Capsman - Not getting IP on slave-interface

certit · June 25, 2018, 4:19pm

Hi!
Can someone see what I’m doing wrong? The master-interface works all good. Slave is getting announced, but DHCP is’t working on it..

Not getting anything in DHCP-log neither.

Thanks in advance!

/caps-man channel
add band=2ghz-g/n control-channel-width=20mhz extension-channel=disabled frequency=2412,2437,2462 name=auto-2.4GHz reselect-interval=20m
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=disabled frequency=5180,5200,5220 name=auto-5GHz
/interface bridge
add admin-mac=B8:69:F4:11:21:38 auto-mac=no comment=defconf name=bridge
/interface vlan
add interface=bridge name=vlan20 vlan-id=20
add interface=bridge name=vlan30 vlan-id=30
/caps-man datapath
add bridge=bridge local-forwarding=yes name=datapathVlan20 vlan-id=20 vlan-mode=use-tag
add bridge=bridge local-forwarding=yes name=datapathVlan30 vlan-id=30 vlan-mode=use-tag
/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm name=GUEST passphrase=PASS
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm name=OFFICE passphrase=PASS
/caps-man configuration
add channel=auto-2.4GHz country=sweden datapath=datapathVlan20 distance=indoors mode=ap name=GUEST security=GUEST ssid=GUEST
add channel=auto-5GHz country=sweden datapath=datapathVlan20 distance=indoors mode=ap name=GUEST-5GHz security=GUEST ssid=GUEST-5GHz
add channel=auto-5GHz country=sweden datapath=datapathVlan30 distance=indoors mode=ap name=OFFICE-5GHz security=OFFICE ssid=OFFICE-5GHz
add channel=auto-2.4GHz country=sweden datapath=datapathVlan30 distance=indoors mode=ap name=OFFICE security=OFFICE ssid=OFFICE

/ip pool
add name=default-dhcp ranges=10.10.0.100-10.10.0.254
add name=dhcp-vlan20 ranges=10.20.0.20-10.20.1.254
add name=dhcp-vlan30 ranges=10.30.0.20-10.30.1.254
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge name=defconf
add address-pool=dhcp-vlan20 disabled=no interface=vlan20 lease-time=1d name=server20
add address-pool=dhcp-vlan30 disabled=no interface=vlan30 lease-time=1d name=server30
/caps-man manager
set ca-certificate=auto certificate=auto enabled=yes require-peer-certificate=yes upgrade-policy=require-same-version
/caps-man provisioning
add action=create-dynamic-enabled hw-supported-modes=gn master-configuration=GUEST name-format=identity slave-configurations=OFFICE
add action=create-dynamic-enabled hw-supported-modes=ac master-configuration=GUEST-5GHz name-format=identity slave-configurations=OFFICE-5GHz
/interface bridge port
add bridge=bridge comment=defconf interface=ether2-master
add bridge=bridge comment=defconf interface=ether6-master
add bridge=bridge comment=defconf hw=no interface=sfp1
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4
add bridge=bridge interface=ether5
add bridge=bridge interface=ether7
add bridge=bridge interface=ether8
add bridge=bridge interface=ether9
add bridge=bridge interface=ether10


/ip address
add address=10.10.0.1/24 comment=defconf interface=bridge network=10.10.0.0
add address=10.20.0.1/23 comment=GUEST interface=vlan20 network=10.20.0.0
add address=10.30.0.1/23 comment=OFFICE interface=vlan30 network=10.30.0.0

/ip dhcp-server network
add address=10.10.0.0/24 comment=defconf gateway=10.10.0.1
add address=10.20.0.0/23 comment=vlan20 gateway=10.20.0.1 netmask=23
add address=10.30.0.0/23 comment=vlan30 gateway=10.30.0.1 netmask=23

evince · June 26, 2018, 11:23am

Hello,

There is some errors in your configuration :

/caps-man datapath
add bridge=bridge local-forwarding=yes name=datapathVlan20 vlan-id=20 vlan-mode=use-tag
add bridge=bridge local-forwarding=yes name=datapathVlan30 vlan-id=30 vlan-mode=use-tag

You use default bridge for both datapath, either you create a bridge with your vlan (bridge-vlan20 & bridge-van30) or use vlan interface.

certit · June 26, 2018, 9:06pm

Hi again!
Was just about to write that.

Got it to work with two different bridges.

Thanks.

LMiklosko · May 1, 2021, 9:51am

Would someone please give me a hint how to solve it through VLAN interfaces (without bridges)?

mkx · May 1, 2021, 10:15am

It can’t be done without bridges. wlan interface (even when provisioned by capsman) is interface, physical ethernet interface is interface (and vlan interface is interface as well) and only way to connect two (or more) interfaces is using a bridge.

LMiklosko · May 1, 2021, 10:27am

Thank you for clearing things up for me. What OP did was to create 2 different bridges. It should be possible with a single bridge as well right? Is there any benefit over the another?

mkx · May 1, 2021, 6:05pm

OP did it using single bridge:

/caps-man datapath
add bridge=bridge local-forwarding=yes name=datapathVlan20 vlan-id=20 vlan-mode=use-tag
add bridge=bridge local-forwarding=yes name=datapathVlan30 vlan-id=30 vlan-mode=use-tag

Both data paths are using same bridge (named bridge). They are using different VLAN IDs but both are tagged. Name property is simply name by which it’s referred to in further config (OP used it in /caps-man configuration).

Actually the error in above setup is that if local-forwarding=yes is set, then setting bridge= doesn’t matter, setting from CAP device takes over … and setting there is only one so I don’t see how multiple bridges could be used in this case.

If, OTOH, local-forwarding=no, then property bridge makes sense.

LMiklosko · May 2, 2021, 9:32pm

mkx, sorry I wrote that wrong.

OP later said that he got it to work with 2 different bridges which confused me since local-forwarding was set to yes.

What worked for me was to create 2 VLAN interfaces and setup dhcp servers:

/interface vlan
add interface=ether1 name=VLAN10 vlan-id=10
add interface=ether1 name=VLAN20 vlan-id=20
/ip address
add address=192.168.10.1/24 interface=VLAN10
add address=192.168.20.1/24 interface=VLAN20
/ip pool
add name=dhcp_pool10 ranges=192.168.10.2-192.168.10.254
add name=dhcp_pool20 ranges=192.168.20.2-192.168.20.254
/ip dhcp-server
add address-pool=dhcp_pool10 disabled=no interface=VLAN10 name=dhcp10
add address-pool=dhcp_pool20 disabled=no interface=VLAN20 name=dhcp20
/ip dhcp-server network
add address=192.168.10.0/24 dns-server=8.8.8.8 gateway=192.168.10.1
add address=192.168.20.0/24 dns-server=8.8.8.8 gateway=192.168.20.1

I meant no bridge on capsman router, but yeah, I have a bridge on the caps itself for wlan1,2 and ether1
I don’t know why OP has the bridge with local-forwarding, nor how he managed to solve that with 2 different bridges in local-forwarding mode.

Thank you anyway!