Community discussions

MikroTik App
 
gigabyte091
Forum Guru
Forum Guru
Topic Author
Posts: 1171
Joined: Fri Dec 31, 2021 11:44 am
Location: Croatia

Single SSID, 2APs

Sun Feb 19, 2023 11:14 am

Hello,

So I finally set up WiFi for my home and it consist of hAP ax3 acting as an router on second floor and hAP ax2 acting as an AP/switch for downstairs wired devices.

I have multiple SSIDs and VLANs, and hAP ax3 only have one SSID, for my main network and it's combined 2.4/5 GHz ax, ax2 have 3 SSIDs, one for main network, same as ax3, so combined 2.4/5 GHz ax and same SSID for both of them. One SSID for cameras and security related devices and another SSID for IoT devices.

I noticed that my devices loves to connect to the upstairs router instead of the ax2 downstairs... Devices even rather connect to the 2.4 GHz WiFi upstairs and have terrible speeds... I scanned my area and i choose channels so APs don't overlaps. Here are configs for both devices. I don't know where the problem is...

Downstairs ax2
# jan/03/1970 02:14:49 by RouterOS 7.7
# software id = 
#
# model = C52iG-5HaxD2HaxD
# serial number = 
/interface bridge
add ingress-filtering=no name=bridge vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] comment=TRUNK
set [ find default-name=ether2 ] comment=VLAN40_IPTV
set [ find default-name=ether3 ] comment=VLAN20_SECURITY
set [ find default-name=ether4 ] comment=VLAN20_SECURITY
set [ find default-name=ether5 ] comment=VLAN88_HOME
/interface vlan
add interface=bridge name=VLAN20_SECURITY vlan-id=20
add interface=bridge name=VLAN30_IOT vlan-id=30
add interface=bridge name=VLAN40_IPTV vlan-id=40
add interface=bridge name=VLAN88_HOME vlan-id=88
/interface wifiwave2 security
add authentication-types=wpa2-psk,wpa3-psk name=HOME
add authentication-types=wpa2-psk name=IOT
add authentication-types=wpa2-psk name=CCTV
/interface wifiwave2
set [ find default-name=wifi1 ] channel.band=5ghz-ax .frequency=5180 .width=\
    20/40/80mhz configuration.country=Croatia .mode=ap .ssid="Gazdin WiFi" \
    disabled=no security=HOME
set [ find default-name=wifi2 ] channel.band=2ghz-ax .frequency=2462 .width=\
    20mhz configuration.country=Croatia .mode=ap .ssid="Gazdin WiFi" \
    disabled=no security=HOME
add channel.band=2ghz-ax .width=20mhz configuration.country=Croatia .mode=ap \
    .ssid=IoT disabled=no mac-address=XX:XX:XX:XX:XX:XX master-interface=\
    wifi2 name=wifi3 security=IOT
add channel.band=2ghz-ax .width=20mhz configuration.country=Croatia .mode=ap \
    .ssid=WiFi_CCTV disabled=no mac-address=XX:XX:XX:XX:XX:XX \
    master-interface=wifi2 name=wifi4 security=CCTV
/interface bridge port
add bridge=bridge interface=ether1
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged \
    interface=ether2 pvid=40
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged \
    interface=ether3 pvid=20
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged \
    interface=ether4 pvid=20
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged \
    interface=ether5 pvid=88
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged \
    interface=wifi1 pvid=88
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged \
    interface=wifi2 pvid=88
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged \
    interface=wifi3 pvid=30
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged \
    interface=wifi4 pvid=20
/interface bridge vlan
add bridge=bridge tagged=ether1,bridge untagged=ether3,ether4,wifi4 vlan-ids=\
    20
add bridge=bridge tagged=bridge,ether1 untagged=ether5,wifi1,wifi2 vlan-ids=\
    88
add bridge=bridge tagged=bridge,ether1 untagged=ether2 vlan-ids=40
add bridge=bridge tagged=bridge,ether1 untagged=wifi3 vlan-ids=30
/system identity
set name=hAP_ax2_DB
Upstairs ax3
 
