I am running into a very weird problem. I have setup my mikrotik router with 2 vlans and I am using Port 2 to send the vlans to another building throug ethernet cable. In that building there is an unmanaged switch that distributes to 2 levell. In each of these levels, I have a TPlink multi ssip AP (that deals with vlans)... Please see picture attached.
When I configure the multi ssid AP with vlan 10 and vlan 100 and connect to vlan100 wirelessly everything works fine except I dont see Iot devices connected to the unmanaged switch (NAS). If I replace in tplink multi ssid ap the vlan 100 number by vlan 1, I still get the same IP address and then I can see the NAS, printer ...etc.
For wired clients plugged to the managed switch likemy PC, everything works fine also, and it can ping the NAs also.
Here is my config if you can please have a look and tell me what I am doing wrong.
Many thanks
Image link: https://domaineschefchaouni.synology.me ... r7gsFX8Wgk
/ip pool
add name=BASE_POOL ranges=192.168.0.100-192.168.0.254
add name=GUEST_POOL ranges=192.168.10.100-192.168.10.254
add name=dhcp_pool2 ranges=192.168.88.2-192.168.88.254
/ip dhcp-server
add address-pool=BASE_POOL disabled=no interface=BASE_VLAN name=BASE_DHCP
add address-pool=GUEST_POOL disabled=no interface=GUEST_VLAN name=GUEST_DHCP
add address-pool=dhcp_pool2 disabled=no interface=BR1 name=defconf
/queue simple
add max-limit=2M/4M name=Queue_GUESTVLAN target=GUEST_VLAN
add bridge=BR1 ingress-filtering=yes interface=ether2 pvid=100
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged \
ingress-filtering=yes interface=ether3 pvid=100
add bridge=BR1 interface=ether4
add bridge=BR1 ingress-filtering=yes interface=ether5 pvid=100
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface bridge vlan
add bridge=BR1 tagged=BR1 vlan-ids=100
add bridge=BR1 tagged=BR1 untagged=ether5,ether2 vlan-ids=10
/interface list member
add interface=BR1 list=LAN
add interface=PPPoE-IAM list=WAN
add interface=BASE_VLAN list=VLAN
add interface=BASE_VLAN list=BASE
add interface=GUEST_VLAN list=VLAN
add interface=lte1 list=WAN
/ip address
add address=192.168.0.1/24 interface=BASE_VLAN network=192.168.0.0
add address=192.168.10.1/24 interface=GUEST_VLAN network=192.168.10.0
add address=192.168.88.1/24 comment=defconf interface=BR1 network=\
192.168.88.0
/ip cloud
set ddns-enabled=yes
/ip cloud advanced
set use-local-address=yes
/ip dhcp-client
add interface=ether1
/ip dhcp-server network
add address=192.168.0.0/24 dns-server=192.168.0.1 gateway=192.168.0.1
add address=192.168.10.0/24 dns-server=192.168.0.1 gateway=192.168.10.1
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip firewall address-list
add address=e1f10fac4c39.sn.mynetname.net list=MyWANIP
/ip firewall filter
add action=accept chain=input comment="Allow Estab & Related" \
connection-state=established,related
add action=accept chain=input comment="Allow VLAN" in-interface-list=VLAN
add action=accept chain=input comment="Allow LAN" in-interface-list=LAN
add action=accept chain=input comment="Allow Base_Vlan Full Access" \
in-interface=BASE_VLAN
add action=drop chain=input comment=Drop
add action=accept chain=forward comment="Allow Estab & Related" \
connection-state=established,related
add action=accept chain=forward comment="VLAN Internet Access" \
connection-state=new in-interface-list=VLAN out-interface-list=WAN
add action=accept chain=forward comment="LAN Internet Access" \
connection-state=new in-interface-list=LAN out-interface-list=WAN
add action=accept chain=forward comment="Base VLAN Access to Guest VLAN" \
in-interface=BASE_VLAN out-interface=GUEST_VLAN
add action=accept chain=forward comment="Allow forwarded ports" \
connection-nat-state=dstnat
add action=drop chain=forward comment="drop all from WAN not DSTNATed" \
connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=Drop
/ip firewall nat
add action=masquerade chain=srcnat comment="Default masquerade" \
out-interface-list=WAN
add action=masquerade chain=srcnat comment="hairpin nat" dst-address=\
!192.168.0.1 src-address=192.168.0.0/24
add action=dst-nat chain=dstnat dst-address=!192.168.0.1 dst-address-type=\
local dst-port=5000 protocol=tcp to-addresses=192.168.0.10
add action=dst-nat chain=dstnat dst-address=!192.168.0.1 dst-address-type=\
local dst-port=80 protocol=tcp to-addresses=192.168.0.10
add action=dst-nat chain=dstnat dst-address=!192.168.0.1 dst-address-type=\
local dst-port=5006 protocol=tcp to-addresses=192.168.0.10
add action=dst-nat chain=dstnat dst-address=!192.168.0.1 dst-address-type=\
local dst-port=6690 protocol=tcp to-addresses=192.168.0.10
add action=dst-nat chain=dstnat dst-address=!192.168.0.1 dst-address-type=\
local dst-port=5001 protocol=tcp to-addresses=192.168.0.10
add action=dst-nat chain=dstnat dst-address=!192.168.0.1 dst-address-type=\
local dst-port=9025-9040 protocol=tcp to-addresses=192.168.0.10
add action=dst-nat chain=dstnat dst-address=!192.168.0.1 dst-address-type=\
local dst-port=443 protocol=tcp to-addresses=192.168.0.10
add action=dst-nat chain=dstnat dst-address=!192.168.0.1 dst-address-type=\
local dst-port=16881 protocol=tcp to-addresses=192.168.0.10
add action=dst-nat chain=dstnat dst-address=!192.168.0.1 dst-address-type=\
local dst-port=32400 protocol=tcp to-addresses=192.168.0.10
add action=dst-nat chain=dstnat dst-address=!192.168.0.1 dst-address-type=\
local dst-port=1194 protocol=udp to-addresses=192.168.0.10