Hello!
I have a guest network set up that allows guests to login to wifi and access the internet without allowing any access to our internal network. Up until now I have simply been using separate ethernet cables between the guest access point and our gateway router to the internet to isolate traffic (with appropriate firewall rules).
Now however, I have upgraded our core switches to MikroTik CRS125-24G-1S switches so I would like to do away with the additional wires and use a VLAN to separate the guest traffic from our internal network traffic. I would like to route the VLAN from our gateway (which will have to provide DHCP services to the guest network) through one of our new core switches, and to the access point to provide guest wifi. However, I would also like to send non-VLAN traffic to the access point so I can manage it from our core network and disable management access from the wireless interfaces.
I've attached a simplistic diagram showing what I would like to accomplish. I've read through the Wiki regarding VLANs but I am struggling to understand what I should do to set up this type of hybrid tagged and untagged pipeline to the access point. Any pointers you can provide to get me started would be greatly appreciated!
Thanks & Best Regards,
Mitch