I’ve just bought a Routerboard hAP Lite and trying to create a simple VLAN setup.
What I’m trying to achieve is…
Port 1 - WAN
Port 2 - Internal network, Windows DHCP server
Port 3 - UniFi APs with 2 SSIDs
The APs will have 2 SSIDs…
Internal SSID linked to internal dhcp and radius server
Guest SSID (inetrnet only) linked to DHCP on Mikrotik router and not routeable to internal network.
I would like the APs themselves to get a DHCP address from the internal network for management and the Internal SSID would need to have access to the internal network for radius authentication and DHCP.
The APs would be connected to an unmanaged switch and then an uplink to Port 3 on the router.
The inetrnal network switch is also unmanaged and would have an uplink to Port 2 on the router.
I understand that the Guest SSID needs a VLAN tag
Hope this makes sense and any advice would be helpful in the form of steps rather than command line.
Hi,
From my point of view you do not need the VLAN in your setup. You can do it different, with what is called VRF-Lite(well very close to it ). In Mikrotik words its all about routing marks.Check this topic out, http://forum.mikrotik.com/t/inter-vrf-connectivity-issue/38496/1 maybe it will fit your needs.
I sorted this by creating a single VLAN for the guest SSID. The APs are on the internal network but the guest SSID has a VLAN tag and get a DHCP address from the router and not the internal DHCP server.
I created a rule to drop traffic from the VLAN to the internal IP range and all is working as planned.
Even on unmanaged switches, the traffic is passed to the VLAN on the router.
Did you get this setup working? I have a similar setup but am having issues with it. If yours is working, would you mind posting a trimmed version of your config? Thank you.
)
). In Mikrotik words its all about routing marks.Check this topic out,