I am using CRS328 as a router connected to a remote cAPac access point. The idea is to have two VLANs: 10 - trusted network (wifi all ethernet ports, access to internet and management) and 66 - untrusted (wifi, just internet, but no access to home network or managment). CRS328 should be the router, dhcp and DNS server for all networks and vlans.
The setup is pretty simple:
- CRS328 uses one SFP port as uplink, ether1-23 are trusted network ports (pvid=10) and ether24 is trunked port leading to wifi (both vlans - 10 and 66)
- cAPac uses ether1 as uplink in bridge mode and has couple of physical and virtual SSIDs defined with use-tag and the proper vlan-id.
Code: Select all
Inet -- sfp1plus -- CRS328's bridge1 -- ether24 [tagged 10, 66] ---- cAPac's ether1 -- bridge1 -- virtual APs [vlans 10 and 66] -- ether1..23 [untagged 10, pvid=10] -- home network
Now my issues:
- The configuration I have has one dhcp server too many (I would prefer just two - home for ether vlan 10 and guest for vlan 66). But devices on home wifi won't get IP unless I keep it like this
- Devices on guest wifi (vlan 66) do not get any IP and are not able to talk to the CRS328 even when static ip is used (I did not see anything using Torch either)
I haven't yet enabled vlan-filtering or disabled inter-vlan routing, because I want to solve this basic issue first.
I did try to follow the following howtos:
https://wiki.mikrotik.com/wiki/Manual:C ... ed_VLANs_2
https://wiki.mikrotik.com/wiki/Manual:I ... s_Ports.29
Thanks anybody who has any idea how to configure this properly as I am rather new to Mikrotik.