Wed Nov 24, 2021 2:18 pm
Yup,
One bridge
ether1 on bridge
ether2 not on bridge
ether 2 gets IP address of 192.168.5.2 network 192.168.5.0
(ether 2 is your emergency access to the router and the better place to o configure the router from defaults to the setup you want to make)
(just hookup; the laptop; to ether2 and set a laptop IP: address of 192.168.5.5 for example)
Interface list members
/interface list
name=control
/interface list members
add interface=ether2 list=control
add interface=vlanMGMT list=control
Assign the CAPAC an IP address on the vlanMGMT subnet
Lets says the subnet is 192.168.0.0/24)
So capac gets an IP of 192.168.0.10
(Management vlan could be the trusted home vlan as well, dont need to create one necessarily).
Ip route
dst-address=0.0.0.0/0 gateway=192.168.0.1
mac server winmac server interface-list = control
Finally,
Assign your vlans vlanhome10 - home vlan and home wifi, vlanguest15 - guest wifi, vlaniot20 Iot devices wifi
Interface for vlans is the bridge
Thus will have three WLANs, associated with 3 vlans.
WLANHome - associated vlanhome10
WLANGuest - associated vlanguest15
WLANIOT - associated vlaniot20
Assign bridge ports
/ip bridge ports
add bridge=bridge interface=ether1 ingress filtering=yes frame-types=only-allow-tagged-frames
add bridge=bridge interface=WLANHome ingress filtering=yes frame-type=allow-untagged-and-priority frames PVID=10
add bridge=bridge interface=WLANGuest ingress filtering=yes frame-type=allow-untagged-and-priority frames PVID=15
add bridge=bridge interface=WLANIOT ingress filtering=yes frame-type=allow-untagged-and-priority frames PVID=20
/ip bridge vlans
add bridge=bridge tagged=bridge,ether1 untagged=WLANhome vlan-ids=10
add bridge=bridge tagged=bridge,ether1 untagged=WLANGuest vlan-ids=15
add bridge=bridge tagged=bridge,ether1 untagged=WLANIOT vlan-ids=20
Last step,
on bridge set vlan-filtering to YES.
(IF you had a separate management vlan vlanmgmt99 it would come into play as so (additional line on /interface bridge vlans)
add bridge=bridge tagged=bridge,ether1 vlan-ids=99