im working on an project with WiFi, there will be around 80 access points in the building. this building will house about 30 different company’s.
All of the company’s will have there own separate Vlan. this is easy with WPA2-Enterprise but not all devices support this. (Sonos, Chromecast, tv’s etc…)
So i was hoping that Mikrotik could support me on the switch side. Is it possible to have one trunk port connected to a single AP. that will set every mac in there correct vlans through Radius?
i would not do mac based VLANs on the switch. Let your APs/CAPsMan drop the clients into the appropriate VLAN. You can do this by sending Mikrotik-Wireless-VLANID in with the Radius Reply.
You can use your Radius to authenticate WPA2 Enterprise clients as well as PSK Client based on their MAC.
You need to add an entry to the wireless access-list with “action=query-radius” to do a MAC based authentication. I would also recommend to use a Private PSK per MAC or at least per company. Otherwise jumping to a different VLAN is as easy as spoofing a MAC.
All the logic of which MAC goes to which VLAN and and has what PSK can be processed by your radius server.