Router_1) which is connected to internet, and taking care of traffic separation, and second is "cAP ac" (AP_1) acting as dual band AP with separated private and public SSID.
  
 We will assume that you already have access to internet via ether4 on Router_1 whether using ADSL or a leased line. We will assume that you already have access to internet via ether4 on Router_1 whether using ADSL or a leased line.
  
 ==== Configuring Router_1 (hEX S) ==== ==== Configuring Router_1 (hEX S) ====
 +
 +{{:networking/mikrotik/router_1.rsc|router_1.rsc file}}
  
 1. Create neccessary bridges (**bridge_VLAN**, **bridge_priv_101** and **bridge pub_201**). 1. Create neccessary bridges (**bridge_VLAN**, **bridge_priv_101** and **bridge pub_201**).
Line 32: Line 34:
 </code> </code>
  
-4. Add trunk port to **bridge_VLAN**+4. Add trunk port (tagged) to **bridge_VLAN**
 <code> <code>
 /interface bridge /interface bridge
Line 38: Line 40:
 </code> </code>
  
-5. Add access port to **bridge_priv_101**+5. Add access port (untagged) to **bridge_priv_101**
 <code> <code>
 /interface bridge /interface bridge
Line 61: Line 63:
 add address=10.100.201.0/24 dns-server=8.8.8.8 gateway=10.100.201.254 add address=10.100.201.0/24 dns-server=8.8.8.8 gateway=10.100.201.254
 </code> </code>
-You can also do it by clicking <hi #ed1c24>DHCP setup</hi> button in Winbox (for both IP subnets)+ 
 +  You can also do it by clicking <hi #ed1c24>DHCP setup</hi> button in Winbox (for both IP subnets)
  
 8. Add firewall rule to prohibit public users to access private network. 8. Add firewall rule to prohibit public users to access private network.
Line 71: Line 74:
  
 ==== Configuring AP_1 (hAP ac) ==== ==== Configuring AP_1 (hAP ac) ====
 +
 +{{:networking/mikrotik/ap_1.rsc|ap_1.rsc file}}
  
 1. Create neccessary bridges (**bridge_VLAN**, **bridge_priv_101** and **bridge pub_201**). 1. Create neccessary bridges (**bridge_VLAN**, **bridge_priv_101** and **bridge pub_201**).
Line 103: Line 108:
 5. Add access port to **bridge_pub_201**. The purpose of this is to enable to connect a device (e.g. Smart TV) to the AP and restrict it to Internet only. 5. Add access port to **bridge_pub_201**. The purpose of this is to enable to connect a device (e.g. Smart TV) to the AP and restrict it to Internet only.
 <code> <code>
-interface bridge port add bridge=bridge_pub_201 interface=ether2+/interface bridge port 
 +add bridge=bridge_pub_201 interface=ether2
 </code> </code>
  
Line 130: Line 136:
 </code> </code>
  
-Now you have AP with two SSID (**Private** and **Public**) on both bands (2,4 and 5 GHz), for each of them separate security profiles are created (**profile*private** and **profile_public**) where the authentication passwords are stored (//private_pass//; //public_pass//). +Now you have AP with two SSID (**Private** and **Public**) on both bands (2,4 and 5 GHz), for each of them separate security profile is created (**profile_private** and **profile_public**) where the authentication passwords are stored (//private_pass//; //public_pass//). 
-Do not forget to change them !!! + 
-The traffic from both of them is transported through trunk port to **Router_1** vhere the DHCP server for each subnet is running. Traffic on private wireless is bridged to the **ethernet1** to which the rest of the wired network is connected. Firewall rule prohibits users connected to **Public** SSID to access private network. +<fc #ff0000>Do not forget to change them !!!</fc> 
 + 
 +The traffic from both of them is transported through trunk port to **Router_1** vhere the DHCP server for each subnet is running. Traffic on private wireless is bridged to the **ethernet1** to which the rest of the wired network is connected. Firewall rule prohibits users connected to **Public** SSID to access private network. 
networking/mikrotik/wireless_vlan.1574837877.txt.gz · Last modified: 2019/11/27 06:57 by admin