Hi, I would like to configure CAPSman in my network.
We have 9 vlans and 5 SSID’s
I try to configure it but we have also 2 CRS125 switches with the VLANs on it
But the CRS125 is a PAIN in the ASS to configure it.
Can someone help me?
On the CRS125
Ether 1, Ether 22, Ether 23 and Ether 24 must carry all VLAN’s (trunk ports)
Ether 10, Ether 11, Ether 17, Ether 18 untagged on VLAN 900
Ether 12 Allso a trunk port
Ether 9 untagged on VLAN 9
Below is the config of the CRS125.
If I connect at Ether1 the Device with CAPSman on it.
Then it looks like everything is working but Wireless clients won't get an IP address.
They can connect to the wireless network but don't get a IP addres from the DHCP server.
On the CRS125 I switch from local configured AP to CAP
If I use local configured ap on it everything is working If I switch to CAP than Clients won't get an IP address.
DHCP server is in both cases on the R01 device connected to ether1 on the CRS125
/system identity set name=SW01
/interface ethernet
set numbers=0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22 master-port=ether24
#/interface bonding add name=Bond1 comment=Bond_2_CCR slaves=ether1,ether2,ether3,ether4
#/interface ethernet switch trunk
#add name=trunk1 member-ports=ether1,ether2,ether3,ether4
/interface ethernet switch vlan
add ports=ether1,ether9,ether10,ether11,ether22,ether23,ether24,switch1-cpu vlan-id=9 learn=yes
add ports=ether1,ether11,ether22,ether23,ether24 vlan-id=10 learn=yes
add ports=ether1,ether22,ether23,ether24,switch1-cpu vlan-id=12 learn=yes
add ports=ether1,ether22,ether23,ether24,switch1-cpu vlan-id=14 learn=yes
add ports=ether1,ether22,ether23,ether24,switch1-cpu vlan-id=15 learn=yes
add ports=ether1,ether22,ether23,ether24,switch1-cpu vlan-id=16 learn=yes
add ports=ether1,ether12,ether20,ether22,ether23,ether24,switch1-cpu vlan-id=17 learn=yes
add ports=ether1,ether22,ether23,ether24,switch1-cpu vlan-id=18 learn=yes
add ports=ether1,ether22,ether23,ether24,switch1-cpu vlan-id=19 learn=yes
add ports=ether1,ether11,ether14,ether17,ether18,ether19,ether22,ether23,ether24 vlan-id=900 learn=yes
/interface ethernet switch ingress-vlan-translation
add ports=ether9 customer-vid=0 new-customer-vid=9 sa-learning=yes
add ports=ether10 customer-vid=0 new-customer-vid=9 sa-learning=yes
add ports=ether14 customer-vid=0 new-customer-vid=900 sa-learning=yes
add ports=ether17 customer-vid=0 new-customer-vid=900 sa-learning=yes
add ports=ether18 customer-vid=0 new-customer-vid=900 sa-learning=yes
add ports=ether19 customer-vid=0 new-customer-vid=900 sa-learning=yes
add ports=ether20 customer-vid=0 new-customer-vid=17 sa-learning=yes
/interface ethernet switch egress-vlan-tag
add vlan-id=9 tagged-ports=ether1,ether11,ether22,ether23,ether24,switch1-cpu
add vlan-id=10 tagged-ports=ether1,ether11,ether22,ether23,ether24
add vlan-id=12 tagged-ports=ether1,ether22,ether23,ether24,switch1-cpu
add vlan-id=14 tagged-ports=ether1,ether22,ether23,ether24,switch1-cpu
add vlan-id=15 tagged-ports=ether1,ether22,ether23,ether24,switch1-cpu
add vlan-id=16 tagged-ports=ether1,ether22,ether23,ether24,switch1-cpu
add vlan-id=17 tagged-ports=ether1,ether12,ether22,ether23,ether24,switch1-cpu
add vlan-id=18 tagged-ports=ether1,ether22,ether23,ether24,switch1-cpu
add vlan-id=19 tagged-ports=ether1,ether22,ether23,ether24,switch1-cpu
add vlan-id=900 tagged-ports=ether1,ether11,ether22,ether23,ether24
/interface vlan
add name=VLAN_LAN_MGMT interface=ether24 vlan-id=9
add name=VLAN_WLAN_1_DATA interface=ether24 vlan-id=12
add name=VLAN_WLAN_1_GUEST interface=ether24 vlan-id=14
add name=VLAN_LAN_1_MFP interface=ether24 vlan-id=15
add name=VLAN_LAN_1_GAME interface=ether24 vlan-id=16
add name=VLAN_LAN_1_CAMERA interface=ether24 vlan-id=17
add name=VLAN_LAN_1_TVMM interface=ether24 vlan-id=18
add name=VLAN_WLAN_1_SP interface=ether24 vlan-id=19
/interface bridge
add name=BR_WLAN_1_DATA
add name=BR_WLAN_1_GUEST
