Mgmt. VLAN Help

I’m currently setting up a wireless network and need 2 seperate VLANs to route to 2 different gateways. I believe I have the VLANs set coorectly but am having problems with the managment vlan to administrate the network devices. Below is my setup.

I have an AP with 2 virtual APs applied to the WLAN. There are 2 seperate VLANs (10 and 20) applied to the ethernet interface of the AP. I then created 2 bridges and applied the VAP and the corresponding VLAN to each bridge.

I then have a 750UP POE set up. The AP is plugged into port 5 of the 750UP POE. I created the 2 VLAN interfaces and applied them to port 5 on the 750 UP POE switch. After, I created 2 separate bridges and applied the VLAN and the outgoing port to each GW. For example vlan10 and ether 1 bridged together and vlan20 and ether 2 bridged together. Everything works great but I’m unable to remote into any equipment.

Can someone push me in the right direction to setting up a mgmt. vlan so I can access the AP and switch remotely?

Much appreciated!

Post your exports.

It isn’t clear where you are trying to connect from.

You could simply add another VLAN to the AP and the 750, make sure that they both have IPs on a new subnet for your new management VLAN, and bridge that management VLAN to a management port (unused Ether) on the 750.

Thanks for the responses. I’m trying to access the equipment remotely off site via NAT.

Below is my configs for the AP and POE.

750
/interface bridge
add admin-mac=D4:CA:6D:D1:A0:59 ageing-time=5m arp=enabled auto-mac=no
disabled=no forward-delay=15s l2mtu=1594 max-message-age=20s mtu=1500
name=VLAN10 priority=0x8000 protocol-mode=none transmit-hold-count=6
add admin-mac=D4:CA:6D:D1:A0:5D ageing-time=5m arp=enabled auto-mac=no
disabled=no forward-delay=15s l2mtu=1594 max-message-age=20s mtu=1500
name=VLAN20 priority=0x8000 protocol-mode=none transmit-hold-count=6
/interface bridge port
add bridge=VLAN10 disabled=no edge=auto external-fdb=auto horizon=none
interface=vlan10 path-cost=10 point-to-point=auto priority=0x80
add bridge=VLAN10 disabled=no edge=auto external-fdb=auto horizon=none
interface=ether1-gateway path-cost=10 point-to-point=auto priority=0x80
add bridge=VLAN20 disabled=no edge=auto external-fdb=auto horizon=none
interface=vlan20 path-cost=10 point-to-point=auto priority=0x80
add bridge=VLAN20 disabled=no edge=auto external-fdb=auto horizon=none
interface=ether2 path-cost=10 point-to-point=auto priority=0x80
/interface ethernet
set 0 arp=enabled auto-negotiation=yes disabled=no full-duplex=yes l2mtu=1600
mac-address=D4:CA:6D:D1:A0:59 mtu=1500 name=ether1-gateway speed=100Mbps
set 1 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited
disabled=no full-duplex=yes l2mtu=1598 mac-address=D4:CA:6D:D1:A0:5A
master-port=none mtu=1500 name=ether2 poe-out=auto-on poe-priority=10
speed=100Mbps
set 2 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited
disabled=no full-duplex=yes l2mtu=1598 mac-address=D4:CA:6D:D1:A0:5B
master-port=none mtu=1500 name=ether3 poe-out=auto-on poe-priority=10
speed=100Mbps
set 3 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited
disabled=no full-duplex=yes l2mtu=1598 mac-address=D4:CA:6D:D1:A0:5C
master-port=none mtu=1500 name=ether4 poe-out=auto-on poe-priority=10
speed=100Mbps
set 4 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited
disabled=no full-duplex=yes l2mtu=1598 mac-address=D4:CA:6D:D1:A0:5D
master-port=none mtu=1500 name=ether5 poe-out=auto-on poe-priority=10
speed=100Mbps
/interface vlan
add arp=enabled disabled=no interface=ether5 l2mtu=1594 mtu=1500 name=vlan10
use-service-tag=no vlan-id=10
add arp=enabled disabled=no interface=ether5 l2mtu=1594 mtu=1500 name=vlan20
use-service-tag=no vlan-id=20
/ip address
add address=192.168.10.10/24 disabled=no interface=ether2 network=
192.168.10.0

