all interfaces (physical wireless and physical nonwireless are bridged in bridge 1)
There is DHCP client and bridge 1 is assigned to it (network 10.0.0.0/24)
There are 3 wireless networks of physical wireless interfaces ( ap bridge mode), ssid called “wireless1”
I also created 3 virtual wireless interfaces (one for each physical wireless one ) and bridged them in bridge 2) ssid called “wireless2”
I have a dhcp server on Audience and bridge 2 assigned to it (network 10.0.1.0/24)
All works clients on different ssids get ether 10.0.0.x IP (wireless1 use ips from non mikrotik dhcp server) and clients on wireless2 get 10.0.1.x IP (issued by Audience)
I have added masquerading with source 10.0.1.x and out-interface brdige 1 so clients on wireless2 (call it a guest wifi ) have internet access
The question I have is why network 10.0.0.0 is accessible from 10.0.1.0 and vice versa?
.
seems everyone is skipping the “keep-it-simple-course” in network-potty-class …
.
why ?
.
fun of administrating one of these devices is knowing what you’re doing …
.
I also created 3 virtual wireless interfaces (one for each physical wireless one ) and bridged them in bridge 2
.
what for ? flooding the medium ? … feels like wireless communism !? … maybe there are laws against such shenanigans in your country ?!
.
after building the wireless ocean, you add an access-list (wood-hammer-acl-style) … and it works … !?
.
do not ask what your forum can do for you; ask what you can do for your forum !
.
route whenever you can route … bridge only when needed ( I would say: when unavoidable ).
.
you wanna have control over your traffic flow ? … separate your interfaces, build up small broadcast-domains … then you can measure the traffic with fw-rules.
.
carefull with bridging wireless-interfaces into each other … chaos,mayhem and madness will be the consequence … till the cat gets the remains
It did the trick but why both networks were reachable before?”
Wireless2 is not the guest network you want. Wireless1 is closer to that.
Lets make this exemple simpler, and project on what we commonly do …
You have a WAN environment 10.0.0.0/24 , and then you add a Home Gateway, which does NAT (masquerade) from its LAN network 10.0.1.0/24.
Of course the default route in the LAN network is set to be the Home Gateway
All LAN users can access all WAN devices and the Internet through that defined default route because of the masquerade
The WAN devices and Internet cannot find the LAN devices. And if the firewall in the Home Gateway is well defined, then the LAN devices are safe for access from WAN and Internet.
The WAN network can be seen as DMZ or some peculiar Guest network. A normal guest network would be besides the LAN network not in front of it.