I am using vlans in the network and also want to use the wAP ac lte as access point on the balcony.
Basically I want to use the vlan based 2.4G and 5G networks and some how via ether1 also provide the WAN access via mobile network.
I can not use both network ports since there is only one cable run to the access point.
What would be the best strategy?
I am thinking about creating a vlan interface with a separate vlan and use it as passthrough interface.
Or could I set a passthrough-mac on the apn and make on the rb4011 the port hybrid (tagged and untagged) and have a dhcp client on the interface at the rb4011, would this work?
I attached my current config below
Code: Select all
/interface bridge
add name=BR1 priority=0xE000 protocol-mode=mstp vlan-filtering=yes
/interface wireless
set [ find default-name=wlan1 ] country=switzerland disabled=no frequency=auto installation=indoor mode=ap-bridge ssid=cemcem_24
/interface vlan
add interface=BR1 name=BASE_VLAN vlan-id=99
/interface list
add name=BASE
/interface lte apn
add apn=gprs.swisscom.ch name=swisscom
/interface lte
set [ find ] apn-profiles=swisscom name=lte1
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys supplicant-identity=MikroTik
add authentication-types=wpa2-psk eap-methods="" mode=dynamic-keys name=cemcem supplicant-identity=MikroTik
add authentication-types=wpa2-psk eap-methods="" mode=dynamic-keys name=RED_PROFILE supplicant-identity=MikroTik
/interface wireless
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-XXXX country=switzerland disable-running-check=yes disabled=no \
frequency=auto mode=ap-bridge security-profile=cemcem ssid=cemcem wds-default-bridge=BR1
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/interface bridge port
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=wlan1 pvid=10
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=wlan2 pvid=10
add bridge=BR1 frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=ether1
/ip neighbor discovery-settings
set discover-interface-list=BASE
/interface bridge vlan
add bridge=BR1 tagged=ether1 vlan-ids=10
add bridge=BR1 tagged=BR1,ether1 vlan-ids=99
/interface list member
add interface=BASE_VLAN list=BASE
/interface wireless access-list
add authentication=no forwarding=no interface=wlan2 signal-range=-120..-80
add interface=wlan2 signal-range=-79..120
/ip address
add address=192.168.0.18/24 interface=BASE_VLAN network=192.168.0.0
/ip dns
set servers=192.168.0.1
/ip route
add distance=1 gateway=192.168.0.1
/system clock
set time-zone-name=Europe/Zurich
/system identity
set name=wAP_ac_b1
/tool mac-server
set allowed-interface-list=BASE
/tool mac-server mac-winbox
set allowed-interface-list=BASE