Community discussions

just joined
Topic Author
Posts: 2
Joined: Wed Jan 09, 2019 3:42 pm

Mikrotik VLAN setup

Wed Jan 09, 2019 4:12 pm

Dear all,

This is my first post on this forum. I'm very happy with my router: MK HaP AC2. I have a residential PPPoE gigabit internet connection.
I bought this device because i'd like to create 2 separated networks. My actual network is
I need to link 1 SSiD and 1 device port to the IoT devices.
The second port will be connected to a TP Link switch with management. I will connect also some wired IoT decices but also my private network.

I have some IoT devices that should be placed in a separated network so my plan looks like this:
1. 2 SSID (1 for both networks) =>done
2. Addresses and (default one and another one) => Done
3. 2 DHCP servers 1 default and the second one for => Done

The problem is that i don't know what should I do next.
I created with success a different configuration with 2 VLAN => the management network => VLAN 10 for private network => VLAN 20 for IoT devices.

Everithing was ok but:
- i couldn't connect the SSID to VLAN
- i prefer to have just 1 VLAN if is possible and management network to be the same as my private network.

I don't know to use CLI :(.

Can someone help ne a little bit?

Thank you for your time.
Forum Guru
Forum Guru
Posts: 1344
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: Mikrotik VLAN setup

Wed Jan 09, 2019 5:35 pm

You already have a private VLAN, the default VLAN of PVID1.
What you have created extra is a management VLAN and to be honest I don't yet see the need for this type of VLAN>??/
Where is the added value?

So I will look at it from that perspective, if you want to add a management vlan after fill your boots.

/interface bridge
add admin-mac= auto-mac=no comment=defconf name=HomeBridge \
protocol-mode=none vlan-filtering=yes

/interface vlan
add interface=HomeBridge name=loT_devices20 vlan-id=20

All the usual setup based on the following => the private network (using default vlan1, transparent) (homelan) => VLAN 20 for IoT devices

WLAN1 for private network
WLAN2 for loT devices running over vlan20.

/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN

/interface bridge port
add bridge=HomeBridge comment=defconf interface=ether2 PVID=20 ingress filtering=yes (access type port)
add bridge=HomeBridge comment=defconf interface=ether3 frame-types=admit-only-vlan tagged ingress-filtering=yes (wired to switch) (trunk type port)
add bridge=HomeBridge interface=WLAN1
add bridge=HomeBridge interface=WLAN2

/interface bridge vlan
add bridge=HomeBridge tagged=HomeBridge,ether3,ether2,WLAN2 vlan-ids=20

/interface list member
add comment=defconf interface=eth1 list=WAN (assuming this is your ISP connection)
add comment=defconf interface=HomeBridge list=LAN (this covers off the default private LAN network and WLAN1,2)
add interface=loT_devices20 list=LAN (this covers off the vlan)

Be sure to include the following rules besides the others.......
/ip firewall filter
{forward chain}
add action=accept chain=forward comment="ENABLE LAN to WAN" in-interface=\
HomeBridge out-interface=WAN \
add action=accept chain=forward comment="ENABLE VLAN20 to WAN" in-interface=\
loT_devices20 out-interface=WAN

In the wireless setup, WLAN1 affiliated interface is HomeBridge, and WLAN2 affiliated interface is loT_devices20.
just joined
Topic Author
Posts: 2
Joined: Wed Jan 09, 2019 3:42 pm

Re: Mikrotik VLAN setup

Thu Jan 10, 2019 9:14 am

Thank you very much.
I don't have access to the router in this moment but \I will try to configure tonight.

It is not very easy but I hope that I will be able to do it.

I'll come back with feedback. And yes, you are right, I don't need a management network. I followed an exempla from another site...but I prefer your solution. This was also my idea.

Thanks again.

Who is online

Users browsing this forum: No registered users and 17 guests