802.1Q TRUNK EXTENSION OVER WIRELESS P2P LINK


It is very common practice to isolate group of users in a network using VLANs. In wired 
Networks we use lot of Trunk links to carry and extend VLANs from one switch to the other. 
Sometimes it becomes necessary to plan redundant parallel network links for these trunk 
links. Now building a trunk link using wi-fi network is little tricky. 
Let us assume the Scenario as following. 
  • A network is having three VLANs with IDs -10,20,30
  • A Mikrotik P2P link is being configured as trunk for carrying these three VLANs.
  • Eth1 of the wireless routers are connected to the switches.








A. Create VLAN interfaces for your vlans

You need to create as many VLAN interfaces as the total no. of VLANs being forwarded through 
the trunk link. Here in this example I have maintained symmetry between VLAN ID and the name
of the corresponding VLAN interface. 
/interface vlan
add arp=enabled comment="" disabled=no interface=ether1 mtu=1500 name=vlan10 \
    vlan-id=10
add arp=enabled comment="" disabled=no interface=ether1 mtu=1500 name=vlan20 \
    vlan-id=20
add arp=enabled comment="" disabled=no interface=ether1 mtu=1500 name=vlan30 \
    vlan-id=30






B. Create bridges - one per vlan

One has to create as many bridges as the number of the vlan interfaces. This will run 
isolated Spanning Tree instances for the individual VLANs. 
/interface bridge
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes \
    comment="" disabled=no forward-delay=15s max-message-age=20s mtu=1500 \
    name=bridge_VLAN_10 priority=0x8000 protocol-mode=stp \
    transmit-hold-count=6
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes \
    comment="" disabled=no forward-delay=15s max-message-age=20s mtu=1500 \
    name=bridge_VLAN_20 priority=0x8000 protocol-mode=stp \
    transmit-hold-count=6
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes \
    comment="" disabled=no forward-delay=15s max-message-age=20s mtu=1500 \
    name=bridge_VLAN_30 priority=0x8000 protocol-mode=stp \
    transmit-hold-count=6








C. Add vlan interfaces to the corresponding bridge

After the creation of the bridges, vlan interfaces need to be assigned to the corresponding 
bridges. This is to note that no primary interface like ether1 or wlan1 is assigned to the 
bridges. If this is done by mistake, the whole system might stop forrwarding frames. 


/interface bridge port
add bridge=bridge_VLAN_10 comment="" disabled=no edge=auto external-fdb=auto \
    horizon=none interface=vlan10 path-cost=10 point-to-point=auto priority=\
    0x80
add bridge=bridge_VLAN_20 comment="" disabled=no edge=auto external-fdb=auto \
    horizon=none interface=vlan20 path-cost=10 point-to-point=auto priority=\
    0x80
add bridge=bridge_VLAN_30 comment="" disabled=no edge=auto external-fdb=auto \
    horizon=none interface=vlan30 path-cost=10 point-to-point=auto priority=\
    0x80




D. Create Virtual APs - one per vlan

  • The Primary interface, wlan1 in this case will be in ap-bride mode and will not have any
SSID associated with it. 
  • The virtual APs will have hidden SSIDs. While creating virtual APs put 00:00:00:00:00:00
as MAC address. RouterOS will dynamically assign a MAC address to these. 
  • In VAPs enable WDS in dynamic mode and select the corresponding VLAN bridge created
earlier. 
/interface wireless
set 0 ack-timeout=dynamic adaptive-noise-immunity=none allow-sharedkey=no \
    antenna-gain=0 antenna-mode=ant-a area="" arp=enabled band=2.4ghz-b \
    basic-rates-a/g=6Mbps basic-rates-b=1Mbps burst-time=disabled comment="" \
    compression=no country=no_country_set default-ap-tx-limit=0 \
    default-authentication=yes default-client-tx-limit=0 default-forwarding=\
    yes dfs-mode=none disable-running-check=no disabled=no \
    disconnect-timeout=3s frame-lifetime=0 frequency=2412 frequency-mode=\
    manual-txpower hide-ssid=no hw-retries=4 mac-address=00:80:48:60:6B:91 \
    max-station-count=2007 mode=ap-bridge mtu=1500 name=wlan1 \
    noise-floor-threshold=default on-fail-retry-time=100ms \
    periodic-calibration=default periodic-calibration-interval=60 \
    preamble-mode=both proprietary-extensions=post-2.9.25 radio-name=\
    008048606B91 rate-set=default scan-list=default security-profile=default \
    ssid="" station-bridge-clone-mac=00:00:00:00:00:00 supported-rates-a/g=\
    6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps supported-rates-b=\
    1Mbps,2Mbps,5.5Mbps,11Mbps tx-power-mode=default update-stats-interval=\
    disabled wds-cost-range=50-150 wds-default-bridge=none wds-default-cost=\
    100 wds-ignore-ssid=no wds-mode=disabled wmm-support=disabled



