MikroTik

Hi, folks. I'm very new to Mikrotik but not too new to networking in general.

I have a CCR2116 and a CRS328 configured to replace a ubiquiti setup I've been running for years. I have a trunk port between those devices configured on a bond, and am using VLAN ID 101 as a base VLAN. I've gotten DHCP working across my 4 VLANs, and can ping the admin interface of the router from my switch and vice versa. I also have internet connectivity from the router and the switch.

Fast forward to today and I'm trying to configure one of my cAP AX devices with 3 SSIDs each on their own VLAN. For now I'm ignoring that portion of the setup and simply trying to get to a place where I can ping the admin interfaces of each device from the CAP so I can setup NTP/DNS/etc. for the device itself and update it. On the switch side I have ether1 configured for POE (working fine) and added to my bridge. It's tagged for all 4 VLANs to create a trunk. On the CAP side I have added ether1 to the bridge, tagged it for all VLANs, and created a VLAN interface for my base VLAN. But for the life of me I can't get connectivity to any other device working (nor internet as you might expect). I've included my CAP config - I'm purposefully keeping it simple to start with and removed all firewall rules and have filtering turned off on my bridge. I'm feeling like an idiot here and I need help

This is what my end state will be hopefully. Only exception is right now I'm prototyping and have the CAP plugged into eth1 on the switch and that configured for trunking (as I understand it).

The first I spotted: bridge ports need pvid assigned

The first I spotted: bridge ports need pvid assigned

Interesting. So on my switch and router I’ve left PVID set to 1 based on some example vlanning configs and docs. Can you help me understand why I need to change PVID here but not elsewhere? And which PVID to set on which bridge ports?

Well, as long as the bridge doesn't have VLAN filtering enabled, this won't work.
Have a look at this great topic for all your VLAN questions (and answers):

viewtopic.php?t=143620

Well, as long as the bridge doesn't have VLAN filtering enabled, this won't work.
Have a look at this great topic for all your VLAN questions (and answers):

viewtopic.php?t=143620

This is a good catch and one I was actually trying this morning. I turned on VLAN filtering as you suggest earlier today and set my interfaces like below beforehand. And I'm afraid now I can't even connect via MAC using Winbox on wifi - so time for a reset and start from scratch I guess :/. I'll give the link a read and report back.

ether1 (trunk) - admit-only-vlan-tagged
bridge - admit-only-vlan-tagged, vlan-filtering=yes
wifi2 - pvid=101, datapath.vlan-id=101
wifi1 - left as pvid=1 with no data path in hopes I could use it as a fallback

[edit] I actually have read that very excellent link you posted. It's the scaffolding for how I built out my router and switch and the AP. But I'm re-reading it now as clearly I've misunderstood something along the way.

Whelp, success!

I wiped the cAP AX and put no default config on it. Then used my config almost entirely as you saw it and....it just works. Lesson learned about not using any default config so you know exactly what's going on. Thanks for steering me back to that post! It forced me to re-validate my entire setup, which led me to wiping/taking no defaults. I'm building a CCR2116/CRS328/4x cAP AX setup side by side with my existing Unifi setup. I want to wipe all the devices and push my config just to make sure I fully understand everything, but I'm feeling a lot more comfortable with all of this.

I think next I'll try getting capsman v2 setup to ease my configuration and get some of the nice wave2 roaming stuffs. Cheers folks