Mikrotik Wifi In separated Vlans

RouterOS Wireless Networking
1

Hello guys,

I have an issue with my Mikro-tik Access point
my network is created in this way
it is a firewall that is also a gateway, then I have a managed cisco switch and after it I have connected an access point which turns on from the cisco switch.

What I want to do is that in the Mikrotik access point the two wifi cards come out with two vlans, the vlans are created in the firewall as well and in the cisco switch vlans 33,35 are created as these are the vlans I will use.

currently I have done this configuration in the Mikrotik access point

  1. I created two bridges which I named bridge33, bridge35
  2. I have set id and vlan in wifi cards
  3. I have created vlans and set the wan port as the output interface, ie ether1.
  4. in the dhcp client I have created two clients from bridge 33 and bridge35
    and it gets ip from the firewall as well and the firewall from the logs shows it

My users get internet on their phones and everything is ok, the problem remains because when I connect two or more laptop/pc devices I don’t have internet, but I still have it on my smartphone
so laptop/pc devices do not receive internet, at most only one pc/laptop device can receive internet but not others get ip from vlan and dns but dont let me to go out in the internet .

can you tell me if I did something wrong or if some other configuration should be done.

thank you

2

What access points do you use ? Can you post your configuration here ?

Why are you using two bridges ?

3

which is very awkward. What you should do is the following:

  1. create single bridge with vlan-filtering=yes
  2. add both wifi card interfaces to that bridge but set pvid property of corresponding bridge ports as required
  3. add upstream port (ether1) as tagged port, member of both relevant VLANs
  4. not sure why you need two IP addresses (in both VLANs) on AP … unless there are no other DHCP servers (e.g. running on router)
    For management access, you would ideally use 3rd VLAN where AP would indeed have IP address … and control access rights via firewall you’re using to control traffic between other VLANs.
  5. add wired ports to same bridge, but set them as access ports to the desired VLAN
4

@anav created great tutorial regarding this topic, you should read it, it could be helpful in your case.

https://forum.mikrotik.com/viewtopic.php?t=182276