Hello all,
I am quite new to MikroTik routers.
I am preparing a new house setup.
Network diagram
I have now a few questions:
How can have the dhcp servers tied to VLAN 101/102 in Router1?
Should I have a supplementary VLAN for devices management?
What configuration is necessary to have the trunk between Switch1/Switch2 and Router1 providing DHCP?
Regards and thanks, Jacques-D.
This is the defacto bible on vlans........
and have a read through this..............
Thanks for the links. I have read them and (at least partially) understood the content.
Till now, I have been able to translate these config to my case, up to one point:
My ISP is not providing a fix IP, but a changing one, via DHCP.
So I changed:
Yellow WAN facing port with IP Address provided by ISP
/ip address add interface=ether1 address=a.a.a.a/aa network=a.a.a.0
router's gateway provided by ISP
/ip route add distance=1 gateway=b.b.b.b
For:
WAN config from ISP
/ip dhcp-client
add comment=WAN interface=ether1
/interface bridge port
add bridge=BR1 interface=ether1
My problem is that the clients on the VLAN's cannot access internet over the WAN port.
What did I miss?
Supplementary question, what should I add to use the DNS servers information provided via DHCP client?
Thanks and regards, Jacques-D.
PS: if it helps, I can post the full config
If you read the 12 rules, it should not be a question LOL, regarding posting the config..
/export file=anynameyouwish (minus router serial number, any public WANIP information, keys
Hi @anav,
About the 12 rules, I am sorry, but I don't understand which one you see applicable to my case?
Here is the config of the router:
router_config.rsc (3.2 KB)
And the config of the AP:
ap_config.rsc (2.2 KB)
Any hint will be appreciated.
Thanks and regards, Jacques-D.
Yeah my bad I assumed jaclaz would have the importance of
a. network diagram
b. requirements
c. post config
but alas it fails, to help new posters in this regard.
Okay problem number one, you dont have a router at all.
Its a switch and a weak one at that for any routing.
THe methodology for setting it up probably by chip switch settings is probably best but I have no clue on that. I will set you up for traditional vlan setups on the bridge that will work but perhaps not eke out the best possible performance, the good news is that the config will be roughly the same for all devices in this way and if you actually get a router be it a small hex or something bigger, very little change required and none on all the other devices.
First step is to take port off bridge ( remove from /interface bridge port )
Give it a name etherx name=OffBridge7, give it an IP address,
add it to the trusted interface and then plug in laptop or computer to port 7,
change IPV4 settings to 192.168.77.2 and then gain access (user name, password) and do
rest of config from this safe spot.
Problem--> you show two connections from the "faux router" but you have five ports identified in bridge ports??? YOu show an ether8 connected to some smart device, but nothing in the diagram.
I get very tired when such obvious discrepancies in facts are not explained.
Why dont you update the diagram so its accurate .........
Once you can explain verbally or diagram all the port functions on the router, where they are going to etc.
the config can be done in minutes.
Hi @anav,
Sorry for all the confusion.
Port 8 of router is updated for local management.
I have attached an updated network plan and configurations.
router1.rsc (6.4 KB)
ap11.rsc (4.7 KB)
GH_net_diagram.pdf (72.4 KB)
House is a 3 floors building, almost no wireless between the floors.
Only 1 Gb fiber from floor to flooor.
I have used low grade HW in order to have a POC working, with the possibility to upgrade the HW in the future.
The switches RBS260 are only running SwitchOS, but they are cheap POE with 1 SFP port.
They are simply configured to let the VLAN's go through, without any filtering.
I have started with the router, 1 switch and 1 AP in order to test the configuration.
Once it is working, I should be able to "copy" it to the other switches and AP.
