I have a situation where I need my wireless clients (non-VLAN tagged) to be able to access our local VLAN. At the same time I need to run a HotSpot (and DHCP) on the wireless AP so that my wireless clients are being authenticated. I don’t want my wired clients to have to log into the HotSpot.
I have a RouterBOARD 433AH with a R52H and running RouterOS 3.13. ether1 is plugged into a trunk port on my Cisco switch.
I have tried bridging my wireless AP card and my internal VLAN and was able to get traffic to flow between the two. The problem was that when I ran a HotSpot on the bridge, it required my wired users to have to log into the HotSpot.
Do your hotspot users need access to the VLAN? I’d bridge the wlan1 interface with the vlan like you’ve already done and then make a virtual AP for the hotspot.
From what I can tell, the physical wireless card (wlan1) and the virtual AP (coming off of the wlan1) shows up as their own interfaces. The only relevant thing the virtual AP and the physical card (wlan1) have in common is that they have to use the same frequency. Therefore, bridging the physical card (wlan1) with the VLAN interface wouldn’t have any affect on the virtual AP interface. Am I right in this or do I not understand virtual APs correctly?
I would setup different subnets on each interface, one network for wireless clients, one for hotspot user, and another for each vlan, and then use mikrotik to route them, you would be able to sepparate the brodcast domains and filter traffic more efficiently