Hi everyone,
I'm working with a Hap AC2 router linked directly to my modem and have set up a bridge for ports ether2-5, which connects to devices like TP Link Deco Mesh access points, without using VLANs.
I aimed to enable the Guest Network on the TP Link units to allocate a separate SSID for guests, with traffic marked as VLAN 519. However, the router overlooks the VLAN tags, and guest devices end up on my main IP range.
My goals are:
1. Keep changes minimal: I want the regular (untagged) traffic to remain on the existing bridge and IP range yet enable both tagged and untagged traffic on the access point-connected ports.
2. Route VLAN 591 traffic to a new IP range (e.g., 192.168.2.x/24), with its own DHCP and DNS, allowing internet access but preventing access to my main network (192.168.0.0/24) for less trusted devices.
After setting up VLAN 591 on the MikroTik and configuring an IP and DHCP for it, I'm stuck on how to manage both tagged and untagged traffic. I'm questioning whether I need two bridges or a way to keep the traffic separate while maintaining the flow of untagged traffic as is.
The MikroTik's role is to recognize the VLAN tags without altering them, ensuring both networks remain distinct.
Would appreciate any suggestions on tackling this. Thanks in advance!
Could you help me with how I would create a config to separate tagged 519 vlan traffic from non vlan traffic on the same bridge?