Here is the connections table:
| Device | Port | Destination | VLAN | POE | Remark |
|---|---|---|---|---|---|
| router1 | ether1 | WAN | Out | ||
| ether2 | Out | ||||
| ether3 | Out | ||||
| ether4 | Out | ||||
| ether5 | Out | ||||
| ether6 | Out | ||||
| ether7 | Out | ||||
| ether8 | Local mgmt | Out | |||
| sfp9 | Trunk | 99, 101, 102 | N/A | ||
| sfp10 | Trunk | 99, 101, 102 | N/A | ||
| sfp11 | Trunk | 99, 101, 102 | N/A | ||
| sfp12 | switch1 | 99, 101, 102 | N/A | ||
| switch1 | ether1 | Local mgmt | In | ||
| ether2 | AP11 | 99, 101, 102 | Out | ||
| ether3 | Out | ||||
| ether4 | Out | ||||
| ether5 | Out | ||||
| sfp9 | Trunk | 99, 101, 102 | N/A | ||
| ap11 | ether1 | Trunk | 99, 101, 102 | In | |
| ether2 | Out | ||||
| wlan1 | Guest/Intern | N/A | 2.4 GHz | ||
| wlan2 | Intern | N/A | 5 GHz |
I hope you can understand my needs.
Thanks and regards, Jacques-D.
So Switch2 has no settings and just lets everything go through to the CAPAC
So in effect we trunk to switch2 and all the vlans should reach AP21???
Best for guarantees to always use managed switches.
So same same for Switch1 then??
++++++++++++++++++++++++++++++++++++++++++
# model = CRS112-8P-4S
/interface bridge
add name=BR1 protocol-mode=none vlan-filtering=no { change to yes as last step }
set [ find default-name=ether8 ] name=OffBridge8
/interface vlan
add interface=BR1 name=guest_VLAN vlan-id=102
add interface=BR1 name=intern_VLAN vlan-id=101
add interface=BR1 name=mgmt_VLAN vlan-id=99
/interface list
add name=WAN
add name=VLAN
add name=BASE
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=intern_POOL ranges=10.91.5.33-10.91.5.251
add name=guest_POOL ranges=192.168.47.33-192.168.47.251
/ip dhcp-server
add address-pool=intern_POOL interface=intern_VLAN name=intern_DHCP
add address-pool=guest_POOL interface=guest_VLAN name=guest_DHCP
/port
set 0 name=serial0
/interface bridge port
add bridge=BR1 frame-types=admit-only-vlan-tagged interface=sfp9
add bridge=BR1 frame-types=admit-only-vlan-tagged interface=sfp10
add bridge=BR1 frame-types=admit-only-vlan-tagged interface=sfp11
add bridge=BR1 frame-types=admit-only-vlan-tagged interface=sfp12
/ip neighbor discovery-settings
set discover-interface-list=BASE
/ipv6 settings
set disable-ipv6=yes
/interface bridge vlan
add bridge=BR1 tagged=BR1,sfp9,sfp10,sfp11,sfp12 vlan-ids=99,101,102
/interface list member
add interface=ether1 list=WAN
add interface=intern_VLAN list=VLAN
add interface=guest_VLAN list=VLAN
add interface=mgmt_VLAN list=VLAN
add interface=mgmt_VLAN list=BASE
add interface=ether8 list=BASE
/ip address
add address=192.168.99.101/24 interface=mgmt_VLAN network=192.168.99.0
add address=10.91.5.1/24 interface=intern_VLAN network=10.91.5.0
add address=192.168.47.1/24 interface=guest_VLAN network=192.168.47.0
add address=192.168.77.1/30 interface=OffBridge8 network=192.168.77.0
/ip dhcp-client
add comment=WAN interface=ether1 use-default-route=no
/ip dhcp-server network
add address=10.91.5.0/24 dns-server=192.168.99.101 gateway=10.91.5.1
add address=192.168.47.0/24 dns-server=192.168.99.101 gateway=192.168.47.1
add address=192.168.99.0/24 dns-server=192.168.99.1 gateway=192.168.99.1
/ip dns
set allow-remote-requests=yes servers=1.1.1.1,9.9.9.9
/ip firewall filter
add action=accept chain=input connection-state=established,related
add action=drop chain=input connection-state=invalid
add action=accept chain=input protocol=icmp
add action=accept chain=input dst-address=127.0.0
add action=accept chain=input comment="Admin access" in-interface-list=BASE
add action=accept chain=input comment="users to services" in-interface-list=VLAN \
dst-port=53 protocol=udp
add action=accept chain=input comment="users to services" in-interface-list=VLAN \
dst-port=53 protocol=tcp
