![[HaBo]](/styles/default/logoklein.png){kind=small}
Guten Tag,
da ich gerade dabei bin mehrere Vlans einzurichten (habe endlich Zeit gefunden), ist eine Frage aufgetaucht:
Bei MikroTik gibt es ja generell zwei Methoden Vlans aufzusetzen (eine bei Switch, die andere bei Interfaces), für mich kommt nur Lösung 2 in Frage, da meine Geräte aus mehreren Switch-CPUs bestehen.
Nun zum meinem Vorhaben:
Ich möchte zwei (vlt. auch 3) VLANs einrichten:
-ein Heimnetzt-VLAN mit Servern, PCs etc.
-ein Gäste-VLAN nur Internetzugang
(-ein Telefon VLAN, wir derzeit noch nicht benötigt)
Nur will es nicht klappen, das ist EINER meiner Versuche:
(Die sog. Bridge ist dabei ein Switch+WAP, was aber klar sein sollte)
Hier die Einstellungen auf dem Router:
Und hier die auf der Bridge:
Alle Pws, etc. sind geändern, bzw. durch "..." ersetzt!
Hoffe ihr könnt mir helfen, wenn ihr eine Netzwerk Skizze braucht sagt bescheid, schonmal Danke
da ich gerade dabei bin mehrere Vlans einzurichten (habe endlich Zeit gefunden), ist eine Frage aufgetaucht:
Bei MikroTik gibt es ja generell zwei Methoden Vlans aufzusetzen (eine bei Switch, die andere bei Interfaces), für mich kommt nur Lösung 2 in Frage, da meine Geräte aus mehreren Switch-CPUs bestehen.
Nun zum meinem Vorhaben:
Ich möchte zwei (vlt. auch 3) VLANs einrichten:
-ein Heimnetzt-VLAN mit Servern, PCs etc.
-ein Gäste-VLAN nur Internetzugang
(-ein Telefon VLAN, wir derzeit noch nicht benötigt)
Nur will es nicht klappen, das ist EINER meiner Versuche:
(Die sog. Bridge ist dabei ein Switch+WAP, was aber klar sein sollte)
Hier die Einstellungen auf dem Router:
Code:
# aug/22/2014 13:49:45 by RouterOS 6.18
# software id =
#
/interface bridge
add comment=Heimnetz l2mtu=1594 name=br-vlan10
add comment=Besucher l2mtu=1594 name=br-vlan20
/interface ethernet
set [ find default-name=ether1 ] comment=WAN
set [ find default-name=ether2 ] comment=\
"LAN - Master - All ports are switched together off ether2"
set [ find default-name=ether3 ] comment=Trunk
set [ find default-name=ether4 ] master-port=ether2
set [ find default-name=ether5 ] master-port=ether2
set [ find default-name=ether6 ] comment=\
"LAN - Master2 - All ports are switched together off ether2"
set [ find default-name=ether7 ] master-port=ether6
set [ find default-name=ether8 ] master-port=ether6
set [ find default-name=ether9 ] master-port=ether6
set [ find default-name=ether10 ] master-port=ether6
set [ find default-name=sfp1 ] comment=\
"Standalone SFP Modul - no configuration"
/ip neighbor discovery
set ether1 comment=WAN
set ether2 comment=\
"LAN - Master - All ports are switched together off ether2"
set ether3 comment=Trunk
set ether6 comment=\
"LAN - Master2 - All ports are switched together off ether2"
set sfp1 comment="Standalone SFP Modul - no configuration"
set br-vlan10 comment=Heimnetz
set br-vlan20 comment=Besucher
/interface vlan
add interface=ether3 l2mtu=1594 name=vlan-10 vlan-id=10
add interface=ether3 l2mtu=1594 name=vlan-20 vlan-id=20
/ip pool
add name=dhcp_pool1 ranges=192.168.1.2-192.168.1.254
add name=dhcp_pool2 ranges=192.168.178.2-192.168.178.254
add name=dhcp_pool3 ranges=192.168.178.2-192.168.178.254
add name=dhcp_pool4 ranges=192.168.1.2-192.168.1.254 #Kommentar von mir: dhcp_pools waren Tests
