We have a previous wireless setup, the we’d like to implement with the MikroTIK
radios.
Currently, each wireless user has their own vlan. The AP is configured as a trunking port on the ethernet and the wireless interface.
How would one configure the mikrotik similarly. How would one configure the station device to send/receive it’s data on a particular vlan?
Thanks!
Joe
Sob, typically I have used the bridge port vlan approach to assigning WLANs as access ports.
One vlan = 1 WLAN = 1 set of users.
I tried reading the linked document and guess what I is confoosed.
Is this saying the following
VLANtag = 1 WLAn = multiple sets of users??
So all users see same WLAN, put in same wifi password code but according to the user IP? mac? they are assigned to a different VLAN and thus separated from each other??
I know, you confuse easily. 
One wlan interface can have many vlans. Simple example:
/interface bridge
add name=lan vlan-filtering=yes
/interface wireless
set [ find default-name=wlan1 ] ... vlan-id=82 vlan-mode=use-tag
/interface bridge port
add bridge=lan interface=wlan1
add bridge=lan interface=ether1
/interface bridge vlan
add bridge=lan tagged=ether1,wlan1 vlan-ids=82
add bridge=lan tagged=ether1,wlan1 vlan-ids=99
add bridge=lan untagged=wlan1,ether1,lan vlan-ids=1
/interface wireless access-list
add interface=wlan1 mac-address=xx:xx:xx:xx:xx:xx vlan-mode=no-tag
add interface=wlan1 mac-address=yy:yy:yy:yy:yy:yy vlan-id=99 vlan-mode=use-tag
Default config for wlan1 is tagged vlan 82. It works like access port, so connected users don’t see vlan tags, but router knows that they belong in given vlan. If you want some client to be in different vlan, you can do it using access-list. In this case, yy:yy:yy:yy:yy:yy is in vlan 99, and if you look at bridge vlan config, xx:xx:xx:xx:xx:xx is in vlan 1, because that’s what’s untagged on wlan1.
So I was close LOL.
Any mac address not specified with a vlan tag gets assigned the default vlan (untag).
Just to confirm all see the same SSID, all use the same password, but using the access list and their mac address users are shunted into the correct vlan.
That is cool but dependent upon static mac addresses and users that dont know how to manipulate them.
I can see where this would be handy with my capac where I have many vlans but run out of WLANs (well I dont want the hassle of running a hockey sock full of virtual wlans - cant remember but there is a practical ceiling maybe 6 virtual wlans?
Lets say I wanted my home lan wifi to use wlan1, I could put guest wifi and smart devices on WLAN2 and by mac address put the smart devices on a specific vlan(tagged) and guests using the untagged base vlan for that WLAN. Vice what I have now which is 2 chains wlan1,wlan2 and one virtual wlan.
I think you get it, except you maybe overlooked the part that client, which doesn’t have anything else defined in access-list, uses default config from wlan interface, in this case tagged 82.
Yes, my thinking was that anyone connecting to that AP, with user name and password NOT identified via mac address with specific vlan tagging would get assigned to the default VLAN>
For an example.
WLAN1 - normal config for home users.
WLAN2- vlantag default covers off guest users where I dont need to worry about mac
WLAN2- vlantag assigned via access list as I know the mac address of my smart devices
Where its not useful is if I have two groups of users where its not practical to know their MAC addresses and then I have to segragate by using a different WLAN (and vlan).