I am a Cisco/Ubiquiti guy and I am having the hardest time configuring my new wAP AC RBwAPG-5HacT2HnD. I am trying to configure it as an access point with 2 VLANs and a management VLAN. I do not want this device to act as a router and I want the firewall to be disabled. My EdgeRouter already handles all of that.
My setup: I have VLANs 2, 3, and 100 configured on my Ubiquiti EdgeRouter and my Cisco switch. VLAN1 is not used and is not configured on the EdgeRouter, and is untagged on the switch. VLAN2 corresponds to my dual-band network (SSID: Family) that has a pre-shared key. VLAN3 corresponds to my 5 GHz network (SSID: Family v2) with RADIUS authentication. VLAN100 is for management. My EdgeRouter handles DHCP, DNS, and inter-VLAN routing. The switch port that the AP will connect to has been configured as a trunk port.
I would like to be able to access the wAP AC interface on 10.32.100.9/24 (static) on the management VLAN100, so that should be the only interface IP address I should assign to the wAP AC, right? Then I would like to have the “Family” dual-band SSID on VLAN2 with a WPA2 pre-shared key. Then I would like to have the “Family v2” 5 GHz SSID on VLAN3 with RADIUS authentication.
Can somebody walk me through this? I am new to Mikrotik and I am having a terrible time. Each time I try to assign the interface to my management VLAN I lose access to the device and have to reset. Very frustrating.
If you want to limit management to this interface, then edit the allowed addresses under the /ip services to match the management network. When this work you can remove all other addresses. Don’t forget the default route as well!
The wireless part i’m unsure what you mean, but you probably need to create the VLAN interfaces as above, and two bridge-interfaces to the two SSID’s.
I would suggest setting it back to defaults (ensuring you have latest firmware as usual).
Then use quickset and select AP WISP mode.
After that all you need to do is
a. create bridge
b. Add vlans
c. Add vlans to the bridge
d. configure the bridge ports and bridge vlan
e. configure wireless.
As for the bridge leave the pvid to default of 1 and use vlans to describe all subnets as required.
For the physical ports on the bridge that you are going to use dont forget that
1 - trunk ports just add port to the bridge
2- access ports add vlan and identify as access port by stating pvid number of associated vlan
For the wireless ports on the bridge (we call them WLANS)
3- add WLANS (access ports) to the bridge as well, since all receiving devices are not vlan aware these WLANS are all access ports and thus required the PVID number.
4- Now you will have to go back to bridge vlan settings and modify to include the WLANs.