add action=drop chain=input comment="Drop all else" { put this rule here, but last of all rules }
+++++++++++++++++++++++++++++++++++++++++++++++++
add action=fasttrack-connection chain=forward connection-state=established,related
add action=accept chain=forward connection-state=established,related,untracked
add action=accept chain=forward comment="internet" in-interface-list=VLAN out-interface-list=WAN
add action=accept chain=forward comment="admin access" in-interface-list=BASE out-interface-list=VLAN
add action=drop chain=forward comment="Drop all else"
/ip firewall nat
add action=masquerade chain=srcnat comment="Default masquerade" \
out-interface-list=WAN
/ip route
add distance=1 gateway=<IP of ISSP roouter>
/ip service
set telnet disabled=yes
/system clock
set time-zone-name=Europe/Zurich
/system identity
set name=Router1
/tool mac-server
set allowed-interface-list=none
/tool mac-server mac-winbox
set allowed-interface-list=BASE
AND AP
# model = RBcAPGi-5acD2nD
/interface bridge
add name=BR1 protocol-mode=none vlan-filtering=no { change to yes as last step }
set [ find default-name=ether1 ] name=OffBridge2
/interface vlan
add interface=BR1 name=mgmt_VLAN vlan-id=99
/interface list
add name=BASE
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys \
supplicant-identity=MikroTik wpa2-pre-shared-key=<Internal key>
add authentication-types=wpa2-psk mode=dynamic-keys name=guests_PROFILE \
supplicant-identity=MikroTik wpa2-pre-shared-key=<Guest key>
add authentication-types=wpa2-psk mode=dynamic-keys name=internal_PROFILE \
supplicant-identity=MikroTik wpa2-pre-shared-key=<Internal key>
/interface wireless
set [ find default-name=wlan1 ] disabled=no frequency=auto mode=ap-bridge \
security-profile=guests_PROFILE ssid=GH_Guests
set [ find default-name=wlan2 ] disabled=no frequency=auto mode=ap-bridge \
security-profile=internal_PROFILE ssid=GH_Internal
add disabled=no mac-address=F6:1E:57:64:40:F8 master-interface=wlan1 name=\
wlan12 security-profile=internal_PROFILE ssid=GH_Internal
/interface bridge port
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged \
ingress-filtering=yes interface=wlan1 pvid=102
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged \
ingress-filtering=yes interface=wlan12 pvid=101
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged \
ingress-filtering=yes interface=wlan2 pvid=101
add bridge=BR1 frame-types=admit-only-vlan-tagged ingress-filtering=yes \
interface=ether1
/ip neighbor discovery-settings
set discover-interface-list=BASE
/interface bridge vlan
add bridge=BR1 tagged=ether1 untagged=wlan2,wlan12 vlan-ids=101
add bridge=BR1 tagged=ether1 untagged=wlan1 vlan-ids=102
add bridge=BR1 tagged=BR1,ether1 vlan-ids=99
/ip dns
add set server=192.168.99.101
/interface list member
add interface=mgmt_VLAN list=BASE
add interface=OffBridge2 list=BASE
/ip address
add address=192.168.99.102/24 interface=mgmt_VLAN network=192.168.99.0
add address=192.168.22.1/24 interface=mgmt_VLAN network=192.168.22.0
/ip route
add distance=1 gateway=192.168.99.101
/ip ssh
set always-allow-password-login=yes
/system identity
set name=ap1
/tool mac-server
set allowed-interface-list=none
/tool mac-server mac-winbox
set allowed-interface-list=BASE
Hi @anav ,
Thanks a lot for your effort.
I attached the actual export of both router1 and ap11.
router1_20250907.rsc (4.2 KB)
ap11_20250907.rsc (3.6 KB)
The basic functions are now ok, but I still have a few questions.
Thanks and best regards, Jacques-D.
PS: if there is a way to send you a beer, please let me know!
I am not sure why you changed your bridge name, and decided to call it off bridge ???
Your config is now worse LOL. The offbirdge is to let you know that port is independent and off the bridge. Yes my bad on AP, I meant it to be ether2, ... WIll fix.
-pay attention to list members this time.
