so what is vlan1 used for ?
can i see that as a sort of trunk port, both to the switch (ether9-rb260gs) and the wifi network (ether10-r500) ?
strangest thing is that i can access the switch config page (192.168.0.2) over vlan 1, but not the config pages for the AP (192.168.0.5)
Vlan1 is a background entity used by the bridge and smart devices and should not concern you in any way.
If you are using vlan1 for data, as I stated replace it with a full vlan ( dhcp etc ).
Then repost your config for review if still having issue.s
the Ruckus R500 Access Point is not able to have a management VLAN
https://community.ruckuswireless.com/t5/ICX-Switches/Ruckus-Unleashed-VLAN-Setup/m-p/34541
“Unleashed does not allow Management IP to be on a VLAN (unlike Zone Director / non-Unleashed version) but it does allow Wifi SSID to be assigned to specific VLANs. So configuration I used was to have a trunk port to the Ruckus AP from the switch. However it needs to be configured so the untagged traffic (from the AP) is tagged to your management VLAN and then the SSID VLANs as members. On Juniper switches this is called native-tagging. Exact configuration depends on your switch vendor.
You can then used Advanced options to define the specific VLAN tags for each SSID network.
There is no option to configure tagging for the AP management traffic within Unleashed”
https://www.reddit.com/r/RuckusWiFi/comments/p8gdto/losing_management_access_when_connected_to_trunk/
“If you don’t have a management VLAN set on the AP, you just need to set the port on the switch to switchport trunk native vlan 500.”
i tried setting the vlan of ether10-r500 to pvid5, but that did not help.
/interface bridge
add name=bridge-local vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] name=ether1-WAN
set [ find default-name=ether2 ] comment="TV" name=ether2-TV
set [ find default-name=ether3 ] comment=Chromecast name=ether3-Chromecast
set [ find default-name=ether4 ] comment="vlan5 access" name=ether4-vlan5
set [ find default-name=ether5 ] comment="vlan110 access" name=ether5-vlan110
set [ find default-name=ether6 ] comment=meterkast name=ether6-switchMeterkast
set [ find default-name=ether7 ] comment="arcam SA30" name=ether7-arcamSA30
set [ find default-name=ether8 ] comment=access name=ether8-access
set [ find default-name=ether9 ] name=ether9-RB260GSP
set [ find default-name=ether10 ] name=ether10-R500 poe-priority=1
set [ find default-name=sfp-sfpplus1 ] disabled=yes
/interface veth
add address=172.17.0.2/24 gateway=172.17.0.1 name=veth1
/interface vlan
add comment="ISP" interface=ether1-WAN name=vlan-internet vlan-id=300
add comment="mgmt network" interface=bridge-local name=Mvlan5 vlan-id=5
add comment="servers" interface=bridge-local name=vlan105 vlan-id=105
add comment="IOT network" interface=bridge-local name=vlan110 vlan-id=110
add comment="guest network" interface=bridge-local name=vlan120 vlan-id=120
/interface bridge vlan
add bridge=bridge-local tagged=ether10-R500,ether9-RB260GSP,bridge-local,veth1 untagged=ether4 vlan-ids=5
add bridge=bridge-local tagged=bridge-local,ether9-RB260GSP vlan-ids=105
add bridge=bridge-local tagged=ether10-R500,ether9-RB260GSP,bridge-local,veth1 untagged=ether2-TV,ether3-Chromecast,ether5,ether7-arcamSA30,ether6-switchMeterkast vlan-ids=110
add bridge=bridge-local tagged=ether10-R500,ether9-RB260GSP,bridge-local,veth1 vlan-ids=120
/interface wireguard
add comment=mullvad listen-port=4063 mtu=1420 name=mullvad-upstream private-key="xx"
add listen-port=13231 mtu=1420 name=wireguard private-key="xx"
/interface wireguard peers
add allowed-address=10.0.0.2/32 comment="mobiel" interface=wireguard public-key="xx"