912:
/ip address
add address=192.168.10.11/24 disabled=no interface=ether1 network=
192.168.10.0
/interface bridge
add admin-mac=00:0C:42:BA:E7:F4 ageing-time=5m arp=enabled auto-mac=no
disabled=no forward-delay=15s l2mtu=1596 max-message-age=20s mtu=1500
name=VLAN10-HOTAIR priority=0x8000 protocol-mode=none
transmit-hold-count=6
add admin-mac=00:0C:42:BA:E7:F4 ageing-time=5m arp=enabled auto-mac=no
disabled=no forward-delay=15s l2mtu=1596 max-message-age=20s mtu=1500
name=VLAN20-CORP priority=0x8000 protocol-mode=none transmit-hold-count=6
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes
disabled=no forward-delay=15s l2mtu=65535 max-message-age=20s mtu=1500
name=bridge1 priority=0x8000 protocol-mode=none transmit-hold-count=6
/interface bridge port
add bridge=VLAN20-CORP disabled=no edge=auto external-fdb=auto horizon=none
interface=CORP-VLAN20 path-cost=10 point-to-point=auto priority=0x80
add bridge=VLAN10-HOTAIR disabled=no edge=auto external-fdb=auto horizon=none
interface=HOTAIR-VLAN10 path-cost=10 point-to-point=auto priority=0x80
add bridge=VLAN10-HOTAIR disabled=no edge=auto external-fdb=auto horizon=none
interface=vlan10 path-cost=10 point-to-point=auto priority=0x80
add bridge=VLAN20-CORP disabled=no edge=auto external-fdb=auto horizon=none
interface=vlan20 path-cost=10 point-to-point=auto priority=0x80
/interface ethernet
set 0 arp=enabled auto-negotiation=yes disabled=no full-duplex=yes l2mtu=1600
mac-address=00:0C:42:BA:E7:F4 mtu=1500 name=ether1 speed=100Mbps
/interface vlan
add arp=enabled disabled=no interface=ether1 l2mtu=1596 mtu=1500 name=vlan10
use-service-tag=no vlan-id=10
add arp=enabled disabled=no interface=ether1 l2mtu=1596 mtu=1500 name=vlan20
use-service-tag=no vlan-id=20
/interface wireless
set 0 adaptive-noise-immunity=none allow-sharedkey=no antenna-gain=0 area=“”
arp=enabled band=2ghz-b/g/n basic-rates-a/g=6Mbps basic-rates-b=1Mbps
bridge-mode=enabled channel-width=20mhz compression=no country=
“united states” default-ap-tx-limit=0 default-authentication=yes
default-client-tx-limit=0 default-forwarding=no dfs-mode=none
disable-running-check=no disabled=no disconnect-timeout=3s distance=
indoors frame-lifetime=0 frequency=2412 frequency-mode=manual-txpower
frequency-offset=0 hide-ssid=yes ht-ampdu-priorities=0 ht-amsdu-limit=
8192 ht-amsdu-threshold=8192 ht-basic-mcs=
mcs-0,mcs-1,mcs-2,mcs-3,mcs-4,mcs-5,mcs-6,mcs-7 ht-guard-interval=any
ht-rxchains=0 ht-supported-mcs=“mcs-0,mcs-1,mcs-2,mcs-3,mcs-4,mcs-5,mcs-6,
mcs-7,mcs-8,mcs-9,mcs-10,mcs-11,mcs-12,mcs-13,mcs-14,mcs-15,mcs-16,mcs-17,
mcs-18,mcs-19,mcs-20,mcs-21,mcs-22,mcs-23” ht-txchains=0
hw-fragmentation-threshold=disabled hw-protection-mode=none
hw-protection-threshold=0 hw-retries=7 l2mtu=2290 mac-address=
00:0C:42:BA:E7:F5 max-station-count=2007 mode=ap-bridge mtu=1500
multicast-helper=default name=wlan1 noise-floor-threshold=default
nv2-cell-radius=30 nv2-noise-floor-offset=default nv2-preshared-key=“”
nv2-qos=default nv2-queue-count=2 nv2-security=disabled
on-fail-retry-time=100ms periodic-calibration=default
periodic-calibration-interval=60 preamble-mode=both
proprietary-extensions=post-2.9.25 radio-name=000C42BAE7F5
rate-selection=advanced rate-set=default scan-list=default
security-profile=default ssid=MikroTik station-bridge-clone-mac=
00:00:00:00:00:00 supported-rates-a/g=
6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps supported-rates-b=
1Mbps,2Mbps,5.5Mbps,11Mbps tdma-period-size=2 tx-power=19 tx-power-mode=
all-rates-fixed update-stats-interval=disabled wds-cost-range=50-150
wds-default-bridge=none wds-default-cost=100 wds-ignore-ssid=no wds-mode=
disabled wireless-protocol=802.11 wmm-support=disabled
add area=“” arp=enabled bridge-mode=enabled default-ap-tx-limit=0
default-authentication=yes default-client-tx-limit=0 default-forwarding=
no disable-running-check=no disabled=no hide-ssid=no l2mtu=2290
mac-address=02:0C:42:BA:E7:F5 master-interface=wlan1 max-station-count=
2007 mtu=1500 multicast-helper=default name=HOTAIR-VLAN10
proprietary-extensions=post-2.9.25 security-profile=default ssid=
HOTAIR-VLAN1 update-stats-interval=disabled wds-cost-range=0
wds-default-bridge=none wds-default-cost=0 wds-ignore-ssid=no wds-mode=
disabled wmm-support=disabled
add area=“” arp=enabled bridge-mode=enabled default-ap-tx-limit=0
default-authentication=yes default-client-tx-limit=0 default-forwarding=
yes disable-running-check=no disabled=no hide-ssid=no l2mtu=2290
mac-address=02:0C:42:BA:E7:F6 master-interface=wlan1 max-station-count=
2007 mtu=1500 multicast-helper=default name=CORP-VLAN20
proprietary-extensions=post-2.9.25 security-profile=default ssid=
Corp-VLAN2 update-stats-interval=disabled wds-cost-range=0
wds-default-bridge=none wds-default-cost=0 wds-ignore-ssid=no wds-mode=
disabled wmm-support=disabled

I threw together a basic Image.

I’m coming in through gateway B from a remote location on a public IP address. Looking at hw to access AP?

Again the VLANs on the AP are both set to the ethernet interface. 2 VAPs were created along with 2 bridges. The VAP and their VLAN have been bridged.

The AP connects to port 5 on the POE switch. I created VLANs 20 and 30 on port 5 and binded them with their GW interfaces (ether2 and 3) on seperate bridges.

Everything works great but I’m stuck on getting to the AP? My configs are above. Any help would be greatly appreciated!