Hi, recently set up two Audience devices with the following setup:
- Separate SSIDs on 2 and 5ghz
- wlan3 (second 5gig radio) acting as backhaul (I don't know if I set it up correctly... it was a mix of the "wps sync" button/feature and instinct)
- A separate vwlan for iot devices (smart bulbs, etc) currently bridged
- Everything is bridged, single DHCP
- On one (slave) device, physical ports are also bridged into the "LAN"
- On the master device, one physical port is used as WAN input. Other port is connected to an unmanaged switch, used by apple tv and such, so it's in the main LAN network, and not IOT. (Just having two ports is a drag though!)
- WLANs are managed by CAPsMAN (I'll attach the configs below)
What I want to do:
- IOT-only vwlan should have its own network (VLAN? just subnet?) separate ip block (and separate dhcp server) and egress should be limited (both as QoS/speed and as ACLs to destinations)
- Another, separate guest-only vwlan. Just a "copy" of the IOT setup but without the egress limits.
I tried setting up a second bridge on the main AP for the IOT, but couldn't get the second dhcp server running ("Network" tab etc. was all set up, tried multiple times, with and without capsman) it just wasn't giving out IPs. Setting a manual IP to my device worked, but I need the DHCP to work.
Another question is if I setup VLANs for all these, how will the wlan3 mesh-link going to work? Should I just set everyhing up (including my main bridge) as separate vlans, add them to a trunk bridge and route it somehow? Don't have any other RouterOS device to test things before applying them so I don't want to get locked out or break it more than necessary and take half a day reverting it.
Attaching the configs. Export1 is the main AP, export2 is the follower AP. RouterOS 7.5. Any suggestion appreciated.