CAPsMAN with multiple SSIDs/VLANs?

22hn · January 10, 2015, 1:18am

CAPsMAN 6.24

added 2 vlan intefaces (vlan1 & vlan100) to ether1
vlan1 is member of bridge1
vlan100 is member of bridge100
Two CAPsMAN configurations with 2 different SSIDs, one configured with datapath.bridge=bridge1 and the other one has datapath.bridge=bridge100

When CAPsMAN is provisioning, none of the wlanXX interfaces are added to a bridge… (hence, no communication…)

I also tried setting the vlan tagging on the actual capsman config, but no success…

How’s CAPsMAN supposed to be configured when you want local forwarding and multiple SSIDs/VLANs?

uldis · January 12, 2015, 4:26pm

Please use CAPsMAN v2 and use vlan-id setting for each SSID (CAP interface).
Then add a vlan interfaces on the ethernet/bridge interface on the CAPsMAN where the CAP boards are connected.
This is for the local-forwarding.

The datapath bridge option will only work if you use the full-forwarding and not the local forwarding.

22hn · January 12, 2015, 11:44pm

I got it working with local forwarding when I moved mgmt traffic to its own vlan.

You can’t have a vlan interface added for mgmt with the same vlan id used in one of the wireless SSIDs. The vlan interface seems to intercept all traffic and it will never reach the wireless client.

popovdv · January 15, 2016, 9:39pm

And how to use multiple SSIDs/Vlans with full forwarding (not local)
I tried:
CapsMAn Configutration>Datapath>
Bridge=guest-bridge
VLAN Mode = use tag
VLAN ID = 87

Interfaces>VLAN
vlan_87_ether2
ID = 87
interface=ether2

Bridge
guest-bridge add port vlan_87_ether2, ether2

cap client conected to AP but can’t receive IP. Whout use tag 87 in CAPSMAN it works fine

I would like use vlan to separate traffic to from different SSID from Cap to CapsMan

ploquets · January 28, 2016, 10:22pm

Please, we need help to configure CAPsMAN with 6 RBCap2n

One of them is the CAPsMAN
All units are connected to a managed switch and all Ports that are used to connect those CAPs are tagged with two vlans.
Administration Network = VID 1000
Guest Network = VID 2000

So, my goal is:
Manage all CAPs with CAPsMAN (I think this is already done because inside the CAPsMAN I can see other CAPs)
Create two SSID on each CAP (one for VLAN 2000 and other for VLAN 1000)
Be able to segregate those SSID with those mentioned VLANs.

What I’ve done so far is:

Create a DataPath with local forwarding enable (because all CAPs have a possibility to achieve those VLANs networks)
Create a VLAN interface with same VID as mentioned before.
CAPsMAN are working with ether1 (without vlan) so, supposedly is using VID = 1 as access port (which is common for Switching)

Anyway, I’m kinda lost with all this process…
Hope that somebody could help! Thanks in advance.
Best regards

ploquets · February 16, 2016, 2:13am

ploquets:

uldis:

Please use CAPsMAN v2 and use vlan-id setting for each SSID (CAP interface).
Then add a vlan interfaces on the ethernet/bridge interface on the CAPsMAN where the CAP boards are connected.
This is for the local-forwarding.

The datapath bridge option will only work if you use the full-forwarding and not the local forwarding.

Please, we need help to configure CAPsMAN with 6 RBCap2n

One of them is the CAPsMAN
All units are connected to a managed switch and all Ports that are used to connect those CAPs are tagged with two vlans.
Administration Network = VID 1000
Guest Network = VID 2000

So, my goal is:
Manage all CAPs with CAPsMAN (I think this is already done because inside the CAPsMAN I can see other CAPs)
Create two SSID on each CAP (one for VLAN 2000 and other for VLAN 1000)
Be able to segregate those SSID with those mentioned VLANs.

What I’ve done so far is:

Create a DataPath with local forwarding enable (because all CAPs have a possibility to achieve those VLANs networks)
Create a VLAN interface with same VID as mentioned before.
CAPsMAN are working with ether1 (without vlan) so, supposedly is using VID = 1 as access port (which is common for Switching)

Anyway, I’m kinda lost with all this process…
Hope that somebody could help! Thanks in advance.
Best regards

If you are here and reading this post, I did resolve this by adding those vlans to a bridge.
Not adding vlan inside a bridge, but creating a vlan with bridge as interface.

