Hello
I`m new to mikrotik.
And I now have a test setup going with some RIC/522 clients and a MT base station.
I cant seem to find out how to untagg a vlan on the ethernet port on the CPE (so that the coustomer dont get a truk, only the vlan he is supposed to be in).
And how to put the bridge IP on a seperate vlan (management vlan).
Anyone?
Create a bridge and add the VLAN ID to that. Then attach the customer interface Untagged to that bridge. Same goes with the management VLAN.
/Henrik
Thank you for answering.
But I am afraid I`m going to need more help.
I can`t seem to get VLANs untagged at the ethernet port.
I created a bridge and added the VLAN with correct ID under it, but how do I untagg it for the ethernet port?
The links carry a trunk, and the clients equipment don`t support VLAN so I have to untagg it.
It would be nice to also lock the client to one VLAN, so that if they get equipment with the possibility for VLAN tagging they would only get access to the VLAN I have given them access to.
Help greatly appreciated!
If you add an untagged port to a bridge, then it is untagged. If you tag a port and add it to a bridge it will only carry the tags it has. You only tag the carrier. Just remember that all the equiptment (switches etc.) MUST be VLAN capable if you want to move tags around in the customers network.
/Henrik
But lets say that the uplink to the AP carries 10 VLANs (no one is untagged), for different services, companies etc. Then I hock up a client to this AP, the service that the client is supposed to have is on VLAN 13. To the RIC/522s ethernet port he wants to connect his PC to use the service, then I need static access for that VLAN (13) on that port.
I also need to have only VLAN 13 on that port, just in case he buys a VLAN capable NIC and wants to explore the network.
I don`t get how to do this.
Sorry if I`m a bit slow here 
It’s ok. It’s not so complicated. Either you tag all the way out to the client or you get the clients in as untagged. If you want to tag all the way out to the client you would need to use WDS and set up the client router as Station WDS. Remember to tag all interfaces that carry VLAN information. Another way is to create a virtual SSID, connect it to a bridge with the right tag and connect to that SSID as a normal client..
/Henrik
Sorry you guys, can`t get this to work 
I use AP in AP bridge mode, WDS mode Dynamic
The clients is set up as station WDS, WDS mode disabled.
Is this a ok way to set it up?
This setup carries all vlans across the network, and if I use vlan capable equipment at the clients I can choose witch vlan I want, all works well.
But as you know I want to have static access to one vlan on the ethernet port at the client to be able to connect a standard pc with a standard nic.
I also want this vlan to be the only vlan available on the ethernet port at the client, so if he uses vlan capable equipment he can`t set i.e vlan 33 and access that also…
I need more than one vlan to come from the client wireless as I want to reach the cpe on one vlan, and have the coustomer service on one vlan.
I use winbox for configuring the equipment, and I can`t find any options for setting interfaces etc as static access to one vlan.
Can you please come with a detailed configuration example?
Sorry, I really can`t figure out how to do this
Can you please come with a detailed drawing of what you exactly want?
/Henrik
OK, I made a drawing of the setup.
As you can see the clients computers is connected to the ethernet port on the CPE or they have their private router connected. The ethernet port on the CPE needs to have static access to the VLAN the service that the client subscribes to is on, because the coutomers dont have VLAN capable equipment and I dont vant them to be able to connect to other VLANs. I.e VLAN 20 has 1500/300Kbps service, VLAN 21 has 4000/700Kbps service, VLAN 22 has some special service and so on.
I put all my equipment on a management VLAN that is only for that purpose, so I want to reach all equipment on that VLAN.
This make any sense?
Can anybody help with this setup, I need some winbox instructions 
He he
Or is it not possible?
I use this kind of setup with my Alvarion equipment.
It is possible, but you’re asking for a full configuration that a lot of people normally charges money for. Read the Manual, do some learning, read what we have told you, then you will see..
Best regards
Henrik
Thanks again Diganet for replying.
I`m not asking for the whole setup.
Its the VLAN setup via winbox I dont get and would like some instructions for.
There fore I made the drawing, so that you could see what cind of VLAN setup I was attempting.
Okay.. You could try this:
Put all the VLANS on the AP interface. On client you make static WDS and attach VLAN35 and VLANXX. Give management IP address to VLAN35 on client. Make Bridge on client with VLANIDXX. attach ETH1 to bridge Untagged.
/Henrik
How do one attach ETH1 to bridge Untagged?
I can`t find any options for this in winbox…
Just attach the port to the bridge without giving it a tag.
/Henrik