Hi. I just got into VLANs because we got fiber to the home and with it IPTV. I have a Mikrotik CRS317 in SwitchOS and a Pfsense PC. Here is my network:
Now the tech for my ISP is completely brain dead and persists I need to use their modem for the IPTV to work and keeps saying I need Trunking… So I figure that I need to setup VLANs, but the Mikrotik VLAN configuration don’t work like it’s shown on their wiki.
-
Pfsense:
WAN is PPPoE and I get my public IP into Pfsense because my modem is in Bridge mode. On some forum I found out my ISP is using VLAN ID 3999 for IPTV.
Then I watched Lawrence’s YT Video on how to make VLANs. Basically made a VLAN with ID 3999, assigned it to LAN, enabled the interface and made it static IP, made rules allow all and enabled DHCP for that VLAN.
-
Mikrotik SwOS:
VLAN Mode and VLAN Receive is on default if I change them to tagged or untagged I get a combination of getting an IP but no internet or no IP at all. Just now I managed to lock myself out of the default VLAN 1 while VLAN 3999 worked…
Link tab:
VLAN tab:
VLANs tab:
As it is now, smartphones and RPi3 have internet and the IPs are from VLAN 3999. pfsense even sees the IPTV box and adds it’s IP but the box itself shows no local IP and no multicast IP on the screen, I can even ping it. Only strange thing is my ESP-01 stopped working, ESPHome server shows it’s offline.
I don’t know anymore I tried everything my head is literally spinning atm.
EDIT: In Pfsense IGMP proxy is enabled, WAN is on Upstream, IPTV3999 is on Downstream
EDIT2: a random blog post on how to configure a Mikrotik RouterBoard in RouterOS for my ISP. For additional info if it helps.
https://netlab.si/howto-telekom-slovenije-vlans-with-hardware-offloading/
You will need to connect the modem into the Mikrotik CRS317 then access the WAN via a VLAN through the pfsense router.
From your post the WAN is untagged from your modem so you will need to set the modem-switch port to native tagged VLAN 200.
Set the switch-pfsense port to trunk.
Set your WAN interface assignment as VLAN 200 in pfsense.
It is not clear if the IPTV VLAN 3999 has CGNAT and DHCP served on the other end.
The NEO IPTV box will need to be connected to the Mikrotik CRS317. An unmanaged switch will not work. Or you can replace the unmanaged switch with a managed one and set the switch-switch port as a trunk on both ends.
If your ISP is serving DHCP on VLAN 3999 then you will need to set the switch-NEOIPTV port as VLAN 3999.
Thank you for replying. I understand the logic. Man I was so deep in these VLANs I didn’t even consider something like this.
What about the modem do I leave it in Bridge mode and passthrough PPPoE or I guess I need to switch it back to normal right?
I literally don’t know anything about the IPTV VLAN configs on their end, they indirectly said we wont help you because it’s not our hardware…
If anybody can get some additional info out of this here is a blog post how to configure a Mikrotik routerboard with RouterOS for exactly my ISP. I would really like for my Pfsense to work instead and have my Mt Switch in SwOS but just so if it help anybody.
https://netlab.si/howto-telekom-slovenije-vlans-with-hardware-offloading/
It’s gonna take me a while to set everything up because I am also working from home.
Is this your setup? Priklop FTTH-modema in NEO Smartboxa - YouTube
You would need to ask the ISP if the IPTV VLAN is accessible with the modem in bridged mode.
If it is then you can leave it as it is. The pfsense WAN interface assignment would be VLAN 200 but the WAN connection would be the same PPPoE.
I would recommend testing that you can set the modem back to a router with DHCP and NAT before changing your WAN settings just in case something goes wrong and you loose internet access.
No no this is just a random blog I found I thought it might help. Ok will try all of this tomorrow. Thank you very much for your help for now.