add allowed-address=10.0.0.3/32 comment="laptop" interface=wireguard public-key="xx"
add allowed-address=0.0.0.0/0 comment="mullvad nl-ams-wg-004" endpoint-address=193.32.249.69 endpoint-port=51820 interface=mullvad-upstream public-key="xx" persistent-keepalive=35s
/interface list
add comment="WAN interface" name=WAN
add comment="LAN interface" name=LAN
add comment="Trusted" name=Trusted
/interface list member
add interface=bridge-local list=LAN
add interface=vlan-internet list=WAN
add interface=wireguard list=LAN
add interface=ether8-access list=Trusted
add interface=Mvlan5 list=Trusted
/ip pool
add name=dhcp-local ranges=192.168.0.180-192.168.0.254
add name=pool-vlan105 ranges=192.168.105.180-192.168.105.249
add name=pool-vlan110 ranges=192.168.110.180-192.168.110.249
add name=pool-vlan120 ranges=192.168.120.180-192.168.120.190
/ip address
add address=192.168.0.1/24 interface=Mvlan5 network=192.168.0.0 comment=mgmt
add address=192.168.105.1/24 interface=vlan105 network=192.168.105.0 comment=servers
add address=192.168.110.1/24 interface=vlan110 network=192.168.110.0 comment=iot
add address=192.168.120.1/24 interface=vlan120 network=192.168.120.0 comment=guest
add address=10.0.0.1/24 interface=wireguard network=10.0.0.0 comment=vpn
add address=10.66.250.98/32 interface=mullvad-upstream network=10.124.0.0 comment="mullvad upstream"
add address=10.10.10.1/24 interface=ether8 network=10.0.0.0 comment "router access port"
/ip dhcp-server
add address-pool=dhcp-local comment=mgmt interface=Mvlan5 lease-time=5m name=dhcp-local
add address-pool=pool-vlan105 comment=servers interface=vlan105 lease-time=10m name=dhcp-vlan105
add address-pool=pool-vlan110 comment=iot interface=vlan110 lease-time=5m name=dhcp-vlan110
add address-pool=pool-vlan120 comment=guest interface=vlan120 lease-time=5m name=dhcp-vlan120
/ip dhcp-client
add interface=vlan-internet use-peer-ntp=no
/interface bridge port
add bridge=bridge-local ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged interface=ether2-TV pvid=110
add bridge=bridge-local ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged interface=ether3-Chromecast pvid=110
add bridge=bridge-local ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged interface=ether4 pvid=5
add bridge=bridge-local ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged interface=ether5 pvid=110
add bridge=bridge-local ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged interface=ether6-switchMeterkast pvid=110
add bridge=bridge-local ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged interface=ether7-arcamSA30 pvid=110
add bridge=bridge-local ingress-filtering=yes frame-types=admit-only-vlan-tagged interface=ether9-RB260GSP
add bridge=bridge-local ingress-filtering=yes frame-types=admit-only-vlan-tagged interface=ether10-R500
add bridge=bridge-local interface=veth1
/ip dhcp-server lease
add address=192.168.110.80 client-id=1:2c:ab:33:9a:29:4 mac-address=2C:AB:33:9A:29:04 server=dhcp-vlan110
add address=192.168.110.16 client-id=1:8c:79:f5:93:ef:14 comment="Samsung Tizen" mac-address=8C:79:F5:93:EF:14 server=dhcp-vlan110
add address=192.168.110.17 client-id=1:c0:56:27:8f:d5:ea mac-address=C0:56:27:8F:D5:EA server=dhcp-vlan110
add address=192.168.110.20 comment=Chromecast mac-address=44:09:B8:FE:EB:8C server=dhcp-vlan110
add address=192.168.110.59 comment="lightswitch slp2" mac-address=DC:4F:22:CB:07:2C server=dhcp-vlan110
add address=192.168.110.62 comment=trap mac-address=DC:4F:22:FA:56:A1 server=dhcp-vlan110
add address=192.168.110.60 comment="lightswitch werkkamer" mac-address=60:01:94:99:7A:26 server=dhcp-vlan110
