CAPsMAN with multiple configurations and VLANs

I have a med-complex CAPsMAN with VLANs.

Main router is wired-only (no WIFI), and there are 2 CAPs (CAP1, CAP2). Both are Wifi6 devices (AX).

On main router I have created:

• 4 VLANs (to be easy: 10,11,12,13 PVID)
• bridge having “bridge, eth8_cap1, eth7_cap2” tagged for all (10,11,12,13 PVIDs), and untagged for pvid 1
• multiple wifi configurations: wifi10, wifi11, wifi12, wifi13, all having their respective datapath with their own vlan ID set (wifi10 → 10, etc)

Both CAP1 and CAP2 are broadcasting all 4 WIFI configurations. Everything works great.


Now I wish to add a new CAP (CAP_FAR) which is far. No roaming possibility, but as I wish to keep things nice and clean, I’m thinking on integrating this new CAP into my current CAPsMAN config.

However, as it is far, I would allow only PVID10 for its port in main router. In this case will it be able to broadcast wifi10 or it will fail completely?

Only provision config with datapath for pvid 10 and nothing else.
Also, don’t feed the other vlans into the trunk towards that AP.

One thing I forgot to mention:

I created a “special” VLAN of 50 for “MikroTiks” with custom DHCP pool.

On both CAPs I have created VLAN50 under bridge, and also set their CAP setting to be listening on this VLAN50 interface (instead of bridge).

Now for “CAP_FAR” to work I also have to allow VLAN50 on trunk.

Is this a bad practice in general?

No, it is quite normal to have a management vlan and then a separate one for client devices.

Can we get a config dump as this is something I’ve been looking to setup, but struggling to get the ssid’s all showing. I’m assuming you have a different ssid per vlan?

I think this topic will bring you in the right direction:
http://forum.mikrotik.com/t/guide-capsman-configuration-with-management-vlan-routeros-7-14-3/176344/24

Thanks for confirming.

Sorry, I can’t share it as-is, but basically yes, One SSID belongs to one VLAN. Configuration of this is done via Datapath.