On the hAC2, I have 4 VLANs - 100 (wired), 101 (trusted network), 102 (Guest network) 103 (zero trust network - printers etc). There are 4 SSIDs - 1 5ghz and 2.4 for Trusted, and a 2.4 for each of the other 2 vlans.
When I connect a device by cable into the ports, I get a DHCP from the router on VLAN100, and internet functions normally. When I connect to wireless, I get a VID of 1, which doesn't work because it's not configured to. This is my first Mikrotik deployment, and I can't figure out what I have done differently between the hAC2 which isn't working and the hAC Lite meant to be an AP which is.
Code: Select all
# sep/13/2021 23:15:21 by RouterOS 6.48.4
# software id = IEWC-ASHD
#
# model = RBD52G-5HacD2HnD
# serial number = CDFC0EE28D33
/interface bridge
add name=bridge1 pvid=100 vlan-filtering=yes
/interface vlan
add interface=bridge1 name=vlan100 vlan-id=100
add interface=bridge1 name=vlan101 vlan-id=101
add interface=bridge1 name=vlan102 vlan-id=102
add interface=bridge1 name=vlan103 vlan-id=103
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk,wpa2-eap eap-methods="" mode=dynamic-keys name=Public supplicant-identity="" wpa2-pre-shared-key=SSIDKEY
add authentication-types=wpa2-psk,wpa2-eap mode=dynamic-keys name=Printer supplicant-identity="" wpa2-pre-shared-key=SSIDKEY
add authentication-types=wpa2-psk,wpa2-eap mode=dynamic-keys name=Networked supplicant-identity="" wpa2-pre-shared-key=SSIDKEY
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n country="united states" disabled=no installation=indoor mode=ap-bridge security-profile=Public ssid=TRUSTED-2.4 vlan-mode=use-tag wps-mode=disabled
set [ find default-name=wlan2 ] band=5ghz-a/n/ac disabled=no installation=indoor mode=ap-bridge security-profile=Public ssid=TRUSTED5GHZ vlan-mode=use-tag wps-mode=disabled
add comment="No-Internet VLAN103" disabled=no keepalive-frames=disabled mac-address=2E:C8:1B:A7:AF:FF master-interface=wlan1 multicast-buffering=disabled name=wlan3 security-profile=Printer ssid=PRINTERWIRELESS vlan-id=103 vlan-mode=use-tag \
wds-cost-range=0 wds-default-cost=0 wps-mode=push-button-virtual-only
add comment="Internet-allowed security devices" disabled=no keepalive-frames=disabled mac-address=2E:C8:1B:A7:AF:FE master-interface=wlan1 multicast-buffering=disabled name=wlan4 security-profile=Networked ssid=GUESTNETWORK vlan-id=102 vlan-mode=use-tag \
wds-cost-range=0 wds-default-cost=0 wps-mode=push-button-virtual-only
/interface wireless manual-tx-power-table
set wlan3 comment="No-Internet VLAN103"
set wlan4 comment="Internet-allowed security devices"
/interface wireless nstreme
set wlan1 enable-polling=no
set wlan2 enable-polling=no
set *A comment="No-Internet VLAN103"
set *B comment="Internet-allowed security devices"
/ip pool
add name=dhcp ranges=192.168.0.50-192.168.0.99
/caps-man manager
set enabled=yes
/interface bridge port
add bridge=bridge1 interface=wlan2 pvid=101
add bridge=bridge1 interface=wlan1 pvid=101
add bridge=bridge1 interface=ether1 pvid=100 trusted=yes
add bridge=bridge1 interface=ether3 pvid=100
add bridge=bridge1 interface=ether4 pvid=100
add bridge=bridge1 interface=wlan3 pvid=103
add bridge=bridge1 interface=wlan4 pvid=102
add bridge=bridge1 interface=ether2 pvid=100 trusted=yes
add bridge=bridge1 interface=ether5 pvid=100
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface bridge vlan
add bridge=bridge1 tagged=ether1,bridge1 untagged=ether2,ether3,ether4,ether5 vlan-ids=100
add bridge=bridge1 tagged=ether1,bridge1 untagged=wlan1,wlan2 vlan-ids=101
add bridge=bridge1 tagged=ether1,bridge1 untagged=wlan4 vlan-ids=102
add bridge=bridge1 tagged=ether1,bridge1 untagged=wlan3 vlan-ids=103
/interface wireless cap
set interfaces=wlan2,wlan1
/ip address
add address=192.168.100.202/24 interface=vlan100 network=192.168.100.0
add address=192.168.101.202/24 interface=vlan101 network=192.168.101.0
add address=192.168.102.202/24 interface=vlan102 network=192.168.102.0
add address=192.168.103.202/24 interface=vlan103 network=192.168.103.0
/ip dhcp-server network
add address=192.168.0.0/24 gateway=192.168.0.0 netmask=24
add address=192.168.100.0/24 dns-server=192.168.0.1,8.8.8.8 gateway=192.168.100.1 netmask=24
add address=192.168.101.0/24 dns-server=192.168.0.1,8.8.8.8 gateway=192.168.101.1 netmask=24
add address=192.168.102.0/24 dns-server=192.168.0.1,8.8.8.8 gateway=192.168.102.1 netmask=24
add address=192.168.103.0/24 dns-server=192.168.0.1,8.8.8.8 gateway=192.168.103.1 netmask=24
/ip dns
set servers=192.168.0.1,8.8.8.8
/ip route
add distance=1 gateway=192.168.100.1
add distance=1 gateway=192.168.101.1
add distance=1 gateway=192.168.102.1
add distance=1 gateway=192.168.103.1
/system clock
set time-zone-name=America/Denver
/system identity
set name=MikrotikWirelessMain