Community discussions

MikroTik App
  4. RouterOS
  5. Wireless Networking

CAPsMAN vlan assigment from access-list

Post Reply
 
nemke
Member Candidate
Member Candidate
Topic Author
Posts: 160
Joined: Thu Jul 31, 2014 2:52 am

CAPsMAN vlan assigment from access-list

Sun Feb 04, 2024 3:23 pm

Hello
I have problems with VLAN and CAPsMAN. Config is simle. I have 5 CAP devices, switch and router (CAPsMAN)
CAP (AP) areconnecter to switch over lan (trunk) nad switch iscnnected to Router (CAPsMAN) over lan (trunk).
I have 3 SSID on every cap(2,4Ghz, 5GHz, and Guest) and thera are connected to vlan-s. All work fine. BUT problem is that,when I want to TAKE come cilent (MAC) to different vlanon SSID connected to other vlan. DHVP never assingIP address to that client.
My config ofCAPSMAN:

# feb/04/2024 14:11:10 by RouterOS 6.49.12
# software id = 2QWV-5TEA
#
# model = CCR1009-7G-1C-1S+
# serial number = 79AE0695C60F
/caps-man channel
add band=5ghz-n/ac control-channel-width=20mhz name="Channel Auto 5GHz" skip-dfs-channels=yes
add band=2ghz-b/g/n control-channel-width=20mhz extension-channel=disabled name="IoT gateway"
add band=2ghz-b/g/n control-channel-width=20mhz extension-channel=disabled name="Channel 2.4GHz"
/caps-man rates
add basic=6Mbps name="GN Only - No B" supported=6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps
/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm name=Petrovic
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm name=Gost
add authentication-types=wpa-psk,wpa2-psk encryption=aes-ccm group-encryption=aes-ccm name=Ponjavic
add authentication-types=wpa2-eap encryption=aes-ccm group-encryption=aes-ccm name="IoT Gateway"
add authentication-types=wpa-psk,wpa2-psk encryption=aes-ccm group-encryption=aes-ccm name=Apartman
/caps-man aaa
set called-format=mac
/caps-man access-list
add allow-signal-out-of-range=10s disabled=no mac-address=AA:05:93:9F:88:E0 ssid-regexp="" vlan-id=88 vlan-mode=use-tag
add action=accept allow-signal-out-of-range=10s disabled=no interface="Capsman Kuca" signal-range=-85..120 ssid-regexp=""
add action=reject allow-signal-out-of-range=10s disabled=no interface="Capsman Kuca" signal-range=-120..-86 ssid-regexp=""
add action=query-radius allow-signal-out-of-range=always disabled=no interface=IoT ssid-regexp="IoT Network"
add action=accept allow-signal-out-of-range=10s disabled=no interface=IoT signal-range=-88..120 ssid-regexp=""
add action=reject allow-signal-out-of-range=10s disabled=no interface=IoT signal-range=-120..-89 ssid-regexp=""
/caps-man configuration
add channel="Channel 2.4GHz" country=serbia datapath=petrovic installation=indoor mode=ap name="Stan Petrovic 2,4GHz" rates="GN Only - No B" rates.vht-basic-mcs="" rates.vht-supported-mcs="" security=Petrovic ssid="Wi-Fi Stan 2,4GHz"
add channel="Channel 2.4GHz" country=serbia datapath=Gosti mode=ap name="Gost 2,4GHz" rates="GN Only - No B" security=Gost ssid=Gost
add channel="Channel Auto 5GHz" country=serbia datapath=petrovic mode=ap name="Stan Petrovic 5GHz" rates.vht-basic-mcs="" rates.vht-supported-mcs="" security=Petrovic ssid="Wi-Fi Stan 5GHz"
add channel="Channel Auto 5GHz" country=serbia datapath=ponjavic mode=ap name="Stan Ponjavic 5GHz" security=Ponjavic ssid="Ponjavic Wi-Fi 5GHz"
add channel="IoT gateway" country=serbia datapath="IoT Gateway" hide-ssid=yes installation=outdoor mode=ap name="IoT Gateway" security="IoT Gateway" ssid="IoT Network"
add channel="Channel Auto 5GHz" country=serbia datapath=Apartman mode=ap name="Apartman 5GHz" rates.vht-basic-mcs="" rates.vht-supported-mcs="" security=Apartman ssid="Taurunum 5GHz"
