You are on page 1of 9

Creating Wireless VLANS

Introduction

It is very common practice to isolate group of users in a network using VLANs. In wired Networks we use lot of Trunk links to carry and extend VLANs from one switch to the other. Sometimes it becomes necessary to plan redundant parallel network links for these trunk links. Now building a trunk link using wi-fi network is little tricky.

Let us assume the Scenario as following.

  • A network is having three VLANs with IDs -10,20,30

  • A HauteSpot P2P link is being configured as trunk for carrying these three VLANs.

  • Eth1 of the wireless routers are connected to the switches.

Creating Wireless VLANS Introduction It is very common practice to isolate group of users in a
Creating Wireless VLANS Introduction It is very common practice to isolate group of users in a

A. Create VLAN interfaces for your vlans

You need to create as many VLAN interfaces as the total no. of VLANs being forwarded through the trunk link. Here in this example I have maintained symmetry between VLAN ID and the name of the corresponding VLAN interface.

/interface vlan add arp=enabled comment="" disabled=no interface=ether1 mtu=1500 name=vlan10 \

vlan-id=10

add arp=enabled comment="" disabled=no interface=ether1 mtu=1500 name=vlan20 \

vlan-id=20

add arp=enabled comment="" disabled=no interface=ether1 mtu=1500 name=vlan30 \

vlan-id=30

A. Create VLAN interfaces for your vlans You need to create as many VLAN interfaces as

B. Create bridges - one per vlan

One has to create as many bridges as the number of the vlan interfaces. This will run isolated Spanning Tree instances for the individual VLANs.

/interface bridge add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes \ comment="" disabled=no forward-delay=15s max-message-age=20s mtu=1500 \ name=bridge_VLAN_10 priority=0x8000 protocol-mode=stp \

transmit-hold-count=6

add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes \ comment="" disabled=no forward-delay=15s max-message-age=20s mtu=1500 \ name=bridge_VLAN_20 priority=0x8000 protocol-mode=stp \

transmit-hold-count=6

add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes \ comment="" disabled=no forward-delay=15s max-message-age=20s mtu=1500 \ name=bridge_VLAN_30 priority=0x8000 protocol-mode=stp \

transmit-hold-count=6

B. Create bridges - one per vlan One has to create as many bridges as the

C. Add vlan interfaces to the corresponding bridge

After the creation of the bridges, vlan interfaces need to be assigned to the corresponding bridges. This is to note that no primary interface like ether1 or wlan1 is assigned to the bridges. If this is done by mistake, the whole system might stop forrwarding frames.

/interface bridge port add bridge=bridge_VLAN_10 comment="" disabled=no edge=auto external-fdb=auto \ horizon=none interface=vlan10 path-cost=10 point-to-point=auto priority=\

0x80

add bridge=bridge_VLAN_20 comment="" disabled=no edge=auto external-fdb=auto \ horizon=none interface=vlan20 path-cost=10 point-to-point=auto priority=\

0x80

add bridge=bridge_VLAN_30 comment="" disabled=no edge=auto external-fdb=auto \ horizon=none interface=vlan30 path-cost=10 point-to-point=auto priority=\

0x80

D. Create Virtual APs - one per vlan

D. Create Virtual APs - one per vlan

  • The Primary interface, wlan1 in this case will be in ap-bride mode and will not have any SSID associated with it.

  • The virtual APs will have hidden SSIDs. While creating virtual APs put 00:00:00:00:00:00 as MAC address. RouterOS will dynamically assign a MAC address to these.

  • In VAPs enable WDS in dynamic mode and select the corresponding VLAN bridge created earlier.

/interface wireless set 0 ack-timeout=dynamic adaptive-noise-immunity=none allow-sharedkey=no \ antenna-gain=0 antenna-mode=ant-a area="" arp=enabled band=2.4ghz-b \ basic-rates-a/g=6Mbps basic-rates-b=1Mbps burst-time=disabled comment="" \ compression=no country=no_country_set default-ap-tx-limit=0 \ default-authentication=yes default-client-tx-limit=0 default-forwarding=\ yes dfs-mode=none disable-running-check=no disabled=no \ disconnect-timeout=3s frame-lifetime=0 frequency=2412 frequency-mode=\ manual-txpower hide-ssid=no hw-retries=4 mac-address=00:80:48:60:6B:91 \ max-station-count=2007 mode=ap-bridge mtu=1500 name=wlan1 \ noise-floor-threshold=default on-fail-retry-time=100ms \ periodic-calibration=default periodic-calibration-interval=60 \ preamble-mode=both proprietary-extensions=post-2.9.25 radio-name=\ 008048606B91 rate-set=default scan-list=default security-profile=default \ ssid="" station-bridge-clone-mac=00:00:00:00:00:00 supported-rates-a/g=\ 6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps supported-rates-b=\ 1Mbps,2Mbps,5.5Mbps,11Mbps tx-power-mode=default update-stats-interval=\ disabled wds-cost-range=50-150 wds-default-bridge=none wds-default-cost=\ 100 wds-ignore-ssid=no wds-mode=disabled wmm-support=disabled