-pay attention to ONLY changing name of ether8
-pay attention to address for offbridge8 port.
-you had two addresses for mgmt vlan, removed one and corrected addressing and pool and dhcp server network
-the address on the router for offbridge is x.77.1 on your laptop in ipv4 settings you use x.77.2
-note added ntp port 123 to the input chain rule for users.
-the rule you made allows everyone on the internet to use it, BAD idea, remove ASAP.
one has to be careful with rules.
-also I would not drop log rules, your router will use up its memory after time.
/interface bridge
add name=bridge protocol-mode=none vlan-filtering=yes
/interface ethernet
set [ find default-name=ether8 ] name=OffBridge8
/interface vlan
add interface=bridge name=guest_VLAN vlan-id=102
add interface=bridge name=intern_VLAN vlan-id=101
add interface=bridge name=mgmt_VLAN vlan-id=99
/interface list
add name=WAN
add name=VLAN
add name=BASE
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=intern_POOL ranges=10.91.5.33-10.91.5.251
add name=guest_POOL ranges=192.168.47.33-192.168.47.251
add name=mgmt_POOL ranges=192.168.99.66-192.168.66.94
/ip dhcp-server
add address-pool=intern_POOL interface=intern_VLAN name=intern_DHCP
add address-pool=guest_POOL interface=guest_VLAN name=guest_DHCP
add address-pool=mgmt_POOL interface=mgmt_VLAN name=mgmt_DHCP
/port
set 0 name=serial0
/interface bridge port
add bridge=bridge frame-types=admit-only-vlan-tagged interface=sfp9
add bridge=bridge frame-types=admit-only-vlan-tagged interface=sfp10
add bridge=bridge frame-types=admit-only-vlan-tagged interface=sfp11
add bridge=bridge frame-types=admit-only-vlan-tagged interface=sfp12
add bridge=bridge frame-types=admit-priority-and-untagged interface=ether7 pvid=99
/ip neighbor discovery-settings
set discover-interface-list=BASE
/ipv6 settings
set disable-ipv6=yes
/interface bridge vlan
add bridge=bridge tagged=bridge,sfp9,sfp10,sfp11,sfp12 untagged=ether7 vlan-ids=99
add bridge=bridge tagged=bridge,sfp9,sfp10,sfp11,sfp12 vlan-ids=101,102
/interface list member
add interface=ether1 list=WAN
add interface=intern_VLAN list=VLAN
add interface=guest_VLAN list=VLAN
add interface=mgmt_VLAN list=VLAN
add interface=OffBridge8 list=VLAN
add interface=mgmt_VLAN list=BASE
add interface=OffBridge8 list=BASE
/ip address
add address=192.168.77.1/30 comment="Local mgmt" interface=OffBridge8 network=\
192.168.77.0
add address=10.91.5.1/24 interface=intern_VLAN network=10.91.5.0
add address=192.168.47.1/24 interface=guest_VLAN network=192.168.47.0
add address=192.168.99.65/27 interface=mgmt_VLAN network=192.168.99.64
/ip dhcp-client
add comment=WAN interface=ether1
/ip dhcp-server network
add address=10.91.5.0/24 dns-server=192.168.99.101 gateway=10.91.5.1
add address=192.168.47.0/24 dns-server=192.168.99.101 gateway=192.168.47.1
add address=192.168.99.64/27 dns-server=192.168.99.65 gateway=192.168.99.65
/ip dns
set allow-remote-requests=yes servers=1.1.1.1,9.9.9.9
/ip firewall filter
add action=accept chain=input connection-state=established,related
add action=drop chain=input connection-state=invalid
add action=accept chain=input protocol=icmp
add action=accept chain=input dst-address=127.0.0.0
add action=accept chain=input comment="Admin access" in-interface-list=BASE
add action=accept chain=input comment="users to services" dst-port=53,123 \
in-interface-list=VLAN protocol=udp
add action=accept chain=input comment="users to services" dst-port=53 \
in-interface-list=VLAN protocol=tcp
add action=drop chain=input comment="Drop all else" log=yes
add action=fasttrack-connection chain=forward connection-state=\
established,related hw-offload=yes
add action=accept chain=forward connection-state=\
established,related,untracked
add action=accept chain=forward comment=internet in-interface-list=VLAN \
out-interface-list=WAN
add action=accept chain=forward comment="admin access" in-interface-list=BASE \
out-interface-list=VLAN
add action=drop chain=forward comment="Drop all else"
/ip firewall nat
add action=masquerade chain=srcnat comment="Default masquerade" \