add channel="Channel 2.4GHz" country=serbia datapath=Apartman mode=ap name="Apartman 2,4GHz" rates.vht-basic-mcs="" rates.vht-supported-mcs="" security=Apartman ssid="Taurunum 2,4GHz"
add channel="Channel 2.4GHz" country=serbia datapath=ponjavic mode=ap name="Stan Ponjavic 2,4GHz" rates="GN Only - No B" security=Ponjavic ssid="Ponjavic Wi-Fi"
add channel="Channel Auto 5GHz" country=serbia datapath=petrovic_tag mode=ap name="Stan Petrovic 5GHz_Tag" rates.vht-basic-mcs="" rates.vht-supported-mcs="" security=Petrovic ssid="Wi-Fi Stan 5GHz"
/caps-man datapath
add bridge=bridge client-to-client-forwarding=yes interface-list="Capsman Kuca" local-forwarding=yes name=petrovic
add bridge=bridge interface-list="Capsman Kuca" name=Gosti vlan-id=254 vlan-mode=use-tag
add bridge=bridge client-to-client-forwarding=yes interface-list="Capsman Kuca" local-forwarding=yes name=ponjavic vlan-id=89 vlan-mode=use-tag
add bridge=bridge999 name="IoT Gateway"
add bridge=bridge client-to-client-forwarding=yes local-forwarding=yes name=Apartman vlan-id=90 vlan-mode=use-tag
add bridge=bridge client-to-client-forwarding=yes interface-list="Capsman Kuca" local-forwarding=yes name=petrovic_tag vlan-id=88 vlan-mode=use-tag
/caps-man interface
add configuration="Apartman 2,4GHz" disabled=no l2mtu=1600 mac-address=DC:2C:6E:52:E8:49 master-interface=none name="Apartman-AP Stan Ulica-1" radio-mac=DC:2C:6E:52:E8:49 radio-name=DC2C6E52E849
add configuration="Gost 2,4GHz" disabled=no l2mtu=1600 mac-address=DE:2C:6E:52:E8:49 master-interface="Apartman-AP Stan Ulica-1" name="Apartman-AP Stan Ulica-1-1" radio-mac=00:00:00:00:00:00 radio-name=DE2C6E52E849
add configuration="Apartman 5GHz" disabled=no l2mtu=1600 mac-address=DC:2C:6E:52:E8:4A master-interface=none name="Apartman-AP Stan Ulica-2" radio-mac=DC:2C:6E:52:E8:4A radio-name=DC2C6E52E84A
add configuration="IoT Gateway" disabled=yes l2mtu=1600 mac-address=D4:CA:6D:00:B9:E0 master-interface=none name="IoT-LoraWAN 1 (Rajaciceva 7)-1" radio-mac=D4:CA:6D:00:B9:E0 radio-name=D4CA6D00B9E0
add configuration="IoT Gateway" disabled=yes l2mtu=1600 mac-address=C4:AD:34:B2:10:83 master-interface=none name="IoT-LoraWAN 2 (Spajz Magacin 7000)-1" radio-mac=C4:AD:34:B2:10:83 radio-name=C4AD34B21083
add configuration="IoT Gateway" disabled=yes l2mtu=1600 mac-address=E4:8D:8C:FD:91:71 master-interface=none name="IoT-LoraWAN 3 (Studentska 2)-1" radio-mac=E4:8D:8C:FD:91:71 radio-name=E48D8CFD9171
add configuration="IoT Gateway" disabled=yes l2mtu=1600 mac-address=DC:2C:6E:07:79:72 master-interface=none name="IoT-LoraWAN 4 (HidroBaza Ostruznica)-1" radio-mac=DC:2C:6E:07:79:72 radio-name=DC2C6E077972
add configuration="IoT Gateway" disabled=yes l2mtu=1600 mac-address=74:4D:28:9E:85:4C master-interface=none name="IoT-SMS Gateway LTE + LoraWAN 5 (Pekez Villa)-1" radio-mac=74:4D:28:9E:85:4C radio-name=744D289E854C
/caps-man manager
set ca-certificate=auto certificate=auto enabled=yes
/caps-man manager interface
add disabled=no interface=vlan88
add disabled=no interface=bridge999
/caps-man provisioning
add action=create-enabled comment="IoT Gateway Config" disabled=yes master-configuration="IoT Gateway" name-format=prefix-identity name-prefix=IoT radio-mac=D4:CA:6D:00:B9:E0
add action=create-enabled comment="IoT Gateway Config" hw-supported-modes=gn ip-address-ranges=10.99.99.0/24 master-configuration="IoT Gateway" name-format=prefix-identity name-prefix=IoT
add action=create-dynamic-enabled comment="AP Sprat" master-configuration="Stan Petrovic 5GHz" name-format=prefix-identity name-prefix=Petrovic radio-mac=18:FD:74:7A:7D:BD
