Hi,
I’ve got a vlan tagged interface on my router (port4, vlan id 11). My router has a vlan11 interface and is able to ping the serverip on the vlan11 network. From there I have a chain of mikrotik wireless links, as a transparent network (all works simply as switches).
The case is this:
My customer wants a virtual AP on each of these wireless routers, that can access vlan 11 and reach his server “hidden” behind port 4 on my router. I’m able to create a vlan interface and ping the server from wlan11 interface (ping x.x.x.x interface=wlan11). But i’m not able to get any device connected to the virtualAP (the device has an ip address in the vlan network) to reach the customer server ip. In other words; all traffic from virtualAP should be tagged with vlan11
Yeah provide a much better explanation and diagram.
It is not clear where your client is located on the network and what the clients needs are.
It also sounds like you have big problem of mixing up your needs and client needs… IN other words he has no business on your subnets…
Suggest you move to single bridge and vlans for separation of needs ( bridge does no DHCP etc, no need for ip address etc.).
I agree on the lack of good explantation
My setup is quite simple. I’ll try to explain it as simple as it is:
I have 1 router, with WAN on eth1. The rest is a bridged switch (port 2-5). My customer have a separate network (with the vlan11 on) with a server he wants to reach. A network cable is plugged in eth4 on my router from this network. (security is no issue here)
The rest of my network is transparent. From router port1 the first mt wifirouter (eth1 and wifi is bridged) is connected. A number of mt wifirouters are linked together the same way to form a long chain of wifi routers.
…I guess i need to restructure my whole network and use vlan bridge filtering to achieve this - which would be a huge job. As said before; security is no issue on this network, so if there was another way to tag the vAP interface and get this working, i would do that.
I dont know if this made things any clearer…the whole thing is not clear to me anyhow
A diagram, I have no idea how you are getting internet, not sure how your wifi routers are connected…
And yes it is a problem as you are mixing apples and oranges a bridge subnet including ether 4 and a vlan on ether4.
One bridge, select multiple vlans and bridge does not dhpc and does not need an IP address..
Basically vlan11 going out port 4 to special user, VLANYY going out ports 2,3,5 for your needs…
