Trouble getting WAN over to VLANs

Hi,

I’ve recently got my hands on a hAP ac2 and been having a lot of fun getting VLANs set up etc. I’m sure it’s incredibly inefficient but it mostly works. My problem is that I’m at the point everything will talk to each other and I’d like to plug it into the internet but when I do it’s not happy. I’m 100% sure I’m missing something but all my googling hasn’t resolved the problem.

I’m with Sky Fibre in the UK so it uses a DHCP clientid which I managed to get working with the default configuration but now I’ve set up VLANs on a bridge I’m unsure how to pass the internet to it.

Could anyone point me in the right direction, please? My config export is below.

Thanks in advance!

/interface bridge
add name=bridge-main vlan-filtering=yes
/interface vlan
add interface=bridge-main name=vlan50 vlan-id=50
add interface=bridge-main name=vlan60 vlan-id=60
/interface list
add name=WAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk mode=dynamic-keys name=main supplicant-identity=MikroTik
add authentication-types=wpa2-psk mode=dynamic-keys name=guest supplicant-identity=MikroTik
/interface wireless
set [ find default-name=wlan1 ] mode=ap-bridge security-profile=main ssid="Wireless" wps-mode=disabled
set [ find default-name=wlan2 ] mode=ap-bridge security-profile=main ssid="Wireless" wps-mode=disabled
add mac-address=AA:AA:AA:AA:AA:AA master-interface=wlan1 name=guest1 security-profile=guest ssid="Guest"
add mac-address=AA:AA:AA:AA:AA:AA master-interface=wlan2 name=guest2 security-profile=guest ssid="Guestn"
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcpv50 ranges=10.0.50.50-10.0.50.250
add name=dhcpv60 ranges=10.0.60.10-10.0.60.250
/ip dhcp-server
add address-pool=dhcpv50 disabled=no interface=vlan50 name=v50
add address-pool=dhcpv60 disabled=no interface=vlan60 name=v60
/interface bridge port
add bridge=bridge-main interface=ether2 pvid=50
add bridge=bridge-main interface=ether3 pvid=50
add bridge=bridge-main interface=wlan1 pvid=50
add bridge=bridge-main interface=wlan2 pvid=50
add bridge=bridge-main interface=guest1 pvid=60
add bridge=bridge-main interface=guest2 pvid=60
/interface bridge vlan
add bridge=bridge-main tagged=ether2,ether3,bridge-main untagged=wlan1,wlan2 vlan-ids=50
add bridge=bridge-main untagged=guest1,guest2,bridge-main vlan-ids=60
/interface list member
add interface=ether1 list=WAN
/ip address
add address=10.0.50.1/24 interface=vlan50 network=10.0.50.0
add address=10.0.60.1/24 interface=vlan60 network=10.0.60.0
/ip dhcp-client
add dhcp-options=clientid,hostname disabled=no interface=ether1
/ip dhcp-server network
add address=10.0.50.0/24 comment=v50 gateway=10.0.50.1 netmask=24
add address=10.0.60.0/24 comment=v60 gateway=10.0.60.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip firewall nat
add action=masquerade chain=srcnat comment=masquerade ipsec-policy=out,none out-interface-list=WAN
/ip service
set telnet disabled=yes
set ftp disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/system routerboard settings
set silent-boot=no

Hi there, best bet is to have a read through this link, it has great examples.
Check your config against it.
If you have any questions or have modded your config and want to have it reviewed post back.
Cheers!
http://forum.mikrotik.com/t/using-routeros-to-vlan-your-network/126489/1

On a first blush, one line that stood out for me…
add bridge=bridge-main untagged=guest1,guest2,bridge-main vlan-ids=60

Should probably look like…
add bridge=bridge-main tagged=bridgemain untagged=guest1,guest2 vlan-ids=60
Note here, it may not be required to tag or untag bridge-main for this particular rule but I imagine as the admin you may want to access at L3, the guest wifi just to troubleshoot or ensure its working etc…

Also you have no LAN interface identified and at least
bridge-main=LAN is not unusual. Not sure if its really needed though.

Finally, you should post firewall rules as well