 feb/19/2023 10:06:52 by RouterOS 7.6
# software id = 
#
# model = C53UiG+5HPaxD2HPaxD
# serial number = 
/interface bridge
add admin-mac=XX:XX:XX:XX:XX:XX auto-mac=no comment=defconf name=bridge \
    vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] comment=WAN
set [ find default-name=ether2 ] comment=TRUNK
set [ find default-name=ether3 ] comment=VLAN10_TEA_RADNI_PC
set [ find default-name=ether4 ] comment=VLAN88_HOME
set [ find default-name=ether5 ] comment=VLAN88_HOME
/interface vlan
add interface=bridge name=VLAN10_TEA_PC vlan-id=10
add interface=bridge name=VLAN20_SECURITY vlan-id=20
add interface=bridge name=VLAN30_IOT vlan-id=30
add interface=bridge name=VLAN40_IPTV vlan-id=40
add interface=bridge name=VLAN88_HOME vlan-id=88
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
add name=HOME
/interface wifiwave2 security
add authentication-types=wpa2-psk,wpa3-psk name=HOME
/interface wifiwave2
set [ find default-name=wifi1 ] channel.band=5ghz-ax .frequency=5500 \
    .skip-dfs-channels=10min-cac .width=20/40/80mhz configuration.country=\
    Croatia .mode=ap .ssid="Gazdin WiFi" disabled=no security=HOME
set [ find default-name=wifi2 ] channel.band=2ghz-ax .frequency=2412 \
    .skip-dfs-channels=10min-cac .width=20mhz configuration.country=Croatia \
    .mode=ap .ssid="Gazdin WiFi" disabled=no security=HOME
/ip pool
add name=dhcp_pool1 ranges=10.10.10.2-10.10.10.5
add name=dhcp_pool2 ranges=10.10.20.2-10.10.20.150
add name=dhcp_pool3 ranges=10.10.30.2-10.10.30.254
add name=dhcp_pool4 ranges=10.10.40.2-10.10.40.50
add name=dhcp_pool5 ranges=10.10.88.2-10.10.88.254
/ip dhcp-server
add address-pool=dhcp_pool1 interface=VLAN10_TEA_PC lease-time=1d name=\
    dhcp_VLAN10
add address-pool=dhcp_pool2 interface=VLAN20_SECURITY lease-time=1d name=\
    dhcp_VLAN20
add address-pool=dhcp_pool3 interface=VLAN30_IOT lease-time=1d name=\
    dhcp_VLAN30
add address-pool=dhcp_pool4 interface=VLAN40_IPTV lease-time=1d name=\
    dhcp_VLAN40
add address-pool=dhcp_pool5 interface=VLAN88_HOME lease-time=1d name=\
    dhcp_VLAN88
/port
set 0 name=serial0
/interface bridge port
add bridge=bridge comment=defconf frame-types=admit-only-vlan-tagged \
    interface=ether2
add bridge=bridge comment=defconf frame-types=\
    admit-only-untagged-and-priority-tagged interface=ether3 pvid=10
add bridge=bridge comment=defconf frame-types=\
    admit-only-untagged-and-priority-tagged interface=ether4 pvid=88
add bridge=bridge comment=defconf frame-types=\
    admit-only-untagged-and-priority-tagged interface=ether5 pvid=88
add bridge=bridge comment=defconf frame-types=\
    admit-only-untagged-and-priority-tagged interface=wifi1 pvid=88
add bridge=bridge comment=defconf frame-types=\
    admit-only-untagged-and-priority-tagged interface=wifi2 pvid=88
/ip neighbor discovery-settings
set discover-interface-list=HOME
/ipv6 settings
set disable-ipv6=yes
/interface bridge vlan
add bridge=bridge tagged=bridge,ether2 untagged=wifi1,wifi2,ether4,ether5 \
    vlan-ids=88
add bridge=bridge tagged=bridge untagged=ether3 vlan-ids=10
add bridge=bridge tagged=bridge,ether2 vlan-ids=20
add bridge=bridge tagged=bridge,ether2 vlan-ids=30
add bridge=bridge tagged=bridge,ether2 vlan-ids=40
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=VLAN10_TEA_PC list=LAN
add interface=VLAN20_SECURITY list=LAN
add interface=VLAN30_IOT list=LAN
add interface=VLAN40_IPTV list=LAN
add interface=VLAN88_HOME list=LAN
add interface=VLAN88_HOME list=HOME
/ip address
add address=10.10.10.1/24 comment="VLAN10 _TEA_PC" interface=VLAN10_TEA_PC \
    network=10.10.10.0
add address=10.10.20.1/24 comment=VLAN20_SECURITY interface=VLAN20_SECURITY \
    network=10.10.20.0
add address=10.10.30.1/24 comment=VLAN30_IOT interface=VLAN30_IOT network=\
    10.10.30.0
add address=10.10.40.1/24 comment=VLAN40_IPTV interface=VLAN40_IPTV network=\
    10.10.40.0
add address=10.10.88.1/24 comment=VLAN88_HOME interface=VLAN88_HOME network=\
    10.10.88.0
/ip dhcp-client
add comment=defconf interface=ether1
/ip dhcp-server lease