add address=192.168.110.61 comment="lightswitch slp" mac-address=60:01:94:99:78:4D server=dhcp-vlan110
add address=192.168.110.58 comment="wasmachine PoW r2" mac-address=CC:50:E3:1A:F6:8B server=dhcp-vlan110
add address=192.168.110.50 comment=gateway mac-address=7C:49:EB:1C:F3:47 server=dhcp-vlan110
add address=192.168.110.57 comment=s20 mac-address=B4:E6:2D:25:3F:73 server=dhcp-vlan110
add address=192.168.110.51 comment=gang1 mac-address=60:01:94:D6:08:CB server=dhcp-vlan110
add address=192.168.110.52 comment=gang2 mac-address=60:01:94:D6:C7:B3 server=dhcp-vlan110
add address=192.168.110.63 comment="lightswitch slp1" mac-address=DC:4F:22:C6:A5:22 server=dhcp-vlan110
add address=192.168.110.18 client-id=1:0:11:32:d9:61:16 comment=DS920 mac-address=00:11:32:D9:61:16 server=dhcp-vlan110
add address=192.168.110.66 comment=voorraadkast mac-address=34:CE:00:9B:16:08 server=dhcp-vlan110
add address=192.168.110.69 mac-address=54:48:E6:53:5A:87 server=dhcp-vlan110
add address=192.168.110.68 mac-address=64:90:C1:97:AB:E2 server=dhcp-vlan110
add address=192.168.110.67 mac-address=5C:E5:0C:E1:7B:F0 server=dhcp-vlan110
add address=192.168.110.70 mac-address=54:48:E6:51:C8:C0 server=dhcp-vlan110
add address=192.168.110.40 comment=OTGW mac-address=F4:CF:A2:ED:C2:4B server=dhcp-vlan110
add address=192.168.0.10 client-id=1:e4:5f:1:70:90:93 comment="sensecap M1" mac-address=E4:5F:01:70:90:93 server=dhcp-local
add address=192.168.110.71 mac-address=54:48:E6:53:59:BB server=dhcp-vlan110
add address=192.168.110.22 comment="P1 dongle" mac-address=A8:48:FA:E9:15:68 server=dhcp-vlan110
add address=192.168.110.5 client-id=1:ca:7a:a8:1a:6c:61 comment=docker mac-address=CA:7A:A8:1A:6C:61 server=dhcp-vlan110
add address=192.168.110.142 client-id=1:6a:3f:2d:31:84:4e comment=pixel6 mac-address=6A:3F:2D:31:84:4E server=dhcp-vlan110
add address=192.168.110.24 mac-address=18:FE:34:CF:74:17 server=dhcp-vlan110
add address=192.168.110.81 comment="alfen wallbox" mac-address=3A:65:45:61:7E:46 server=dhcp-vlan110
add address=192.168.110.55 comment="AC werkkamer" mac-address=60:01:94:0C:66:E1 server=dhcp-vlan110
add address=192.168.110.15 client-id=1:0:1b:7c:8:3b:24 comment="arcam SA30" mac-address=00:1B:7C:08:3B:24 server=dhcp-vlan110
add address=192.168.110.56 comment="AC" mac-address=40:F5:20:2D:29:DD server=dhcp-vlan110
/ip dhcp-server network
add address=192.168.0.0/24 dns-server=192.168.0.12,192.168.0.11 domain=local gateway=192.168.0.1 netmask=24
add address=192.168.105.0/24 dns-server=192.168.0.12,192.168.0.11 domain=local gateway=192.168.105.1 netmask=24
add address=192.168.110.0/24 dns-server=100.64.0.23 gateway=192.168.110.1 netmask=24
add address=192.168.120.0/24 dns-server=192.168.0.12,192.168.0.11 domain=local gateway=192.168.120.1 netmask=24
/routing table
add fib name=""
add comment=mullvad disabled=no fib name=mullvad
/ip route
add comment=mullvad disabled=no distance=1 dst-address=0.0.0.0/0 gateway=mullvad-upstream pref-src="" routing-table=mullvad scope=30 suppress-hw-offload=no target-scope=10
/routing rule
add action=lookup-only-in-table comment="local traffic" dst-address=192.168.0.0/16 table=main
add action=lookup-only-in-table comment="response to wireguard" dst-address=10.0.0.0/24 table=main
add action=lookup-only-in-table comment=mullvad src-address=192.168.110.0/24 table=mullvad
/ip firewall address-list
add address=192.168.105.0/24 list="vlan"
add address=192.168.110.0/24 list="vlan"
add address=192.168.120.0/24 list="vlan"
add address=192.168.0.11 list=dnsservers
add address=192.168.0.12 list=dnsservers
/ip firewall mangle
