Additionally, I've noticed in some tutorials that firewalls are used to block access between VLANs. If I'm required to use a firewall, what's the purpose of using VLANs?
This is a common knowledge, the same for all network vendors (in no way specific to Mikrotik): OSI layers can explain some of your dilemma. VLANs are layer 2 and separate networking devices from each other if those are members of different VLANs (as if these devices were connected to separate ethernet infrastructure).
IP (or IPv6) is layer3. Most often an IP subnet maps to single ethernet broadcast domain (or single VLAN if you wish).
Now: your wireless AP in principle works on layer2 ... SSID represents L2, VLAN represents L2, you can connect tow together.
Alas: router works on layer3, it connects different IP subnets. Simpler routers will have one IP subnet connected to each ethernet port. If VLANs are used, then VLANs are considered as sort of "virtual ports" and then there is one IP subnet per "virtual port".
When router has IP addresses in different IP subnets, it'll happily pass packets between those IP subnets. If you want to block such communication, you need some mechanism that blocks it. Simplest way of doing it are routing rules, but those are pretty rigid. Using firewall (with its statefullness) is much more flexible.
BTW, for a router, all connected directions are the same, so for router WAN and LAN are not any different (the only difference is default route which usually points to WAN side). So without a firewall, the whole internet could access your LAN. With strategically constructed firewall rules it can not, but LAN can access the whole internet.
Back to VLANs and ROS specifics: read these two tutorials: viewtopic.php?t=143620 and viewtopic.php?t=173692
With new wifi driver, you create (real and virtual) SSIDs. Each will give you a separate wireless interface. You then make those interfaces access ports, members of appropriate VLANs ... you do that by setting appropriate pvid value to these bridge ports.
Statistics: Posted by mkx — Thu Apr 04, 2024 8:07 am