Hi,

My network devices connection:
Internet <--> Mikrotik Router <--> Switch (usually unmanaged) <--> Wifi Access Points

First I will describe my already running configuration and then describe you what I wish to achieve.
So with the above setup, when I am plugin my computer on the switch or the mikrotik router. My computer is getting ip from the bridge1 dhcp server and I can see and manage all my access point devices. My wifi access point devices also getting ip from bridge1 dhcp server.
Also the guests vlan that is running under the bridge is passing to wifi access points and eventually is untagged in order to get connected the guests terminals on my 192.168.2.0/24 network.

What I wish to achieve:
My purpose is to use only vlans in order to manage my devices and passing vlans on my wifi SSID.
When plugin a device on Mikrotik Router I want to get connected on management vlan in order to managing my devices (router and wifi access points), also I want to be able to pass BASE_VLAN (MANAGENET) and GUEST_VLAN on my wifi access point device. Also the wifi access point devices are going to get ip address from the dhcp server will running on BASE_VLAN.

Although I have read this topic in forum (viewtopic.php?f=23&t=143620&p=883307) in order to understand vlan I can't apply it to my configuration. Maybe I haven't completely understand it.

Could you please provide me some guides in order to achieve the above setup by using only vlans with bridge vlan filtering?

Kind Regards

What I recommend.
A. One bridge.
B. All vlans, much easier to understand and configure.
C. For managment of all devices, quite correct.

After the router, all smart devices need an IP on the management VLAN.
On your interface list members, create one called manage
then put all the interfaces you will use to access the devices on that list.
Then put that interface-list member in tools macwinbox server.

For the router itself
input chain, you need three rules and get rid of the default !lan input chain rule with

allow admin to router ( use in-interface-list=manage and src-address-list=adminaccess*** )
allow services to LAN (DNS, NTP etc)
drop all else.

*** Where firewall address list is:
ip of admindesktop list=adminaccess
ip of adminlaptop list=adminaccess
ip of adminsmartphone list=adminaccss
Basically ANY DEVICE YOU USE should be on this list and with the IP from whatever vlan you do it from.
USE DHCP STATIC to hard assign these too your devices.

Hi,

thank you for your reply! After you have seen my topic, my actual question is how to make the configuration in order the wifi access point device will take dchp ip address from the base vlan (management vlan) and the same time will passing from the same port the guests vlan to the wifi network?

Kind Regards!

Read this article it has examples for wifi.
viewtopic.php?f=23&t=143620