Alas, I added a virtual interface to wlan1 for Guest access, hooked it to another VLAN (2), and it does not exchange any data. The clients can register with the guest net, they are rejected, if I enter the wrong passphrase, but they don't receive DHCP. In fact, I cannot even MAC ping them from the very hAP.
I currently have no idea how to analyze the situation any further. As I see it, the two interfaces are set-up in exactly the same way. I'd appreciate any hints to further analyse the situation.
This is the a sanitized excerpt of the configuration of the hAP:
Code: Select all
/interface bridge
add name=vlan-bridge vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] name=Trunk-eth1
/interface vlan
add interface=vlan-bridge name=admin-vlan vlan-id=4
add interface=vlan-bridge name=wifi-guest-vlan vlan-id=2
add interface=vlan-bridge name=wifi-int-vlan vlan-id=3
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk eap-methods="" mode=dynamic-keys name=\
Internal supplicant-identity="" wpa2-pre-shared-key=oh-so-secret
add authentication-types=wpa2-psk eap-methods="" mode=dynamic-keys name=Guest \
supplicant-identity="" wpa2-pre-shared-key=different-secret
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
country=germany disabled=no distance=indoors frequency=auto installation=\
indoor mode=ap-bridge security-profile=Internal ssid="INT-SSID" \
wireless-protocol=802.11
add disabled=no keepalive-frames=disabled mac-address=DE:2C:6E:40:64:77 \
master-interface=wlan1 multicast-buffering=disabled name=Guest-Wifi \
security-profile=Guest ssid=EXT-SSID wds-cost-range=0 \
wds-default-cost=0 wps-mode=disabled
/interface bridge port
add bridge=vlan-bridge interface=Trunk-eth1
add bridge=vlan-bridge frame-types=admit-only-untagged-and-priority-tagged \
interface=wlan1 pvid=3
add bridge=vlan-bridge frame-types=admit-only-untagged-and-priority-tagged \
interface=Guest-Wifi pvid=2
/interface bridge vlan
add bridge=vlan-bridge tagged=vlan-bridge,Trunk-eth1 vlan-ids=1
add bridge=vlan-bridge tagged=vlan-bridge,Trunk-eth1 vlan-ids=4
add bridge=vlan-bridge tagged=Trunk-eth1,vlan-bridge untagged=wlan1 \
vlan-ids=3
add bridge=vlan-bridge tagged=Trunk-eth1,vlan-bridge untagged=Guest-Wifi \
vlan-ids=2