Hi Steve I do this at my work (Manage ~30+MT devices) and use multiple Vlans per device. I even have some Cisco gear in the mix humming along.. I have a separate vlan for management. I also make sure I turn off Mikrotik's layer 2 neighbor discovery on every bridge/vlan that's not being my management vlan, as you can do layer 2 MAC-TELNET/Winbox on your management VLAN, you dont need to give that interface an IP address, especially handy if your end device is doing other IP related activities./Or in some limited way if IP's are required, but you don't want the unit to 'route' you can always turn off routing functionality disable : IP->IP Settings->IP Forward../ If your using Capsman for wifi management you can also get remote units to chat via MAC on the management vlan rather than via an IP address. ( I did a test a few weeks ago with that and it worked ok). In most of the above I cheat and bond vlan's to the ether-interface-ports, then bond the vlan to a bridge, rather than using the on-board switch chip, but rarley do I see issues with cpu load, e.g Fastpath works well, even on low cpu powered devices. On 28/11/2016 6:23 PM, Steve Hille wrote:
Greetings all, I have a new requirement that I can't quite square away. We use the Metal devices, normally the 2SHPN for wifi, we use Cisco routers and switches and we use Windows servers as our DHCP servers. What I want to do is have the management IP address of the Metal devices on our regular data vlan so that I have layer 2 access in case things go bad, but I want them to supply DHCP addresses to another vlan from the Windows server. Let's say VLAN 10 for data and vlan 60 for the Wifi DHCP range as an example. I don't even know if it is possible, is anyone doing anything similar to this at the moment? Cheers, Steve _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au