Greetings all, I have a new requirement that I can't quite square away. We use the Metal devices, normally the 2SHPN for wifi, we use Cisco routers and switches and we use Windows servers as our DHCP servers. What I want to do is have the management IP address of the Metal devices on our regular data vlan so that I have layer 2 access in case things go bad, but I want them to supply DHCP addresses to another vlan from the Windows server. Let's say VLAN 10 for data and vlan 60 for the Wifi DHCP range as an example. I don't even know if it is possible, is anyone doing anything similar to this at the moment? Cheers, Steve
Hi Steve I do this at my work (Manage ~30+MT devices) and use multiple Vlans per device. I even have some Cisco gear in the mix humming along.. I have a separate vlan for management. I also make sure I turn off Mikrotik's layer 2 neighbor discovery on every bridge/vlan that's not being my management vlan, as you can do layer 2 MAC-TELNET/Winbox on your management VLAN, you dont need to give that interface an IP address, especially handy if your end device is doing other IP related activities./Or in some limited way if IP's are required, but you don't want the unit to 'route' you can always turn off routing functionality disable : IP->IP Settings->IP Forward../ If your using Capsman for wifi management you can also get remote units to chat via MAC on the management vlan rather than via an IP address. ( I did a test a few weeks ago with that and it worked ok). In most of the above I cheat and bond vlan's to the ether-interface-ports, then bond the vlan to a bridge, rather than using the on-board switch chip, but rarley do I see issues with cpu load, e.g Fastpath works well, even on low cpu powered devices. On 28/11/2016 6:23 PM, Steve Hille wrote:
Greetings all, I have a new requirement that I can't quite square away. We use the Metal devices, normally the 2SHPN for wifi, we use Cisco routers and switches and we use Windows servers as our DHCP servers. What I want to do is have the management IP address of the Metal devices on our regular data vlan so that I have layer 2 access in case things go bad, but I want them to supply DHCP addresses to another vlan from the Windows server. Let's say VLAN 10 for data and vlan 60 for the Wifi DHCP range as an example. I don't even know if it is possible, is anyone doing anything similar to this at the moment? Cheers, Steve _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
Steve, You may also want to investigate the possibility of using RoMON (http://wiki.mikrotik.com/wiki/Manual:RoMON) to help you manage the device at layer 2 when they are not layer 2 accessible to your PC. Quote: RoMON stands for "Router Management Overlay Network". RoMON works by establishing independent MAC layer peer discovery and data forwarding network. RoMON network operates independently from L2 or L3 forwarding configuration. I haven't used this myself yet as we generally have layer 3 connectivity to our devices, but can definitely see some use cases. Regards, Philip -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Greg McLennan Sent: Monday, 28 November 2016 10:19 PM To: MikroTik Australia Public List <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] Vlans query Hi Steve I do this at my work (Manage ~30+MT devices) and use multiple Vlans per device. I even have some Cisco gear in the mix humming along.. I have a separate vlan for management. I also make sure I turn off Mikrotik's layer 2 neighbor discovery on every bridge/vlan that's not being my management vlan, as you can do layer 2 MAC-TELNET/Winbox on your management VLAN, you dont need to give that interface an IP address, especially handy if your end device is doing other IP related activities./Or in some limited way if IP's are required, but you don't want the unit to 'route' you can always turn off routing functionality disable : IP->IP Settings->IP Forward../ If your using Capsman for wifi management you can also get remote units to chat via MAC on the management vlan rather than via an IP address. ( I did a test a few weeks ago with that and it worked ok). In most of the above I cheat and bond vlan's to the ether-interface-ports, then bond the vlan to a bridge, rather than using the on-board switch chip, but rarley do I see issues with cpu load, e.g Fastpath works well, even on low cpu powered devices. On 28/11/2016 6:23 PM, Steve Hille wrote:
Greetings all, I have a new requirement that I can't quite square away. We use the Metal devices, normally the 2SHPN for wifi, we use Cisco routers and switches and we use Windows servers as our DHCP servers. What I want to do is have the management IP address of the Metal devices on our regular data vlan so that I have layer 2 access in case things go bad, but I want them to supply DHCP addresses to another vlan from the Windows server. Let's say VLAN 10 for data and vlan 60 for the Wifi DHCP range as an example. I don't even know if it is possible, is anyone doing anything similar to this at the moment? Cheers, Steve _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com. au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
participants (3)
-
Greg McLennan
-
Philip Loenneker
-
Steve Hille