out-interface-list=WAN
/ip service
set ftp disabled=yes
set telnet disabled=yes
/system clock
set time-zone-name=Europe/Zurich
/system identity
set name=router1
/system ntp client
set enabled=yes
/system ntp client servers
add address=0.ch.pool.ntp.org
add address=1.ch.pool.ntp.org
add address=2.ch.pool.ntp.org
/system ntp server
set enabled=yes manycast=yes
/tool mac-server
set allowed-interface-list=none
/tool mac-server mac-winbox
set allowed-interface-list=BASE# model = RBcAPGi-5acD2nD
/interface bridge
add ingress-filtering=no name=BR1 port-cost-mode=short protocol-mode=none \
vlan-filtering=yes
/interface ethernet
set [ find default-name=ether2 ] name=OffBridge2
/interface vlan
add interface=BR1 name=mgmt_VLAN vlan-id=99
/interface list
add name=BASE
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys \
supplicant-identity=MikroTik wpa2-pre-shared-key=bibInt3rnal
add authentication-types=wpa2-psk mode=dynamic-keys name=guests_PROFILE \
supplicant-identity=MikroTik wpa2-pre-shared-key=<key for guests>
add authentication-types=wpa2-psk mode=dynamic-keys name=internal_PROFILE \
supplicant-identity=MikroTik wpa2-pre-shared-key=<key for internal>
/interface wireless
set [ find default-name=wlan1 ] disabled=no frequency=auto mode=ap-bridge \
security-profile=guests_PROFILE ssid=BiB_GH_Guests
set [ find default-name=wlan2 ] disabled=no frequency=auto mode=ap-bridge \
security-profile=internal_PROFILE ssid=BiB_GH_Internal
add disabled=no mac-address=F6:1E:57:64:40:F8 master-interface=wlan1 name=\
wlan12 security-profile=internal_PROFILE ssid=BiB_GH_Internal
/ip smb users
set [ find default=yes ] disabled=yes
/routing bgp template
set default disabled=no output.network=bgp-networks
/routing ospf instance
add disabled=no name=default-v2
/routing ospf area
add disabled=yes instance=default-v2 name=backbone-v2
/interface bridge port
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged interface=\
wlan1 internal-path-cost=10 path-cost=10 pvid=102
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged interface=\
wlan12 internal-path-cost=10 path-cost=10 pvid=101
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged interface=\
wlan2 internal-path-cost=10 path-cost=10 pvid=101
add bridge=BR1 frame-types=admit-only-vlan-tagged interface=ether1 \
internal-path-cost=10 path-cost=10
/ip firewall connection tracking
set udp-timeout=10s
/ip neighbor discovery-settings
set discover-interface-list=BASE
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface bridge vlan
add bridge=BR1 tagged=ether1 untagged=wlan2,wlan12 vlan-ids=101
add bridge=BR1 tagged=ether1 untagged=wlan1 vlan-ids=102
add bridge=BR1 tagged=BR1,ether1 vlan-ids=99
/interface list member
add interface=mgmt_VLAN list=BASE
add interface=OffBridge2 list=BASE
/interface ovpn-server server
add auth=sha1,md5 mac-address=FE:50:EB:C3:E6:23 name=ovpn-server1
/ip address
add address=192.168.99.90/27 interface=mgmt_VLAN network=192.168.99.64
/ip dns
set servers=192.168.99.65
/ip ipsec profile
set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5
/ip route
add disabled=no dst-address=0.0.0.0/0 gateway=192.168.99.65
/ip smb shares
set [ find default=yes ] directory=/flash/pub
/ip ssh
set always-allow-password-login=yes
/routing bfd configuration
add disabled=no interfaces=all min-rx=200ms min-tx=200ms multiplier=5
/system clock
set time-zone-name=Europe/Zurich
/system identity
set name=ap11
/system ntp client
set enabled=yes
/system ntp client servers
add address=192.168.99.65 comment="getting ntp from router"
/system package update
set channel=testing
/system routerboard settings
set cpu-frequency=716MHz
/tool mac-server
set allowed-interface-list=none
/tool mac-server mac-winbox
set allowed-interface-list=BASE
A better topic title would have been something like "How can I configure a CRS112-8P-4S as a router with multiple vlan trunks connected to two RB260GSP switches?" The question really has little to do with network diagram questions. I thought you were looking for network diagramming software.