/ip dhcp-server network
add address=10.10.10.0/24 gateway=10.10.10.1
add address=10.10.20.0/24 gateway=10.10.20.1
add address=10.10.30.0/24 gateway=10.10.30.1
add address=10.10.40.0/24 gateway=10.10.40.1
add address=10.10.88.0/24 gateway=10.10.88.1
/ip dns
set allow-remote-requests=yes
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=\
    icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=\
    33434-33534 protocol=udp
add action=accept chain=input comment=\
    "defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\
    udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \
    protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=\
    ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\
    ipsec-esp
add action=accept chain=input comment=\
    "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment=\
    "defconf: drop everything else not coming from LAN" in-interface-list=\
    !LAN
add action=accept chain=forward comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment=\
    "defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \
    hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\
    icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=\
    500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\
    ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\
    ipsec-esp
add action=accept chain=forward comment=\
    "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment=\
    "defconf: drop everything else not coming from LAN" in-interface-list=\
    !LAN
/system clock
set time-zone-name=Europe/Zagreb
/system identity
set name=hAP_ax3_router
/tool mac-server
set allowed-interface-list=none
/tool mac-server mac-winbox
set allowed-interface-list=HOME
 
holvoetn
Forum Guru
Forum Guru
Posts: 5422
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Single SSID, 2APs

Sun Feb 19, 2023 3:30 pm

When you performed channel scan, did you also consider signal strength ?
My first suggestion would be to reduce tx power of AX3 2.4GHz and/or use Access List (to force kick off devices which are below a certain level).
A client device will try to stay connected to the same radio as long as possible. So it might need a hand to be persuaded to move over.

Curious what other suggestions might come in.
 
gigabyte091
Forum Guru
Forum Guru
Topic Author
Posts: 1171
Joined: Fri Dec 31, 2021 11:44 am
Location: Croatia

Re: Single SSID, 2APs

Sun Feb 19, 2023 4:01 pm

Yea, so ax2 had stronger signal, measurement was performed downstairs, and beside my network i can only see my neighbors wifi ( they are about 40-50 meters away so signal is very weak) at channel 6, and my routers are at channel 1 and 11, there are no 5 GHz networks that i could find beside wifi link to the city but for link i'm using Ubiquiti loco 5AC (but this wifi is not seen by scanner app)
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19125
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Single SSID, 2APs

Sun Feb 19, 2023 4:28 pm

No need and a bad idea to define VLANS in the ax2. EDIT AX2 not 3 ( all items in post modified accordingly ) The only vlan that needs to be identified is the management vlan or trusted vlan, aka the one the AX2 is getting its IP address from.

Let say its vlan 88, so only define that one..... ( and .88.84 is the static IP assigned to the ax2 )

/interface list
add name=management
/ip neighbor discovery-settings
set discover-interface-list=management
/interface list member
add interface=homeVlan88 list=management
/ip address
add address=192.168.88.84/24 interface=homeVlan88 network=192.168.88.0 comment="IP of ax2 on trusted subnet"
/ip dns
set allow-remote-requests=yes servers=192.168.88.1 comment="dns through trusted subnet gateway"
/ip route
add disabled=no dst-address=0.0.0.0/0 gateway=192.168.88.1 comment="ensures route avail through trusted subnet gateway"
/system ntp client servers
add address=192.168.88.1
/tool mac-server
set allowed-interface-list=none
/tool mac-server mac-winbox
set allowed-interface-list=management
Last edited by anav on Tue Feb 21, 2023 5:38 pm, edited 4 times in total.
 