/ip dhcp-server
add address-pool=dhcp_pool3 disabled=no interface=br-vlan10 lease-time=4d \
name=dhcp1
add address-pool=dhcp_pool4 disabled=no interface=br-vlan20 lease-time=1d \
name=dhcp2
/port
set 0 name=serial0
/queue type
add kind=pcq name=PCQ_download pcq-classifier=dst-address \
pcq-dst-address6-mask=64 pcq-src-address6-mask=64
add kind=pcq name=PCQ_upload pcq-classifier=src-address \
pcq-dst-address6-mask=64 pcq-src-address6-mask=64
/queue tree
add name=PCQ_download packet-mark=client_download parent=global queue=\
PCQ_download
add name=PCQ_upload packet-mark=client_upload parent=global queue=PCQ_upload
/interface bridge port
add bridge=br-vlan10 interface=vlan-10
add bridge=br-vlan20 comment=Besucher interface=vlan-20
add bridge=br-vlan10 comment=Heimnetz interface=ether2
add bridge=br-vlan10 interface=ether6
/interface bridge settings
set use-ip-firewall=yes use-ip-firewall-for-vlan=yes
/ip address
add address=192.168.178.1/24 comment="LAN IP Subnet" network=192.168.178.0
/ip arp
add address=192.168.178.1 interface=br-vlan10
add address=192.168.1.1 interface=br-vlan20
/ip dhcp-client
add default-route-distance=0 dhcp-options=hostname,clientid disabled=no \
interface=ether1
/ip dhcp-server lease
...
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=8.8.8.8,83.169.184.161 gateway=\
192.168.1.1
add address=192.168.178.0/24 dns-server=8.8.8.8,83.169.184.161 gateway=\
192.168.178.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip dns static
add address=8.8.8.8 comment="Google DNS" disabled=yes name=Google
/ip firewall address-list
...
/ip firewall filter
...
/ip firewall mangle
add action=mark-packet chain=prerouting comment="All Upload" in-interface=\
ether1 new-packet-mark=client_upload
add action=mark-packet chain=prerouting comment="All Download" in-interface=\
*C new-packet-mark=client_download
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
/ip proxy
set max-client-connections=12 max-server-connections=12
/ip service
set ftp disabled=yes
set www disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip upnp
set allow-disable-external-interface=no
/lcd
set backlight-timeout=5m read-only-mode=yes
/system clock
set time-zone-name=Europe/Amsterdam
/system identity
set name=MikroTik-Router
/system note
set note="\
\nWelcome to MikroTik-Router \
\n\
\nUptime: 00:16:41\
\nCPU: 6%\
\nRAM: 19828/131072M\
\nVoltage: 24 V\
\nTemp: 28 C\
\n"
/system ntp client
set enabled=yes primary-ntp=50.22.155.163 secondary-ntp=91.64.230.196
/system scheduler
add interval=1m name=Message_of_the_day policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive start-time=\
startup
/system script
add name=Message_of_the_day policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive source=":local \
logcontent \"\"\r\
\n\r\
\n# zeige die Identit\E4t des Routers\r\
\n:set logcontent \"\\nWelcome to \$[/system identity get name] \\n\\n\"\r\
\n\r\
\n# Uptime\r\
\n:set logcontent (\$logcontent . \"Uptime: \$[/system resource get uptime\
]\\n\")\r\
\n\r\
\n# CPU\r\
\n:set logcontent (\$logcontent . \"CPU: \$[/system resource get cpu-load]\
%\\n\")\r\
\n\r\
\n# RAM\r\
\n:set logcontent (\$logcontent . \"RAM: \$(([/system resource get total-m\
