Your work is amazing here my brother. Mikrotik is not fun and game and you make it simple. I have been looking for this for so long cause I didn't wanna let go of the mikrotik. I almost gave up. and today i just bumped into your videos and i was able to create a basic guest network in seconds. with no IT knowledge. because you are explaining as you do. love your wok my bro thank you.

@TKSJa

5 жыл бұрын

You are welcome.

Wow! the best, it's very clear and easy to understand. Thank you.

wow what can i say you are the best at this thank you

Hi TSJ. Thanks for sharing this video brother, It has been extremely useful for me, not just this but all of them, I'm getting addicted to your channel. Can I ask you with software do you use for video capturing screen and the yellow/red colors in the interaction of the mouse pointer?

Thanks for the video!

Great Video as always but comparing this with the Guest WiFi tutorial (without any VLANs) one cannot understand the benefits. Could you explain which are the benefits of using VLAN? It seems that all the rest of the steps we need to do them.

could u do a video on how to create a VLan for a nano station M2 is connected to Mikro tik rounter and also the additional settings you have to enable to set up the VLan for the nano station using as a station remotely

Thanks for the video, really appreciate it!

Hey there. Great video. Is there a possible way of isolating the two networks so one cannot connect to the other. At the moment i can ping the two.

Amazing, thanks for share the knowledge

@TKSJa

5 жыл бұрын

You are welcome

Very good this video! Parabéns! Brasil!

Hi, I'm still learning and a bit new to mikrotik. But I followed all the steps, but I can not see the wireless SSID on my wireless devices

Thank you for help

Thanks for providing this tutorial, very nice and understandable explanation.

@TKSJa

2 жыл бұрын

You are welcome!

love this. helped me. thanks

hi!!! please how to assign an ip address to a CAP interface in the CAPs Manager router?

Awesome. Even though, the video was made in July 2017 and the OS has been updated multiple times since then, it still works (in December 2018). I have been searching for the correct way to set up VLAN for guests. Most are outdated. Only the guidelines mentioned in this video worked for me. I can't thank you enough.

Thank you for sharing this tutorial. Could you please show us, how to configure these under RouterOS 7.13? As we all know, wireless conception and menu are changed. Thanks.

Thank you for your videos. Great work. I wanted to ask you why it is needed to create a bridge and then put the vlan and wlan in it. What ia the diference between your solution and putting the ip and dhcp directly to the vlan20 interface. So the simplest solution is just to create a wlan guest and assign ip and dhcp and if we need more secure environment we create a vlan on top of wlan and create the network we want... Cant understand the need of the bridge. Looks like a loop

@kayodetitus5252

3 жыл бұрын

I was wondering the same thing. Is it a thing with routerOS? I was thinking Create bridge-guest and vlan20 then assign vssid to bridge-guest or something like that. Am i right? is the way you do more efficient?

Thank you for the vidéo.

@TKSJa

7 жыл бұрын

You are welcome

Great vídeo, do you know If this configuration work with UniFi access point?

Tu tutorial me ha ayudado a crear mi primer vlan, desde un router mikrotik configurado de fábrica, lo único que tuve que agregar en la lista de interface(interface list) el nuevo vlan bridge (en la LAN del Bridge general, sólo agregué a la lista este vlan bridge) para que me dejara pasar internet, pero todo muy bien...

@TKSJa

5 жыл бұрын

Gracias

Which step correlates the Guest Wifi Virtual Interface with the VLAN ? Is it the one where you add both the VLAN and Guest Wifi Virtual interface to the Bridge ?

Thank you very much for this tutorial and all your tutorials. I am studying them in order to better customize my MikroTik router. ^^

Hi, nice videos, thanks! I'm practicing to build a network in a 3 floor apartment to share internet with my neighbours. I'm doing with an RB750GL and i have connected one AP with 3 SSID with VLAN. I have 3 subnet with their ouwn DHCP server and all have internet. My problems is that the networks aren't isolated and all can see everyone. Eth1 has 192.168.1.2 conected to my default router 192.1681.1. Eth2 is 192.168.100.1 and is the lan where i have connected all AP (eth3, eth4, eth5 has master port on Eth2). My vlans 11,12,13 has their subnet 192.168.11.X, 192.168.12.X and 192.168.13.X given by the dhcp server on the mikrotik. How I can Isolate the Vlans to create a Lan in every floor? Thanks

Any chance of demonstrating VLAN in CAPsMAN?

