Well, that's not a consistent description. In a "dump" AP scenario, the AP and its client devices are all part of the main router's network, and therefore they can be accessed by the clients of they main router.
If you have a different subnet for the AP then that's not a dump AP; that's a router with an AP.
Edit: I must have missread that earlier! I somehow saw them as different networks!!!
The choice of whether you want a "dump AP" or a router +AP will depend on your requirements. But presuming that you have a good reason to want to have the AP make its own subnet quilt at the same time make the SMB share available to the main router's clients, then you need to forward that port on the firewall of the AP (well, the Router-AP).
Sorry I just noticed that, but it's the same concept. If you need VLC access, also from the WAN side, then you will need to forward whatever port VLC uses.
Well, the AP has assigned a static IP at the main router. That AP has no DHCP at all. So every device connected to it (wireless or not) goes directly to the main router.
I tried on firewall settings but not sure if I have do it as well at the Mikrotik firewall. I could figure it out.
No, you don't need to touch that. The firewall separates the LAN from the WAN. I understand that all your devices are at the LAN side of the main router, so you don't need and you shouldn't forward it open any ports on the main router's firewall.
It would really help if you elaborate and mention the whole story instead of leaving it up to us to connect the dots and guess what you don't explain.
Please explain the following
1- how your main router gets Internet.
2- LAN IP of your main router.
3- how your AP is connected to the main router? LAN-WAN or LAN-LAN?
4- LAN IP of the AP.
5- What other networking devices are connected to the network? Where and how?
The thing is that this last picture you have suggests that the AP is connected to the main router LAN-LAN, so Why are you assigning IPs on different network to them? This is a mystery.
It might possibly be best if you draw a diagram of the network labeling connection points and IPs. I know it might take some time, but it also take some time from people to reply to you, so please try to give as much details as possible.
3- how your AP is connected to the main router? LAN-WAN or LAN-LAN?
By ethernet.
4- LAN IP of the AP.
The AP does not have a leased IP. I just left that space in blank in main router so other devices cannot use it an cause conflicts.
5- What other networking devices are connected to the network? Where and how?
Mainly OpenWRT routers by ethernet.
The thing is that this last picture you have suggests that the AP is connected to the main router LAN-LAN, so Why are you assigning IPs on different network to them? This is a mystery.
As I stated, to avoid that LAN IP be used for other devices. It's not being leased.
OK it seems I somehow missread the IPs earlier and thought they AP wasn't on the same subnet as the main router.
So now I infer the following from what you said. Please clarify if any assumption is wrong:
Only main router (probably 10.50.10.1) is actually functioning as a router.
10.50.10.100, 10.50.10.101 and 10.50.10.102 are all working as switches/AP only. All connected by a LAN (not the WAN) port to the central switch.
You are not utilizing any VLANs on those devices.
The switch isn't a managed switch.
I am not sure what you mean. Probably that this IP is statically set on the AP, and that the DHCP range on the main router execludes that IP.
If my understanding is correct, then that should be fine. You probably should try to ping the AP from the other routers (well, switches) and see if that works.
If they can't ping each other then you may try eliminating the central switch and see if it's weekdays causing the problem.
The AP is only an AP. Its clients are also on 10.50.1.0/24 and get IPs from the main router.
Clients of APs can connect to the share.
Same client can't access the share if connected via another router.
Then the only other thing I can think of is that it's blocked by the firewall of the client. For example, if the network profile on the count for the other router network is set to public.
The firewall thing might be possible. The only thing is that looking into RouterOS firewall settings for this case is like looking a needle in a hay stack. I read something related to ports used by Samba but I am not a networking expert.
The thing is that for the PCs, the AP is upstream, so the firewall shouldn't block them from accessing the AP or the share (access from the LAN side of allowed).
The opposite scenario, however, would be what you are talking about. If you had the share on 101 and you wanted to access it from the clients of the AP or the clients of 102, then that access attempt would be from the WAN side and the firewall would block it unless you forwarded that port to the LAN side.
So it could be the Windows firewall that's recognising the network as public and hence blocking file sharing.
If not, then maybe you should post the output of the folliwing commands for 100, 101, and 102. You may redact passwords, MAC adresses and public IPs. Please use the Preformatted Text tool </> to include the code: