Hi, I am configuring these antennas (RBcAPGi-5acD2nD) under a CAPsMan and I need to implement on the ports of VLANs.
Let me explain, I have a Capman that creates me 3 wifi networks, in local forwarding, (Management, Office, Guests) correspondingly:
Management network: local network,
Office network: vlan 11,
Guests Network: vlan 13

The antenna, in port 2 (ether 2) must tag VLAN 15 and untagging VLAN 14.

All networks arrived tagged in port 1 (eth 1) except management which is in local dhcp.

My problem is that the Office and Guest WiFi networks are not working, when I try to connect to the Wifi network it does not give me the IP address.
This is the configuration:

/interface bridge
add mtu=1500 name=bridge-trunk protocol-mode=none vlan-filtering=yes
/interface wireless

managed by CAPsMAN

channel: 2442/20-eC/gn(28dBm), SSID: SSID , local forwarding

set [ find default-name=wlan1 ] disabled=no ssid=MikroTik station-roaming=
enabled

managed by CAPsMAN

channel: 5520/20-Ceee/ac/DP(24dBm), SSID: Another SSID, local forwarding

set [ find default-name=wlan2 ] disabled=no ssid=MikroTik station-roaming=
enabled
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas
sword,web,sniff,sensitive,api,romon,dude,tikapp"
/interface bridge port
add bridge=bridge-trunk interface=ether1
add bridge=bridge-trunk interface=ether2 pvid=14
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface bridge vlan
add bridge=bridge-trunk tagged=ether1 untagged=ether2 vlan-ids=14
add bridge=bridge-trunk tagged=ether1,ether2 vlan-ids=15
/interface wireless cap

set bridge=bridge-trunk caps-man-addresses=172.27.0.50 certificate=
Certificate enabled=yes interfaces=wlan1,wlan2 lock-to-caps-man=yes
/ip dhcp-client
add disabled=no interface=bridge-trunk
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes

I would like to understand if my configuration is correct and possibly it is an external problem maybe that dhcp is not coming in the vlan

Here is the config between code tags. That’s easier to read and copy-paste.

That being said, there is nothing in this configuration, at least not the WLAN that you mentioned in your message. Can you post the configuration from the CAPSMAN manager?

/interface bridge
add mtu=1500 name=bridge-trunk protocol-mode=none vlan-filtering=yes
/interface wireless
# managed by CAPsMAN
# channel: 2442/20-eC/gn(28dBm), SSID: SSID , local forwarding
set [ find default-name=wlan1 ] disabled=no ssid=MikroTik station-roaming=\
enabled
# managed by CAPsMAN
# channel: 5520/20-Ceee/ac/DP(24dBm), SSID: Another SSID, local forwarding
set [ find default-name=wlan2 ] disabled=no ssid=MikroTik station-roaming=\
enabled
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
sword,web,sniff,sensitive,api,romon,dude,tikapp"
/interface bridge port
add bridge=bridge-trunk interface=ether1
add bridge=bridge-trunk interface=ether2 pvid=14
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface bridge vlan
add bridge=bridge-trunk tagged=ether1 untagged=ether2 vlan-ids=14
add bridge=bridge-trunk tagged=ether1,ether2 vlan-ids=15
/interface wireless cap
#
set bridge=bridge-trunk caps-man-addresses=172.27.0.50 certificate=\
Certificate enabled=yes interfaces=wlan1,wlan2 lock-to-caps-man=yes
/ip dhcp-client
add disabled=no interface=bridge-trunk
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes

Hi, yes I shared the AP configuration.
This is the CAPsMan configuration:

