So, as I've seen on this forum, I will try to explain my use case, what I've done, and will post part of my config afterwards, my hardware is the Mikrotik cAP ac (RBcAPGi-5acD2nD)
- My use case is that I got this AP so I could have better wifi and wanted to set up 2 wireless VLANs since I wanted to install some IoT.
- Currently I have a PFSENSE router that has been serving me well, I've set up some VLANs to a proxmox server I've had and had almost no issues, so I set up some new VLANs, with their correspondient DHCP services.
- I've been basing myself on this post and the following examples:1 2. I think I'm on the right track, to pass said VLANs to the AP in a trunk port then split them.
Then, as far as I know, I have 3 ports in use and a bridge:
- eth1, poe in
- wlan1, currently 2Ghz
- wlan2, currently 5Ghz
- bridge, which would have all the previous ports inside
The IPs and tags configured on PFSENSE goes like this:
- 192.168.50.0, tag 5, meant for wlan2, 5Ghz wifi
- 192.168.60.0, tag 6, meant for wlan1, 2.4Ghz wifi
- 192.168.70.0, tag 7, meant for eth1, management?
Now comes where I kind of miss myself, as far as I've understood, I would need to set up eth1 as a trunk port, since it comes via wire from the pfsense, then both wlan* should be access ports, since the devices don't have to know they're into a vlan.
My issue comes in various forms, one of them is when I managed to get wifi properly but when I did some packet capture not everything was being tagged.
Then it is the obvious issue of winbox not being able to connect when I activate vlan-filtering=yes in the brigde as last step before testing, but I guess that would come from the MK firewall side since I'm wiping it 100% to avoid unknown issues.
DNS servers are setup in the 192.168.xx.1 of each VLAN on the IP -> DNS menu
Here's the export, "ElBridge" is how I named the bridge to always be aware what I'm changing.
Code: Select all
/interface vlan
add interface=ElBridge name=LaVlan5 vlan-id=5
add interface=ElBridge name=LaVlan6 vlan-id=6
add interface=ElBridge name=LaVlan7 vlan-id=7
/interface list
add name=LAN
/interface vlan
add interface=ElBridge name=LaVlan5 vlan-id=5
add interface=ElBridge name=LaVlan6 vlan-id=6
add interface=ElBridge name=LaVlan7 vlan-id=7
#(Below, I've tried assigning pvids and without assinging them, so I pasted last try it with the assignment)
#(I've also tried to play around with only-tagged and untagged-and-priority but so far no luck)
/interface bridge port
add bridge=ElBridge interface=ether2
add bridge=ElBridge interface=wlan1 pvid=6
add bridge=ElBridge interface=wlan2 pvid=5
add bridge=ElBridge interface=ether1 pvid=7
/interface bridge vlan
add bridge=ElBridge tagged=wlan2,ElBridge,ether1 vlan-ids=5
add bridge=ElBridge tagged=wlan1,ElBridge,ether1 vlan-ids=6
add bridge=ElBridge tagged=ElBridge,ether1 vlan-ids=7
#(This was an attemp to get winbox to access based on other posts from this forum)
/interface list member
add interface=ElBridge list=LAN
add interface=ether1 list=LAN
add interface=wlan1 list=LAN
add interface=wlan2 list=LAN
add interface=LaVlan7 list=LAN
#(Again, last line was another attemp to get winbox to access)
/ip address
add address=192.168.50.2/24 interface=LaVlan5 network=192.168.50.0
add address=192.168.60.2/24 interface=LaVlan6 network=192.168.60.0
add address=192.168.70.2/24 interface=LaVlan7 network=192.168.70.0
add address=192.168.70.3/24 interface=ElBridge network=192.168.70.0
/ip dns
set allow-remote-requests=yes servers=192.168.50.1,192.168.60.1,192.168.70.1 verify-doh-cert=yes
Anyway, this got long for my first post lol, I'm more focused on understand it properly than to make it work by seer copypasting., I would love to get the grasp and the inner workings, so I'm ready to go back and forward all the times I need to fully understand it.