VLAN by MAC Address - RB5009ug+s+in

Hi Friends,

Thanks to your help I bought my first Mikrotik router (RB5009ug+s+in) and my mind is blown! All routers before Mikrotik were a joke! a bad joke. I have learned lots of stuff since last night, at the beginning, it looks so difficult because I had to do everything manually but it’s easy, I think everything is possible with the script is also possible with UI which is great and I can simply learn scripting with the UI!

I have two ASUS Routers and I’m using them as my Access Points now (They are in AP mode). Unfortunately, they don’t support VLAN tagging for SSID. I was thinking to use MAC Address to tag clients (in a list or one by one).

I don’t know what to do … but this is far I went:

1. Created a VLAN over the default bridge
2. Created an IP Pool, DHCP Server for the VLAN
3. ?

I found a configuration in SWITCH → Rule but I’m not sure if it’s the correct configuration!

Can you please guide me through it? I’m not looking for step-by-step or complete scripts, even hints are really appreciated.

Thanks in advance

What exactly are you trying to achieve ?

According to the WiKi, RB5009 supports Bridge Vlan Filtering in Hardware Level, meaning that you will not loose the Hardware offload feature…
https://help.mikrotik.com/docs/display/ROS/Switch+Chip+Features

Also, here you can see how Bridge VLAN filtering works :
http://forum.mikrotik.com/t/using-routeros-to-vlan-your-network/126489/1

My APs don’t support VLAN tagging per SSID. I’m thinking to have a separated VLAN for IoT to keep my network a little more secure than it is.

I was thinking if that’s possible to tag clients with MAC Address?

MAC-based VLAN is said to be a bit problematic because it doesn’t deliver broadcast and multicast packets (switch does not tag/untag frames with broadcast/multicast MAC addresses). Which includes some of DHCP handshake. So be prepared for some weirdness in operations if you go this way.

Just curious what APs you are using that support multiple SSIDs, but not VLANs?