emory]-[/system resource get free-memory])/1024)/\$([/system resource get \
total-memory]/1024)M\\n\")\r\
\n\r\
\n# Voltage\r\
\n:set logcontent (\$logcontent . \"Voltage: \$[:pick [/system health get \
voltage] 0 2] V\\n\")\r\
\n\r\
\n# Temperature\r\
\n:set logcontent (\$logcontent . \"Temp: \$[ /system health get temperatu\
re] C\\n\")\r\
\n\r\
\n/system note set note=\"\$logcontent\""
Code:
# aug/22/2014 07:25:12 by RouterOS 6.18
# software id =
#
/interface bridge
add comment=Heimnetz l2mtu=1594 name=br-vlan10
add comment=Besucher l2mtu=1594 name=br-vlan20
/interface ethernet
set [ find default-name=ether1 ] comment=Trunk
set [ find default-name=ether2 ] comment=\
"All Ports are switched together on ether 2"
set [ find default-name=ether3 ] master-port=ether2
set [ find default-name=ether4 ] master-port=ether2
set [ find default-name=ether5 ] master-port=ether2
set [ find default-name=ether6 ] comment=\
"All ports are switched together on ether6"
set [ find default-name=ether7 ] master-port=ether6
set [ find default-name=ether8 ] master-port=ether6
set [ find default-name=ether9 ] master-port=ether6
set [ find default-name=ether10 ] master-port=ether6
set [ find default-name=sfp1 ] comment="SFP Interface - no configuration"
/ip neighbor discovery
set ether1 comment=Trunk
set ether2 comment="All Ports are switched together on ether 2"
set ether6 comment="All ports are switched together on ether6"
set sfp1 comment="SFP Interface - no configuration"
set br-vlan10 comment=Heimnetz
set br-vlan20 comment=Besucher
/interface vlan
add comment=Heimnetz interface=ether1 l2mtu=1594 name=vlan-10 vlan-id=10
add comment=Besucher interface=ether1 l2mtu=1594 name=vlan-20 vlan-id=20
/ip neighbor discovery
set vlan-10 comment=Heimnetz
set vlan-20 comment=Besucher
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys \
supplicant-identity=MikroTik wpa-pre-shared-key=\
r6OFlAZ8wQyXgL5lLBKlQaFq5Ex0GPtzu1uARKQ812vtPKDLRtquUzAgRoXyn8lI \
wpa2-pre-shared-key=\
r6OFlAZ8wQyXgL5lLBKlQaFq5Ex0GPtzu1uARKQ812vtPKDLRtquUzAgRoXyn8lI
add authentication-types=wpa2-psk eap-methods="" management-protection=\
allowed mode=dynamic-keys name=WPA2-Home supplicant-identity="" \
wpa-pre-shared-key=1234 wpa2-pre-shared-key=1234
add authentication-types=wpa2-psk eap-methods="" management-protection=\
allowed mode=dynamic-keys name=WPA2-Besucher supplicant-identity="" \
wpa-pre-shared-key=1234 wpa2-pre-shared-key=1234
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n comment=\
"Home-Wlan and Master" country=germany default-authentication=no \
dfs-mode=no-radar-detect disabled=no frequency=2427 l2mtu=2290 mode=\
ap-bridge name=Master-Wlan+Home nv2-cell-radius=10 nv2-preshared-key=\
RRusQKahYh3lBIVbUek2fYHgkU1VeL30IcTAzYalN72SOwP2VJQ8vpsMPm152pdC \
nv2-security=enabled security-profile=WPA2-Home ssid=MikroTik-Home-AP \
wireless-protocol=802.11
/interface wireless manual-tx-power-table
set Master-Wlan+Home comment="Home-Wlan and Master"
/ip neighbor discovery
set Master-Wlan+Home comment="Home-Wlan and Master"
/interface wireless nstreme
set Master-Wlan+Home comment="Home-Wlan and Master"
/interface wireless
add comment="Wlan Besucher (Vlan NUR Inet)" default-authentication=no \
