@Buckeye:
Thank you for the reply.
@k6ccc:
Thanks, I will keep that in mind 
@Buckeye
Yeah I agree, and I could reinsert my previous router still: An Asus RT-AX89X, though I have it up for sale. I was annoyed with it being too simple in its features and was recommended (and warned) about Mikrotik 
But I’m not afraid of learning new things even if it is a steep learning curve. As you can infer I’m up and running at least as well as I was with the consumer-grade Asus router using a basic LAN.
The Unifi Switch and the two AP’s are adopted and the unifi controller is running on a Raspberry PI, which also runs PiHole. I haven’t messed around with the RB260. It is just “plain” switching for now.
I did setup the Unifi APs to host a Guest SSID using VLAN 250 using the unifi controller:
and the RB5009 does the dhcp’ing because the unifi switch (or the APs or both) are VLAN aware:
This is my first first-hand meeting with VLANs. I did know about them up front and the basic idea behind them, and got to learn more on these forums. I’m very much into starting small and building and learning from there, but my problem is that I haven’t found out how to “start small”. Maybe adding a VLAN to a single machine on ether6 isn’t the way to go.
My plan was
- single out a port on the RB5009, make it an access port for a PC to the Home VLAN",
- Then add more ports.
- Then make the HomeAdmin VLAN and an access port to use it…
- Then expand onto the trunk ports that connect to the other swithces and begin the setup there.I suspect the Unifi will be quite different to setup, but I haven’t gotten to that yet and haven’t asked anything on the UI forums.
As mentioned in the earlier post, I got stuck at the first step. The PC on ether6 sticks with the old setup when VLAN filtering on the bridge is disabled. When VLAN filtering is enabled, everything on the basic LAN loses internet connection and the PC on ether6 can’t negotiate for a new IP.
This kind of problem tickles my “I have a wrong assumption”-sense. There is something basic that I’m missing. Is it that you cannot have a working LAN setup and gradually switch to a VLAN setup in small steps?
Or is it something I read and overlooked about access ports?
- For example (quoting http://forum.mikrotik.com/t/using-routeros-to-vlan-your-network/126489/1):
Access ports are configured in a way that means ingress (incoming) packets must not have tags and thus will get a tag applied. The egress (outgoing) packets (that are replying back to whatever was plugged in) get tags removed.
. The switch.rsc file attached to the follow-up post makes me believe that achieving what is in the quote, in Mikrotik language, is adding pvid to the bridge ports (as I did with my ether6). However the example #1 here: https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge#Bridge_VLAN_Filtering indicates that you also need to set “tagged” and “untagged” correctly, and perhaps this is where my problem is.
So what do you think / know? Bad / infeasible approach or just newbie-problems of not being able to map concepts to the proper commands / winbox gui clicks?