Similar to this post: http://forum.mikrotik.com/viewtopic.php?f=7&t=84702
I have three WAPs connected to cover three floors of a building. The WAP on the first floor is the CAPsMAN. The other two WAPs are able to see the WAP on the first floor, and I can manage all three using winbox.
The wireless config consists of a 'public', 'patrol' and 'staff' SSID. Each one is set to have it's own data path with a VLAN mode of 'use tag' and the following:
public - VLAN 60
staff - VLAN 30
patrol - VLAN 20
The pfSense router also has an interface in each of those VLANs, and is running DHCP.
When a phone or computer connects to any of the SSIDs, it is able to authenticate, then it starts the DHCP process.
The pfSense firewall sees the DHCP packets on the correct VLAN interface, and replies, but the packets never reach the phone or computer that is connecting.
I tried manually setting an IP address on a computer and connecting to the wireless. I am unable to ping from the wireless-connected device to anything on the VLAN, and I am unable to ping from a device on the VLAN to the wireless-connected device.
I am able to see packets coming *from* the wireless-connected device using Wireshark, and I see the responses--but I never see them *on* the wireless-connected device while running wireshark. I am running 6.19.
Thanks,
-A
Re: CAPsMAN, VLANs and no return packets
This is driving me nuts. I purchased another four RB2011UiAS-2HnD-IN units, upgraded them to 6.20 and tried a very simple setup--running an ethernet cable between all of them to create a long 'chain' over a distance of about 150 feet.
I set up CAPsMAN on the one closes to my router, created three VLANs on my router and the root device, and every client that connects sees the same pattern--DHCPDISCOVER from the client, DHCPOFFER from the router, and nothing reaches the client.
I can manually set an IP on the client, connect to an SSID, and ping the bridge IP, but I can't ping anything past the bridge.
Example:
I have an interface on the firewall tagged as VLAN42 going into interface 24 on the switch. I have a vlan set up on the switch called 'vhome' identified as 42.
'vhome' (42) is in the bridge 'brhome'. CAPsMAN puts the SSID 'home' on cap1 which is automatically added to the bridge 'brhome'.
If I add an IP address .253 using the interface 'brhome', I get the following results:
My laptop can ping the firewall (.254) and the switch (.253), but can not ping the wireless client (.251).
The wireless client can ping the switch (.253) but not the firewall (.254) or my laptop (.250).
It's like traffic isn't leaving the bridge, even though traffic can go in from either side.
Any pointers? Am I missing something or is it a bug?
-A
I set up CAPsMAN on the one closes to my router, created three VLANs on my router and the root device, and every client that connects sees the same pattern--DHCPDISCOVER from the client, DHCPOFFER from the router, and nothing reaches the client.
I can manually set an IP on the client, connect to an SSID, and ping the bridge IP, but I can't ping anything past the bridge.
Example:
I have an interface on the firewall tagged as VLAN42 going into interface 24 on the switch. I have a vlan set up on the switch called 'vhome' identified as 42.
'vhome' (42) is in the bridge 'brhome'. CAPsMAN puts the SSID 'home' on cap1 which is automatically added to the bridge 'brhome'.
If I add an IP address .253 using the interface 'brhome', I get the following results:
My laptop can ping the firewall (.254) and the switch (.253), but can not ping the wireless client (.251).
The wireless client can ping the switch (.253) but not the firewall (.254) or my laptop (.250).
It's like traffic isn't leaving the bridge, even though traffic can go in from either side.
Any pointers? Am I missing something or is it a bug?
-A
Re: CAPsMAN, VLANs and no return packets
are you using local forwarding or full capsman forwarding?
Please contact support@mikrotik.com with your support output file from the CAPsMAN and the CAP.
Please contact support@mikrotik.com with your support output file from the CAPsMAN and the CAP.
Re: CAPsMAN, VLANs and no return packets
I'm using capsman forwarding. I sent in the support file.are you using local forwarding or full capsman forwarding?
Please contact support@mikrotik.com with your support output file from the CAPsMAN and the CAP.
I will have three more WAPs arriving sometime next week and will be able to set up a test lab to do more detailed testing. The current WAPs and switches are in production (minus the wireless).
-A
Re: CAPsMAN, VLANs and no return packets
Just tested local forwarding, and it works when I connect to the wireless on the CAPsMAN. It'll take me a while to test on the other devices.I'm using capsman forwarding. I sent in the support file.are you using local forwarding or full capsman forwarding?
Please contact support@mikrotik.com with your support output file from the CAPsMAN and the CAP.
I will have three more WAPs arriving sometime next week and will be able to set up a test lab to do more detailed testing. The current WAPs and switches are in production (minus the wireless).
-A
-A
Re: CAPsMAN, VLANs and no return packets
Local forwarding also works on remote devices.Just tested local forwarding, and it works when I connect to the wireless on the CAPsMAN. It'll take me a while to test on the other devices.I'm using capsman forwarding. I sent in the support file.are you using local forwarding or full capsman forwarding?
Please contact support@mikrotik.com with your support output file from the CAPsMAN and the CAP.
I will have three more WAPs arriving sometime next week and will be able to set up a test lab to do more detailed testing. The current WAPs and switches are in production (minus the wireless).
-A
-A
If I understand CAPsMAN correctly, in local forwarding mode, all wireless interfaces are put into one bridge with the option of adding VLAN tags which would require me to change from a mostly bridged environment to a switched environment.
-A
Who is online
Users browsing this forum: Amazon [Bot] and 55 guests