I have a RB450 and want to set up the following configuration:

-------------------------
| P1 | P2 | P3 | P4 | P5 |
-------------------------

For P1, I want a direct interface connection to a Wireless AP Controller.
For P2, I want to trunk three VLANS (two tagged and one untagged) to my wireless AP.

I have three bridges: ControllerBridge, PublicWifiBridge, and SecureWifiBridge

I want to use the ControllerBridge to bridge the untagged VLAN on P2 directly to P1, so the Controller can communicate with the AP. The two tagged VLANS are used for the AP users, depending on which SSID they connect to.

The trouble appears when I start bridging interfaces. If I only apply the ControllerBridge between P1 and P2 (simulating an untagged VLAN), the controller has no problem talking to the AP. If I add the two VLAN interfaces to the port though, they get ignored as long as the ControllerBridge is on. If I disable that bridge, the VLANs start working.

I can't seem to get this configuration to work. I've looked through several threads, and it appears that it's an ongoing issue that you can't seperate tagged and untagged packets from the same port. Why is that, and is there a way around it? My Cisco switches have no problem doing this. And I know that this is a router (not a switch), but I don't see why this feature can't be implemented fairly easily.

I've run into this problem before with RouterOS and VLANs, and the only solution was to purchase an additional switch for the sole purpose of combining tagged and untagged traffic on a single port. Does anyone have another solution to this issue besides purchasing an additional switch?

The way you are describing it, I don't think you are going to get it to work properly. The way a MikroTik handles a VLAN is the same way Linux does, each VLAN you add to an interface is it's own interface. What this means is you really can't have an untagged VLAN without mucking around with a bridge (create a VLAN on a different interface, assign that VLAN and the "untagged" port to the bridge), and this will only work for one VLAN.

So the closest you might be able to get it to work, is to have the controller port and access point port in a bridge so they can talk to each other, and then treat the two VLANs as separate interfaces with their own IP range, DHCP Server, and any other services you want to run on them on the same interface. I have noticed however that bridging a port with VLANs on it tends to make things break down for the VLANs, so when I use VLAN and bridges everything on the trunk port is tagged or nothing is.

You potentially have two solutions:

1)。看看你的访问点接受魔法gement VLAN set other than 1. This will make it listen to the tagged VLAN of x, then assign your 3 VLANs to the 750 port, bridge port 1 and the management VLAN together, and do whatever you want to do with the other two VLANs.

2.) Go out and buy a cheap unmanaged switch and place it between the 750 and the access point and have the controller connect to that. If the unamnaged switch does what it is supposed to, it will retain the VLAN tags of any traffic that is sent to it so the 750 can still read them.

I've thought about it some more, and it boils down to the following requirement: I need to be able to bridge untagged traffic separably from tagged traffic from the same interface. This is someone RouterOS cannot currently do as far as I can tell.

1)。看看你的访问点接受魔法gement VLAN set other than 1. This will make it listen to the tagged VLAN of x, then assign your 3 VLANs to the 750 port, bridge port 1 and the management VLAN together, and do whatever you want to do with the other two VLANs.

Unfortunately, the AP devices I am using (Ubiquiti's UniFi System), cannot be managed using a VLAN. You can only specifiy VLAN tagging on the actual WiFi access points.

2.) Go out and buy a cheap unmanaged switch and place it between the 750 and the access point and have the controller connect to that. If the unamnaged switch does what it is supposed to, it will retain the VLAN tags of any traffic that is sent to it so the 750 can still read them.

I'm not quite sure I understand. In my attempt to solve this in the past, I've had to get a managed switch with VLAN support. I would set up the router to trunk ALL my networks (Management and WiFi networks) as individual VLANs. I'd then have the switch strip the tagging on just the management vlan. Finally, the switch would pass the modified trunk on to the access point (so that the AP device would see the untagged management network and tagged WiFi networks. How could this be done on an unmanaged switch?

How could this be done on an unmanaged switch?

You can't. Buy a managed switch. Refurbished Cisco's are cheap. In fact, I have a number of 3500XL's and 2900XL's I'm looking to get rid of.…