I've followed (or i believe I've followed) the guide at viewtopic.php?t=143620 (section "Router-Switch-AP (all in one)") and also played with different options in order to get 2 VLNAS (10, 11) working "isolated on from the other", but seems not to get it. The closer I've achieved is with these configuration but I can ping and get access from VLAN 10 to 11 Can yo help me?
Code: Select all
/interface bridge
add ingress-filtering=yes name=aBridge protocol-mode=none pvid=11 vlan-filtering=yes
/interface vlan
add interface=aBridge name=VLAN100 vlan-id=10
add interface=aBridge name=VLAN101 vlan-id=11
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk mode=dynamic-keys name=**** supplicant-identity=MikroTik
add authentication-types=wpa2-psk mode=dynamic-keys name=**** supplicant-identity=MikroTik
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce country=argentina disabled=no frequency=auto installation=indoor mode=\
ap-bridge security-profile=**** ssid=2.4 vlan-id=10 wireless-protocol=802.11
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-XXXX country=argentina disabled=no installation=indoor mode=ap-bridge \
security-profile=**** ssid=5.0 vlan-id=11 wireless-protocol=802.11
/ip pool
add name=VLAN10_POOL ranges=192.168.10.100-192.168.10.200
add name=VLAN11_POOL ranges=192.168.11.100-192.168.11.200
/ip dhcp-server
add address-pool=VLAN10_POOL disabled=no interface=VLAN10 name=VLAN10_DHCP
add address-pool=VLAN11_POOL disabled=no interface=VLAN11 name=VLAN11_DHCP
/interface bridge port
add bridge=aBridge frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether2 pvid=10
add bridge=aBridge frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether3 pvid=10
add bridge=aBridge frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=wlan1 pvid=10
add bridge=aBridge frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=wlan2 pvid=11
add bridge=aBridge frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether4 pvid=11
add bridge=aBridge frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether5 pvid=11
/interface bridge vlan
add bridge=aBridge tagged=aBridge vlan-ids=11
add bridge=aBridge tagged=aBridge vlan-ids=10
/interface list member
add interface=ether1 list=WAN
add interface=VLAN10 list=LAN
add interface=VLAN11 list=LAN
/ip address
add address=192.168.10.1/24 interface=VLAN10 network=192.168.10.0
add address=192.168.11.1/24 interface=VLAN11 network=192.168.11.0
/ip dhcp-client
add disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.10.0/24 dns-server=192.168.10.1 gateway=192.168.10.1
add address=192.168.11.0/24 dns-server=192.168.11.1 gateway=192.168.11.1
/ip dns
set allow-remote-requests=yes
/ip firewall filter
add action=accept chain=input comment="Allow established and related" connection-state=established,related
add action=accept chain=forward connection-state=new in-interface-list=LAN out-interface-list=WAN