Új hozzászólás Aktív témák

• #25276 aujjobba addikt

  Új Válasz 2025-10-10 20:33:55 #25276

  Új hozzászólás

  Összes hozzászólása itt Válaszok az összes hozzászólására itt Válaszok erre a hozzászólásra

  Privát üzenet küldése

  

  aujjobba

  addikt

  Tudnatok segiteni? Valamit nem latok de nem ertem teljesen mi a gond.
  Az L009 utan van bekotve a hAP, es elozoben felregisztralva a hAP wifi interfeszei capsman-nal.

  Az otlet ket VLAN, a 20-as lenne az IoT, a 10-es a trusted.

  Wifin mar tokjol mukodik, ugyanaz az SSID, de ha az egyik jelszoval csatlakozok 10-es VLAN-t kapok, annak megfelelo cimtartomanybol jovo IP-vel (10.0.10.0/24), ha a masikkal akkor a 20-as lesz aktiv (10.0.20.0/24), es a tuzfal szabaly is mukodik, hogy a 20-as ne lasson at a 10-esbe.

  A hAP-ra ha kabellel csatlakozok ott is jo, akkor mindig 10-est kapok, igy okes.

  En azt szeretnem, hogy ha az L009-re csatlakozok barhol kabelen, ott is 10-est kapjak.
  De nem onnan kapok, hanem a 192.168.0.0/24-bol.
  Emiatt megprobaltam ott is bekonfigolni a VLAN-okat, de amint bekapcsolom a vlan filtering-et a hAP elerhetetlen lesz, kiveve Wifi-n, ott felcsatlakozik a kliens de nem kap IP-t.
  A hAP maga az L009 szerint kap IP-t (192.168.0.30).

  HGW -> (eth1)L009(eth8) -> (eth1)hAP

  L009:
  /interface bridge
add name=LAN-bridge
/interface vlan
add interface=LAN-bridge name=VLAN-IoT vlan-id=20
add interface=LAN-bridge name=VLAN-Trusted vlan-id=10
/interface wifi channel
add disabled=no name=WIFI-channel
/interface wifi datapath
add disabled=no name=WIFI-datapath
/interface wifi security
add authentication-types=wpa2-psk disabled=no encryption="" multi-passphrase-group=WIFI-passphrase name=WIFI-security
/interface wifi configuration
add channel=WIFI-channel country=Hungary datapath=WIFI-datapath datapath.bridge=LAN-bridge disabled=no hide-ssid=no installation=indoor mode=ap name=WIFI-config security=WIFI-security ssid=Mikrotik
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=LAN-dhcp-pool ranges=192.168.10.1-192.168.10.32
add name=Trusted-dhcp-pool ranges=10.0.10.2-10.0.10.254
add name=IoT-dhcp-pool ranges=10.0.20.2-10.0.20.254
/ip dhcp-server
add address-pool=LAN-dhcp-pool interface=LAN-bridge name=LAN-dhcp
add address-pool=Trusted-dhcp-pool interface=VLAN-Trusted name=Trusted-dhcp
add address-pool=IoT-dhcp-pool interface=VLAN-IoT name=IoT-dhcp
/port
set 0 name=serial0
/caps-man manager
set ca-certificate=auto certificate=auto
/interface bridge port
add bridge=LAN-bridge interface=ether2 pvid=10
add bridge=LAN-bridge interface=ether3 pvid=10
add bridge=LAN-bridge interface=ether4 pvid=10
add bridge=LAN-bridge interface=ether5 pvid=10
add bridge=LAN-bridge interface=ether6 pvid=10
add bridge=LAN-bridge interface=ether7 pvid=10
add bridge=LAN-bridge interface=ether8
/interface wifi capsman
set ca-certificate=auto certificate=auto enabled=yes interfaces=LAN-bridge package-path="" require-peer-certificate=no upgrade-policy=none
/interface wifi provisioning
add action=create-dynamic-enabled disabled=no master-configuration=WIFI-config
/interface wifi security multi-passphrase
add comment="Passphrase for IoT, VLAN-20" disabled=no group=WIFI-passphrase vlan-id=20
add comment="Passphrase for trusted" disabled=no group=WIFI-passphrase vlan-id=10
/ip address
add address=192.168.10.1/24 comment=bridge-IP interface=LAN-bridge network=192.168.10.0
add address=10.0.20.1/24 interface=VLAN-IoT network=10.0.20.0
add address=10.0.10.1/24 interface=VLAN-Trusted network=10.0.10.0
/ip dhcp-client
add interface=ether1
/ip dhcp-server lease
add address=192.168.10.30 client-id=1:f4:1e:57:e2:6e:6e mac-address=F4:1E:57:E2:6E:6E server=LAN-dhcp
/ip dhcp-server network
add address=10.0.10.0/24 gateway=10.0.10.1
add address=10.0.20.0/24 gateway=10.0.20.1
add address=192.168.10.0/24 gateway=192.168.10.1
/ip dns
set allow-remote-requests=yes
/ip firewall filter
add action=drop chain=forward in-interface=VLAN-IoT log=yes log-prefix=xvlan out-interface=VLAN-Trusted
add action=drop chain=forward disabled=yes in-interface=VLAN-IoT out-interface=LAN-bridge
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
/system clock
set time-zone-name=Europe/Budapest
/system routerboard settings
set enter-setup-on=delete-key

  hAP ax2:
  /interface bridge
add name=LAN-bridge vlan-filtering=yes
/interface wifi
# managed by CAPsMAN 04:F4:1C:01:BC:72%LAN-bridge, traffic processing on CAP
# mode: AP, SSID: Mikrotik, channel: 5500/ax/Ceee/D
set [ find default-name=wifi1 ] configuration.manager=capsman .mode=ap datapath.bridge=LAN-bridge disabled=no
# managed by CAPsMAN 04:F4:1C:01:BC:72%LAN-bridge, traffic processing on CAP
# mode: AP, SSID: Mikrotik, channel: 2467/ax/eC
set [ find default-name=wifi2 ] configuration.manager=capsman .mode=ap datapath.bridge=LAN-bridge disabled=no
/interface bridge port
add bridge=LAN-bridge frame-types=admit-only-untagged-and-priority-tagged interface=ether2 pvid=10
add bridge=LAN-bridge frame-types=admit-only-untagged-and-priority-tagged interface=ether3 pvid=10
add bridge=LAN-bridge frame-types=admit-only-untagged-and-priority-tagged interface=ether4 pvid=10
add bridge=LAN-bridge interface=ether1
add bridge=LAN-bridge frame-types=admit-only-untagged-and-priority-tagged interface=ether5 pvid=10
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface bridge vlan
add bridge=LAN-bridge comment="Trusted VLAN" tagged=ether1 untagged=ether2,ether3,ether4,ether5 vlan-ids=10
add bridge=LAN-bridge comment="IoT VLAN" tagged=ether1 untagged=ether3,ether2,ether4,ether5 vlan-ids=20
/interface wifi cap
set certificate=request discovery-interfaces=LAN-bridge enabled=yes
/ip dhcp-client
add interface=LAN-bridge
/system clock
set time-zone-name=Europe/Budapest
/system identity
set name="hAP ax2"

Új hozzászólás Aktív témák