add action=create-dynamic-enabled comment="AP Sprat" master-configuration="Stan Petrovic 2,4GHz" name-format=prefix-identity name-prefix=Petrovic radio-mac=18:FD:74:7A:7D:BC slave-configurations="Gost 2,4GHz"
add action=create-dynamic-enabled comment="AP Terasa" master-configuration="Stan Petrovic 5GHz" name-format=prefix-identity name-prefix=Petrovic radio-mac=C4:AD:34:13:48:D8
add action=create-dynamic-enabled comment="AP Terasa" master-configuration="Stan Petrovic 2,4GHz" name-format=prefix-identity name-prefix=Petrovic radio-mac=C4:AD:34:13:48:D9 slave-configurations="Gost 2,4GHz"
add action=create-dynamic-enabled comment="AP Apartman" hw-supported-modes=ac master-configuration="Apartman 5GHz" name-format=prefix-identity name-prefix=Apartman radio-mac=DC:2C:6E:52:E8:4A
add action=create-dynamic-enabled comment="AP Apartman" hw-supported-modes=gn master-configuration="Apartman 2,4GHz" name-format=prefix-identity name-prefix=Apartman radio-mac=DC:2C:6E:52:E8:49 slave-configurations="Gost 2,4GHz"
add action=create-dynamic-enabled comment="AP Prizemlje" master-configuration="Stan Ponjavic 5GHz" name-format=prefix-identity name-prefix=Ponjavic radio-mac=CC:2D:E0:AF:A7:E7 slave-configurations="Stan Petrovic 5GHz_Tag"
add action=create-dynamic-enabled comment="AP Prizemlje" master-configuration="Gost 2,4GHz" name-format=prefix-identity name-prefix=Ponjavic radio-mac=CC:2D:E0:AF:A7:E6
add action=create-dynamic-enabled comment="AP Podrum" hw-supported-modes=ac master-configuration="Stan Petrovic 5GHz" name-format=prefix-identity name-prefix=Petrovic radio-mac=CC:2D:E0:E7:87:ED
add action=create-dynamic-enabled comment="AP Podrum" hw-supported-modes=gn master-configuration="Stan Petrovic 2,4GHz" name-format=prefix-identity name-prefix=Petrovic radio-mac=CC:2D:E0:E7:87:EE slave-configurations="Gost 2,4GHz"
/interface bridge
add admin-mac=9A:8C:11:4D:3F:37 auto-mac=no name=MTS
add admin-mac=6C:3B:6B:FE:5D:A3 auto-mac=no fast-forward=no name=bridge protocol-mode=none vlan-filtering=yes
add admin-mac=D4:CA:6D:00:B9:E0 auto-mac=no comment="IoT Interface" name=bridge999
/interface bridge port
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether4 pvid=88
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether5 pvid=88
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether1 pvid=100
add bridge=bridge frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=Dude-Server
add bridge=bridge frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=sfp-sfpplus1
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether6 pvid=88
add bridge=bridge frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=ether7
/interface bridge vlan
add bridge=bridge tagged=sfp-sfpplus1,Dude-Server,bridge,ether7 untagged=ether4,ether5,ether6 vlan-ids=88
add bridge=bridge tagged=sfp-sfpplus1,Dude-Server,bridge,ether7 vlan-ids=89
add bridge=bridge tagged=sfp-sfpplus1,Dude-Server,bridge,ether7 vlan-ids=254
add bridge=bridge tagged=sfp-sfpplus1,Dude-Server,bridge,ether7 vlan-ids=200
add bridge=bridge tagged=sfp-sfpplus1,Dude-Server,bridge,ether7 untagged=ether1 vlan-ids=100
add bridge=bridge tagged=sfp-sfpplus1,Dude-Server,bridge,ether7 vlan-ids=90
add bridge=bridge tagged=sfp-sfpplus1,Dude-Server,bridge,ether7 vlan-ids=201
/ip dhcp-server
add add-arp=yes address-pool=Gosti disabled=no interface=vlan254 lease-time=1d name=Gosti
add add-arp=yes address-pool="Stan Prizemlje" disabled=no interface=vlan89 lease-time=1d name="Stan Prizemlje"
add add-arp=yes address-pool="Stan Potkrovlje" bootp-support=dynamic disabled=no interface=vlan88 lease-time=1d name="Stan Potkrovlje"
add disabled=no interface=bridge999 lease-time=3h name=IoT_dhcp use-radius=yes
