I’m testing out capsman. What I’m trying to do is to provision multiple ssid to multiple wAP ac / hAP ac that already has vlan and bridges configured. The problem is that provisioning does not add wlan interface to the local bridge at the ap. I have to log into every ap and run something like
/interface bridge port add bridge=bridge-admin interface=wlan2
for every virtual AP that I add to the capsman. Am I missing something from the config?
I add some details in case someone is searching for the solution to a similar issue.
When using capsman forwarding:
-set bridge in datapath section of capsman
do not set bridge in cap config.
When using local forwarding:
set vlan using bridge as interface. Do not use individual bridges for each vlan on the cap (you can still use individual bridges on capsman)
set bridge in cap config
do not set bridge in capsman
set vlan=use tag and vlan id in capsman datapath section. And the obvious: enable local forwarding
I have been looking for this solution for quite some time, finally here is the answer, thanks.
However I am unable to add PVID to wlan interface added inside the bridge CAP side.
They always end up untagged with PVID 1.
That should be OK because if the VLAN settings from CAPsMAN datapath configuration really do work even for ****
datapath.local-forwarding=yes
, there should be no tagless packets, so the
pvid
value should never be necessary. Each packet should get tagged already at the (virtual) AP on its way from the air to the wire, and untagged there on its way from the wire to the air.
If it eventually does not work the way above, you have to prevent the automatic addition of CAPsMAN-controlled interfaces to the bridge, and your only currently available way to get to the necessary data to add them using a script (where packets from the wireless interface would come tagless and the ****
pvid
would thus be important) seems to be
/interfface wireless print file=my-wlan-list
{
local contents=[/file get my-wlan-list.txt]
...parse $contents for the information you need...
}
I’m afraid the CAP configuration may not (yet) be aligned with the new bridge implementation, so if you can live without ****
vlan-filtering
on the bridge, setting it to
no
should be your workaround (as in this mode, the configuration in
/interface bridge vlan
is ignored). Or try to split that line into three, each with a single VLAN ID in vlan-ids, and see whether that helps the interfaces to be added there automatically. But since in this case you don’t need to link the particular SSID to a particular interface and VLAN ID, and the interface names can be obtained using a script, it should be possible to add them to the configuration this way.
I already tried splitting the entry in three different ones for each vlan.
BTW, would you / anyone know the difference between adding them to a single entry vs multiple ones? Is there any?
…and it didn’t work automatically either, yes, I’ve checked yesterday as well.
BTW, would you / anyone know the difference between adding them to a single entry vs multiple ones? Is there any?
I guess that the basic idea is just to simplify the configuration if several VLANs share the same physical topology, so there should be no functional difference between
I haven’t tested with MSTP heavily but even there you have to be able to configure untagged ports for one particular VLAN so a dedicated line for that VLAN is necessary even if that VLAN shares the spanning-tree instance with others.
Hey,
Not sure I still have it cause either it wasn’t required in the first place or RoS evolved enough to tag them correctly (and add them to the bridge mentioned in the caps conf).
Hope this helps otherwise we can go further into the details.
I am unable to add PVID to wlan interface added inside the bridge CAP side.