Dear all,

due to security issues I will enhance my network segmentation, therefore I want to split my home office network into different segments.
my current setup:
ESXi (two network interfaces, one LAN, one WAN)
- virtual DHCP Windows Server
- virtual PFSense Firewall (DHCP Relay for LAN interface)
Netgear Switch (GS108E - Smart Switch with 802.1Q Support)
Mikrotik hAP AC (connected to Netgear Switch)
Mikritik hAP AC lite (located in another room, wireless brige with Mikrotik hap AC)

I already created the VLAN's on the ESXi and at the pfsense firewall. (DHCP relay)
Now I want to configure the hAP AC with following settings:
ether2:
untagged -> LAN
tagged VLAN-ID 3 -> VLAN for mobile devices
tagged VLAN-ID 4 -> printer
tagged VLAN-ID 5 -> IOT (home automation)
tagged VLAN-ID 6 -> CCTV
.
.
(routing should be done by PFSense Firewall)

The wlan1 (2,4GHz) interface should have more virtual AP's. One for each VLAN if necessary to have it wireless... (untagged for devices)
The wlan2 (5GHz) interface should communicate with the second Mikrotik hAP AC lite and the link should be trunked, therefore with the second AP I will enhance the wireless coverage of the VLAN's.

Do you have a idea how to configure this one the Mikrotik device. (first priority is the hAP AC)

Thanks in advance!

Dear all,

form my point of view I managed to configure the main AP.
Following steps was necessary:

-configure VLAN in interface list
-create Security profile for all WiFi's
-create bridge (VLAN Filtering enabled)
-add uplink-port (to switch) to the bridge
-add VLAN's to the bridge with the PVID=VLAN-ID
-create virtual AP's for each VLAN and add those wlan's to the bridge (PVID=VLAN-ID)

Now I stuck at configuring the 2nd AP. (Wireless trunk)
Do you have any hints for me?

Thanks in advance!

viewtopic.php?f=13&t=143620
https://wiki.mikrotik.com/wiki/Manual:Bridge_VLAN_Table