I know tdw helped me a ton a few years back when I configured the hAP-ac2 router, so hoping I can just move the config over.
Here is my current vlans config:
Code: Select all
/interface bridge
add name=bridge protocol-mode=none pvid=99 vlan-filtering=yes
/interface vlan
add comment=Users interface=bridge name=VLAN10 vlan-id=10
add comment=CCTV interface=bridge name=VLAN20 vlan-id=20
add comment=Guest interface=bridge name=VLAN30 vlan-id=30
add comment=MGMT interface=bridge name=VLAN99 vlan-id=99
/interface list
add comment=DJ name=WAN
add comment=DJ name=LAN
add comment=DJ name=VLAN
add comment=DJ name=MGMT
/interface list member
add interface=VLAN99 list=MGMT
add interface=ether1 list=WAN
add interface=bridge list=LAN
add interface=VLAN10 list=VLAN
add interface=VLAN20 list=VLAN
add interface=VLAN30 list=VLAN
/interface bridge port
add bridge=bridge comment=Trunk frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=ether2
add bridge=bridge comment=Trunk frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=ether3
add bridge=bridge frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=ether4
add bridge=bridge comment=MGMT ingress-filtering=yes interface=ether5 pvid=99
add bridge=bridge comment="Wifi 2.4GHz" frame-types=admit-only-untagged-and-priority-tagged \
ingress-filtering=yes interface=wlan1 pvid=10
add bridge=bridge comment="Wifi 5GHz" frame-types=admit-only-untagged-and-priority-tagged \
ingress-filtering=yes interface=wlan2 pvid=10
add bridge=bridge comment="Guest Wifi" frame-types=admit-only-untagged-and-priority-tagged \
ingress-filtering=yes interface=wlan3 pvid=30
/interface bridge vlan
add bridge=bridge comment=MGMT tagged=bridge,ether2 vlan-ids=99
add bridge=bridge comment="Guest WLAN" tagged=bridge,ether2,ether3 vlan-ids=30
add bridge=bridge comment=CCTV tagged=bridge,ether2,ether3 vlan-ids=20
add bridge=bridge comment=Users tagged=bridge,ether2,ether3 vlan-ids=10