This works fine so far. Now I need to add a specific device connecting through the wlan2_iot interface to another VLAN (with pvid 35) in addition to VLAN 34. I want to do it based on its MAC address.
Is it possible and how can I achieve this ?
Q-in-Q seems to be applied to the whole interface, which I do not want to do. I also thought about using /interface ethernet switch rule but it mentions “vlan-id” and “new-vlan-id” (does it “replace” the vlan?)
Thank you for your answer. I read this page and saw that it is written that it is “potentially overriding it’s default connection parameters with ones specified in access list rule.”
My understandingis that it “replaces” VLAN id while I want to “add” a VLAN id to the existing one. Is my understanding wrong ?
P.S. I cannot test as I don’t have access to the wireless router right now.
My understandingis that it “replaces” VLAN id while I want to “add” a VLAN id to the existing one. Is my understanding wrong ?
Do you want VLAN-in-VLAN (Q-in-Q) or just to have that MAC addfess communicate in the proper VLAN?
The access rule specifies (“replaces the default rule”) which VLAN to put as tag on the packet.
Your use of “iot” in the SSID makes me think you’re doing this VLANning for security reasons. MAC based filtering is as effective at selecting which devices are allowed on a given network as “My Name Is…” stickers are for selecting who gets into a secure building.
With a second IoT SSID, you have the WPA encryption to decide who gets onto the VLAN 34,35 pair, making it as secure as your PSK.
In fact this (poor idea, I admit it willingly) was just meant to ease testing of a read only service available exclusively from vlan35. Once tested it will just be removed.
This is what I’ll end up doing, just didn’t think about it. Thank you.
This is what I’ll end up doing, just didn’t think about it. Thank you.
Do let me know if it works. I don’t have any MT WiFi gear. I stated my response as a question because I’m fully open to the answer, “Because it doesn’t work that way.” If the idea’s unworkable, I’d like to learn why.
just meant to ease testing of a read only service available exclusively from vlan35
If you only want the last , access one specific VLAN, , then the “access list rule” VLAN id is easy and will work. There is no need for a second SSID.
You can have any combination, like even one VLAN id per MAC address if you want.
What was the problem with the “replace” word? Every MAC not in the access list will use the default setting of the WLAN interface.
If the idea’s unworkable, I’d like to learn why.