Update from this topic, i've received my mikrotik. Before this, i tried to do intervlan routing in here and it is working.
http://forum.mikrotik.com/viewtopic.php?f=2&t=61219
So, i'm moving forward to next step. Refer the diagram.
The only way i tried to get wireless users connected to the Internet is by using this config (Altai C1).
IP address configuration for AP
AP configuration
First SSID (VLAN1 - Altai Wireless Network)
Second SSID (VLAN2 - WiFi)
But, there is something wrong because when i tried to connect to SSID
Altai Wireless Network (VLAN1), i get
VLAN2 ip and
i succesfully can surf the internet. I also can not ping the AP ip address (192.168.0.11) from user A (192.168.0.
When i tried to connect to SSID
WiFi, i cant even get IP from my mikrotik and can not surf the internet.
If i enable native vlan tagging, i can't even get the both SSIDs working.
This is my config. I just tried and error. I dont know whether my config is right or not.
[admin@MikroTik] > /interface print detail
Flags: D - dynamic, X - disabled, R - running, S - slave
0 name="ether1-gateway" type="ether" mtu=1500 l2mtu=1600
1 R name="ether2-master-local" type="ether" mtu=1500 l2mtu=1598
max-l2mtu=2030
2 R name="ether3-slave-local" type="ether" mtu=1500 l2mtu=1598
max-l2mtu=2030
3 R name="ether4-slave-local" type="ether" mtu=1500 l2mtu=1598
max-l2mtu=2030
4 name="ether5-slave-local" type="ether" mtu=1500 l2mtu=1598
max-l2mtu=2030
5 R name="vlan1" type="vlan" mtu=1500 l2mtu=1594
6 R name="vlan2" type="vlan" mtu=1500 l2mtu=1594
7 R name="br-vlan1" type="bridge" mtu=1500 l2mtu=1594
8 R name="br-vlan2" type="bridge" mtu=1500 l2mtu=1594
9 R name="vlan1-e4" type="vlan" mtu=1500 l2mtu=1594
10 name="vlan1-e5" type="vlan" mtu=1500 l2mtu=1594
[admin@MikroTik] > /ip address print detail
Flags: X - disabled, I - invalid, D - dynamic
0 address=192.168.0.1/24 network=192.168.0.0 interface=br-vlan1
actual-interface=br-vlan1
1 address=10.0.0.1/24 network=10.0.0.0 interface=br-vlan2
actual-interface=br-vlan2
[admin@MikroTik] > /ip route print detail
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
0 A S dst-address=0.0.0.0/0 gateway=192.168.0.254
gateway-status=192.168.0.254 reachable br-vlan1 distance=1 scope=30
target-scope=10
1 ADC dst-address=10.0.0.0/24 pref-src=10.0.0.1 gateway=br-vlan2
gateway-status=br-vlan2 reachable distance=0 scope=10
2 ADC dst-address=192.168.0.0/24 pref-src=192.168.0.1 gateway=br-vlan1
gateway-status=br-vlan1 reachable distance=0 scope=10
[admin@MikroTik] > /interface print detail
Flags: D - dynamic, X - disabled, R - running, S - slave
0 name="ether1-gateway" type="ether" mtu=1500 l2mtu=1600
1 R name="ether2-master-local" type="ether" mtu=1500 l2mtu=1598
max-l2mtu=2030
2 R name="ether3-slave-local" type="ether" mtu=1500 l2mtu=1598
max-l2mtu=2030
3 R name="ether4-slave-local" type="ether" mtu=1500 l2mtu=1598
max-l2mtu=2030
4 name="ether5-slave-local" type="ether" mtu=1500 l2mtu=1598
max-l2mtu=2030
5 R name="vlan1" type="vlan" mtu=1500 l2mtu=1594
6 R name="vlan2" type="vlan" mtu=1500 l2mtu=1594
7 R name="br-vlan1" type="bridge" mtu=1500 l2mtu=1594
8 R name="br-vlan2" type="bridge" mtu=1500 l2mtu=1594
9 R name="vlan1-e4" type="vlan" mtu=1500 l2mtu=1594
10 name="vlan1-e5" type="vlan" mtu=1500 l2mtu=1594
[admin@MikroTik] > /interface vlan print
Flags: X - disabled, R - running, S - slave
# NAME MTU ARP VLAN-ID INTERFACE
0 R vlan1 1500 enabled 1 ether2-master-local
1 R vlan2 1500 enabled 2 ether4-slave-local
2 R vlan1-e4 1500 enabled 1 ether4-slave-local
3 vlan1-e5 1500 enabled 1 ether5-slave-local
[admin@MikroTik] > /ip firewall export
# jan/02/1970 16:28:05 by RouterOS 5.6
# software id = 1SD1-VBKI
#
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
tcp-close-wait-timeout=10s tcp-established-timeout=1d \
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=accept chain=input comment="default configuration" disabled=no \
protocol=icmp
add action=accept chain=input comment="default configuration" \
connection-state=established disabled=no
add action=accept chain=input comment="default configuration" \
connection-state=related disabled=no
add action=drop chain=input comment="default configuration" disabled=yes \
in-interface=ether1-gateway
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" disabled=\
no out-interface=ether1-gateway
add action=masquerade chain=srcnat disabled=no src-address=10.0.0.0/24
add action=masquerade chain=srcnat disabled=no src-address=192.168.0.0/24
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061 sip-direct-media=yes
set pptp disabled=no
[admin@MikroTik] > /ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; default configuration
chain=srcnat action=masquerade out-interface=ether1-gateway
1 chain=srcnat action=masquerade src-address=10.0.0.0/24
2 chain=srcnat action=masquerade src-address=192.168.0.0/24