I’ve recently tried to configure a hAP AC with the following setup:
- 3 VLANS: one for management, one for the “guest” network, one for the “trusted” network
- only 1 ethernet port in use; on this port traffic from all VLANs arrives tagged
- Both 2.4Ghz and 5GHz WiFi interfaces configured for the guest network, configured with VLAN tagging to the guest VLAN
- Under each WiFi interface a virtual AP for the trusted network, configured with VLAN tagging to the trusted VLAN
After reading many forums online, I first tried to create VLAN interfaces for the WiFi interfaces and for the virtual AP “interfaces”, to bridge those with VLAN interfaces of my ethernet port. I read a post about doing this with a single bridge, VLAN filtering disabled, but it seems if you create a VLAN interface then the traffic is untagged and this mixes the VLANs. Little did I know at the time about VLAN configuration in RouterOS.
After reading up on the bridge configuration I enabled VLAN filtering on my bridge, and used the WiFi & virtual AP interfaces directly in the bridge. I did not remove the VLAN interface for the management VLAN. This worked for the WiFi, but unfortunately after some time the router stopped responding on the management IP and I’m now basically locked out from all configuration interfaces. WiFi is finally working properly however with devices ending up on the proper VLAN.
Is the approach of having one VLAN interface for the management vlan on, e.g., ether1, incompatible with also adding ether1 to a bridge with VLAN filtering? In the VLANs of the bridge, the management VLAN ID was not defined.