Here in this example we have created three virtual APS associated with three different 
bridges through three separate WDS. 


add area="" arp=enabled comment="" default-ap-tx-limit=0 \
    default-authentication=yes default-client-tx-limit=0 default-forwarding=\
    yes disable-running-check=no disabled=no hide-ssid=yes mac-address=\
    02:80:48:60:6B:91 master-interface=wlan1 max-station-count=2007 mtu=1500 \
    name=wlan_VAP_10 proprietary-extensions=post-2.9.25 security-profile=\
    default ssid=CISCO_V_10 update-stats-interval=disabled wds-cost-range=0 \
    wds-default-bridge=bridge_VLAN_10 wds-default-cost=0 wds-ignore-ssid=no \
    wds-mode=dynamic wmm-support=disabled
add area="" arp=enabled comment="" default-ap-tx-limit=0 \
    default-authentication=yes default-client-tx-limit=0 default-forwarding=\
    yes disable-running-check=no disabled=no hide-ssid=yes mac-address=\
    02:80:48:60:6B:92 master-interface=wlan1 max-station-count=2007 mtu=1500 \
    name=wlan_VAP_20 proprietary-extensions=post-2.9.25 security-profile=\
    default ssid=CISCO_V_20 update-stats-interval=disabled wds-cost-range=0 \
    wds-default-bridge=bridge_VLAN_20 wds-default-cost=0 wds-ignore-ssid=no \
    wds-mode=dynamic wmm-support=disabled
add area="" arp=enabled comment="" default-ap-tx-limit=0 \
    default-authentication=yes default-client-tx-limit=0 default-forwarding=\
    yes disable-running-check=no disabled=no hide-ssid=yes mac-address=\
    02:80:48:60:6B:93 master-interface=wlan1 max-station-count=2007 mtu=1500 \
    name=wlan_VAP_30 proprietary-extensions=post-2.9.25 security-profile=\
    default ssid=CISCO_V_30 update-stats-interval=disabled wds-cost-range=0 \
    wds-default-bridge=bridge_VLAN_30 wds-default-cost=0 wds-ignore-ssid=no \
    wds-mode=dynamic wmm-support=disabled
VAP General TAB: Assign a meaningful name to the Virtual AP. 



VAP Wireless TAB: Create a meningful SSID. It is advisable to hide SSID. 



VAP WDS TAB: Turn on WDS in Dynamic mode and select the appropriate bridge. 



Limitations

  • The Agregate Throuput of the trunk link will never be more that 22-23 Mbps. I have tested
this on 5.8 GHz 802.11a only. I need to test the same on 802.11n also. I will also test 
NStreme. 
  • Since one can create 128 no. of Virtual APs, total no. of VLANs that this wireless link
would be able to carry is 128 at maximum. In last 10 years I have not encountered a 
situation where a trunk was carrying those many VLANs. 
  • This trunking will only work with 802.1q protocol. It is incompatible with ISL.


Readers' Questions and Answers

1. What about the AP configuration at the other end ? Is this article incomplete? 

Since this is an end-to-end L-2 Set-up, both the APs would have identical configuration. Just get an export of the first AP and apply that on the second AP. Yes, it is that simple. The configuration is not incomplete. It does not have an IP address because this does not require one. Just following the steps described in this article, people were able to commission wireless trunks successfully.

Comments

Post a Comment

Popular posts from this blog

DMASOFTLAB RADIUS MANAGER BILLING SYSTEM v 4.1 Finally Released

How To Configure Nano Station M2 As Access point