Hi, I don’t fully understand a practical difference between having:
Both achieve what I want: WiFi traffic flows into LAN directly avoiding processing on the CAPsMAN (all traffic counters on CAPsMAN shows zero), but I’m not sure if the second option is correct one.
Thanks!
I dont understand it either. Jusr noticed that once device configured as CAP the bridging all ports on lan is disabled by default. But the bridge which used is configed in CAP settings.
The CAPsMAN setting local-forwarding governs the path traffic from wireless interface towards other (LAN) devices will take.
If set to yes, then traffic will go via normal path (whatever configured) in each of CAP. The most usual path is that wireless interface is member of bridge and then the traffic will flow from bridge towards other LAN devices directly.
If set to no, then a sort of tunnel will be established between CAP and CAPsMAN and all traffic will flow (encrypted) from CAP to CAPsMAN. There it will get bridged/routed towards other LAN devices. This kind of path adds considerable processing overhead both on CAP and CAPsMAN, but solves some (potential) problems, such as separation of traffic from multiple virtual wlan interfaces (which would otherwise require extensive configuration of all LAN gear to handle VLANs).
This setting (local-forwarding) doesn’t have equivalent setting in local wireless setup.
The CAPsMAN setting client-to-client-forwarding is similar to local setting forwarding.
When set to no, two wireless clients connected to same AP, will not be able to talk to each other directly, their traffic will be sent upstream (and some switch/router/bridge might actually enable such communication).
When set to yes, same two clients will be able to communicate freely.
The setting is similar to port isolation setup on ethernet switches.
Re bridging all interfaces: configuration stanza /interface bridge port add bridge=bridge interface=all is sort of (not exactly the same) as adding all ports to same bridge individually. However, CAPsMAN provisioning wireless interfaces overrides this local (to CAP) setting, just like it overrides most other settings on wireless interface.
Aha, ok makes sense then. It’s just not reflected in UI clearly so it was not obvious. Thanks!