Hello,
I’m new to mikrotik routers, but have experience with Cisco and Fortigate firewalls, and with Cisco and HP switches.
I need to configure a unify acces point with a mikrotik firewall. The idea is to have two ssid’s on the unify, one for internal use and another one with guest access. The guest would be configured with vlan on unify, meanwhile internal wifi won’t have vlan.
Does anybody how should I configure mikrotik to allow having traffic in one port coming with and withouth vlan id?
I’ve tried looking for information on this kind of configuration, but have not found it.
Regards,
I have the exact setup as you described.
Unifi controller:
set up 2 SSID, one with VLAN tag, on the Unifi Controller. I use Unifi switch as well so they will adjust to VLAN config on the controller but you just have to make sure the switch port which the Unifi AP plugs into is a trunk port. As the Unifi AP itself and the internal ssid needs access to the internal network which is my core network. The Unifi AP will tag the guest SSID with VLAN ID.
because I am using Unifi switch, I had to add new Network on the controller, to make the switch aware of the new VLAN’s subnet, VLAN ID etc. you might not have to do this with other network switches.
I also enabled guests feature, without the portal etc. on the Guest SSID. Blocked multicase traffic from LAN to WAN on this network except those from the router which is my DHCP server and gateway.
Mikrotik
My guest network is on a bridge (running hotspot) and I added a VLAN interface to it. Apply IP address, DHCP server, routing, NAT for this VLAN interface.
that’s all i can think of at the moment and good luck.