I have an RB750Gr3 router and a hAP ac I’m running as a bridge acting as an AP and providing additional Ethernet ports. I have two VLANs exposed through the AP. The hAP ac is configured with all interfaces (Ethernet and wireless) on a single bridge. The only configurations related to VLANs on the hAP ac are in the wireless interfaces (vlan-mode=use-tag & vlan-id=XXXX).
Everything is working well. I would like to bind one Ethernet port on the hAP ac to a specific VLAN.
Option 2 - [remove vlan-mode=use-tag and bridge wlan]
/interface wireless
set 1 vlan-mode=no-tag (this is wlan1)
/interface vlan
add interface=bridge name=private-vlan-trunk vlan-id=100
/interface bridge
add name=private-vlan-bridge
/interface bridge port
set bridge=private-vlan-bridge 1 (this is wlan1)
add bridge=private-vlan-bridge interface=ether2
add bridge=private-vlan-bridge interface=private-vlan-trunk
As soon as I add the “private-vlan-trunk” to “private-vlan-bridge” the vlan-100 activity on the AP no longer functions. I also can no longer get a route to the hAP ac (192.168.2.2) from any device on vlan-100 on the RB750Gr3.
It comes down to how you want to handle VLANs on your devices. Zero and I swapped some ideas a few threads ago. It comes down to how you understand VLANs on MikroTik best.
So, you have a native VLAN (untagged) and VLANs 100 and 200. I’d do it like this:
You can then place the virtual APs for each SSID on br100 and br200 respectively. As far as ports that communicate untagged with a client you just add them to the bridge as a bridge port. Say you wanted to add ether4 on the hAP AC to VLAN200 as untagged (access). You’d just execute:
/interface bridge port add bridge=br200 interface=ether4
There are at least 2 good ways to handle VLANs in ROS. This is the method I’ve come to prefer as I use VLANs in ROS.
I took a break on this issue for a bit. I’m ready to give it another try…
I implemented the configuration idelmind suggested but it is not functioning. I started from a base config:
ether1-5 bridged
ether2-master is the trunk port connected to a router supplying untagged traffic and tagged traffic for one vlan (vland id 100)
I created a bridge for vlan100. I removed ports 3 & 4 from the original bridge and add them to the vlan100 bridge. I add a vlan interface for vlan100 on ether2-master and add it to the vlan100 bridge. When I connect a client to ports 3 or 4, they do not function.
Are there techniques I can use to troubleshoot where this is falling? I attempted to use the packet sniffer, but didn’t see any traffic on ether3, ether4 or the vlan100 bridge.
To clarify this configuration is not on the hex it is on the hAP ac. The hex is the upstream router supplying tagged and untagged traffic to the trunk on the hAP ac (ether2-master).
None of the hAP ac ethernet ports were configured with a master. Sorry for the confusion, ether2 is just named ether2-master. Any other ideas? I was hoping there was some way to troubleshoot where the error/misconfiguration occurs.
Checking if anyone has an idea where things could be breaking down. Given my config seems to match applicable HOWTOs and idelmind’s direction, I’m considering doing ROS upgrade to see if it resolves the issue. I would appreciate guidance on any tools to troubleshoot where this is failing.