- Main network on 192.168.88.0/24
- Guest network on 172.16.0.0/24 VLAN20
- UniFi AP is connected to a MikroTik router ether2 via DHCP assignment
- UniFi AP can be managed on via main network
- MikroTik initially on default configuration
/interface bridge port
add bridge=bridge interface=ether2
/interface bridge vlan
add bridge=bridge tagged=ether2,bridge vlan-ids=20
add bridge=bridge vlan-ids=1
/interface bridge set [name=bridge] protocol-mode=none vlan-filtering=yes
/interface vlan
add interface=bridge name=GUEST_VLAN20 vlan-id=20
/interface list member
add interface=GUEST_VLAN20 list=LAN
/ip address
add address=172.16.0.1/24 interface=GUEST_VLAN20 network=172.16.0.0
/ip pool
add name=pool-guest ranges=172.16.0.2-172.16.0.254
/ip dhcp-server network
add address=172.16.0.0/24 dns-server=8.8.8.8 gateway=172.16.0.1
/
/ip dhcp-server
add address-pool=pool-guest interface=GUEST_VLAN20 name=dhcp-guest
/ip firewall address-list
add address=192.168.88.0/24 list=main
add address=172.16.0.0/24 list=guest
# prevent guests from accessing main network
/ip firewall filter
add action=drop chain=forward connection-state=new dst-address-list=main in-interface=GUEST_VLAN20
