Existing LAN expansion ang guest WiFi

RouterOS Beginner Basics
1

Hello!

I have simple LAN network at my work: 24 port HP gigabit switch and dedicated server running FreeBSD, acting as internet gate, firewall/NAT with some port forwarding and DHCP server for local PCs. There is one 10.0.0.0 network, gate sits on 10.0.0.251.

There is a new office room where I have to: connect several PC with ethernet and several notebooks with WiFi to existing 10.0.0.0 network and give them internet access through the gate, set up guest WiFi internet AP without any access to our 10.0.0.0 LAN. I have crs109-8g-1s-2hnd-in on hands.

Progress so far:
I was able to give access to internal network and internet to our PCs and notebooks by leaving on Mikrotik WLAN (ether1) port unconnected and connecting main switch and second port (ether2). I’ve left ether1 unconfigured in automatic mode and set up local networks as 10.0.0.229 for Mikrotik, created DHCP pool on Mikrotik with address range 10.0.0.80-10.0.0.100 (so it won’t intersect with address range on 10.0.0.251 gate) ang gate set to 10.0.0.251. WiFi access is a generic AP with SSID and WPA2 password autentification. Everything somehow works - there is access to local resources and internet from PCs and notebooks. I’ve also created a guest WiFi network following one of the generic tutorinals - you know, with virtual AP, dedicated 192.168.3.0 network and DHCP server. And it works to a degree, too. At least I can connect to it.

Problems:

  1. There is no connection from guest WiFi to internet. Tutorials are written to give guest WiFi internet connection through WLAN port assuming there is an uplink to internet provider. Not my case - I have internal gate at 10.0.0.251 and I have no idea how to pass internet requests from 192.168.3.0 to 10.0.0.251 but isolate the rest of 10.0.0.0 network from guests.
  2. I went the shortest route trying to adapt default Mikrotik preset but it looks wrong. For example I don’t need that WLAN port at all and there should be some way to configure Mikrotik as simple extension for existing LAN but I have no idea how to. Maybe it’s better to build it in a proper way from the ground?

Any help is appreciated!