Hello,
Does anybody know if radius authentication with an external radius servers works with the new drivers wifi-qcom-ac 7.13 to allocate different vlans to clients? My setup worked very well on V6 with capsman. Currently and trying to do the same on 7.13 and struggling to make it work. Read about the issues with vlan assignments but not sure if this affects radius authentication also. At the moment just trying to make one AP work with wifi radius authentication beforing adding capsman. With wpa2-psk i manage to make the configuration work with an untagged vlan.

Current config below

/interface bridge
add name=bridge vlan-filtering=yes
/interface wifi
# SSID not set
set [ find default-name=wifi1 ] configuration.manager=local .mode=ap disabled=no
/interface vlan
add interface=bridge name=MGMT vlan-id=217
/interface wifi security
add authentication-types=wpa2-eap,wpa3-eap disabled=no eap-accounting=yes name=sec1
/interface wifi
set [ find default-name=wifi2 ] channel.band=5ghz-ac .skip-dfs-channels=all .width=20/40/80mhz configuration.country=Romania .manager=local .mode=ap .ssid=B1 disabled=no security=sec1
/interface bridge port
add bridge=bridge interface=ether1
add bridge=bridge frame-types=admit-only-vlan-tagged interface=wifi2 pvid=320
/interface bridge vlan
add bridge=bridge tagged=ether1,bridge vlan-ids=217
add bridge=bridge tagged=ether1,bridge untagged=wifi2 vlan-ids=320
/interface wifi cap
set caps-man-addresses=172.17.0.251 discovery-interfaces=ether1 slaves-static=no
/ip address
add address=172.17.0.169/24 interface=MGMT network=172.17.0.0
/ip dns
set servers=192.168.13.200
/ip route
add distance=1 gateway=172.17.0.254
/radius
add accounting-port=2041 address=XX.XX.XX.XX authentication-port=2040 service=wireless
/radius incoming
set accept=yes
/system clock
set time-zone-name=Europe/Bucharest
/system logging
add topics=wireless,info
add topics=caps,info
add prefix=error topics=radius
add topics=wireless,info
add topics=caps,info
add prefix=error topics=radius
/system note
set show-at-login=no
/system package update
set channel=development

Any advice would be appreciated:)

Your setup isn't possible when running wave2/wifi drivers. The new driver doesn't handle VLAN tags natively (neither per user set by radius or ACLs nor static set as datapath property).

We're quite a large group of users hoping and waiting for this support to get added.

Thank you. At least i know what i have to do now. Hopefully it will fixed soon.

Your setup isn't possible when running wave2/wifi drivers. The new driver doesn't handle VLAN tags natively (neither per user set by radius or ACLs nor static set as datapath property).

We're quite a large group of users hoping and waiting for this support to get added.

Could you elaborate please? I am a RouterOS newbie. I am asking because I think I have something like OP wants working.

My current setup is one CRS-323 (currently on SwitchOS) and two cAP-ax running wifi-qcom. I have dynamic vlan assignment working with WPA2-EAP, without capsman for now. The clients are authenticated against a FreeRadius running on a pfsense, which also tells the APs which VLAN each client belongs to. What I am struggling with is to do dynamic VLAN assignment with wifi-qcom and WPA2-PSK by MAC address. But I asked about that in a different topic.

Your setup isn't possible when running wave2/wifi drivers. The new driver doesn't handle VLAN tags natively (neither per user set by radius or ACLs nor static set as datapath property).

We're quite a large group of users hoping and waiting for this support to get added.

Could you elaborate please? I am a RouterOS newbie. I am asking because I think I have something like OP wants working.

My current setup is one CRS-323 (currently on SwitchOS) and two cAP-ax running wifi-qcom. I have dynamic vlan assignment working with WPA2-EAP, without capsman for now. The clients are authenticated against a FreeRadius running on a pfsense, which also tells the APs which VLAN each client belongs to. What I am struggling with is to do dynamic VLAN assignment with wifi-qcom and WPA2-PSK by MAC address. But I asked about that in a different topic.

There are 2 different wifi drivers for ac and ax devices. The ax devices work with dynamic vlan tagging as you mentioned. The ac ones not yet.

There are 2 different wifi drivers for ac and ax devices. The ax devices work with dynamic vlan tagging as you mentioned. The ac ones not yet.

Oh right, that makes sense. Thanks!