you can just try useing Bridge to make them communicate with each other.i am trying to setup hap lite as switch only without firewall, how do i tag lan and wifi on the same vlan, so both can communicate with each other?
[admin@MikroTik] > /export hide-sensitive
# jul/29/2020 17:20:40 by RouterOS 6.47
# software id = C3P8-J3AC
#
# model = RB941-2nD
# serial number = D0550BE73DBB
/interface bridge
add name=bridge1
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-onlyn disabled=no mode=ap-bridge ssid=Mikrotik vlan-id=30 vlan-mode=use-tag wireless-protocol=802.11
/interface ethernet switch port
set 0 vlan-mode=fallback
set 1 default-vlan-id=20 vlan-header=always-strip vlan-mode=secure
set 2 default-vlan-id=30 vlan-header=always-strip vlan-mode=secure
set 3 default-vlan-id=30 vlan-header=always-strip vlan-mode=secure
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys supplicant-identity=MikroTik
/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=wlan1
add bridge=bridge1 interface=all
/interface ethernet switch vlan
add ports=ether1,ether2 switch=switch1 vlan-id=20
add ports=ether1,ether3,ether4,switch1-cpu switch=switch1 vlan-id=30
/interface list member
add interface=ether1 list=WAN
add interface=ether2 list=LAN
add interface=ether3 list=LAN
add interface=ether4 list=LAN
add interface=wlan1 list=LAN
/ip dhcp-client
add disabled=no interface=bridge1
/interface ethernet switch port
set 0 vlan-mode=fallback
set 1 default-vlan-id=20 vlan-header=always-strip vlan-mode=secure
set 2 default-vlan-id=30 vlan-header=always-strip vlan-mode=secure
set 3 default-vlan-id=30 vlan-header=always-strip vlan-mode=secure
You should set appropriate VLAN mode for switch1-cpu port in /interface ethernet switch port ... I guess on your device it will be interface with index number 4 (if index starts from 0). Disabled is default, according to manual it should be fine (port should pass all VLANs), but who knows.
i set vlan header to add-if-missing and vlan-mode secure on vlan20, and camera feed stop working.I don't see settings for switch1-cpu here.
Should have vlan-header=add-if-missing and vlan-mode=secure.
Same for eth1 if it is used as a trunk port towards the main router.
[admin@MikroTik] > /ip address print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK INTERFACE
0 D 10.10.5.16/24 10.10.5.0 bridge1
1 10.10.30.0/24 10.10.30.0 bridge1
[admin@MikroTik] > ping 192.168.30.31
SEQ HOST SIZE TTL TIME STATUS
0 192.168.30.31 56 254 15ms
1 192.168.30.31 56 254 17ms
sent=2 received=2 packet-loss=0% min-rtt=15ms avg-rtt=16ms max-rtt=17ms
[admin@MikroTik] > ping 192.168.30.110
SEQ HOST SIZE TTL TIME STATUS
0 192.168.30.110 56 63 13ms
1 192.168.30.110 56 63 22ms
sent=2 received=2 packet-loss=0% min-rtt=13ms avg-rtt=17ms max-rtt=22ms
i try this creating vlan 30 on wlan1 and the wifi client is not working.use this:
/interface vlan set name=w1.vl100 interface=wlan1 vlan-id=100
/interface wireless set vlan-mode=use-tag vlan-id=100
To access the RB itself you should add at least one vlan-interface on top of the bridge and address/dhcp-client running on that vlan-interface.if i set vlan mode for switch1-cpu to check/add-if-missing vlan 30, all the clients on vlan 30 works normally (wifi and eth can ping each other), the only drawback is i can not access the RB anymore.
/interface vlan add name=mgmt interface=bridge1 vlan-id=30
/interface bridge
add name=bridge1
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-onlyn disabled=no mode=ap-bridge ssid=Mikrotik vlan-id=30 vlan-mode=use-tag wireless-protocol=802.11
/interface vlan
add interface=bridge1 name=mgmt vlan-id=5
/interface ethernet switch port
set 0 vlan-mode=fallback
set 1 default-vlan-id=20 vlan-header=always-strip vlan-mode=secure
set 2 default-vlan-id=30 vlan-header=always-strip vlan-mode=secure
set 3 default-vlan-id=30 vlan-header=always-strip vlan-mode=secure
set 5 default-vlan-id=30 vlan-header=add-if-missing vlan-mode=fallback
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys supplicant-identity=MikroTik
/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=wlan1
add bridge=bridge1 interface=all
/interface ethernet switch vlan
add ports=ether1,ether2 switch=switch1 vlan-id=20
add ports=ether1,ether3,ether4,switch1-cpu switch=switch1 vlan-id=30
/interface list member
add interface=ether1 list=WAN
add interface=ether2 list=LAN
add interface=ether3 list=LAN
add interface=ether4 list=LAN
add interface=wlan1 list=LAN
/ip dhcp-client
add disabled=no interface=mgmt