Two things that stand out.
There is a whole section with examples here CRS1xx/2xx series switches examples
For inter-vlan routing, see this section InterVLAN Routing
In my opionion, the best youtube video about configuring vlans on the CRS1xx and CRS2xx switches is Mikrotik VLANs - CRS1xx & CRS2xx - Mikrotik Tutorial by Wilmer Almazan / The Network Trip even though it is 4 years old now. And it is using the CRS in its intended purpose, as a switch. The routing is done by another device meant to be a router. Almost any Mikrotik router would be more performant than the CRS112 as a router. For example even the lowly hAP ax lite is much (5x) faster at routing than the CRS112 (see ethernet routing numbers)
concur buckeye, the reason for using the more modern vlan approach is that, one would hope the OP would procure the proper gear for any actual network setup.
Hi @anav ,
Thanks again for your help!
I have updated the configurations and added an AP (see the updated diagram).
GH_net_diagram.pdf (66.5 KB)
Here are the latest configurations:
router1_20250908.rsc (4.1 KB)
ap01_20250908.rsc (2.4 KB)
ap11_20250908.rsc (3.6 KB)
@Buckeye you are right, the CRS112 was not my preferred choice, but:
I hope I will be able to upgrade it in the future.
Thanks and regards, Jacques-D.
PS: @anav Remember the beer I owe you 
the total pool range can be
192.168.99.2-192.168.99.254
Please ensure you put down the available pool you want to make available.
Conversely dont use dhcp as you are adding Management IPs manually on each device as an address on the management vlan and then going to the main router and adding them my mac address as a static lease.
The bridge port can be improved from:
add bridge=BR1 interface=ether7 pvid=99
TO:
add bridge=BR1 frame-type=admit-priority-and-untagged interface=ether7 pvid=99
What is the purpose of this bridge port...........
add bridge=BR1 interface=ether2 ?????????
Please add your management and offbase to the VLAN interface list.
There is no security risk to do so and it makes both be allowed to get out to the internet, especially if you need to get certain files etc......... flexibility!!
Should be:
/interface list member
add interface=ether1 list=WAN
add interface=intern_VLAN list=VLAN
add interface=guest_VLAN list=VLAN
add interface=mgmt_VLAN list=VLAN
add interface=OffBridge8 list=VLAN
++++++++++++++++++++++++++++
add interface=mgmt_VLAN list=BASE
add interface=OffBridge8 list=BASE
Please fix your address for OffBridge8 should be:
/ip address
add address=192.168.77.1/30 comment="Local mgmt" interface=OffBridge8 network=
192.168.77.0
You didnt add (in input chain) port 123 to the users (udp) for NTP ???? Should be
add action=accept chain=input comment="users to services" dst-port=53,123
in-interface-list=VLAN protocol=udp
For APO1
Although its fine to leave out the untagged as the router does it dymamically, putting it shows me the setup is understood on exports so helps ensure ports and vlans are matched.
So I prefer to see it like so ( not wrong just personal preference )
/interface bridge vlan
add bridge=BR1 tagged=ether1 untagged=wlan12,wlan2 vlan-ids=101
add bridge=BR1 tagged=ether1 untagged=wlan1 vlan-ids=102
add bridge=BR1 tagged=BR1,ether1 vlan-ids=99
You forgot address for OffBridge2 on this ap.
/ip address
add address=192.168.77.1/30 interface=OffBridge2 network=192.168.77.0
FOR AP11
/ip address
add address=192.168.77.1/30 interface=OffBridge2 network=192.168.77.0
Hi @anav ,
For router1:
router1_20250908.rsc (4.3 KB)