Hi, thank you so much for the tutorial! I did everything you explained and everything is working. I have two questions. Should I set firewall rules that should prevent clients in guest WiFi network from communicating with clients in the private WiFi network and whether a rule should be created that prevents clients in a WiFi private network from communicating with clients on a guest WiFi network?

@TKSJa

6 жыл бұрын

This might help kzread.info/dash/bejne/h6ebrKihm6uoaco.html

Thanks for sharing this video. It has been quite useful to me, appreciated.

Thank you for the excellent guide. I expected clients in different vlans to not be able to see (ping) each other but that is not the case. There must be a default bridge somewhere that connects all the VLANS. How do I prevent each VLAN from seeing the other VLANS. This would be a most excellent next step to build on this VLAN guide.

@AP-qc9hi

5 жыл бұрын

I got this done. Use the firewall. Forward rule.

What is the default setting of wlan1? station or AP bridge???

Hello, thank you for this tutorial, If possible i would like to ask you one question, I did exactly the same thing as you did in video, everything works just fine but when I tried to use wireshark on VLAN the sniffed packets didnt have any VLAN ID in them, so my question is, did I messed up somewhere or does something strip the VLAN ID out of packet before it even reaches the wireshark ? Thank you for your answer

@TKSJa

7 жыл бұрын

I have noticed this also, I think it is because we are using only one router so everything happens internally to the bridge.

Well, I'm a bit confused. What if I want a few ports of VLAN101 forward to VLAN202? Is it possible or are they completely unreachable?

hi thanks for this, could you pliz do a video on mpls configurations on mikrotik

HI thanks for your excellent video. At 2:40 did you forget to check the "Use Service Tag" checkbox or is it ok to leave it unchecked? Thanks and keep up the excellent work!

@hernancoronel

6 жыл бұрын

Hi I did this two times and I don't see the SSID active though it clearly shows it is enabled, I have also rebooted the router to no avail. Any ideas? My router is RouterBOARD 962UiGS-5HacT2HnT. Thanks!

Hello. I am looking for something like this vlan via wifi. What model is this? Thanks.

Awesome tutorials, thank you for taking the time to make them. Will you be make a tutorial for VLAN trunking?

@KennyTrussell

6 жыл бұрын

I would very much like to see a tutorial on VLAN trunking also. I find your way of explaining better than anyone I have found related to Mikrotik. Thank you for what you do!

In the video you show adding the vlan20 to the virtual ap interface,and then the same vlan and virtual interface you set up in a bridge.Will this not create a loop?

@TKSJa

7 жыл бұрын

No it shouldn't, you can try it with and without and let me know.

Yo bro first of all very nice videos insanely helpfull, i got a question for you. I have a mikrotik router, and i made a hotspot bridge for ethernet 3 ( wich is my wireless ap ), ip range 192.168.6.x, and they are only able to use the internet for an hour this will be my guest network. But now i still want to use this acces point for my own internet aswell can i assign another iprange to that port? My wireless AP does support vlan, so can i make another vlan on the same port ( ethernet 3 ) so my other wireless network has another ip adress, subnet and wont let me go to the landing page that my guest network gives me? I know it might be a hard question but uve been very helpfull so far, so maybe you know this aswell. Thanks! Subbed liked

@TKSJa

6 жыл бұрын

These video should help MikroTik Tutorial 7 - kzread.info/dash/bejne/in6gtdCphNXIqco.html & kzread.info/dash/bejne/qJ-DyZiDZcLUkaw.html MikroTik Tutorial 12 - kzread.info/dash/bejne/aHtqxrl_YdHPoLw.html MikroTik Tutorial 41 - kzread.info/dash/bejne/g6B3pZebZ8e5nKw.html

HI I configured second WiFi network for IOT purpose, without vlan. It works perfectly, is isolated from may basic network , I can connect from my network to IOT network but from IOT to my is blocked( set firewall rule) What is a benefit of using vlan ?

Nice!

What is the reason for putting a vlan and ap in bridge. What does the bridge do.

@piotr424

4 жыл бұрын

Declan Marks better vlan filtering in one bridge

Could you please make a tutorial on how to set up CAPsMan ? Usually we have 2-3 APs at home and it is good if we can manager them centrally. thank you !

@TKSJa

6 жыл бұрын

Noted.