add add-arp=yes address-pool=Lokal_pool disabled=no interface=vlan90 lease-time=1d name=Lokal
/ip dhcp-server option
add code=66 name=option66-fanvil value="'ftp://fanvil:fanvil1910@192.168.88.253/ ... fanvil.cfg'"
add code=66 name=option66-htek value="'ftp://htek:htek1910@192.168.88.253/cfg000x.xml'"
add code=66 name=option66-panasonic value="'http://192.168.88.253:8888/OS/BCC3421DB4FE.cfg'"
add code=66 name=option66_general-file value="'ftp://fanvil:fanvil1910@192.168.88.253/Update/Fanvil/'"
add code=66 name=Test_key value="'ftp://fanvil:fanvil1910@192.168.88.253/ ... st/key.cfg'"
add code=66 name=model value="'ftp://fanvil:fanvil1910@192.168.88.253/ ... MODEL}.cfg'"
add code=66 name="Pretraga config imena" value="'tftp://192.168.88.1/Disk1/'"
add code=128 name=Test_general-config-file value="'ftp://fanvil:fanvil1910@192.168.88.253/ ... nvil/Test/'"
/ip dhcp-server option sets
add name=set66-fanvil options=option66-fanvil
add name=htek options=option66-htek
add name=set66-panasonic options=option66-panasonic
add name=test options=option66_general-file
add name=set66-fanvil-general options=option66_general-file
add name=Test options=Test_key,Test_general-config-file
/ip dhcp-server lease
add address=192.168.88.100 comment="Voip_Radni Sto" dhcp-option=option66_general-file mac-address=0C:38:3E:3E:28:73 server="Stan Potkrovlje"
add address=192.168.88.105 comment=Voip_Interfon mac-address=0C:38:3E:10:E5:C4 server="Stan Potkrovlje"
add address=192.168.88.104 comment=Voip_Podrum dhcp-option=option66-fanvil dhcp-option-set=set66-fanvil mac-address=0C:38:3E:38:7C:E2 server="Stan Potkrovlje"
add address=192.168.88.70 client-id=1:dc:a6:32:2a:d8:a7 mac-address=DC:A6:32:2A:D8:A7 server="Stan Potkrovlje"
add address=192.168.88.101 comment=Voip_Boravak dhcp-option=option66-fanvil mac-address=0C:38:3E:49:CD:3E server="Stan Potkrovlje"
add address=192.168.88.107 comment=Voip_Apartman mac-address=BC:C3:42:1D:B4:FE server="Stan Potkrovlje"
add address=192.168.88.55 client-id=1:e8:6a:64:a5:fe:7 mac-address=E8:6A:64:A5:FE:07 server="Stan Potkrovlje"
add address=192.168.88.102 comment=Voip_Kuhinja dhcp-option=option66-fanvil mac-address=0C:38:3E:49:CC:FE server="Stan Potkrovlje"
add address=192.168.88.106 comment=Voip_Zorica mac-address=80:5E:C0:D2:E3:24 server="Stan Potkrovlje"
add address=192.168.88.103 comment="Voip_Mala Soba" dhcp-option=Test_key,Test_general-config-file mac-address=0C:38:3E:4D:E5:0A server="Stan Potkrovlje"
/ip dhcp-server network
add address=20.99.99.0/24 gateway=20.99.99.1
add address=192.168.88.0/24 boot-file-name=lpxelinux.0 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.88.1 next-server=192.168.88.234
add address=192.168.89.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.89.1
add address=192.168.90.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.90.1
add address=192.168.254.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.254.1
/ip dhcp-server vendor-class-id
add disabled=yes name=Htek server="Stan Potkrovlje" vid=Htek
add disabled=yes name=Fanvil server="Stan Potkrovlje" vid=Fanvil
add address-pool="Stan Potkrovlje" disabled=yes name=Lenovo server="Stan Potkrovlje" vid=PXEClient:Arch:00000:UNDI:002001
/interface vlan
add comment="Stan Sprat" interface=bridge name=vlan88 vlan-id=88
add comment="Stan Prizemlje" interface=bridge name=vlan89 vlan-id=89
add comment=Lokal interface=bridge name=vlan90 vlan-id=90
add comment=IPTV interface=bridge name=vlan100 vlan-id=100
add comment=Security1 interface=bridge name=vlan200 vlan-id=200
add comment=Securitry2 interface=bridge name=vlan201 vlan-id=201
add comment=Gosti interface=bridge name=vlan254 vlan-id=254


