Hi everyone

I have LHGG LTE US kit trunk to an hAP ac2 router it works great and i can concur that the switch chip is happily working on the hAP ac2 side, but i'm having difficulty on wrapping my head to add wlan1 and wlan2 interface on the VLAN-BR on hAP ac2, I tried that but it doesn't work as i expected.

So I made aworkaroundsince ether3 is an access port on my router, I create a separate bridge called Wireless and add ether4 + wlan1 + wlan2 in the bridge and put a physical cable on ether4 plug in on ether3 on the same device just to achieve what I want and presto I was able to connect to my AP and have an internet access.

Topology

LGHH LTE -> Trunk (VLAN 10,20) -> hAP ac2 (ether1 Trunk Port, ether2-vlan10 (access), ether3-vlan20 (access))

我的问题是有办法实现我的目标hout wasting 1 physical port? actually the side effect of what I did is basically hw offload still works because I don't put the wlan1 and wlan2 on the VLAN-BR but still i'm still interested to know how can I achieved my goal not to waste a precious port, thanks in advance guys!


[admin@HAPAC2] > /interface ethernet switch export
# jan/02/1970 11:14:00 by RouterOS 6.48.1
# software id = VK9R-VA7L
#
# model = RBD52G-5HacD2HnD
# serial number = D7170DA46DAE

/interface ethernet switch port
set 0 vlan-mode=secure
set 1 default-vlan-id=10 vlan-mode=secure
set 2 default-vlan-id=20 vlan-mode=secure
/interface ethernet switch vlan
add independent-learning=no ports=ether1,ether2 switch=switch1 vlan-id=10
add independent-learning=no ports=ether1,ether3 switch=switch1 vlan-id=20

/interface ethernet switch port
set 0 vlan-mode=secure
set 1 default-vlan-id=10 vlan-mode=secure
set 2 default-vlan-id=20 vlan-mode=secure

/interface bridge
add name=VLAN-BR
add name=Wireless
/interface bridge port
add bridge=VLAN-BR interface=ether1
add bridge=VLAN-BR interface=ether2
add bridge=VLAN-BR interface=ether3
add bridge=Wireless interface=wlan1
add bridge=Wireless interface=wlan2
add bridge=Wireless interface=ether4

From the explanation I fail to see what exactly is the problem wiith wlan1 and wlan2. It seems you'd like to have wlan1 and wlan2 set as access ports to VLAN 20? You can achieve that by settingvlan-mode=use-tag vlan-id=20on wlan1 and wlan2 interfaces while adding those as ports of bridge VLAN-BR.

From the explanation I fail to see what exactly is the problem wiith wlan1 and wlan2. It seems you'd like to have wlan1 and wlan2 set as access ports to VLAN 20? You can achieve that by settingvlan-mode=use-tag vlan-id=20on wlan1 and wlan2 interfaces while adding those as ports of bridge VLAN-BR.

Hi mkx,

I follow your suggestion and tweak a bit the config to be much more elaborate but i'm still missing something, on port ether2 and ether3 I can get an IP from my DHCP server on LHGG
it's just the wlan1 and wlan2 i can't get an IP

wlan1 i should get an IP address of 192.168.98.x and 192.168.99.x on wlan2 but i can't figure out why it's not working :), thanks man i hope you might have some ideas


# mar/18/2021 10:40:50 by RouterOS 6.48.1
# software id = VK9R-VA7L
#
# model = RBD52G-5HacD2HnD
# serial number = D7170DA46DAE

/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk eap-methods="" mode=dynamic-keys name=wpa2-psk supplicant-identity=""
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-onlyn country=philippines disabled=no installation=indoor mode=ap-bridge security-profile=wpa2-psk ssid="The Shop 2G" vlan-id=98 \
vlan-mode=use-tag wireless-protocol=802.11 wps-mode=disabled
set [ find default-name=wlan2 ] band=5ghz-onlyac country=philippines disabled=no frequency=5200 installation=indoor mode=ap-bridge security-profile=wpa2-psk ssid=\
"The Shop 5G" vlan-id=99 vlan-mode=use-tag wireless-protocol=802.11 wps-mode=disabled

/interface bridge
add name=VLAN_BR vlan-filtering=yes
/interface bridge port
add bridge=VLAN_BR frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=ether1
添加桥= VLAN_BR frame-types = admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=wlan1
添加桥= VLAN_BR frame-types = admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=wlan2
add bridge=VLAN_BR interface=ether2
add bridge=VLAN_BR interface=ether3

/interface bridge vlan
add bridge=VLAN_BR tagged=VLAN_BR,ether1 untagged=wlan2 vlan-ids=99
add bridge=VLAN_BR tagged=VLAN_BR,ether1 untagged=wlan1 vlan-ids=98

You started to mix in bridge vlan-filtering ... which should not be used together with switch-chip vlan setup.

First decide which way you want to do and then we'll help you. BTW, my post #2 above was based on switch-chip vlans (since you had that in your original post). It does not apply (directly) to your current setup.

You started to mix in bridge vlan-filtering ... which should not be used together with switch-chip vlan setup.

First decide which way you want to do and then we'll help you. BTW, my post #2 above was based on switch-chip vlans (since you had that in your original post). It does not apply (directly) to your current setup.

Hi Mkx,

Thanks for confirming my theory that they can not co-exist together, I decided on the switch chip route approach at least on this router and stay with my original hack

LHGG -> Trunk (98,99) -> hAP ac2 -> VLAN-BR (ether1,ether2(untagged vlan98),ether3(untagged vlan99)) ->Wireless-BR (ether4(patch cord from ether3),wlan1,wlan2)

Your input is very valuable to restore my sanity and thank you so much for your effort and time, for switching I might stay on cisco and juniper for the time being but I'm pretty sold in mikrotik router line of product at least, quite an adventure see you again in another post :)