Scenario:
This example will show how to configure VLANs on a Ubiquiti Tough Switch using a MikroTik Router. On the MikroTik Router ether1 is configured as the gateway whilst ether5 is a trunk port with three vlans (1, 5 and 6). The Ubiquiti Tough Switch is configured with ether1 as a trunk port. ether2 is configured with vlan-id 5 and ether3 with vlan-id 6.
MikroTik Configuration Example:
/interface vlan
add interface=ether5 name=vl-5-ether5 vlan-id=5
add interface=ether5 name=vl-6-ether5 vlan-id=6
add interface=ether5 name=vl-1-ether5 vlan-id=1
/ip pool
add name=dhcp_pool1 ranges=192.168.1.2-192.168.1.254
add name=dhcp_pool2 ranges=192.168.5.2-192.168.5.254
add name=dhcp_pool3 ranges=192.168.6.2-192.168.6.254
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=vl-1-ether5 name=dhcp1
add address-pool=dhcp_pool2 disabled=no interface=vl-5-ether5 name=dhcp2
add address-pool=dhcp_pool3 disabled=no interface=vl-6-ether5 name=dhcp3
/ip address
add address=192.168.5.1/24 interface=vl-5-ether5
add address=192.168.6.1/24 interface=vl-6-ether5
add address=192.168.1.1/24 interface=vl-1-ether5
/ip dhcp-client
add disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=192.168.1.1 gateway=192.168.1.1
add address=192.168.5.0/24 dns-server=192.168.5.1 gateway=192.168.5.1
add address=192.168.6.0/24 dns-server=192.168.6.1 gateway=192.168.6.1
/ip dns
set allow-remote-requests=yes
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
/ip neighbor discovery
set vl-5-ether5 disabled=yes
set vl-6-ether5 disabled=yes
set vl-1-ether5 disabled=yes
Create VLANs 5 and 6 on the Ubiquiti Tough Switch.
Configure Port 1 as a Trunk Port:
Tag vlan1, vlan5 and vlan6 traffic.
Configure Port 2 as an Access Port for vlan5:
Untag Port 2 traffic. This will untag/strip Port 2 ingress traffic of any vlan-id (traffic destined out Port 2 to the local lan). All egress traffic will be tagged with vlan-id 5 (traffic originating from port 2 destined for another network).
Exclude vlan1 and vlan6 traffic.
Configure Port 3 as an Access Port for vlan6:
Untag Port 3 traffic. This will untag/strip Port 3 ingress traffic of any vlan-id (traffic destined out Port 3 to the local lan). All egress traffic will be tagged with vlan-id 6 (traffic originating from port 3 destined for another network).
Exclude vlan1 and vlan5 traffic.
hi, thanks for the tutorial. in my network, port 2 and port 3 connected to airgrids. when i connect from port 2, i cannot see my airgrids on port 3. is there anything i can do so i can see my airgrid on the other network?
ReplyDeleteHi, are you able to ping the other way from port 3 to port 2 or can you not see either way?
ReplyDeletei can't see either way. what can i do to ping my airgrid on the other port?
Deletethanks very much.. good reference. 3 vlans on my unifi at home, bout time I tested unifi, toughy and mikrotik all holding hands. now for some L7 P2P identification and load balancing
ReplyDelete