CAP settup:

/interface bridge
add admin-mac=DC:2C:6E:52:E8:48 auto-mac=no fast-forward=no name=bridge protocol-mode=none vlan-filtering=yes
/interface wireless
# managed by CAPsMAN
# channel: 2422/20/gn(18dBm), SSID: Taurunum 2,4GHz, local forwarding
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX disabled=no distance=indoors frequency=auto installation=indoor mode=ap-bridge ssid=MikroTik-52E849 wireless-protocol=802.11
# managed by CAPsMAN
# channel: 5180/20-Ceee/ac/P(20dBm), SSID: Taurunum 5GHz, local forwarding
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-XXXX disabled=no distance=indoors frequency=auto installation=indoor mode=ap-bridge ssid=MikroTik-52E84A wireless-protocol=802.11
/interface ethernet
set [ find default-name=ether1 ] comment=TRUNK-Cisco
/interface vlan
add comment="Stan Sprat" interface=bridge name=vlan88 vlan-id=88
add comment="Stan Ulica" interface=bridge name=vlan90 vlan-id=90
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/snmp community
set [ find default=yes ] disabled=yes
add addresses=0.0.0.0/0 authentication-protocol=SHA1 name=private security=private write-access=yes
/interface bridge port
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether2 pvid=88
add bridge=bridge frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=ether1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface bridge vlan
add bridge=bridge tagged=bridge,ether1 untagged=ether2 vlan-ids=88
add bridge=bridge tagged=bridge,ether1 vlan-ids=90
/interface detect-internet
set lan-interface-list=LAN
/interface list member
add interface=vlan88 list=LAN
/interface wireless cap
#
set bridge=bridge discovery-interfaces=vlan88 enabled=yes interfaces=wlan1,wlan2
/ip address
add address=192.168.88.16/24 interface=vlan88 network=192.168.88.0
/ip cloud
set update-time=no
/ip dns
set servers=8.8.8.8,8.8.4.4
/ip route
add distance=1 gateway=192.168.88.1
/ip service
set telnet disabled=yes
/ip smb
set allow-guests=no interfaces=vlan88
/ip ssh
set strong-crypto=yes
/ip upnp
set show-dummy-rule=no
/snmp
set contact="Nemanja Petrovic" enabled=yes location="Rajaciceva 7 /AP Lokal" trap-community=private trap-generators=interfaces,start-trap,temp-exception trap-interfaces=all trap-target=192.168.88.252 trap-version=3
/system clock
set time-zone-name=Europe/Belgrade
/system identity
set name="AP Apartman"
/tool bandwidth-server
set authenticate=no enabled=no
/tool graphing interface
add allow-address=192.168.88.0/24
add allow-address=192.168.89.0/24
/tool graphing queue
add allow-address=192.168.88.0/24
add allow-address=192.168.89.0/24
/tool graphing resource
add allow-address=192.168.88.0/24
add allow-address=192.168.89.0/24
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool romon
set enabled=yes


So, I like tu slijent with MAC connect to vlan 88, on SSID shicj tag traficon vlan 90
add allow-signal-out-of-range=10s disabled=no mac-address=AA:05:93:9F:88:E0 ssid-regexp="" vlan-id=88 vlan-mode=use-tag

BUT DHCPnewer give IP to clinet.
log: Lokal offering lease 192.168.90.52 for AA:05:93:9F:88:E0 without success

Where is problem ?
Top
Post Reply

Who is online

Users browsing this forum: No registered users and 4 guests
  4. RouterOS
  5. Wireless Networking