massinia
Member Candidate
Member Candidate
Posts: 159
Joined: Thu Jun 09, 2022 7:20 pm

Re: Single SSID, 2APs

Sun Feb 19, 2023 4:32 pm

Try also to use wpa2 only, a while ago i had the same problem using wpa3 (3 AP not MikroTik).
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19125
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Single SSID, 2APs

Sun Feb 19, 2023 5:49 pm

Really massinia? I thought if the device was not capable of WPA3 the router would only apply WPA2 no interference??
I will have to change my ax3 settings then. :-( Is this just poor implementation by MT??
 
holvoetn
Forum Guru
Forum Guru
Posts: 5422
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Single SSID, 2APs

Sun Feb 19, 2023 5:57 pm

If you only selected wpa3, that's what is offered.
If you want to have both, you need to select wpa2 as well.

It's like 2.4 GHz bgn where everyone is advised to deselect bg if not needed. Who still uses wpa2 ?
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19125
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Single SSID, 2APs

Sun Feb 19, 2023 6:20 pm

Does your phone even use WPA2? I thought they still had flip phones in WannabeFrance ;-)
 
holvoetn
Forum Guru
Forum Guru
Posts: 5422
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Single SSID, 2APs

Sun Feb 19, 2023 6:23 pm

It can.
But i only allow wpa3 on my network now.
No problems with any of my devices.

Ps WannabeFrance ? That's like saying Canada should become one with US.
You clearly need some education on European countries :lol:
 
gigabyte091
Forum Guru
Forum Guru
Topic Author
Posts: 1171
Joined: Fri Dec 31, 2021 11:44 am
Location: Croatia

Re: Single SSID, 2APs

Sun Feb 19, 2023 7:13 pm

I selected WPA2 and WPA3 because my wife is using older laptop which doesn't support WPA3 but soon i will replace it with new laptop so i will also only use WPA3. My IoT and CCTV network uses WPA2 because this devices only supports 2.4GHz and WPA/WPA2.

Well, for start i could try to decrease TX power of ax3 and see if it makes any difference. Or try to separate 2.4 and 5 GHz ? Stupid question, how i can decrease power ? I saw TX power in menu but are there any steps, in which increments should i decrease power ?

And guys, don't be so hard on massinia, he meant nothing wrong :D

As for the VLANs, i knew anav will comment that i fu**ed something up :lol: :lol: :lol:

If I understand you correctly, only thrusted VLAN should be on the list ? I can remove other VLANs from interface list ? Ones that are on LAN list ? (I don't have 192.168.88.0 network anymore, 10.10.88.0 is thrusted subnet)

Just to be clear, everything is working right now, i don't have problems with VLANs and WiFi is stable, i don't get disconnected or something like that, heck even my heating gateway is working now...
 
gigabyte091
Forum Guru
Forum Guru
Topic Author
Posts: 1171
Joined: Fri Dec 31, 2021 11:44 am
Location: Croatia

Re: Single SSID, 2APs

Mon Feb 20, 2023 5:55 pm

I reduced TX power of upstairs router for both 5 GHz and 2.4 GHz but my laptop just wants to connect to 2.4 GHz on ax2 downstairs, i even tried to add access list rule that rejects if laptop connects to wifi2 interface (2.4 GHz) but that resulted in no connection, laptop connects and then drop connection... but it won't connect to 5 GHz network. Mobile phone sometimes connects to 5 GHz on downstairs AP with full speed (1200 Mbps reported by phone) but most of the times it connects to 2.4 GHz...

Laptop have Intel AX200 wireless adapter.
 
gigabyte091
Forum Guru
Forum Guru
Topic Author
Posts: 1171
Joined: Fri Dec 31, 2021 11:44 am
Location: Croatia

Re: Single SSID, 2APs

Tue Feb 21, 2023 4:48 pm

So I separated 2.4 and 5 GHz WiFi and after i "forget" 2.4 GHz WiFi, laptop and phones connects to 5 GHz.

