Took me a bit to get this working, though it seemed simple enough at first for this configuration:
- Uplink from RB960 to network switch/router is fiber using SFP1 port and is a Trunk port; uses VLAN10 for management IP address
- ether5 will connect to an Access Point; is a Hybrid trunk port with native VLAN=11 and all wireless traffic will be tagged
- ether1 - 4 will be Access ports with default VLAN=101
Running on v6.42.10. Read thru the Wiki’s multiple times to ensure VLAN configurations did not defeat hardware offload as I need Gig wirespeeds thru the ports. All ports are members of bridge1. It was real fun figuring out how to get VLAN trunking working between the switch ports (ether1 - 5) and sfp1 port (via switch1-cpu port configs in VLAN Table). What I am looking for guidance on is the setup/configuration of the VLANs either on the bridge interface or port interface. The access points will dynamically assign VLANs to client devices, thus I have a few hundred possible VLANs. Should I apply the VLANs to ether5 port (access point port) or should I assign them to bridge1 interface (I have found that when assigning to ports in a bridge that you then lose ability to connect to the RB960 via Winbox if all the ports are defined as VLAN ports, whereas assigning all the VLANs to the bridge1 interface then allows Winbox connection on any of the ports)? I’m leaning toward assigning to a port that is in the bridge versus assigning to the bridge itself due to security as I probably don’t want end users plugged into the access ports to see/gain access to the switch Winbox mgmt interface, but also poses issues with field troubleshooting if I don’t). Thanks in advance.