add action=mark-routing chain=prerouting comment=mullvad in-interface=mullvad new-routing-mark=mullvad disabled=yes
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat comment=Sweden-vpn out-interface=mullvad-upstream
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=accept chain=input comment=wireguard dst-port=13231 log-prefix=wireguard protocol=udp
add action=accept chain=input comment="api access from homeassistant" dst-port=8728 protocol=tcp src-address=192.168.110.105
add action=accept chain=input comment="telegraf snmp" dst-address=192.168.0.1 protocol=udp src-address=192.168.105.14
add action=accept chain=input in-interface=Mvlan5
add action=accept chain=input in-interface=ether8-access src-address=10.10.10.0/24
add action=drop chain=input comment="defcon: drop all not coming from LAN" in-interface-list=!LAN
/ip firewall filter
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related disabled=no hw-offload=yes
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=forward comment="internet traffic" in-interface-list=LAN out-interface-list=WAN
add action=accept chain=forward comment="wireguard admin to vlans" in-interface=wireguard out-interface-list=LAN
add action=accept chain=forward comment="allow port forwarding" connection-nat-state=dstnat
add action=accept chain=forward comment="allow vpn sweden" in-interface=vlan110 out-interface=mullvad-upstream
add action=accept chain=forward comment="VLAN DNS" dst-address-list=dnsservers dst-port=53 protocol=udp src-address-list="vlan"
add action=accept chain=forward comment="VLAN DNS" dst-address-list=dnsservers dst-port=53 protocol=tcp src-address-list="vlan"
/container
add envlist=repeater_envs hostname=mdns-repeater interface=veth1 start-on-boot=yes file=mdns-repeater.tar
/container envs
add key=REPEATER_INTERFACES name=repeater_envs value="eth0.110 eth0.120"
/container
start 0
/ip/neighbor/discovery-settings
set discover-interface-list=Trusted
/tool mac-server mac-winbox
set allowed-interface-list=Trusted
/system ntp client
set enabled=yes
/system ntp client servers
add address=64.99.80.121
add address=20.101.57.9
/snmp
set enabled=yes trap-generators="" trap-version=2
/system clock
set time-zone-name=Europe/Amsterdam
/system script
add dont-require-permissions=no name=backup owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":global backupname (\"BACKUP\" . \"-\" . [/system identity get name] . \"-\" . [:pick [/system clock get date] 4 6] . [:pick [/system clock get date] 0 3] . [:pick [/system clock get date] 7 11] . \".backup\");\r\n:global backupnamersc (\"BACKUP\" . \"-\" . [/system identity get name] . \"-\" . [:pick [/system clock get date] 4 6] . [:pick [/system clock get\_date] 0 3] . [:pick [/system clock get date] 7 11] . \".rsc\");\r\n/system backup save name=\$backupname\r\n/export file=\$backupnamersc\r\n/tool fetch address=192.168.110.18 mode=ftp user=ftpaccess password=userftp src-path=\$backupname dst-path=\"/Backup/Mikrotik/\$backupname\" upload=yes\r\n/tool fetch address=192.168.110.18 mode=ftp user=ftpaccess password=userftp src-path=\$backupnamersc dst-path=\"/Backup/Mikrotik/\$backupnamersc\"\_upload=yes"
/tool netwatch
add comment="update DNS when Ubound is down" disabled=no down-script="/ip/dhcp-server/network/set dns-server=1.1.1.1,1.0.0.1 numbers=1,2,3,4 }" host=192.168.0.13 http-codes="" interval=1m start-delay=5m test-script="" type=simple up-script="/ip/dhcp-server/network/set dns-server=192.168.0.12,192.168.0.11 numbers=1,2,3,4 }"
/ipv6/settings
set disable-ipv6=yes
Okay so eth10 is problematic…
NO worries,
Is there a default managment ID or vlan or IP address on the R500 and if so what is it?
