we have a customer with 8 coffee shops on a WAN.
customer wants to run wi-fi hotspot at each location but wants to make sure public can not access his network.
customer SM on vlan 10 MVID 5
we add an additional vlan 15 to each of the SM
we put a Mikrotik (3 port)at customer premises.
port 1 is trunk port connecting to SM
port 2 is internal customer network is VLAN 10
port 3 is wi-fi vlan 15
Mikrotik Management Interface on Vlan 5
customers can surf fine
I can access the the Mikrotik on Vlan 5
customer can not access other cusomter sites, other customer sites can not access this site
so I change the ingress vlan to 4096 and make add the vlan 10 into the SM and do the same for another site, and persto… alll works…
for some reason if a tagged packed comes to the SM and it is tagged with the ingress vlan ID the SM rejects it… I would have thought it would let it through…
does the above make sense ?