TKSja, can you please give a hand ? I´ve been trying to setup a "guest" Wifi using the same Wifi AP´s working today. My work Wifi have a 192.168.20.x range and i want that the guest use a 172.16.20.X . I setup the DHCP server to give the 172 ip addresses since i already have a DHCP server for my 192 network. My router is already configured with a secondary ip address in order to route the 172 connections to internet. It is possible to work this way, im using a RB951Ui-2HhD

@TKSJa

6 жыл бұрын

Yes it can work that way without any issues.

Hi Ja, this is using a Mikrotik router which has built in WiFi correct? What about a router with no wifi, which uses external Wireless Access Points?

for guest must configure firewall ..

Hi, is it possible to set a time limit for each guest that logs into the network.

@TKSJa

6 жыл бұрын

This feature is only available when you are running a Hotspot.

Vlan to end-devices should be untagged. If is select "tag" this devices not connect, with this interface.

hi how can register for training

Does this also give you a direct vlan connection through ethernet cable?

@TKSJa

3 жыл бұрын

No

May i ask, why when i click Wireless tap on the left side menu. I can not see the "wlan1". Is my routet brokend or do i have to enable it some here? Im using RB450. Thank you.

@TKSJa

7 жыл бұрын

+Tan pn This router does not have WiFi.

Thanks :)

@TKSJa

6 жыл бұрын

You are welcome

Why did you create a new bridge for vl20 instead of adding it to the existing bridge. Is this based on the older Ros version?

@adeelhussain7092

5 жыл бұрын

Just got a mikrotik myself and been scratching my head over this VLAN stuff. It was easy on OpenWRT. I want the default untagged for all ports and tagged guest on one port for my AP. I can get the addresses out but my guest can't reach the internet. hmm

@AP-qc9hi

5 жыл бұрын

@@adeelhussain7092 forum.mikrotik.com/viewtopic.php?f=2&t=138232 This is how I set vlans (minus the dhcp and firewall rules, to keep it simple): /interface bridge add name=bridge1 protocol-mode=none vlan-filtering=yes /interface ethernet set [ find default-name=ether1 ] comment="UPLINK - TRUNK" set [ find default-name=ether2 ] comment="DOWNLINK - TRUNK" set [ find default-name=ether3 ] comment="DOWNLINK - TRUNK" set [ find default-name=ether4 ] comment="ACCESS PORT VL10" set [ find default-name=ether5 ] comment="ACCESS PORT VL98" (note: this doesn't do anything, purely information) /interface vlan add interface=bridge1 name="Network Device" vlan-id=3 add interface=bridge1 name="IT Admins" vlan-id=5 add interface=bridge1 name="Servers & Office" vlan-id=10 add interface=bridge1 name="CCTV" vlan-id=35 add interface=bridge1 name="Hotspot" vlan-id=98 /interface bridge port add bridge=bridge1 interface=ether1 add bridge=bridge1 interface=ether2 add bridge=bridge1 interface=ether3 add bridge=bridge1 interface=ether4 pvid=10 add bridge=bridge1 interface=ether5 pvid=98 /interface bridge vlan add bridge=bridge1 tagged=bridge1,ether1,ether2,ether3 vlan-ids=3,5,10,35,98 (note: trunk or hybrid ports add to tagged. Whatever you don't tag will automatically be assigned as access port. The native vlan for the access port will follow the pvid in interface bridge port) Note: Update your ROS version to the latest. About 1-1.5yr ago mikrotik changed the way bridge handles vlans. The old method had different bridges for different vlans. The new method only has one bridge for all vlans (my method above).

firstly i wanna say thank you for your videos im learning and your vids are the best you explain everything, secondly i want to know what are the lease time cane you explain it you set it to 5 minutes what hapens after 5 minutes

Same As Tutorial 86... no internet access for Guest Wifi!

@TKSJa

5 жыл бұрын

Strange

@OsValdoKam

3 жыл бұрын

In my case, it helped: disabled "drop" rule for "forward" :)

The guest wifi doesn't have Internet access.

TKSJa How are you? hope you're fine, inform us what happen to you. Pls. don't leave us, we really need you dude, we really love your tutorials.

When I connect to that wifi, I don't have internet...???

Hmm . Just create virtual Wlan. Than create IP also dhcp ... than assign interface to virtual Wlan. Why bother create vlan ? Did i miss something ?

