Hi,
I’ve got a cAP Lite access point running RouterOS v6.40.4 which I’m trying to set it up as an AP with 1 SSID per vlan using CAPsMAN.
I followed this guide: https://www.linkedin.com/pulse/building-corporate-wi-fi-network-using-mikrotik-capsman-ciobanu/ which covers a 2-vlan/SSID configuration, and figured it should be easy to expand with n vlans/SSIDs after first working through that guide.
Here is my config:
add local-forwarding=yes name=dp-15-home vlan-id=15 vlan-mode=use-tag
add local-forwarding=yes name=dp-902-guests vlan-id=902 vlan-mode=use-tag
/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm name=auth-15-home passphrase=somethingsecret
add authentication-types=wpa2-psk encryption=aes-ccm name=auth-902-guests passphrase=somethingsecret
/caps-man channel
add band=2ghz-onlyn extension-channel=Ce frequency=2412 name=channel1 width=20
/caps-man configuration
add channel=channel1 country=norway datapath=dp-15-home mode=ap name=conf-15-home24 security=auth-15-home ssid=Home24
add channel=channel1 country=norway datapath=dp-902-guests mode=ap name=conf-902-guests24 security=auth-902-guests ssid=Guests24
/caps-man provisioning
add action=create-dynamic-enabled master-configuration=conf-15-home24 \
slave-configurations=conf-902-guests24s
CAPsMAN is running on my RB750gr2 and I can see that it provisions both SSIDs on the cAP lite:
[admin@cAP1] /interface> print
Flags: D - dynamic, X - disabled, R - running, S - slave
# NAME TYPE ACTUAL-MTU L2MTU MAX-L2MTU MAC-ADDRESS
0 RS ether1 ether 1500 1598 2028 6C:3B:6B:EE:37:98
1 RS ;;; managed by CAPsMAN
;;; channel: 2437/20-Ce/gn(20dBm), SSID: Home24, local forwarding
wlan1 wlan 1500 1600 2290 6C:3B:6B:EE:37:99
2 DR ;;; managed by CAPsMAN
;;; SSID: Guests24, local forwarding
wlan2 wlan 1500 1600 6E:3B:6B:EE:37:99
3 R ;;; defconf
bridge bridge 1500 1598 6C:3B:6B:EE:37:98
My problem is that I don’t get an IP address when I connect to the “Guests24”, “Home24” works fine. However, if I swap the master/slave provisioning configuration (so that Guest24 is master and Home24 is slave), then Guest24 works as expected and I observe the connectivity issues on Home24 instead.
Besides the above capsman config I have only made the following changes after a factory reset:
- Change IP address
- Enable CAPsMAN
vlan
ether1 is connected to a switch where vlans 15 and 902 are tagged. These are obviously configured correctly (in the switch) as I receive ip addresses in expected subnets when swapping master/slave config as mentioned above. untagged vlan is used for the “admin” subnet (the bridge’s ip address is in this subnet’s range) but don’t suspect this is related to my issue.
I honestly don’t understand how vlans work with capsman because I have not been able to see the vlan ids (15/902) anywhere in the cAPL’s config after it has been provisioned, but I suspect the problem has to do with the vlans, somehow.
Does anyone have any pointers as to why the wifi/ssid in slave-configuration is not working?
Thanks,
Geir
edit: typos, clarification