just got the hap ax2 and toggling “Forward Override” in “Port Isolation” does not have any effect.Tried with “Vlan Filtering as well but pinging a device on another port still possible.am i missing something?
Hi,
You can use the Horizon function in Bridge port.
If a port have value Horizon (for example value 1), this port can not communicate with other ports that have the same Horizon.
It’s a software function and using that function will disable the hardware offloading on the switch chip.
Great tip,thanks a lot.Is there something I need to know about this approach?As far as I understand it is a software approach that does not use the built-in switch for port isolation.Does that make the port isolation less effective or secure?What could be the reason that the port isolation feature in Switch>Port Isolation does not work?Also trying to set up Vlan on ax2 is never working.My setup is PC–>ax2,routermode→ modemrouter,modemroutermode→internet.
Could Vlan in this setup even work?
After enabling Forward Override, you will also need to select forwarding to the CPU
On hAP ax2 you really should forget that /interface/ethernet/switch even exists (and vast majority of the rest of /interface/ethernet as well). This device model doesn't offer L2HW offload (nor L3HW offload, but that's not in the context of this thread), you should rely on whatever /interface/bridge has to offer. Including VLAN handling.
tried it but did not work
Post your config for review.
/export file=anynameyouwish (minus router serial number, any public WANIP information,keys, dhpc lease lists)
that are the steps I took
-
Open WinBox (or WebFig via
https://<router‑ip>). -
Go to Interfaces → VLAN.
-
Click “+” to add a new VLAN.
-
Fill in:
-
*Name:
vlan10(or any descriptive name) -
VLAN ID:
10(replace with the ID you need) -
Interface:
ether4(this binds the VLAN to physical port 4)
-
-
Click OK.
Result: You now have a virtual interface
vlan10that tags/untags traffic on port 4 with VLAN 10.
B. Access‑Port Setup (single VLAN)
If you only need VLAN 10 on port 4:
-
Disable the raw ether4 interface (optional but tidy):
- Go to Interfaces → Ethernet, double‑click
ether4, uncheck *“Enabled”**, then click OK.
- Go to Interfaces → Ethernet, double‑click
-
Assign an IP address (if the VLAN needs L3 connectivity):
-
IP → Addresses → “+”
-
Address:
192.168.10.1/24(example) -
Interface:
vlan10
-
and after that step I loose internet connection.I think its some setting in the modem router that makes the inter connection drop.
edit:i checked “enabled” in Interfaces>Ethernet and the connection was up again,but the vlan is still not working because I can ping devices that are on other ports.
Dont really care...., and unable to comment until I see the config as requested.
I will first check things on the modemrouter side,because since it has an own firewall and NAT it might be conflicting with the firewall and Nat of the hap ax2.After putting it into bridge-mode I gonna try setting up Vlan again.Norrowing it down seems the best approach,since I almost did not see anyone here having trouble with setting up Vlan.Very likely its the modemrouter that causes some conflicts for Vlan on hap ax2.