I’m a bit unsure here. What is the correct way of setting up virtual SSID’s that related to some VLANs? I’m using two wAPs at home and would like to create a guest SSI and maybe some IoT SSID as well, that ends up on separate VLANs.
When you create virtual AP for new SSID, you get new interface. You can either use it as untagged bridge port, same as any other interface. Or it can be combined with wireless VLAN settings (vlan-mode=use-tag vlan-id=X), where traffic would be configured as tagged on that port. The latter is mainly useful if you’d want common SSID for multiple VLANs, where clients can be assigned to different VLANs using access list.
Ignore the complications added by SOb,
You are on the right track.
Vwlan are created on the wireless settings.
The difference mainly is that you have to choose the MASTER wireless interface be it WLAN1 or WLAN2.
The only difference in settings between the MASTER and the virtual is the SSID and security setting associated with SSID.
Then on the interface bridge ports treat them exactly like you do WLANs, pvid=??? the vlan you want that virtual WLAN to be using.
Same for interface bridge vlans as for the wlans.
This is basically the concept for the main wifi router.
If you have other Mikrotik devices that are wifi capable and they are connected to a main MT router via cable then they will not be needed as routers but will be acting as an AP/Switch.
If so then this article covers that… https://forum.mikrotik.com/viewtopic.php?t=182276
These two options are (more or less) equal. If there are other ports on vlan-enabled bridge then I suggest to go with second way of doing it, reason being to keep all VLAN-related config in single place (under /interface bridge).
The first one comes handy if one doesn’t use vlan-enabled bridge for any reason (e.g because device runs switch chip that can be configured for VLAN functions but ROS doesn’t support HW offload, example are CRS1xx/2xx or devices with Qualcomm switch chips. Or because one doesn’t configure VLANs elsewhere on device at all, which works for pretty simple multi-SSID APs connected to VLAN-enabled LAN … not that I endorse such deployment in any way).
Keep it simple,
the wireless settings for wireless parameters, not vlans
the bridge does not provide DHCP services etc, just bridging and thus vlans (other than the default vlan1) carry all data traffic.
Why, for three reasons.
a. because sob doesnt like it when I push my own config preferences
b. because mkx doesnt like it when I push my own config preferences
c. I am partial to my config preference because I know squat about networking and yet I have success.
Seriously there are two ways to do vlans,
The method I use is the easiest IMHO and it works in all cases.
It may not be the most efficient if one has a specific chip architecture but it will still work just fine for any home application.
There is another method, but will leave that to others to flog… but it will take optimal advantage of chip architecture if so equipped.