I'm pretty new to Mikrotik and I have the following architecture planned:
Router provided by ISP (cable) -> CRS326 creating 4 VLANs -> LAN ports and several cAP ax for WiFi
VLAN 10 internal
VLAN 20 guest (participants can't see others)
VLAN 30 for home automation system
VLAN 99 for management
The cAPs shall provide all VLANs 10, 20 and 30 with separate WiFi SSIDs and enable WiFi roaming between the APs.
And some endpoints shall have access to multiple VLANs. To simplify broadcasts ect. every VLAN shall reside in a separate partition of the same /24 subnet.
VLAN 99 devices shall also be able to connect to the router for configuration.
I'm currently building the network setup step by step reading the documentation. Port 1 shall be used for WAN and port 2 for management. The current state is having set up the VLAN on the first ports.
Code: Select all
/interface bridge
set bridge vlan-filtering=no
/interface vlan
add interface=bridge vlan-id=99 name=MGMT
add interface=bridge vlan-id=10 name=V10
add interface=bridge vlan-id=20 name=V20
add interface=bridge vlan-id=30 name=V30
/ip/pool
add name=vlan10 ranges=192.168.0.10-192.168.0.127
add name=vlan20 ranges=192.168.0.128-192.168.0.191
add name=vlan30 ranges=192.168.0.192-192.168.0.223
/ip/dhcp-server/
add address-pool=default-dhcp interface=MGMT
add address-pool=vlan10 interface=V10
add address-pool=vlan20 interface=V20
add address-pool=vlan30 interface=V30
remove defconf
/interface bridge port
set bridge=bridge interface=ether2 pvid=99 frame-types=admit-only-untagged-and-priority-tagged
add bridge=bridge interface=ether3 pvid=10 frame-types=admit-only-untagged-and-priority-tagged
add bridge=bridge interface=ether4 pvid=10 frame-types=admit-only-untagged-and-priority-tagged
add bridge=bridge interface=ether5 pvid=20 frame-types=admit-only-untagged-and-priority-tagged
- Makes this approach any sense or not at all or what should be changed?
- How do I integrate the internet access?