I have an SXT LTE router. I’ve been using an Apple Time Capsule as my router but I want to switch it to just a wireless access point. The Time Capsule uses VLAN 1003 for the guest network. I’m trying to use that information to configure the MikroTik router.
When I connect a device to the guest wireless network, it gets an IP address in the 192.168.30.x range but it doesn’t see an internet connection. I can see traffic on the guest_network interface in RouterOS.
It seems like I’ve missed the step that connects the vlan to the internet. I’m a software developer, not a networking expert, so a lot of these concepts are foreign to me. I know the basics for keeping a consumer home network running, but I’ve never worked with VLANs before. How can I get the 1003 VLAN to see the internet?
To recap the time capsule will accept normal untagged traffic for wifi output and on top of that WIILL accept a tagged stream of data vlan in the same port for guest wifi?
In other words the time capsule input port can act as a hybrid port??
From quick search… If you are asking about the Guest Network feature on the AirPort, this feature only will work correctly when the AirPort is set up as a DHCP and NAT router.
The AirPort Extreme is simply not designed to work with VLAN from another router, if that might be what you are asking about.
Oops. I forgot to add a link to this blog post where the author is doing exactly what I’m trying to do but with an ActionTech router. I’m not sure how to translate the ActionTech configuration to the MikroTik.
Okay so you are saying that the apple airport can be viewed as providing a hybrid port.
Untagged traffic from the LAN reaches the time capsule as the main wifi.
Internally if you activate guest wifi, the apple handles this a a tagged vlan1003 …
So lets say you had the main subnet as vlan10
Add the guest vlan1003 on the router just like any other vlan…
Lets say port 5 was the port to the apple. We will have to treat this as a hybrid port as the apple cannot handle vlans in general but we know it can work with vlan1003
Yes anav, lots of APs handle a guest network just that way. There are other ways that are also used as well.
You just need to set up the port as a hybred with the main lan untagged and a VLAN that will become the guest SSID.
I could describe in detail how to do that in SwitchOS, but not RouterOS.
Its not that common, Apple hides this feature and I am only aware of Ubiquiti that has this bastardized outlook on life.
A smart device should be able to trunk port in all vlans period or have the option to do it either way of course.
I assume the logic is that for the vast majority of users who have no idea what a VLAN is, nor have any hardware that supports VLANs, having non-tagged traffic become the “normal” SSID means that it will just work. Advanced users are more likely to have the VLAN hardware and enough knowledge to make use of it.
Personally, my WiFi uses non-tagged traffic for management, and all the SSIDs are assigned to various VLANs. But I am NOT using consumer WiFi (using Meraki enterprise hardware).
I realize I left out another important piece of information which is my hardware configuration. It’s frustrating and humbling to be the guy people usually call with their computer questions but to be so completely lacking in knowledge about this area that I leave out essential information.
The MikroTik router is in the cell antenna on my roof. A cable connected to ether1 comes into my house. That’s plugged in (through a PoE adapter) to the Time Capsule’s WAN port. Two of its LAN ports connect to hubs which my devices are plugged in to. The third LAN port goes to a NAS.
I’m not sure how to convert the ether2 and ether3 ports in your instructions to my setup. I doubt I can just change all the ports to “ether1”.
Thanks for your continued assistance. I truly appreciate it. I feel like I’m almost there.