On my Mikrotik all-in router I would like to set-up two WLAN VLANs, and I have two questions:
Is there any difference between two ssid-s, if I set-up one on wlan1 (physical interface) and one on a virtual wlan built on the first physical one? I guess here e.g. speed, hw acceleration, security, etc.
Where is the best to set the VLAN for the WLAN?
Both for the physical WLAN (in advanced menu in WebFig) and on the virtual WLAN I can select VLAN mode. If I set it here, then when I add the WLAN to the bridge, it is already a tagged interface, so PVID does not matter and in the bridge it must be added as Tagged.
I can also choose not to set VLAN in WLAN1 (physical) and WLAN2 (virtual). In this case I can add the interface to the bridge with PVID selected and in the VLAN table add (or actually it is default) as Untagged port.
As far as I can see, both work. The question again, is there any speed, security, etc. difference to prefer one over the other?
Yesterday you already recommended this article what I had also found and had read many times. I do not find in it the replies to my two specific questions. As I mentioned before, it is easy to miss important parts in the lengthy second half of the thread, so apologies, if I missed it. Could you point me to the area where I can get answer to the specific questions?
The only difference between master interface (physical) and slave interface (virtual) is the SSID-specific settings (SSID itself, security settings, VLAN ID). The rest is exactly the same (actually you can’t change certain things on slave interface, all slaves (there can be more than one) share those with master interface).
The difference is more or less cosmetic. In the past, when bridge was no VLAN-aware (i.e. no bridge-vlan-filtering), the only way was to set VID on WLAN interfaces. This option still exists. However I’d choose the new possibility i.e. setting PVID on each WLAN port as bridge member. This way all the VLAN-related settings are kept in one place (bridge).
All that aside, what I would like to know is what could have been better stated or what is missing in the reference document that you think should be added to make things clearer.
Obviously I am unable to make that determination looking at the document for so long that its hard me for to find the holes.
Please advise!
anav,
Sorry, I still do not get your point. I had read the thread, made it like it is written there and it worked. But I also found the other way, where the VLAN is already set in the WLAN and hence not under the bridge. That one also worked. So my question was only directed to understand the difference between the two approaches, benefits of one vs. the other.
So one thing might be added for guys like me who find this second option is to mention, e.g.: “for historical reasons, when bridge was no VLAN-aware, this set-up could have been achieved by setting the VLAN on the WLAN. This option still exists. However it is recommended to use the new possibility i.e. setting PVID on each WLAN port as bridge member. This way all the VLAN-related settings are kept in one place (bridge).” (copied (c) largely form mkx’s reply)
It should be noted that other brands of Access Points also assign the vlans to the WLANs.
I prefer the bridge ports do this work and let wireless settings focus on wireless settings.
I do not know which method is more efficient or optimal but hopefully others can provide input.