@hernancoronel

6 жыл бұрын

Security? Separate trusted traffic from potentially untrusted?

How would I configure a trunk port in RouterOS? For example, I need several VLAN tags on mikrotik to talk to the VLANs i've created in pfSense?

@piotr424

4 жыл бұрын

Dave Robson Read wiki.mikrotik.com there find all information.

bro i follow your over gateway video but loadblancing is not work when i download some thing 1 wan traffic show and 2 wan is not working when i disable wan 1 then wan2 is working means failover working but not speed balancing can u help me through Teamviewer? i have 4+4 mb of Internet i need balance speed 8mb in idm how its possible?

@TKSJa

7 жыл бұрын

Load balancing is not bonding, therefore you will not get the full speed by downloading a single. Because this uses PCC (Per Connection Classification), each connection (eg download) will go over WAN1 and if you start another then it will be done of the other WAN2. Try opening multiple KZread videos or downloads in separate browser windows and you will see both WAN 1 & 2 used.

@MajbourGaming

7 жыл бұрын

TKSJa i have two connection 4mb + 4mb i need to combine the speed and output in one lan in idm 8mb shows how its possible?? which method i use??

@TKSJa

7 жыл бұрын

+Hassan Zaheer Tutorials حسن ظہیرسبق Bonding

@MajbourGaming

7 жыл бұрын

TKSJa mean i need to configure my mikrotik as a bonding!! 2 different internet connection to mikrotik port 1 Wan 4mb and 4mb Wan 2 and Lan port 5 is output 8mb like that? how configure i need script!

@nicholashaines4136

6 жыл бұрын

get a fast vpn that allows multiple logins on the same user (or use a vps and setup multiple accounts for dialing in) create multiple vpn connections and bond them together.

Why DNS on DHCP 8.8.8.8? and 8.8.4.4? Why did you call VLAN ID 20 ?

@TKSJa

6 жыл бұрын

The DNS is just preference. In order for vlan to communicate they must have the same ID.

Better bridge vlan filtering. Newer configurations this is. Instead obsolete bridge +vlan

hi my freind. how apply this to all interface? I want to configure this guest on LAN and Wifi user!!!

how to increase dhcp lease time in mikrotik my lease time is 00:10:00

Please what is the important of guest wifi ?

@TKSJa

6 жыл бұрын

Segmenting your network for better security.

@johnlohan9900

6 жыл бұрын

Please can you explain me very what you say by segmenting my network for better for security ?

@puupsiex

6 жыл бұрын

john Lohan People who are on a guest network if properly implemented are not able to acces your router, server or other clients. This usually isnt like an in home scenario though

@johnlohan9900

6 жыл бұрын

nandozieee trachiostoma is it possible to the wired clients ?

@puupsiex

6 жыл бұрын

john Lohan he explains it perfectly in this video if u have seperate vlans the clients on the different vlan wont be able to communicate, you can also add rules to wired clients

This is just two bridges, the VLAN is redundant.

wiki.mikrotik.com/wiki/Manual:VLANs_on_Wireless That`s working. Only need remember, add port as " untagged" and select pvid in /bridge ports "click on properly interface" and in tab "vlan" type number: pvid (numeber vlan as untagged) In otherwise not working.

reply please

are you from harvard? cause you know you are a machine men

Here you do some wrong. You are using two bridge_ports. One is connecting Guest_wlan and Bridge 20. The other is connecting Vlan20 and Bridge 20. The first bridge_port is doing nothing, so it can be removed. A better solution would be to remove the use VLAN tag on interface Guest_wlan (no tag), remove VLAN20 that connects to Guest_wlan and bridge_port connecting VLAN20/Bridge20. Then using only one bridge_port Guest_wlan/Bridge 20. This way you get an own guest network without needing to use VLAN tag at all.

When you have a chance I would love to see you illustrate the hotspot and paypal connection. so one can process payments through paypal. I think its the safests way cause i trust paypal and i don't wanna take physical vouchers. I have the link here if you perhaps wanna look at it. he info from wiki.mikrotik. I'm just struggling to follow. but i think you may explain it better while you do it. I'd love it if you can. (wiki.mikrotik.com/wiki/User_Manager/User_payments) If you scroll down the PayPal section will be about in the middle of the page.

@TKSJa

5 жыл бұрын

noted

There is no need to click "apply" when you plan to follow it up immediately with "OK", you clearly don't know what the difference is between the two.