For eg. at work we have 2 Ubiquiti 6 Lite AP with combined 2.4 and 5 GHz networks i don't have any issues...
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19125
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Single SSID, 2APs

Tue Feb 21, 2023 5:37 pm

MY BAD got confused, I meant to say AX2, which is the AP/switch, and IT should only have the management vlan assigned not any other vlans in terms of /interface vlan.
 
gigabyte091
Forum Guru
Forum Guru
Topic Author
Posts: 1171
Joined: Fri Dec 31, 2021 11:44 am
Location: Croatia

Re: Single SSID, 2APs

Tue Feb 21, 2023 7:01 pm

I made changes you suggested:
# feb/21/2023 17:37:30 by RouterOS 7.7
# software id = 
#
# model = C52iG-5HaxD2HaxD
# serial number = 
/interface bridge
add ingress-filtering=no name=bridge vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] comment=TRUNK
set [ find default-name=ether2 ] comment=VLAN40_IPTV
set [ find default-name=ether3 ] comment=VLAN20_SECURITY
set [ find default-name=ether4 ] comment=VLAN20_SECURITY
set [ find default-name=ether5 ] comment=VLAN88_HOME
/interface vlan
add interface=bridge name=VLAN88_HOME vlan-id=88
/interface list
add name=HOME
/interface wifiwave2 security
add authentication-types=wpa2-psk,wpa3-psk name=HOME
add authentication-types=wpa2-psk name=IOT
add authentication-types=wpa2-psk name=CCTV
/interface wifiwave2
set [ find default-name=wifi1 ] channel.band=5ghz-ax .width=20/40/80mhz \
    configuration.country=Croatia .mode=ap .ssid="Gazdin brzi WiFi" disabled=\
    no security=HOME
set [ find default-name=wifi2 ] channel.band=2ghz-ax .frequency=2462 .width=\
    20mhz configuration.country=Croatia .mode=ap .ssid="Gazdin WiFi" \
    disabled=no security=HOME
add channel.band=2ghz-ax .width=20mhz configuration.country=Croatia .mode=ap \
    .ssid=IoT disabled=no mac-address=XX:XX:XX:XX:XX:XX master-interface=\
    wifi2 name=wifi3 security=IOT
add channel.band=2ghz-ax .width=20mhz configuration.country=Croatia .mode=ap \
    .ssid=WiFi_CCTV disabled=no mac-address=XX:XX:XX:XX:XX:XX \
    master-interface=wifi2 name=wifi4 security=CCTV
/interface bridge port
add bridge=bridge interface=ether1
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged \
    interface=ether2 pvid=40
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged \
    interface=ether3 pvid=20
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged \
    interface=ether4 pvid=20
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged \
    interface=ether5 pvid=88
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged \
    interface=wifi1 pvid=88
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged \
    interface=wifi2 pvid=88
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged \
    interface=wifi3 pvid=30
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged \
    interface=wifi4 pvid=20
/ipv6 settings
set disable-ipv6=yes
/interface bridge vlan
add bridge=bridge tagged=ether1,bridge untagged=ether3,ether4,wifi4 vlan-ids=\
    20
add bridge=bridge tagged=bridge,ether1 untagged=ether5,wifi1,wifi2 vlan-ids=\
    88
add bridge=bridge tagged=bridge,ether1 untagged=ether2 vlan-ids=40
add bridge=bridge tagged=bridge,ether1 untagged=wifi3 vlan-ids=30
/interface list member
add interface=VLAN88_HOME list=HOME
/ip address
add address=10.10.88.200/24 interface=VLAN88_HOME network=10.10.88.0
/ip dns
set allow-remote-requests=yes servers=10.10.88.1
/ip route
add disabled=no dst-address=0.0.0.0/0 gateway=10.10.88.1 routing-table=main \
    suppress-hw-offload=no
/system clock
set time-zone-name=Europe/Zagreb
/system identity
set name=hAP_ax2_DB
/tool mac-server
set allowed-interface-list=none
/tool mac-server mac-winbox
set allowed-interface-list=HOME
I also added 10.10.88.200 as reserved IP address in ax3

Regarding WiFi, any suggestions ? Maybe it's best to separate 2.4 and 5 GHz after all ? I would really like to have one SSID but devices just loves 2.4 WiFi for some reason...

Who is online

Users browsing this forum: morphema and 18 guests