If not is it blank?
How I would go about it.
TRUNK PORT APPROACH
a. R500: define all vlans required for SSIDs, assign managment vlan to be vlan5 and put in a static IP address that you want the R500 to have on the VLAN5 subnet.
b. Mikrotik, no change required, it is setup to view ether10 as a trunk port.
/interface bridge port
add bridge=bridge-local ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged interface=ether2-TV pvid=110
add bridge=bridge-local ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged interface=ether3-Chromecast pvid=110
add bridge=bridge-local ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged interface=ether4 pvid=5
add bridge=bridge-local ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged interface=ether5 pvid=110
add bridge=bridge-local ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged interface=ether6-switch pvid=110
add bridge=bridge-local ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged interface=ether7-arcam pvid=110
add bridge=bridge-local ingress-filtering=yes frame-types=admit-only-vlan-tagged interface=ether9-RB260GSP
add bridge=bridge-local ingress-filtering=yes frame-types=admit-only-vlan-tagged interface=ether10-R500
add bridge=bridge-local interface=veth1
/interface bridge vlan
add bridge=bridge-local tagged=ether10-R500,ether9-RB260GSP,bridge-local,veth1 untagged=ether2-TV,ether3-Chromecast,ether5,ether7-arcam,ether6-switch vlan-ids=110
add bridge=bridge-local tagged=ether10-R500,ether9-RB260GSP,bridge-local,veth1 vlan-ids=120
add bridge=bridge-local tagged=ether10-R500,ether9-RB260GSP,bridge-local untagged=ether4 vlan-ids=5
add bridge=bridge-local tagged=bridge-local,ether9-RB260GSP vlan-ids=105
HYBRID PORT APPROACH
a. R500 do not assign a mangment vlan, defin all vlans required for SSIDS, put in a static IP address for the R500, that want it to have on the vlan5 subnet
b. MIkrotik, should be untagged on ether10 for vlan5.
_/interface bridge port
add bridge=bridge-local ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged interface=ether2-TV pvid=110
add bridge=bridge-local ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged interface=ether3-Chromecast pvid=110
add bridge=bridge-local ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged interface=ether4 pvid=5
add bridge=bridge-local ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged interface=ether5 pvid=110
add bridge=bridge-local ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged interface=ether6-switch pvid=110
add bridge=bridge-local ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged interface=ether7-arcam pvid=110
add bridge=bridge-local ingress-filtering=yes frame-types=admit-only-vlan-tagged interface=ether9-RB260GSP
add bridge=bridge-local interface=ether10-R500 pvid=5
add bridge=bridge-local interface=veth1
/interface bridge vlan
add bridge=bridge-local tagged=ether10-R500,ether9-RB260GSP,bridge-local,veth1 untagged=ether2-TV,ether3-Chromecast,ether5,ether7-arcam,ether6-switch vlan-ids=110
add bridge=bridge-local tagged=ether10-R500,ether9-RB260GSP,bridge-local,veth1 vlan-ids=120
add bridge=bridge-local tagged=ether9-RB260GSP,bridge-local untagged=ether10-R500,ether4 vlan-ids=5
add bridge=bridge-local tagged=bridge-local,ether9-RB260GSP vlan-ids=105_
need to try the settings to see if the wifi is working.
meanwhile, i seem to have difficulties getting the devices on the switch RB260GS (SwitchOS) working with the new vlan5 ?
here’s what i have right now.
