Benutzer-Werkzeuge
knowledge_base:sonstiges:mikrotik_ros_vlans
Mikrotik RouterOS VLANs and Wifi
for hapax²
by Claude
Step-by-Step Setup 1. Plan Your VLANs
VLAN 10: Main network (192.168.10.0/24) VLAN 20: Guest WiFi (192.168.20.0/24) VLAN 30: IoT devices (192.168.30.0/24) - optional
2. Create VLAN Interfaces
/interface vlan add interface=bridge name=vlan10-main vlan-id=10 add interface=bridge name=vlan20-guest vlan-id=20 add interface=bridge name=vlan30-iot vlan-id=30
3. Configure Bridge VLAN Filtering First, enable VLAN filtering on your bridge:
/interface bridge set [find name=bridge] vlan-filtering=yes
Then set up VLAN membership:
/interface bridge vlan add bridge=bridge tagged=bridge,ether1 vlan-ids=10 add bridge=bridge tagged=bridge,ether1 vlan-ids=20 add bridge=bridge tagged=bridge,ether1 vlan-ids=30
4. Assign IP Addresses and DHCP
/ip address add address=192.168.10.1/24 interface=vlan10-main add address=192.168.20.1/24 interface=vlan20-guest add address=192.168.30.1/24 interface=vlan30-iot /ip pool add name=pool-main ranges=192.168.10.100-192.168.10.200 add name=pool-guest ranges=192.168.20.100-192.168.20.200 add name=pool-iot ranges=192.168.30.100-192.168.30.200 /ip dhcp-server add address-pool=pool-main interface=vlan10-main name=dhcp-main add address-pool=pool-guest interface=vlan20-guest name=dhcp-guest add address-pool=pool-iot interface=vlan30-iot name=dhcp-iot /ip dhcp-server network add address=192.168.10.0/24 gateway=192.168.10.1 dns-server=192.168.10.1 add address=192.168.20.0/24 gateway=192.168.20.1 dns-server=192.168.20.1 add address=192.168.30.0/24 gateway=192.168.30.1 dns-server=192.168.30.1
5. Configure WiFi Networks For the hAP ax2, you'll configure separate SSIDs:
/interface wifi # Main WiFi set wifi1 configuration.ssid="YourMainSSID" security.authentication-types=wpa2-psk,wpa3-psk security.passphrase="YourPassword" # Guest WiFi - add a virtual interface /interface wifi add master-interface=wifi1 name=guest-wifi configuration.ssid="GuestWiFi" security.authentication-types=wpa2-psk security.passphrase="GuestPassword"
6. Assign WiFi to VLANs
/interface bridge port set [find interface=wifi1] pvid=10 add bridge=bridge interface=guest-wifi pvid=20
7. Firewall Rules for Guest Isolation
/ip firewall filter # Allow guest to access internet only add chain=forward action=accept in-interface=vlan20-guest out-interface=ether1 comment="Guest to WAN" add chain=forward action=drop in-interface=vlan20-guest comment="Block guest from other VLANs" # Allow established/related connections add chain=forward action=accept connection-state=established,related # Optional: Block inter-VLAN access add chain=forward action=drop src-address=192.168.20.0/24 dst-address=192.168.10.0/24 add chain=forward action=drop src-address=192.168.20.0/24 dst-address=192.168.30.0/24
/app/www/public/data/pages/knowledge_base/sonstiges/mikrotik_ros_vlans.txt · Zuletzt geändert: von julian.lemmerich
Seiten-Werkzeuge
Falls nicht anders bezeichnet, ist der Inhalt dieses Wikis unter der folgenden Lizenz veröffentlicht: CC Attribution-Share Alike 4.0 International