/interface vlan add name=XXXX vlan-id=1234 interface=bridge

This will do the job.

ZETA992 · February 24, 2016, 4:29pm

Can you help with 1 little problem?

I have 1 CapsManager and 2 Caps- 2 SSID and 2 VLANs
If clients connect to free SSID(cap x.2) then (cap x.1- is General SSID with mac-filter)“xx:..x:xx:xx@Capx.1 rejected, forbidden by access-list”

What i do wrong?
p.s. Sorry for bad eng language.

/caps-man access-list
add ap-tx-limit=15000000 client-tx-limit=15000000 disabled=no interface=\
    cap2.2 ssid-regexp=""
add ap-tx-limit=15000000 client-tx-limit=15000000 disabled=no interface=\
    cap1.2 ssid-regexp=""
add ap-tx-limit=15000000 client-tx-limit=15000000 disabled=no interface=\
    CapsMan1.2 ssid-regexp=""
add action=accept disabled=no interface=all mac-address=xx:xx:xx:xx:xx:xx \
    ssid-regexp="" vlan-id=1 vlan-mode=no-tag
add action=reject disabled=no interface=CapsMan1.1 ssid-regexp=""
add action=reject disabled=no interface=cap1.1 ssid-regexp=""
add action=reject disabled=no interface=cap2.1 ssid-regexp=""
/caps-man configuration
add channel=general datapath=General ssid=AP
add channel=guest datapath=guest max-sta-count=30 mode=ap \
    name=Guest security=Guest ssid=AP_FREE
/caps-man datapath
add bridge=bridge-local client-to-client-forwarding=yes local-forwarding=no \
    name=General
add bridge=bridge_VLAN client-to-client-forwarding=no local-forwarding=no \
    name=guest vlan-id=2 vlan-mode=use-tag

ZETA992 · February 28, 2016, 11:09am

Problem with certificate
I delete server certificates, restart server capsman and add caps again- its working!))

RouterOS 6.34.2
note: to use different vlan’s in datapath: vlan=no tag.
i use capsman forwarding
my config:

/caps-man configuration
add channel=general country= datapath=General \
datapath.client-to-client-forwarding=yes mode=ap name=General security=\
 General ssid=WIFI
add country= datapath=guest max-sta-count=50 mode=ap name=Guest \
security=Guest security.encryption=aes-ccm ssid=WIFI_FREE
/caps-man datapath
add bridge=bridge-local client-to-client-forwarding=yes local-forwarding=no \
name=General
add bridge=bridge_VLAN client-to-client-forwarding=no local-forwarding=no \
name=guest
/caps-man channel
add band=2ghz-b/g/n extension-channel=Ce frequency=2412 name=general \
tx-power=16 width=20
/caps-man interface
add arp=enabled configuration=General disabled=no l2mtu=1600 mac-address=\
xx:xx:xx:xx:xx:xx master-interface=none mtu=1500 name=CapsM1.1 radio-mac=\
xx:xx:xx:xx:xx:xx
add arp=enabled configuration=Guest disabled=no l2mtu=1600 mac-address=\
xx:xx:xx:xx:xx:xx master-interface=CapsM1.1 mtu=1500 name=CapsM1.2 \
 radio-mac=00:00:00:00:00:00
/caps-man manager
set ca-certificate=auto certificate=auto enabled=yes
/caps-man provisioning
add action=create-dynamic-enabled master-configuration=\
General name-format=identity radio-mac=xx:xx:xx:xx:xx:xx \
 slave-configurations=Guest

Last question what is SSID-REGEXP and how work it?

/caps-man access-list
add action=accept disabled=yes signal-range=-100..120 ssid-regexp=""

czolo · February 28, 2016, 11:49am

Let’s suppose that your master SSID is “My office network” and slave “My private WiFI”. Now you can use a part of SSID: “My” in regexp for both networks or for single one of this: “office network”, office, network “private WiFI”, etc.

ZETA992 · February 28, 2016, 8:24pm

Wow…Made adjustments to the rules- working..
I thought a direct link is used.. I have 2 SSID like “WIfi” and “Wifi_Free”- rules to “Wifi” is work to all SSID..
Thanks for the help.

Mirage · February 17, 2017, 7:51pm

And how does the configuration on the CAP side in case of local forwarding look like? Do I need to define a bridge which is connected to the ether1? Or, do I need to define vlan on ether1 and add it to the bridge configuration or the Vlan tagging in the access menu on the CAPSMAN side is sufficient?