I can't seem to find an answer to this so far, but for the wifi-qcom devices the recommended mode is to not use VLAN-Filtering on the CAPs and with wifi-qcom-ac the suggested config is to use VLAN-Filtering.
Why is this the case? I thought we lived in a VLAN-Filtered world now.
Re: wifi-qcom(-ac) and VLAN-filtering
The recommendation is about setting VLANs in wifi-qcom driver (and wifi-qcom-ac lacks it). This compares to using switch chip part of config for wired ports.
The way you worded the recommendation is no the way I understand it, so I can't comment directly on the wording you chose.
Alas, the general idea is to use VLAN-enabled bridge and set wifi interfaces as access ports of appropriate VLANs. And this works just fine ever since conception of wifiwave2 family of drivers (which current wifi, wifi-qcom and wifi-qcom-ac are comming from). And also works for legacy wireless driver, so it's the recommended way of doing it unless one has advanced needs which can't be solved by using this way of configuring things.
What doesn't work (but works with legacy wireless drivers) is setting VLAN ID inside wifi driver (OK, this works for wifi-qcom but doesn for wifi-qcom-ac), which allows to set wifi interface as trunk port in bridge config. And what also doesn't work is setting VLAN ID dynamically for individual wifi stations (either via ACLs or via radius server) which otherwise use same SSID and same wifi interface (note that this is not the same as running virtual WiFi with different SSID which comes with separate wifi interface on AP's side of radio). AFAIK this applies to both wifi-qcom driver variants (but it could be true only for wifi-qcom-ac).
The way you worded the recommendation is no the way I understand it, so I can't comment directly on the wording you chose.
Alas, the general idea is to use VLAN-enabled bridge and set wifi interfaces as access ports of appropriate VLANs. And this works just fine ever since conception of wifiwave2 family of drivers (which current wifi, wifi-qcom and wifi-qcom-ac are comming from). And also works for legacy wireless driver, so it's the recommended way of doing it unless one has advanced needs which can't be solved by using this way of configuring things.
What doesn't work (but works with legacy wireless drivers) is setting VLAN ID inside wifi driver (OK, this works for wifi-qcom but doesn for wifi-qcom-ac), which allows to set wifi interface as trunk port in bridge config. And what also doesn't work is setting VLAN ID dynamically for individual wifi stations (either via ACLs or via radius server) which otherwise use same SSID and same wifi interface (note that this is not the same as running virtual WiFi with different SSID which comes with separate wifi interface on AP's side of radio). AFAIK this applies to both wifi-qcom driver variants (but it could be true only for wifi-qcom-ac).
Re: wifi-qcom(-ac) and VLAN-filtering
Ah yes, some context would be helpful, I can't expect you to read my mind. What I am on about is the difference in the way a CAP is set up using the new Wifi drivers: wifi-qcom vs wifi-qcom-ac. The former doesn't use VLAN Filtering and the latter does. Why?! It should be consistent. It just feels unfinished.
https://help.mikrotik.com/docs/display/ ... iFiCAPsMAN
https://help.mikrotik.com/docs/display/ ... iFiCAPsMAN
Re: wifi-qcom(-ac) and VLAN-filtering
I'm confused here.
So ax products supports bridge VLAN filtering, right?
So ax products supports bridge VLAN filtering, right?
Re: wifi-qcom(-ac) and VLAN-filtering
It should be consistent. It just feels unfinished.
I whole heartedly agree ... and hope that they'll bring them up to the same level eventually.
Re: wifi-qcom(-ac) and VLAN-filtering
So ax products supports bridge VLAN filtering, right?
All products support bridge VLAN filtering. What wifi-qcom-ac doesn't support is being a tagged trunk (or hybrid for that matter) port of a bridge (but wifi-qcom for ax devices does ... in certain scenarios).
Re: wifi-qcom(-ac) and VLAN-filtering
Yes they do just the recommended method when setting them up as CAP clients is to NOT use VLAN-Filtering.So ax products supports bridge VLAN filtering, right?
Re: wifi-qcom(-ac) and VLAN-filtering
The problem is that with the new driver, any SSID can only be member of ONE VLAN, the untagged VLAN on the bridge port where it is connected.
So when you have a main network and a guest network, you can work with the current situation by having two SSIDs and configure the bridge correspondingly.
But this solution doesn't scale. Each extra SSID adds radio overhead, and it is strongly discouraged to have more than about 4 SSID on a single radio.
I always use the solution as sketched by mkx, and I hope that at some time the capability to set VLAN per user will come back!
So when you have a main network and a guest network, you can work with the current situation by having two SSIDs and configure the bridge correspondingly.
But this solution doesn't scale. Each extra SSID adds radio overhead, and it is strongly discouraged to have more than about 4 SSID on a single radio.
I always use the solution as sketched by mkx, and I hope that at some time the capability to set VLAN per user will come back!
Re: wifi-qcom(-ac) and VLAN-filtering
So in the start in the switch to vendor supplied drivers vlan tagging did not work with new CapsMAN. So you could not enable vlan filtering on the bridge because then it did not work. For example dynamic interfaces did not get the assigned vlan in the bridge config.
This was corrected in, I think, 7.8 or 7.9 and now vlan filtering on the bridge works.
This was never a wifi-qcom vs wifi-qcom-ac issue but a new CapsMAN, under then, wireless wave2 package.
So now recommendations are the same as far as I understand.
only difference now is that ac version driver do not assign vlan still to the interfaces on bridge.
Where did you find recommendations to have them different?
