cAP DHCP for wifi clients on ap bridge

milosdeymed · April 18, 2018, 6:42am

Hi, i am stuck configuring cAP lite in existing network:

Scenario:
cAP connected to switch and switch to gateway with DHCP server

2 virtual wifi interfaces - wifi-private-ap and wifi-public-ap tagging vlan 200 and 210
both wifi interfaces bridged with ether1
vlans 200, 210, 99(management) under ether1

problem:
clients on wifi does not get ip through DHCP server - mikrotik device in network behind ether1. (cAP is able to optain IP on every VLAN)

Any help or output request welcome

bridges

/interface bridge
add admin-mac=64:D1:54:F6:36:DB auto-mac=no comment=defconf name=bridge \
    vlan-filtering=yes
/interface bridge port
add bridge=bridge comment=defconf hw=no interface=ether1
add bridge=bridge comment=defconf hw=no interface=wifi-private-ap
add bridge=bridge interface=wifi-public-ap pvid=210
/interface bridge vlan
add bridge=bridge tagged=ether1,wifi-private-ap vlan-ids=200
add bridge=bridge tagged=ether1,wifi-public-ap vlan-ids=210

wifi

/interface wireless
add disabled=no keepalive-frames=disabled mac-address=66:D1:54:F6:36:DD \
    master-interface=wlan1 multicast-buffering=disabled name=wifi-private-ap \
    security-profile=wifi-private ssid=alienM vlan-id=200 vlan-mode=use-tag \
    wds-cost-range=0 wds-default-cost=0 wps-mode=disabled
add disabled=no keepalive-frames=disabled mac-address=66:D1:54:F6:36:DC \
    master-interface=wlan1 multicast-buffering=disabled name=wifi-public-ap \
    security-profile=wifi-public ssid=DeymedM vlan-id=210 vlan-mode=use-tag \
    wds-cost-range=0 wds-default-cost=0 wps-mode=disabled
/interface wireless
add disabled=no keepalive-frames=disabled mac-address=66:D1:54:F6:36:DD \
    master-interface=wlan1 multicast-buffering=disabled name=wifi-private-ap \
    security-profile=wifi-private ssid=alienM vlan-id=200 vlan-mode=use-tag \
    wds-cost-range=0 wds-default-cost=0 wps-mode=disabled
add disabled=no keepalive-frames=disabled mac-address=66:D1:54:F6:36:DC \
    master-interface=wlan1 multicast-buffering=disabled name=wifi-public-ap \
    security-profile=wifi-public ssid=DeymedM vlan-id=210 vlan-mode=use-tag \
    wds-cost-range=0 wds-default-cost=0 wps-mode=disabled

Edit: Now I have noticed that Gateway adresses of VLAN 210 and 200 are unreachable in routing table (#4, #5) that might be the reason. Ping to that gateway from cAP succeeds. Any idea why?

ip route print
Flags: X - disabled, A - active, D - dynamic, 
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, 
B - blackhole, U - unreachable, P - prohibit 
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 A S  0.0.0.0/0                          172.16.99.1               1
 1  DS  0.0.0.0/0                          172.16.200.1              1
 2  DS  0.0.0.0/0                          172.16.210.1              1
 3 ADC  172.16.99.0/24     172.16.99.208   management                0
 4 ADC  172.16.200.0/24    172.16.200.82   wifi-private              0
 5 ADC  172.16.210.0/24    172.16.210.147  wifi-public               0