Our best practice, where permitted, is to keep access points as untouched as possible, working the VLANs on the management switches. This develop a better/centralized net control to us. However this time the location was linked to the rest of the infrastructure by a non-management switch.
The "Port 40" is just where the trunk from the unlucky zone, ends on the management switch.
So, since the NON-management switch could not collaborate with us, we are forced to tag the VLAN traffic on the AP itself.
In this article we will start from the default Mikrotik configuration up to achieve our new Bridge for the new VLAN. The only stuff we have already configured, is the switch port (in our case the number 40) marked as tagged with VID 6. Im obviously referring to the management switch.
note: I assume you already have a server for this VLAN (dhcp server and so on ..)otherwise: http://www.cyberciti.biz/tips/howto-configure-linux-virtual-local-area-network-vlan.html
Let's start opening winbox which allow us to connect the mikrotik through the proper mac address, avoiding lost of connection playing around bridge, VLANs ..
~$ wine winbox.exe
Create the new VLAN interface which will be tied to the master-local port on the router
Why master-local port?
The master-local port on the routerboard is the collection of the slave ports, then i act on that to give the same address (vid 6) for both wireless and every wire connections
Once the VLAN interface is created, move to the "Bridge" tab and close the existing one (bridge-local), by clicking "disable" (the red "X")
.. i've forgot .. this VLAN is basically for guests, so the new bridge will be named "bridge-guest". Open "Bridge" tab and add that:
Move in the near tab "Ports". Double click on "master-local" and replace the "interface" field with the VLAN interface "guest" and the "bridge" field with the just bridge-guest
Configure "wlan1" interface replacing the field "bridge" from ''bridge_local'' to ''bridge_guest''; then go to "IP/DHCP Client". If everything goes ok, you will be able to get an ip address from your server on the other side. When on the tab, click on "+" and in the "Interface" field, choose "bridge-guest". Click ok and
thats all.
Nessun commento:
Posta un commento