I'm trying to follow these https://category5.tv/shows/clips_tech/e ... uest-wifi/ instructions to set up guest wifi, but instead of having wireless access on the router, I have the Ubiquiti U6 Lite access point. I've managed to set up the AP such that it provides standard wifi access for 2.4Ghz and 5Ghz. The AP has address 192.168.88.251 (static lease), the gateway 192.168.88.1.

I run into trouble when trying to add a VLAN under Wireless --> WiFi Interfaces (in WinBox) because "Master Interface" is red, says "unknown" and I cannot select anything.

I'm quite new to more advanced networking and I was probably even more confused after reading pcunite's post on setting up VLANs (viewtopic.php?t=143620).

Any pointers would be much appreciated. Thank you. Super excited to have a MikroTik router and I only learned about MikroTik 5 weeks ago. One more note, FWIW: In the future, I intend to replace the Ubiquiti AP with a CAPsMAN-compatible unit as soon as MIkroTik comes out with a good Wifi6 access point.

First of all WISE move on waiting for a capac6 product! You should get a prize for such astuteness!
If you cant wait, there are alternatives, and it would be good for MT to at least provide a quarter by quarter road map that is reasonably accurate so resellers and clients can efffing plan their lives.
Caveat - during covid supply lines are disrupted beyond reasonable for anyone to be accurate, but the principle remains.

The best thing to do is to provide us with your current config to review
/export hide-sensitive file=anynameyouwish
Note; Just ensure no public IPs are shown.

A network diagram would help so we know
which port ethernet comes in on (what type of ISP connection you have as well)
where each port goes to ( noting if its a smart device (managed switch or AP that can handle vlans) or dumb device (unmanaged switch, printer, pc).

Hi there, I have a similar setup and I am new to both Mirkotik and Ubiquiti devices.

The goals are to

• Setup a guest network with Wifi internet access only. That is, no access to other devices/ networks
• Setup Wifi and wired network for those computers connected to HPE OfficeConnect 1920 switch with access to Internet, the LaserJet Pro, Samba sharing at TrueNAS and some selected VMs/ Containers at the Proxmox Server only
• Setup a Wifi network for the surveillance cameras. NVR application runs at the TrueNAS server. This network should not have internet access.
• Setup an Admin network to maintain these devices: RB5009, USW-Lite-16-poe, Unifi U6 LR AP, HP OfficeConnect 1920 switch, TrueNAS, Proxmox Server, Surveillance cameras & HP LaserJet Pro

I've been playing with the Unifi new and old UIs back and forth. So far so good and here are some ref links

• Unifi Complete Network Setup https://youtu.be/7m4d1K9Npw4
• VLANs on Unifi https://youtu.be/CSsB8T-HCp0

For Mikrotik, I am reading about mikrotik vlan setup and the configuration files here.

• viewtopic.php?t=181879
• viewtopic.php?t=143620

Watching YouTube videos

• Bridge VLAN Filtering in MikroTik: https://www.youtube.com/watch?v=JcinExkyHZA
• Configure VLAN on built-in switch chip in MikroTik: https://www.youtube.com/watch?v=rvQ6o4RfnoU

Do Bridge VLAN filtering or VLAN at mikrotik build-in switch chip? Still very confusing. As shown in the diagram below, I use RB5009's port 1 to connect to ISP modem and port 2 as the trunk port for collecting the USW-Lite-16-poe switch. This should be what they call router on a stick.

mkx suggests bridge vlan is not necessary for router on a stick --> viewtopic.php?t=181879#p902813.
But, a bridge with all ports as the members is created out of the box as the default config of RB5009. I think i miss something and need to study again...

Thanks @anav for your reply! I have time to wait for capac6 as I've now got that Ubiquiti AP.

I managed to export my settings: https://docs.google.com/document/d/1b9u ... sp=sharing

And here's a link to the network I have:
https://docs.google.com/drawings/d/1Kdp ... sp=sharing

Some todo items of mine:
- Add guest network that is completely separated from my main LAN
- Make sure firewall is secure
- Also isolate the website I'm hosting on the Raspberry Pi. Implement a service that automatically updates my domain DNS settings based on my dynamic IP (so that the web server is always accessible with a domain name even if my IP changes)
- Custom DNS servers (?) - yet to figure out why and how...
- Add QoS so that the Windows PC always gets priority
- (Added, based on @MTL7's post): Add security cameras, e.g. Wyze

- Also isolate the website I'm hosting on the Raspberry Pi. Implement a service that automatically updates my domain DNS settings based on my dynamic IP (so that the web server is always accessible with a domain name even if my IP changes)
- Custom DNS servers (?) - yet to figure out why and how...

1. Mikrotik RouterOS supports DDNS. Take a look --> Mikrotik RouterOS IP Cloud Feature How To - Dynamic DNS https://youtu.be/JMaUSM6jka4
2. Instead of relying on your ISP's DNS, you can setup mikrotik to do DOH and use cloudflare DNS filtering https://www.medo64.com/2021/08/dns-over ... -mikrotik/

- Also isolate the website I'm hosting on the Raspberry Pi. Implement a service that automatically updates my domain DNS settings based on my dynamic IP (so that the web server is always accessible with a domain name even if my IP changes)
- Custom DNS servers (?) - yet to figure out why and how...

1. Mikrotik RouterOS supports DDNS. Take a look --> Mikrotik RouterOS IP Cloud Feature How To - Dynamic DNS https://youtu.be/JMaUSM6jka4
2. Instead of relying on your ISP's DNS, you can setup mikrotik to do DOH and use cloudflare DNS filtering https://www.medo64.com/2021/08/dns-over ... -mikrotik/

Great, thanks for the tips and links. I enabled Mikrotik IP Cloud (and while doing it I realized it was a smart idea to take out the router serial number from the settings export I linked to earlier!). However, still haven't got it to work. I can access my router's webfig using the domain name provided by the router (IP cloud). However, I might have not configured cloudflare DNS settings properly as I don't fully understand the relationship and meaning of all the different record types. Here's a screenshot:

http://imgur.com/n1PtcFP

Edit: Got this working by changing "Proxied" to "DNS only" under "Proxy status"
Edit2: DoH enabled!