R500_zolder is another wifi AccessPoint working as a mesh with the one connected to the RB4011 Router (should provide vlan5, vlan110, vlan120)
ds920 is a Synology NAS which should be accessible from vlan5 and vlan110
proxmox is a the virtualization server, accessible through 192.168.0.20. it has containers running in vlan5, vlan105 and vlan110)
port5 is the actual HP server on which proxmox runs. accessible only on ip 192.168.0.8
the SFP port i don’t use
today i tried approach 2: HYBRID PORT APPROACH
unortunately i can only get the wifi working partially.
below is a scematic view of the wifi
port ether10-r500 should act as a hybrid port, providing access to the management interface of the AP (192.168.0.30) through native vlan, and also access to the 3 wifi networks with their own vlan (5,110,120). The AP is also accessible through an AP address (192.168.0.31) because with Ruckus unleashed the accesspoints create a sort of a mesh network, with one management interface and also an interface per AP. I do have another AP which is not in the drawing, providing the same wifi networks. for testing i already disabled that AP, so now there is just the AP on ether10-r500 port.
with the hybrid port approach i can access the magement interface when ether10-r500 is untagged. but then only the management vlan5 does not have access to the network (i can see that because on that SSID i can’t get an ip address, on the other 2 SSID’s i do)
when i change the vlan5 to have ether10-r500 tagged, i do get an SSID for all wifi networks, but can’t connect to the AP. both management ip and AP ip are then un-accessible.
management ip of the ruckus network
AP interface of one of the access points
and the VLAN settings for in this case what should become Mvlan5 wifi network
I have no idea what you are doing.
The diagram shows the access point it does not show a ruckus controller ??
On the ruckus I have no idea what you are doing with vlan1 again… not sure what you dont get about NOT using vlan1.
It should be vlan5 if its in the management or trusted vlan.
the controller software Unleashed runs on the access point(s), there is not a separate controller.
i’ve updated the scheme to make things more clear
i’m aware of the not using vlan1
the vlan1 setting is from my current ((old) setup, the new one when im testing has vlan5
what i don’t get is why when mvlan5 is on the router and the pvid of ether10-r500, and vlan5 is the vlan for the wifi network my wireless clients are connecting to the wifi network, but don’t get an ip from the router.
i’ll try to start some logging on the AP see whats happening
Sorry cannot help you there.
One has three options
access port for one untagged vlan
trunk port for all tagged vlans
hybrid port for one untagged vlans and any number of tagged vlans.
i’ve tried starting with a blank config, just adding the needed vlan99, interfaces, network.
still the same problem.
untagged, the wifi network is accessible, but the management interface is not
tagged is the other way around
think i need to start looking for access points that support management vlan
thanks for your support this far!
Suggest asking in rukus forums.
How do add AP to a smart switch or
How do add AP@controller to vlan aware router.
With Ruckus Unleashed one of the AP becomes the master that then pushes config to units. In UniFi terms, Unleashed is like cloudykey was embedded in the APs, or in Mikrotik terms like if you combined CAPsMAN with VRRP. We use it in a few places, works well. But there is some automatic-blackmagic with DNS/mDNS/redirects/etc in how they do it…so I’ve always put the Ruckus Unleashed as an access port on MT bridge to avoid having to understand it all 
.
But Ruckus Unleashed does support all the VLAN configuration you’d want, so you should be able to feed the APs a trunk from the Mikrotik if you wanted. The management IP support being on a tagged VLAN, it’s under Admin>System>Management Interface:
the vlan management of the ruckus depends on the firmware and the device.
having a R500, the latest firmware unfortunately is not supported.
as you can see, i don’t have the vlan options in the Management interface screen
i’ll post this issue in the Ruckus forum, perhaps some one over there knows how to solve this
Your other option may be to not even use a managment interface.
How else can you assign an IP to the access point?
By default Ruckus bridges the SSID with network on the untagged network and grabs an IP for itself – just like most APs… So if you need only one SSID, just the defaults should be okay and untagged what VLAN you want on the Mikrotik side. If you need multiple SSIDs with different VLANs from Mikrotik, a hybrid port might be an option then (e.g. mgmt untagged, and the SSIDs assigned to the desired VLAN).
i’ve tried both ways.
with and without management interface, dhcp on the access points.
and hybrid port.
there are posts on the Ruckus forum explaining it should work, but unfortunately did not get it working here.
the trouble seems to be in the mgmt vlan assignment. looks like the unleashed console only is accessible when using vlan1 (and i don’t want to use that )