Edit: I found the config example and you are correct. Ax driver do not have vlan filter on but ac does.
https://help.mikrotik.com/docs/display/ ... ionexample:
I think MT have not updated the code examples after v7.9 as in this version this was fixed.
Changelog entry from 7.9
*) wifiwave2 - automatically add a VLAN-tagged interface to the appropriate bridge VLAN;
I run a few cAP AX and they all have vlan filtering turned on now since 7.9.
This was corrected in, I think, 7.8 or 7.9 and now vlan filtering on the bridge works.
This was never a wifi-qcom vs wifi-qcom-ac issue but a new CapsMAN, under then, wireless wave2 package.
So now recommendations are the same as far as I understand.
only difference now is that ac version driver do not assign vlan still to the interfaces on bridge.
Where did you find recommendations to have them different?
Edit: I found the config example and you are correct. Ax driver do not have vlan filter on but ac does.
https://help.mikrotik.com/docs/display/ ... ionexample:
I think MT have not updated the code examples after v7.9 as in this version this was fixed.
Changelog entry from 7.9
*) wifiwave2 - automatically add a VLAN-tagged interface to the appropriate bridge VLAN;
I run a few cAP AX and they all have vlan filtering turned on now since 7.9.
Re: wifi-qcom(-ac) and VLAN-filtering
Dynamic VLANs on the same SSID works fine on cAP AX.And what also doesn't work is setting VLAN ID dynamically for individual wifi stations (either via ACLs or via radius server) which otherwise use same SSID and same wifi interface (note that this is not the same as running virtual WiFi with different SSID which comes with separate wifi interface on AP's side of radio). AFAIK this applies to both wifi-qcom driver variants (but it could be true only for wifi-qcom-ac).
-
-
robmaltsystems
Long time Member
- Posts: 598
- Joined:
Re: wifi-qcom(-ac) and VLAN-filtering
I really shouldn't try and look at this stuff late onI whole heartedly agree ... and hope that they'll bring them up to the same level eventually.
What a can of worms I've wandered into...-
-
robmaltsystems
Long time Member
- Posts: 598
- Joined:
Re: wifi-qcom(-ac) and VLAN-filtering
Maybe but in many SOHO cases, using VLAN tagging on the interface itself (correct terminology?) was a lot simpler to set-up - on the main router/bridge, the setup for a guest VLAN wasn't too hard (create guest-vlan, set-up guest DHCP pool & server, add guest on CAPsMAN).Why is this the case? I thought we lived in a VLAN-Filtered world now.
On the access points, reset into CAPs mode, change password & identity - and Bob's your uncle. Even clients could add a new access point with a bit of guidance...
The changes to the main router/bridge aren't too hard BUT the access points are a lot trickier - probably best to use a default RSC script for each device type. Usually frowned upon but making the changes manually to each of 20 access points in a potential new build doesn't fill me with joy.
Re: wifi-qcom(-ac) and VLAN-filtering
How do you assign them? Via User Manager (or another RADIUS solution), or via an Access List on the device itself?Dynamic VLANs on the same SSID works fine on cAP AX.And what also doesn't work is setting VLAN ID dynamically for individual wifi stations (either via ACLs or via radius server) which otherwise use same SSID and same wifi interface (note that this is not the same as running virtual WiFi with different SSID which comes with separate wifi interface on AP's side of radio). AFAIK this applies to both wifi-qcom driver variants (but it could be true only for wifi-qcom-ac).
Re: wifi-qcom(-ac) and VLAN-filtering
The day I enable capsman on any of my devices, means my brain has been taken over by fungi!
Vlan filtering works on any MT AP product just fine without out, and I still have all my hair!
Vlan filtering works on any MT AP product just fine without out, and I still have all my hair!
Re: wifi-qcom(-ac) and VLAN-filtering
Well, the idea is keep the cAPs simple. The default config uses a "dumb" bridge. So that bridge to pass whatever vlan added by wifi driver. e.g. more hybrid port like UBNT APs.Why is this the case? I thought we lived in a VLAN-Filtered world now.
The wifi-qcom-ac driver do not support VLAN tagging via wifi config, so the bridge vlan-filtering=yes must tag the traffic. Now this does limit things on ac since vlan assignment on wifi interface allows things like EAP/RADIUS/UM/etc to assign it.
Re: wifi-qcom(-ac) and VLAN-filtering
It's not very friendly for sure. But worth noting that there is no fast roaming without CAPsMAN...The day I enable capsman on any of my devices, means my brain has been taken over by fungi!
Re: wifi-qcom(-ac) and VLAN-filtering
@anav is roaming between Nova Scotia and Italy. No amount of MT's "Fast Transition" will expedite Virgin Atlantic flightsIt's not very friendly for sure. But worth noting that there is no fast roaming without CAPsMAN...The day I enable capsman on any of my devices, means my brain has been taken over by fungi!
If we're talking about his WiFi, I believe his TPlink doesn't work with CAPsMAN.
Re: wifi-qcom(-ac) and VLAN-filtering
My TP LINK oldie AP cant hold a candle to the AX3 LOL.
But I am thinking of getting a zyxel wifi 7 device.,
Fast roaming not required. Im in my own home, anything I do for serious is on the PC.
I dont run around the house trying to lose signal .........you guys crack me up
But I am thinking of getting a zyxel wifi 7 device.,
Fast roaming not required. Im in my own home, anything I do for serious is on the PC.
I dont run around the house trying to lose signal .........you guys crack me up
Who is online
Users browsing this forum: No registered users and 11 guests