Hi!
I’m having problems creating a scenario like this image:
I was struggling me with one bridge for each VLAN (wrong), assigning the IP address to the bridges instead to the VLAN interfaces, …
But now I think I’m doing it correctly but it doesn’ works. The only doubt I have it’s If I need to set something related to the VLANs on de Switch menu or that’s only required for Mikrotik switches. In my case I’m using one cAP ac
/ip address
add address=192.168.1.13/24 interface=bridge-lan network=192.168.1.0
add address=192.168.2.13/24 interface=vlan2_customers network=192.168.2.0
add address=192.168.3.13/24 interface=vlan3_workers network=192.168.3.0
/interface vlan
add interface=bridge-lan name=vlan1_lan vlan-id=1
add interface=bridge-lan name=vlan2_customers vlan-id=2
add interface=bridge-lan name=vlan3_workers vlan-id=3
/interface bridge port
add bridge=bridge-lan interface=ether1
add bridge=bridge-lan interface=ether2
add bridge=bridge-lan interface=wlan1_2G
add bridge=bridge-lan interface=wlan2_5G
add bridge=bridge-lan interface=wlan1_2G_customers
add bridge=bridge-lan interface=wlan2_5G_customers
add bridge=bridge-lan interface=wlan1_2G_workers
add bridge=bridge-lan interface=wlan2_5G_workers
/interface bridge vlan
add bridge=bridge-lan tagged=ether1 vlan-ids=3
add bridge=bridge-lan tagged=ether1 vlan-ids=2
/interface ethernet switch vlan
add disabled=yes independent-learning=no ports=ether1 switch=switch1 vlan-id=1
add independent-learning=yes ports=ether1 switch=switch1 vlan-id=2
add independent-learning=yes ports=ether1 switch=switch1 vlan-id=3
/interface wireless
# I removed mac addresses and security profile
set [ find default-name=wlan1 ] ... mode=ap-bridge name=wlan1_2G ssid=Company
add default-forwarding=no disabled=no keepalive-frames=disabled ... master-interface=wlan1_2G \
multicast-buffering=disabled name=wlan1_2G_customers ... ssid=Customers vlan-id=2 \
vlan-mode=use-tag wds-cost-range=0 wds-default-cost=0 wps-mode=disabled
add default-forwarding=no disabled=no keepalive-frames=disabled ... master-interface=wlan1_2G \
multicast-buffering=disabled name=wlan1_2G_workers ... ssid=Workers \
vlan-id=3 vlan-mode=use-tag wds-cost-range=0 wds-default-cost=0 wps-mode=disabled
set [ find default-name=wlan2 ] ... mode=ap-bridge name=wlan2_5G ssid=Company_5G
add default-forwarding=no disabled=no keepalive-frames=disabled ... master-interface=wlan2_5G \
multicast-buffering=disabled name=wlan2_5G_customers ... ssid=Customers_5G vlan-id=2 \
vlan-mode=use-tag wds-cost-range=0 wds-default-cost=0 wps-mode=disabled
add default-forwarding=no disabled=no keepalive-frames=disabled ... master-interface=wlan2_5G \
multicast-buffering=disabled name=wlan2_5G_workers ... ssid=Workers_5G \
vlan-id=3 vlan-mode=use-tag wds-cost-range=0 wds-default-cost=0 wps-mode=disabled
/ip route
add check-gateway=ping distance=1 gateway=192.168.1.1
/interface ethernet switch port
set 0 default-vlan-id=1
/interface ethernet switch vlan
add disabled=yes independent-learning=no ports=ether1 switch=switch1 vlan-id=1
add independent-learning=no ports=ether1 switch=switch1 vlan-id=2
add independent-learning=no ports=ether1 switch=switch1 vlan-id=3
The Mikrotik don’t has any firewall filter or NAT.
On the pfSense I have:
- VLANs created on “Interfaces / VLANs” with the same Tag ID as the Mikrotik AP
- VLAN interfaces created and enabled on “Interfaces / Interface Assignments”
- DHCP correctly created and assigned to each VLAN.