I can get the guest network up and broadcasting, but devices will not connect to it. If I remove the vlan id and put it on the bridge it works just fine, but on the wrong subnet of course. I am fairly confident my issue has to do with my vlan configuration, but I cannot figure out what that is. Here is my configuration:
Code:
# 2024-01-24 21:16:45 by RouterOS 7.13# software id = 9ARR-3SRK## model = RB4011iGS+/interface bridgeadd add-dhcp-option82=yes admin-mac=78:9A:18:9F:05:21 auto-mac=no comment=\ defconf dhcp-snooping=yes name=bridge_LOCAL port-cost-mode=short \ vlan-filtering=yes/interface vlanadd interface=bridge_LOCAL name=VLAN100_GuestWiFi vlan-id=100/interface listadd name=WANadd name=LAN/interface wifi channeladd band=2ghz-ax disabled=no frequency=2412,2437,2462 name=2.4Ghz \ skip-dfs-channels=all width=20/40mhzadd band=5ghz-ax disabled=no frequency=5170-5250 name=5Ghz skip-dfs-channels=\ all width=20/40/80mhz/interface wifi datapathadd bridge=bridge_LOCAL disabled=no name=datapath1add disabled=no name=datapath_GuestWiFi vlan-id=100/interface wifi securityadd authentication-types=wpa2-psk,wpa3-psk disabled=no encryption="" name=\ sec1add authentication-types=wpa2-psk,wpa3-psk disabled=no encryption="" name=\ sec_GuestWiFi/interface wifi configurationadd channel=5Ghz country="United States" datapath=datapath1 disabled=no mode=\ ap name=5Ghz security=sec1 ssid=Szostak_Design_5add channel=2.4Ghz country="United States" datapath=datapath1 disabled=no \ mode=ap name=2.4Ghz security=sec1 ssid=Szostak_Design_2.4add channel=5Ghz country="United States" datapath=datapath_GuestWiFi \ disabled=no mode=ap name=cfg_GuestWiFi security=sec_GuestWiFi ssid=\ Szostak_Design_Guest/ip ipsec profileset [ find default=yes ] enc-algorithm=aes-256,aes-192,aes-128,3des/ip ipsec proposalset [ find default=yes ] auth-algorithms=sha512,sha256,sha1/ip pooladd name=L2TP_VPN01 ranges=10.10.10.201-10.10.10.250add name=GuestWiFi ranges=172.16.8.2-172.16.8.100/ip dhcp-serveradd address-pool=L2TP_VPN01 interface=ether1 lease-time=8h name=dhcp_VPN01add address-pool=GuestWiFi interface=VLAN100_GuestWiFi lease-time=8h name=\ dhcp_GuestWiFi/portset 0 name=serial0set 1 name=serial1/ppp profileadd dns-server=10.10.10.100,9.9.9.9 local-address=10.10.10.1 name=L2TP_VPN01 \ remote-address=L2TP_VPN01 use-ipv6=no/interface bridge portadd bridge=bridge_LOCAL comment=defconf disabled=yes interface=ether1 \ internal-path-cost=10 path-cost=10add bridge=bridge_LOCAL comment=defconf interface=ether2 internal-path-cost=\ 10 path-cost=10add bridge=bridge_LOCAL interface=VLAN100_GuestWiFi/interface detect-internetset detect-interface-list=WAN/interface l2tp-server serverset authentication=mschap2 default-profile=L2TP_VPN01 enabled=yes \ one-session-per-host=yes use-ipsec=yes/interface list memberadd interface=ether1 list=WANadd interface=bridge_LOCAL list=LAN/interface wifi capsmanset ca-certificate=********* certificate=\ ********* enabled=yes interfaces=bridge_LOCAL \ package-path="" require-peer-certificate=no upgrade-policy=\ suggest-same-version/interface wifi provisioningadd action=create-dynamic-enabled disabled=no master-configuration=5Ghz \ supported-bands=5ghz-ax,5ghz-n,5ghz-acadd action=create-dynamic-enabled disabled=no master-configuration=2.4Ghz \ supported-bands=2ghz-ax,2ghz-g,2ghz-n/ip addressadd address=10.10.10.1/24 interface=bridge_LOCAL network=10.10.10.0add address=172.16.8.1/24 interface=VLAN100_GuestWiFi network=172.16.8.0/ip cloudset ddns-enabled=yes/ip dhcp-clientadd interface=ether1/ip dhcp-server networkadd address=172.16.8.0/24 dns-server=9.9.9.9,142.112.112.112 gateway=\ 172.16.8.1/ip dnsset servers=9.9.9.9,142.112.112.112/ip firewall filteradd action=accept chain=input comment="accept established,related,untracked" \ connection-state=established,related,untrackedadd action=accept chain=input comment=VPN01_ipsec in-interface=ether1 \ protocol=ipsec-espadd action=accept chain=input comment=VPN01_udp dst-port=500,1701,4500 \ in-interface=ether1 protocol=udpadd action=drop chain=input comment="drop invalid" connection-state=invalidadd action=accept chain=input comment="accept ICMP" protocol=icmpadd action=drop chain=input comment="drop all not coming from LAN" \ in-interface-list=!LANadd action=accept chain=forward comment=\ "accept established,related, untracked" connection-state=\ established,related,untrackedadd action=drop chain=forward comment="drop invalid" connection-state=invalidadd action=accept chain=forward comment="accept in ipsec policy" \ ipsec-policy=in,ipsecadd action=accept chain=forward comment="accept out ipsec policy" \ ipsec-policy=out,ipsecadd action=drop chain=forward comment="drop all from WAN not DSTNATed" \ connection-nat-state=!dstnat in-interface-list=WAN/ip firewall natadd action=masquerade chain=srcnat out-interface-list=WAN/ppp secret"Removed Secrets for privacy"/system clockset time-zone-name=America/New_York/system identityset name=StkDgn/system noteset show-at-login=no/system routerboard settingsset enter-setup-on=delete-keyStatistics: Posted by ClintonITWorks — Thu Jan 25, 2024 4:20 am