AP SWITCH CHANGES
1- Should only have one vlan entry
/interface vlan
add comment="Management" network" interface=LAN_BRIDGE name=MGMT_VLAN vlan-id=99
2 - Should only have one entry.
/interface list
add name=MGMT_LIST
3 - REMOVED ETHER3 from bridge ports.
As you defined it: set [ find default-name=ether3 ] comment="Management access port (static IP only)"
You already have management access port on ether2 and home access port on ether4
Ether 3 is an independent OFF bridge access in case the vlan filtering and bridge get screwed up.
Simply assign the Ip address as per below, if you need access set your laptop to ipv4 settings 192.168.55.5 for example..........
4 - Modified for correctness iaw 2-
/ip neighbor discovery-settings
set discover-interface-list=MGMT_LIST
5- I prefer to manually insert untags on /interface bridge vlans so they show up on the export and I can cross check easily with bridge port settings.
/interface bridge vlan
add bridge=LAN_BRIDGE comment="traffic tagged 99 (MGMT) can forward from LAN_B\
RIDGE via ports ether1,ether5" tagged=LAN_BRIDGE,ether1,ether5 untagged=ether2\
vlan-ids=99
add bridge=LAN_BRIDGE comment="traffic tagged 10 (HOME) can forward from LAN_B\
RIDGE via ports ether1,ether5" tagged=ether1,ether5 untagged=ether4,\
HOME_WLAN1_2G,HOME_WLAN2_5G vlan-ids=10
add bridge=LAN_BRIDGE comment="traffic tagged 20 (GUEST) can forward from LAN_\
BRIDGE via ports ether1,ether5" tagged=ether1,ether5 untagged=GUEST_WLAN1_2G,\
GUEST_WLAN2_5G vlan-ids=20
add bridge=LAN_BRIDGE comment="traffic tagged 30 (NOT) can forward from LAN_BR\
IDGE via ports ether1,ether5" tagged=ether1,ether5 untagged=NOT_WLAN1_2G \
vlan-ids=30
add bridge=LAN_BRIDGE comment="traffic tagged 40 (IOT) can forward from LAN_BR\
IDGE via ports ether1,ether5" tagged=ether1,ether5 untagged=IOT_WLAN1_2G \
vlan-ids=40
6- Corrected
/interface list member
add interface=MGMT_VLAN list=MGMT_LIST
add interface=HOME_VLAN list=MGMT_LIST
add interface=ether3 list=MGMT_LIST
7- Reduced, Only two addresses required.
/ip address
add address=10.0.0.26/24 interface=MGMT_VLAN network=10.0.0.0
add address=192.18.55.1/24 interface=ether3 network=192.168.55.0
8- ADDED!!
/tool mac-server mac-winbox
set allowed-interface-list=MGMT_LIST
1- Should only have one vlan entry
/interface vlan
add comment="Management" network" interface=LAN_BRIDGE name=MGMT_VLAN vlan-id=99
2 - Should only have one entry.
/interface list
add name=MGMT_LIST
3 - REMOVED ETHER3 from bridge ports.
As you defined it: set [ find default-name=ether3 ] comment="Management access port (static IP only)"
You already have management access port on ether2 and home access port on ether4
Ether 3 is an independent OFF bridge access in case the vlan filtering and bridge get screwed up.
Simply assign the Ip address as per below, if you need access set your laptop to ipv4 settings 192.168.55.5 for example..........
4 - Modified for correctness iaw 2-
/ip neighbor discovery-settings
set discover-interface-list=MGMT_LIST
5- I prefer to manually insert untags on /interface bridge vlans so they show up on the export and I can cross check easily with bridge port settings.
/interface bridge vlan
add bridge=LAN_BRIDGE comment="traffic tagged 99 (MGMT) can forward from LAN_B\
RIDGE via ports ether1,ether5" tagged=LAN_BRIDGE,ether1,ether5 untagged=ether2\
vlan-ids=99
add bridge=LAN_BRIDGE comment="traffic tagged 10 (HOME) can forward from LAN_B\
RIDGE via ports ether1,ether5" tagged=ether1,ether5 untagged=ether4,\
HOME_WLAN1_2G,HOME_WLAN2_5G vlan-ids=10
add bridge=LAN_BRIDGE comment="traffic tagged 20 (GUEST) can forward from LAN_\
BRIDGE via ports ether1,ether5" tagged=ether1,ether5 untagged=GUEST_WLAN1_2G,\
GUEST_WLAN2_5G vlan-ids=20
add bridge=LAN_BRIDGE comment="traffic tagged 30 (NOT) can forward from LAN_BR\
IDGE via ports ether1,ether5" tagged=ether1,ether5 untagged=NOT_WLAN1_2G \
vlan-ids=30
add bridge=LAN_BRIDGE comment="traffic tagged 40 (IOT) can forward from LAN_BR\
IDGE via ports ether1,ether5" tagged=ether1,ether5 untagged=IOT_WLAN1_2G \
vlan-ids=40
6- Corrected
/interface list member
add interface=MGMT_VLAN list=MGMT_LIST
add interface=HOME_VLAN list=MGMT_LIST
add interface=ether3 list=MGMT_LIST
7- Reduced, Only two addresses required.
/ip address
add address=10.0.0.26/24 interface=MGMT_VLAN network=10.0.0.0
add address=192.18.55.1/24 interface=ether3 network=192.168.55.0
8- ADDED!!
/tool mac-server mac-winbox
set allowed-interface-list=MGMT_LIST
Statistics: Posted by Mesquite — Mon Feb 26, 2024 2:15 am