/caps-man datapath
add local-forwarding=yes name="Rete Ufficio" vlan-id=11 vlan-mode=use-tag
add local-forwarding=yes name="Rete Ospiti" vlan-id=13 vlan-mode=use-tag
add local-forwarding=yes name="Rete Management"
add local-forwarding=yes name="Rete Domotica" vlan-id=17 vlan-mode=use-tag
/caps-man configuration
add datapath="Rete Ospiti" mode=ap name="Rete Ospiti" ssid="Ashanti Guest"
/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm name="PWD Ufficio"
add authentication-types=wpa2-psk encryption=aes-ccm name="PWD Ospiti"
add authentication-types=wpa2-psk encryption=aes-ccm name="PWD Management"
add authentication-types=wpa2-psk encryption=\
    aes-ccm name="PWD Domotica"
/caps-man configuration
add datapath="Rete Ufficio" mode=ap name="Rete Ufficio" security=\
    "PWD Ufficio" ssid="Ashanti Private"
add datapath="Rete Management" hide-ssid=yes mode=ap name="Rete Management" \
    security="PWD Management" ssid=Management
add datapath="Rete Domotica" mode=ap name="Rete Domotica" security=\
    "PWD Domotica" ssid=Domotics
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/port
set 0 name=serial0
set 1 name=serial1
/caps-man manager
set ca-certificate=CAPsMAN-CA-xxxxxxxxxxxx certificate=CAPsMAN-xxxxxxxxxx \
    enabled=yes package-path=/pub
/caps-man provisioning
add action=create-dynamic-enabled comment=5Ghz hw-supported-modes=a,ac,an \
    master-configuration="Rete Ospiti" name-format=identity \
    slave-configurations="Rete Ufficio,Rete Management"
add action=create-dynamic-enabled comment=2.4Ghz hw-supported-modes=gn \
    master-configuration="Rete Ospiti" name-format=identity \
    slave-configurations="Rete Ufficio,Rete Management"
/ip firewall connection tracking
set udp-timeout=10s
/ip neighbor discovery-settings
set discover-interface-list=all
/ipv6 settings
set disable-ipv6=yes forward=no
/ip address
add address=172.27.0.50/22 interface=ether1 network=172.27.0.0
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/system clock
set time-zone-name=Europe/Rome
/system identity
set name="CAPsMan Controller"
/system note
set show-at-login=no
/system routerboard settings
set enter-setup-on=delete-key
/tool romon
set enabled=yes

Yo!

On the AP(s), you need to create the relevant VLANs, that is not automated by CAPSMAN (unfortunately). Provided that ether1 on the AP is the trunk back to the main switch:

/interface bridge vlan
    add bridge=bridge-trunk tagged=ether1 vlan-ids=11
    add bridge=bridge-trunk tagged=ether1 vlan-ids=13
    add bridge=bridge-trunk tagged=ether1 vlan-ids=17

On the CAPSMAN Manager, do you see the CAPSMAN clients?

Hi, I will try and let you know, in the meantime thank you very much <3!

Yes, I see them all. However enabling “Vlan Filtering” on the bridge automatically creates vlans dynamically tag/untag on the wlans.

On the AP, if you issue the following command, do you have your additional VLANs?

/interface bridge vlan/print

As far as I understand CAPSMAN and the datapath, the Wifi will be associated to the correct VLANs on the bridge, but the VLAN themselves are not created on the bridge.

When you have the VLAN created on the AP, let me know if you still have issues.

Besides the main router how many APs are you controlling?

No need to do VLAN filtering on CAPs, that is handled by (the old) CAPsMAN through datapath indeed. Only when using the new wifi-qcom-ac driver, it is required. Unless you have to do some VLAN filtering because of a second LAN port, please leave CAPs mode as default (except for identity).

Can you share the complete config of the device running DHCP server and from the CAPsMAN (might be on and the same).

The AP configuration is in post #1 (in the text) and in #2 (in code). The OP has indeed a port configured in a VLAN.

/interface bridge port
add bridge=bridge-trunk interface=ether1
add bridge=bridge-trunk interface=ether2 pvid=14

/interface bridge vlan
add bridge=bridge-trunk tagged=ether1 untagged=ether2 vlan-ids=14
add bridge=bridge-trunk tagged=ether1,ether2 vlan-ids=15

Hi, sorry for so much delay, I solved it by statically declaring the two vlans on the Bridge->VLAN on ether1 in the AP