I am new to mikrotik so I need your help. I just bought a RB2011UAS-2HnD-IN and I am playing with it to teach my self how its works.
Using the default configuration that router have when you buy it, I managed to established an internet connection. I setup my adsl modem as a bridge, create a PPPoE client, add a dhcp server and an AP.
Lets go to hard stuff
I want to reset my router and doing everything from scratch so I can better understand the configuration.
I want to make an adsl connection again and have 2 vlans.
On 1st vlan I want to have my 3 PCs (wired connection to gigabits ports of router) and an AP for my smartphone.
On the 2nd vlan I want to have 4 other ports and a second virtual AP. I want this because when a guest pc switch to my LAN(wired or wireless) can’t access my work pcs.
If it is possible I want to use only winbox and no commands. A little bit theory and not only instractions are also welcome.
Thats for a start.
After doing that my second plan is to create a hotspot, living access only to one url and create a VPN network so I can reach my works PCs from my home.
Here is my setup. On ether1-gateway I have my adsl modem and running pppoe for connection to my ISP.
On ether2-ether5 I have my PCs and running a bridge_AP on my mikrotik for smartphones and laptops.
All the above I wanted to one VLAN1 (192.168.1.0/24) and a DHCP Server giving IPs to wireless devices.
On the second VLAN2 (192.168.10.0/24 using DHCP server) I want to have ether6-ether10 and a Virtual AP for my guest (including connection to the internet thru ether1-gateway) and without having pemission to see my VLAN1.
I have almost the same situation as you described, but did not use any VLAN.
I created two separate bridges. Also created two separate virtual AP’s and added one to either bridge. By making use of the switch capabilities I added only the master-ports to the designated bridge. The two different DHCP servers are also serving on either one of the bridges.
Then I made a firewall rule blocking all the traffic which comes from my guest bridge and is not going out on my ISP uplink
I tried to make my setup using bridges but with no so luck. DHCP server on my guests Lan didn’t served IPs to many the machines. My galaxy Nexus worked without problem on two networks, but my laptop using wifi or Lan had problem to resolve IP from router.
You descripted that you are using two separate Virtual AP. I used an AP for the first LAN and a virtual AP for the second. I don’t know if there is the problem.
In the diagram you show the “VLANs” as being on different interfaces so I don’t think you want VLANs at all - just two independent local LAN subnets.
You can also use the switch functions to group ports together. e.g. Make ports 7-10 slaves on port 6. Within ROS you then just use Ether6 to configure DHCP server, IP address etc. for that subnet.
What about the access points? I use the switch fuctions for the ethernet interfaces. Then I must create a bridge using eth6 and VirtualAP as interface to the bridge?
Yes you would bridge the wireless interface and the relevant Ether interface. You then must apply the router’s IP address and DHCP server for the subnet to the bridge interface instead of directly to any of the bridge member ports.
