Hello everyone,
I’ve been working on setting up VLAN routing on my MikroTik router, and I’m at a point where I could really use some help from the community. I’ve done my best to search through the forum and read various threads, but I haven’t yet found a solution that quite fits my case.
Goal
I’m trying to set up a VLAN configuration with both wired and wireless interfaces as follows:
Port Function
ether2 Management (untagged)
ether3 VLAN 3 (tagged)
ether4 VLAN 3 (tagged)
ether5 Trunk (VLAN 3 + VLAN 10 tagged)
ether6 VLAN 10 (tagged)
ether7 VLAN 10 (tagged)
ether8 VLAN 10 (tagged)
wifi-vlan10 Main WiFi – VLAN 10 (tagged)
wifi-vlan3 Guest WiFi – VLAN 3 (tagged)
The idea is to pass both VLANs tagged over ether5 to a Cisco switch, keep the guest WiFi isolated in VLAN 3, and have the main WiFi operate in VLAN 10.
My Current Configuration
[admin@MikroTik] > export
# 1970-01-12 21:41:47 by RouterOS 7.13.5
# software id = RSFM-JXD3
#
# model = L009UiGS-2HaxD
# serial number = #############
/interface bridge
add ingress-filtering=no name=bridge1 protocol-mode=none pvid=10 \
vlan-filtering=yes
/interface wifi
set [ find default-name=wifi1 ] configuration.mode=ap .ssid=master disabled=no \
name=wifi-master
add configuration.mode=ap .ssid=wifi-vlan3 mac-address=D6:01:C3:6B:B1:09 \
master-interface=wifi-master name=wifi-vlan3
add configuration.mode=ap .ssid=wifi-vlan10 datapath.bridge=bridge1 disabled=no \
mac-address=D6:01:C3:6B:B1:0A master-interface=wifi-master name=wifi-vlan10
/port
set 0 name=serial0
/interface bridge port
add bridge=bridge1 interface=ether3 pvid=3
add bridge=bridge1 interface=ether4 pvid=3
add bridge=bridge1 interface=ether6 pvid=10
add bridge=bridge1 interface=ether7 pvid=10
add bridge=bridge1 interface=ether8 pvid=10
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=wifi-vlan3 pvid=3
add bridge=bridge1 interface=wifi-vlan10 pvid=10
/interface bridge vlan
add bridge=bridge1 tagged=ether5 untagged=ether3,ether4,wifi-vlan3 vlan-ids=3
add bridge=bridge1 tagged=ether5 untagged=ether6,ether7,ether8,wifi-vlan10 \
vlan-ids=10
/system note
set show-at-login=no
/system routerboard settings
set enter-setup-on=delete-key
The Issue
The issue I’m running into is with the WiFi setup. I’d like to have two wireless networks:
One on VLAN 3 (guest WiFi)
One on VLAN 10 (main WiFi)
But since the bridge can only have one pvid per port, I’m struggling to get both WiFi networks working at the same time correctly.
Currently, I only have one WiFi interface set up (wifi-vlan3 for VLAN 3), but I’m unsure how to correctly configure the second WiFi (on VLAN 10) and get both working simultaneously while keeping VLAN separation intact.
What I’ve Tried
I’ve gone through several forum threads and Wiki articles on VLAN bridging.
I’ve tested different PVID/tag combinations.
I’ve tried modifying the VLAN table to include both WiFi interfaces but ran into inconsistencies or issues with tagging.
What I’m Hoping For
A Hint on whether my usecase is even possible with the hardware i am using
A clear explanation or example of how to properly add both WiFi interfaces to the VLAN-aware bridge so they can each operate in different VLANs (both tagged).
Any best practices or tips for combining VLANs with wireless interfaces on MikroTik (especially when bridging to a trunk port).
Clarification on whether virtual interfaces, multiple bridges, or something else would be better suited for this setup.
Thanks in advance for your help! I really appreciate any insight you can share.
Best regards,
Merlin