Hi.
I setup capsman on 4011.
First time it was simple configuration with local forwarding and two VLAN (work and guest networks).
All worked fine without problems.
As we have other VLANs there was an idea to use them on WiFi too, but use at one SSID and change VLAN in Access Rules by MAC Address after client connection.
On every CAP i’ve setup VLANs with tagged wlan, bridge and wired interface which plugged in switch.
On switches all VLANs also tagged.
Then created Access Rules in CAPSMAN for MAC Address.
For availability betwen wireless devices also set multicast helper in CAPSMAN configuration.
After that everything seems to worked.
Soon i saw in 4011 logs messages like dhcp offering lease 10.0.40.10 for XX:XX:XX:XX:XX:XX without success, and random clients having troubles with conectivity. No matter access right was set or directly VLAN from CAPSMAN’s datapath.
Sometimes it helps to remove from registration list.
After some times i noticed that issues are only on 5 GHz clients. On 2 GHz works well.
I’ve checked again CAPs settings and no see any error. Settings same as to 2 GHz.
Please help to resolve this issue.
Firmware on all devices 7.15.3
CAPSMAN on 4011
AP are CAP ac, wAP, mAP
Typical settings for CAPs
/interface bridge
add admin-mac=48:8F:5A:26:0A:F3 auto-mac=no comment=defconf ingress-filtering=no name=bridge-cap port-cost-mode=short vlan-filtering=yes
/interface wireless
# managed by CAPsMAN
# channel: 2462/20/gn(18dBm), SSID: Work 2G, local forwarding
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX disabled=no distance=indoors frequency=auto installation=indoor mode=ap-bridge ssid=MikroTik-220CF7 \
wireless-protocol=802.11
# managed by CAPsMAN
# channel: 5200/20/ac/P(17dBm), SSID: Work 5G, local forwarding
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-XXXX disabled=no distance=indoors frequency=auto installation=indoor mode=ap-bridge ssid=MikroTik-220CF8 \
wireless-protocol=802.11
/interface bridge port
add bridge=bridge-cap comment=defconf ingress-filtering=no interface=ether2 internal-path-cost=10 path-cost=10
add bridge=bridge-cap comment=defconf ingress-filtering=no interface=ether1 internal-path-cost=10 path-cost=10
/interface bridge vlan
add bridge=bridge-cap tagged=bridge-cap,ether1,wlan1,wlan2 vlan-ids=12,13,14,15,16,19,20,21,22,23,25,27,40,77
add bridge=bridge-cap tagged=bridge-cap,ether1 vlan-ids=51
/interface wireless cap
#
set bridge=bridge-cap discovery-interfaces=bridge-cap enabled=yes interfaces=wlan1,wlan2
/ip dhcp-client
add comment=defconf interface=bridge-cap
CAPSMAN
/caps-man channel
add band=2ghz-onlyn control-channel-width=20mhz extension-channel=disabled frequency=2412,2437,2462 name=2G reselect-interval=4h
add band=5ghz-n/ac control-channel-width=20mhz extension-channel=disabled name=5G reselect-interval=4h skip-dfs-channels=yes
/caps-man datapath
add arp=enabled bridge=bridge-local bridge-horizon=10 client-to-client-forwarding=no interface-list=LAN local-forwarding=yes name=dp-guest-vlan51 vlan-id=51 vlan-mode=use-tag
add bridge=bridge-local client-to-client-forwarding=yes interface-list=LAN local-forwarding=yes name=dp-work-vlan40 vlan-id=40 vlan-mode=use-tag
/caps-man rates
add basic=6Mbps,12Mbps name=rate-2G-OnlyGN supported=6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps
/caps-man configuration
add channel=5G country=ukraine datapath=dp-guest-vlan51 installation=indoor mode=ap name=cfg-_guest-5G rx-chains=0,1,2,3 security=sec-guest- ssid=Guest tx-chains=0,1,2,3
add channel=5G country=ukraine datapath=dp-work-vlan40 installation=indoor multicast-helper=full name=cfg-_Work-5G rx-chains=0,1,2,3 security=sec-work- ssid=Work tx-chains=0,1,2,3
add channel=2G country=ukraine datapath=dp-work-vlan40 installation=indoor multicast-helper=full name=cfg-_Work-2G rates=rate-2G-OnlyGN rx-chains=0,1,2,3 security=sec-work- ssid=“Work 2G” tx-chains=0,1,2,3
add channel=2G country=ukraine datapath=dp-guest-vlan51 installation=indoor mode=ap name=cfg-_guest-2G rates=rate-2G-OnlyGN rx-chains=0,1,2,3 security=sec-guest- ssid=“Guest 2G” tx-chains=0,1,2,3
/caps-man access-list
add action=reject allow-signal-out-of-range=always comment=“Reject All Without Correct MAC Address” disabled=no interface=any mac-address= 00:00:00:00:00:00 ssid-regexp=“”
add action=accept allow-signal-out-of-range=10s disabled=yes signal-range=-85..120 ssid-regexp=“”
add action=reject allow-signal-out-of-range=10s comment=“Reject Low Signal Devices” disabled=no signal-range=-120..-86 ssid-regexp=“”
add action=accept allow-signal-out-of-range=10s disabled=no mac-address=55:66:99:44:EE:FF ssid-regexp=“^Work.*$”
vlan-id=12 vlan-mode=use-tag
/caps-man manager
set enabled=yes package-path=/updates upgrade-policy=suggest-same-version
/caps-man manager interface
set [ find default=yes ] forbid=yes
add disabled=no interface=bridge-local
/caps-man provisioning
add action=create-dynamic-enabled comment=“2G Provision - All Other APs” hw-supported-modes=gn master-configuration=cfg-_Work-2G name-format=prefix-identity name-prefix=2G slave-configurations=cfg-_guest-2G
add action=create-dynamic-enabled comment=“5G Provision - All Other APs” hw-supported-modes=an,ac master-configuration=cfg-_Work-5G name-format=prefix-identity name-prefix=5G slave-configurations=cfg-_guest-5G