 The virtual APs will have hidden SSIDs. While creating virtual APs put 00:00:00:00:00:00 as MAC
Here in this example we have created three virtual APS associated with three different bridges through

Here in this example we have created three virtual APS associated with three different bridges through three separate WDS.

add area="" arp=enabled comment="" default-ap-tx-limit=0 \ default-authentication=yes default-client-tx-limit=0 default-forwarding=\ yes disable-running-check=no disabled=no hide-ssid=yes mac-address=\ 02:80:48:60:6B:91 master-interface=wlan1 max-station-count=2007 mtu=1500 \ name=wlan_VAP_10 proprietary-extensions=post-2.9.25 security-profile=\ default ssid=CISCO_V_10 update-stats-interval=disabled wds-cost-range=0 \ wds-default-bridge=bridge_VLAN_10 wds-default-cost=0 wds-ignore-ssid=no \ wds-mode=dynamic wmm-support=disabled add area="" arp=enabled comment="" default-ap-tx-limit=0 \ default-authentication=yes default-client-tx-limit=0 default-forwarding=\

yes disable-running-check=no disabled=no hide-ssid=yes mac-address=\ 02:80:48:60:6B:92 master-interface=wlan1 max-station-count=2007 mtu=1500 \ name=wlan_VAP_20 proprietary-extensions=post-2.9.25 security-profile=\ default ssid=CISCO_V_20 update-stats-interval=disabled wds-cost-range=0 \ wds-default-bridge=bridge_VLAN_20 wds-default-cost=0 wds-ignore-ssid=no \ wds-mode=dynamic wmm-support=disabled add area="" arp=enabled comment="" default-ap-tx-limit=0 \ default-authentication=yes default-client-tx-limit=0 default-forwarding=\

yes disable-running-check=no disabled=no hide-ssid=yes mac-address=\ 02:80:48:60:6B:93 master-interface=wlan1 max-station-count=2007 mtu=1500 \ name=wlan_VAP_30 proprietary-extensions=post-2.9.25 security-profile=\ default ssid=CISCO_V_30 update-stats-interval=disabled wds-cost-range=0 \ wds-default-bridge=bridge_VLAN_30 wds-default-cost=0 wds-ignore-ssid=no \ wds-mode=dynamic wmm-support=disabled

VAP General TAB: Assign a meaningful name to the Virtual AP.

VAP General TAB: Assign a meaningful name to the Virtual AP. VAP Wireless TAB: Create a

VAP Wireless TAB: Create a meaningful SSID. It is advisable to hide SSID.

VAP General TAB: Assign a meaningful name to the Virtual AP. VAP Wireless TAB: Create a

VAP WDS TAB: Turn on WDS in Dynamic mode and select the appropriate bridge.

VAP WDS TAB: Turn on WDS in Dynamic mode and select the appropriate bridge. Limitations

Limitations

  • The Aggregate Throughput of the trunk link will never be more that 22-23 Mbps using 802.11 or TLP in a 20MHz channel width without MIMO.

  • Since one can create up to 128 Virtual APs, the total number of VLANs that this wireless link would be able to carry is 128 at maximum.

  • This trunking will only work with 802.1q protocol. It is incompatible with ISL.

Questions and Answers

1. What about the AP configuration at the other end ? Is this article incomplete?

Since this is an end-to-end L-2 Set-up, both the APs would have identical configuration. Just get an export of the first AP and apply that on the second AP. Yes, it is that simple. The configuration is not incomplete. It does not have an IP address because this does not require one. Just following the steps described in this article, people were able to commission wireless trunks successfully.

2. Can this be used in point to multipoint?

Yes, if you put the remote ends into Station WDS mode. Doing this would allow each remote station to have its own VLAN.

Alternatively you could use AP mode on each station, but the licenses of your stations need to support this. WRAPSTATION model equipment cannot be used in this way.