disabled=no l2mtu=2290 mac-address=02:0C:42:B2:7D:65 master-interface=\
Master-Wlan+Home name=Besucher-Wlan security-profile=WPA2-Besucher ssid=\
MikroTik-Besucher-AP wds-cost-range=0 wds-default-cost=0
/interface wireless manual-tx-power-table
set Besucher-Wlan comment="Wlan Besucher (Vlan NUR Inet)"
/ip neighbor discovery
set Besucher-Wlan comment="Wlan Besucher (Vlan NUR Inet)"
/interface wireless nstreme
set *10 comment="Wlan Besucher (Vlan NUR Inet)"
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des
/ip pool
add name=dhcp_pool1 ranges=192.168.178.2-192.168.178.254
/port
set 0 name=serial0
/interface bridge filter
add action=drop chain=input disabled=yes dst-port=68 in-interface=ether1 \
ip-protocol=udp mac-protocol=ip
/interface bridge port
add bridge=br-vlan10 interface=vlan-10
add bridge=br-vlan20 interface=vlan-20
add bridge=br-vlan10 interface=ether2
add bridge=br-vlan10 interface=ether6
add bridge=br-vlan10 comment=Heimnetz interface=Master-Wlan+Home
add bridge=br-vlan20 comment=Besucher interface=Besucher-Wlan
/interface wireless access-list
...
/ip dhcp-client
add default-route-distance=0 dhcp-options=clientid,hostname disabled=no \
interface=br-vlan10
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
/ip hotspot service-port
set ftp ports=22
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh port=222
set api disabled=yes
set api-ssl disabled=yes
/ip upnp
set enabled=yes
/lcd
set backlight-timeout=5m read-only-mode=yes
/system clock
set time-zone-name=Europe/Berlin
/system identity
set name=MikroTik-Wlan
/system logging
add disabled=yes topics=ipsec
add action=remote disabled=yes topics=!ups
/system note
set note="\
\nWelcome to MikroTik-Wlan \
\n\
\nUptime: 00:13:26\
\nCPU: 0%\
\nRAM: 21840/131072M\
\nVoltage: 24 V\
\nTemp: 33 C\
\n"
/system ntp client
set enabled=yes primary-ntp=193.2.78.228 secondary-ntp=129.70.132.32
/system scheduler
add interval=1m name=Message_of_the_day on-event=Message_of_the_day policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive start-time=\
startup
/system script
add name=Message_of_the_day policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive source=":local \
logcontent \"\"\r\
\n\r\
\n# zeige die Identit\E4t des Routers\r\
\n:set logcontent \"\\nWelcome to \$[/system identity get name] \\n\\n\"\r\
\n\r\
\n# Uptime\r\
\n:set logcontent (\$logcontent . \"Uptime: \$[/system resource get uptime\
]\\n\")\r\
\n\r\
\n# CPU\r\
\n:set logcontent (\$logcontent . \"CPU: \$[/system resource get cpu-load]\
%\\n\")\r\
\n\r\
\n# RAM\r\
\n:set logcontent (\$logcontent . \"RAM: \$(([/system resource get total-m\
emory]-[/system resource get free-memory])/1024)/\$([/system resource get \
total-memory]/1024)M\\n\")\r\
\n\r\
\n# Voltage\r\
\n:set logcontent (\$logcontent . \"Voltage: \$[:pick [/system health get \
voltage] 0 2] V\\n\")\r\
\n\r\
\n# Temperature\r\
\n:set logcontent (\$logcontent . \"Temp: \$[ /system health get temperatu\
re] C\\n\")\r\
\n\r\
\n/system note set note=\"\$logcontent\""
...
/tool bandwidth-server
set enabled=noAlle Pws, etc. sind geändern, bzw. durch "..." ersetzt!
Hoffe ihr könnt mir helfen, wenn ihr eine Netzwerk Skizze braucht sagt bescheid, schonmal Danke
Zuletzt bearbeitet: