So I have a RB4011(w/ wifi) and a hAP ac3 as another ap in capsman. The hap ac3 is run poe off port 10 of 4011 and is provisioned only for vlan 20. That all seems to work fine. I have set up a bridge for the capsman and two vlans 10 and 20. Ip’s, DNS, DHCP, ect… setup accordingly. Can access internet from all three. I want all the wired ports and Vlan 10 to be able to communicate, and I want management access from Vlan 10. I can access the webfig interface from Vlan 10 but when I go to log in it times out. I want Vlan 20 to only have access to the internet. I have the basic firewall and a few added rules that should be drop access from Vlan 20 but I still seem to be able to ping the bridge and Vlan 10 from Vlan 20. If someone could take a look at my config and give me some pointers as to what I’m missing I would appreciate it!
MTBConfg.rsc (62.6 KB)