wAP ac lte kit passthrough to rb4011 with vlans

mbrmik · February 6, 2021, 6:40pm

I am trying to realize dual WAN with an wAP ac lte kit together with an rb4011.

I am using vlans in the network and also want to use the wAP ac lte as access point on the balcony.

Basically I want to use the vlan based 2.4G and 5G networks and some how via ether1 also provide the WAN access via mobile network.

I can not use both network ports since there is only one cable run to the access point.

What would be the best strategy?

I am thinking about creating a vlan interface with a separate vlan and use it as passthrough interface.

Or could I set a passthrough-mac on the apn and make on the rb4011 the port hybrid (tagged and untagged) and have a dhcp client on the interface at the rb4011, would this work?

I attached my current config below

/interface bridge
add name=BR1 priority=0xE000 protocol-mode=mstp vlan-filtering=yes
/interface wireless
set [ find default-name=wlan1 ] country=switzerland disabled=no frequency=auto installation=indoor mode=ap-bridge ssid=cemcem_24
/interface vlan
add interface=BR1 name=BASE_VLAN vlan-id=99
/interface list
add name=BASE
/interface lte apn
add apn=gprs.swisscom.ch name=swisscom
/interface lte
set [ find ] apn-profiles=swisscom name=lte1
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys supplicant-identity=MikroTik
add authentication-types=wpa2-psk eap-methods="" mode=dynamic-keys name=cemcem supplicant-identity=MikroTik
add authentication-types=wpa2-psk eap-methods="" mode=dynamic-keys name=RED_PROFILE supplicant-identity=MikroTik
/interface wireless
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-XXXX country=switzerland disable-running-check=yes disabled=no \
    frequency=auto mode=ap-bridge security-profile=cemcem ssid=cemcem wds-default-bridge=BR1
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/interface bridge port
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=wlan1 pvid=10
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=wlan2 pvid=10
add bridge=BR1 frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=ether1
/ip neighbor discovery-settings
set discover-interface-list=BASE
/interface bridge vlan
add bridge=BR1 tagged=ether1 vlan-ids=10
add bridge=BR1 tagged=BR1,ether1 vlan-ids=99
/interface list member
add interface=BASE_VLAN list=BASE
/interface wireless access-list
add authentication=no forwarding=no interface=wlan2 signal-range=-120..-80
add interface=wlan2 signal-range=-79..120
/ip address
add address=192.168.0.18/24 interface=BASE_VLAN network=192.168.0.0
/ip dns
set servers=192.168.0.1
/ip route
add distance=1 gateway=192.168.0.1
/system clock
set time-zone-name=Europe/Zurich
/system identity
set name=wAP_ac_b1
/tool mac-server
set allowed-interface-list=BASE
/tool mac-server mac-winbox
set allowed-interface-list=BASE

pcunite · February 11, 2021, 4:31am

You only need to create an SSID that represents each VLAN. See post here for examples.

mbrmik · February 11, 2021, 10:08am

I based my configuration on the mentioned post, just wanted to have 2.4G and 5G on the same VLAN in this case but with different ssids since some devices would else not select the 5G network.