Hello, I’m configuring a following network:
All devices are running RouterOS v7.15.1. CAPsMAN is WiFi variant (wifi-qcom) for AX standard. I’d like to configure devices by the best practices both for CAPsMAN and VLANs, using Bridge VLAN filtering.
VLAN1 - GREEN - untagged/native across whole network
VLAN10 - RED
VLAN20 - BLUE
Config that I tried to deploy without luck:
I removed all unnecessary parts (ip addresses, wifi 5 ghz, dhcp servers etc.) and left only parts that are relevant to CAPsMAN and VLANs. When trying out this config, some parts dont work if I have vlan-filtering enabled. Can someone please verify if that’s the correct way to configure things? In the past, I used “old” configuration method, of creating VLAN subinterfaces on each ethernet interface and then bridge-ing them separately, but AFAIK that is not considered best practice, so this time I wanted to do it by recommended practices.
ROUTER:
/interface bridge add name=bridge vlan-filtering=yes
/interface bridge port add bridge=bridge interface=ether2 pvid=1
/interface bridge port add bridge=bridge interface=ether3 pvid=20
/interface bridge vlan add bridge=bridge untagged=bridge,ether2 vlan-ids=1
/interface bridge vlan add bridge=bridge tagged=ether2 vlan-ids=10
/interface bridge vlan add bridge=bridge tagged=ether2 untagged=ether3 vlan-ids=20
/interface vlan add interface=bridge name=vlan10-guests vlan-id=10
/interface vlan add interface=bridge name=vlan20-iot vlan-id=20
/interface wifi capsman set enabled=yes interfaces=bridge
/interface wifi provisioning add action=create-dynamic-enabled master-configuration=wifi-lan-2.4ghz slave-configurations=wifi-guests-2.4ghz supported-bands=2ghz-ax
/interface wifi datapath add name=datapath-guests vlan-id=10
/interface wifi security add name=security-lan passphrase=xxxxxxxx
/interface wifi security add name=security-guests passphrase=yyyyyyyy
/interface wifi configuration add channel.band=2ghz-ax mode=ap name=wifi-lan-2.4ghz security=security-lan ssid=xxxxxxxx
/interface wifi configuration add channel.band=2ghz-ax datapath=datapath-guests mode=ap name=wifi-guests-2.4ghz security=security-guests ssid=yyyyyyyy
SWITCH:
/interface bridge add name=bridge vlan-filtering=yes
/interface bridge port add bridge=bridge interface=ether1 pvid=1
/interface bridge port add bridge=bridge interface=ether2 pvid=1
/interface bridge port add bridge=bridge interface=ether3 pvid=20
/interface bridge vlan add bridge=bridge untagged=ether1,ether2 vlan-ids=1
/interface bridge vlan add bridge=bridge tagged=ether1,ether2 vlan-ids=10
/interface bridge vlan add bridge=bridge tagged=ether1 untagged=ether3 vlan-ids=20
AP:
/interface bridge add name=bridge vlan-filtering=yes
/interface bridge port add bridge=bridge interface=ether1
/interface wifi datapath add bridge=bridge name=datapath-cap
/interface wifi set [ find default-name=wifi1 ] configuration.manager=capsman .mode=ap datapath=datapath-cap
/interface wifi cap set caps-man-addresses=x.x.x.x enabled=yes slaves-datapath=datapath-cap
