Mon Nov 08, 2021 11:46 pm
First thing I would do is update firmware to latest long term version.
An access point setup is very simple and sparse!!
(1) Is it required to set protocol mode to mstp? Leave at default setting is usually the best start.
REMOVE any changes from default that you have made that means also including the ingress filtering.........
/interface bridge
add ingress-filtering=yes name=bridge1 protocol-mode=mstp region-name=Test \
vlan-filtering=yes
(2) Assign vlans to the bridge not ether1 (I see there is only one ethernet port but lets go with standard so keep it at bridge.
/interface vlan
add interface=ether1 name=vlan5 vlan-id=5
add interface=ether1 name=vlan101 vlan-id=101
add interface=ether1 name=vlan103 vlan-id=103
(3) To many interface lists, you only need one. BASE.
/interface list
add name=WAN
add name=VLAN
add name=BASE
add name=LAN
(4) Dont confuse vlans and wifi get rid of any vlan settings in wireless settings.............. (would you mix brandy with whipping creme, hmm on second thought bad analogy)
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
disabled=no distance=indoors frequency=auto installation=outdoor mode=\
ap-bridge security-profile=profile1 ssid=vlan101 wireless-protocol=802.11
add disabled=no keepalive-frames=disabled mac-address=E6:8D:8C:72:D5:30 \
master-interface=wlan1 multicast-buffering=disabled name=wlan3 \
security-profile=profile1 ssid=vlan103 vlan-id=101 wds-cost-range=0 \
wds-default-cost=0 wps-mode=disabled
NOTE: Correction to the above due to your confusing names for SSID names. The first red entry is actually not an error, but suggest changing SSID name of vlan101 to something else.
The second wlan (virtual) should not have vlanID reference, and you already associate to the primary wlan by master interface!! Suggest use SSIDs like homewifi, or guestwifi etc..
(5) Vlans are not bridge ports REMOVE.......
/interface bridge port
add bridge=bridge1 frame-types=admit-only-vlan-tagged ingress-filtering=yes \
interface=ether1
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \
ingress-filtering=yes interface=wlan1 pvid=101
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \
ingress-filtering=yes interface=wlan3 pvid=103
add bridge=bridge1 interface=vlan101 pvid=101
add bridge=bridge1 interface=vlan103 pvid=103
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface bridge vlan
add bridge=bridge1 tagged=ether1,bridge1 untagged=wlan1 vlan-ids=101
add bridge=bridge1 tagged=ether1,bridge1 untagged=wlan3 vlan-ids=103
add bridge=bridge1 tagged=bridge1,ether1 vlan-ids=5
(6) only need one member.........
/interface list member
add interface=vlan5 list=BASE
Assuming vlan5 is the management vlan here
(7) /ip address WRONG. the WAP IP address should be from the management vlan 5 and should be unique to the WAP like 192.168.X.25
add address=192.168.X.????/24 interface=vlan101 network=\
192.168.X.0
(8) /ip route only need route to management vlan gateway IP,
add distance=1 dst-address=0.0.0.0/0 gateway=vlan5gatewayIP
(9) to match up with interface...........
/tool mac-server
set allowed-interface-list=NONE
/tool mac-server mac-winbox
set allowed-interface-list=BASE
set file-name=capture filter-interface=all memory-limit=1000KiB