I have an RB750 that is being used as a gateway device in a very small office. Seems like there is a ppoe-out on ethernet 1 and the rest are bridged for the LAN. There is an EAP245 AP at the other side of the building. There is one cable currently running to a small POE switch where the AP is. There is only a single administration PC and the AP sharing the little POE switch. Currently all machines are on the same subnet on an unmanaged switch and there is a single SSID being put out by the AP. The owners wish to isolate 4 of the office PCs from the rest of the network and they want to create a guest network on the AP for wireless access, of course keeping it isolated. The 4 PC's can be on the same subnet as the Guest wireless. The AP (I have never used an EAP245) apparently has the ability to recognize VLANs? I guess I can send it tagged traffic directly. I dunno, more reading about that later. So my thought was to create a trunk port out of ethernet 4, creating the 2 VLANs there and add them to bridges with separate DHCP servers, firewall isolation etc. but the more I read the more I am confused. I'm still not wrapping my head around VLAN filtering. What is the suggested best practice for this configuration. I am using Winbox due to my infrequent use of the OS.
Appreciate any pointers ,