add name=BR_LAN_1_MFP
add name=BR_LAN_1_GAME
add name=BR_LAN_1_CAMERA
add name=BR_LAN_1_TVMM
add name=BR_WLAN_1_SP
/ip address
add address=172.16.0.2/25 network=172.16.0.0 interface=VLAN_LAN_MGMT
/interface wireless security-profile add name=WLAN_DATA authentication-type=wpa2-psk mode=dynamic-keys wpa2-pre-shared-key="Secret"
/interface wireless security-profile add name=WLAN_GUEST authentication-type=wpa2-psk mode=dynamic-keys wpa2-pre-shared-key="Secret1"
/interface wireless security-profile add name=LAN_MFP authentication-type=wpa2-psk mode=dynamic-keys wpa2-pre-shared-key="secret2"
/interface wireless security-profile add name=LAN_GAME authentication-type=wpa2-psk mode=dynamic-keys wpa2-pre-shared-key="secret3"
/interface wireless security-profile add name=LAN_CAMERA authentication-type=wpa2-psk mode=dynamic-keys wpa2-pre-shared-key="secret4"
/interface wireless security-profile add name=LAN_TVMM authentication-type=wpa2-psk mode=dynamic-keys wpa2-pre-shared-key="secret5"
/interface wireless security-profile add name=WLAN_SP authentication-type=wpa2-psk mode=dynamic-keys wpa2-pre-shared-key="secret6"
/interface wireless add master-interface=wlan1 name=VAP_WLAN_DATA security-profile=WLAN_DATA ssid="WLAN_DATA" wmm-support=enabled default-authentication=no disabled=no
/interface wireless add master-interface=wlan1 name=VAP_WLAN_GUEST security-profile=WLAN_GUEST ssid="WLAN_GUEST" wmm-support=enabled disabled=no
/interface wireless add master-interface=wlan1 name=VAP_LAN_MFP security-profile=LAN_MFP ssid="LAN_MFP" wmm-support=enabled default-authentication=no disabled=no
/interface wireless add master-interface=wlan1 name=VAP_LAN_GAME security-profile=LAN_GAME ssid="LAN_GAME" wmm-support=enabled default-authentication=no disabled=no
/interface wireless add master-interface=wlan1 name=VAP_LAN_CAMERA security-profile=LAN_CAMERA ssid="LAN_CAMERA" wmm-support=enabled default-authentication=no disabled=no
/interface wireless add master-interface=wlan1 name=VAP_LAN_TVMM security-profile=LAN_TVMM ssid="LAN_TVMM" wmm-support=enabled default-authentication=no disabled=no
/interface wireless add master-interface=wlan1 name=VAP_WLAN_SP security-profile=WLAN_SP ssid="WLAN_SP" wmm-support=enabled default-authentication=no disabled=no
/interface bridge port
add bridge=BR_WLAN_1_DATA interface=VLAN_WLAN_1_DATA
add bridge=BR_WLAN_1_DATA interface=VAP_WLAN_DATA
add bridge=BR_WLAN_1_GUEST interface=VLAN_WLAN_1_GUEST
add bridge=BR_WLAN_1_GUEST interface=VAP_WLAN_GUEST
add bridge=BR_LAN_1_MFP interface=VLAN_LAN_1_MFP
add bridge=BR_LAN_1_MFP interface=VAP_LAN_MFP
add bridge=BR_LAN_1_GAME interface=VLAN_LAN_1_GAME
add bridge=BR_LAN_1_GAME interface=VAP_LAN_GAME
add bridge=BR_LAN_1_CAMERA interface=VLAN_LAN_1_CAMERA
add bridge=BR_LAN_1_CAMERA interface=VAP_LAN_CAMERA
add bridge=BR_LAN_1_TVMM interface=VLAN_LAN_1_TVMM
add bridge=BR_LAN_1_TVMM interface=VAP_LAN_TVMM
add bridge=BR_WLAN_1_SP interface=VLAN_WLAN_1_SP
add bridge=BR_WLAN_1_SP interface=VAP_WLAN_SP
/interface wireless set wlan1 mode=ap-bridge band=2ghz-onlyn frequency=auto wmm-support=enabled default-authentication=no
/interface wireless set wlan1 channel-width=20/40mhz-ht-below hide-ssid=yes security-profile=WLAN_DATA
/interface wireless set wlan1 disabled=no
/ip dns set server=172.16.0.130
/ip route add dst-address=0.0.0.0/0 gateway=172.16.0.1
/system ntp client set primary-ntp=172.16.0.130 secondary-ntp=172.16.0.131 enabled=yes
/snmp set contact="ronald.verheij@skiffkick.nl" location="Pernis, Ring 393" enabled=yes trap-version=2
/snmp community set address=172.16.0.60 numbers=0
/system logging action
set 3 remote=172.16.0.20
/system logging
add action=remote topics=warning
add action=remote topics=info
add action=remote topics=critical
add action=remote topics=error
add action=remote topics=wireless
/system clock set time-zone-name=Europe/Amsterdam
/ip route add dst-address=172.16.0.0/21 gateway=172.16.0.1