Hi all — apologies in advance, I’m not a networking pro.
I’m building my home network using YouTube tutorials, MikroTik docs and ChatGPT, and I’m stuck on DHCP not reaching clients on remote CAPs.
Topology & gear
-
Router (CAPsMAN Manager): C53UiG+5HPaxD2HPaxD (hAP ax³), RouterOS 7.20.2
-
Wireless stack: wifiwave2, CAPsMAN enabled on the router
-
Remote APs: MikroTik CAPs (managed by CAPsMAN)
-
Switch between router and remote CAPs: TP-Link TL-SG605E (managed, 802.1Q tagging supported)
-
VLANs: 5 tagged VLANs on the router (DHCP servers live on the router on per-VLAN interfaces)
-
SSIDs: 4 SSIDs, provisioned via CAPsMAN to both the router’s local radios and the remote CAPs
Goal
-
Trunk from router → switch → CAP uplink carrying all Wi-Fi VLANs.
-
On remote CAPs, ether2 should be an access port for the “Personal/Clients” VLAN (wired clients there).
-
Each SSID is bound to its own VLAN (clients must land in the correct subnet and be isolated).
What works
-
CAPsMAN sees the remote CAPs (via WinBox).
-
Provisioning pushes the 4 SSIDs to the remote CAPs.
-
Local radios on the router work with VLANs.
The problem
-
Any client connected to a remote CAP (either via Wi-Fi or via the CAP’s ether2 access port) fails to obtain an IP address.
-
Packet sniffing suggests the client’s DHCP Discover reaches the CAP and is forwarded to the router; the router offers an IP (DHCP Offer), but the client never receives the Offer.
[Note di ChatGPT] This symptom often points to a VLAN/bridge mismatch on egress (Offer going back on the wrong VLAN/untag state), a missing bridge VLAN table entry, or the CAP/switch uplink not actually carrying the right tags in both directions.
Things I’ve already tried / details that may matter
-
The router is the CAPsMAN Manager and also runs the DHCP servers, one per VLAN (bound to
vlanXinterfaces, not the flat bridge). -
Remote CAP uplink is connected through the TL-SG605E. I aimed to make that port a trunk carrying all Wi-Fi VLANs.
-
On a previous attempt I set
ingress-filtering=yesandframe-types=admit-only-vlan-taggedon the router’s uplink port and managed to drop the CAPs entirely (so I rolled that back).
Suspicions / hypotheses (to be verified)
[Note di ChatGPT] The following are suggestions from ChatGPT, not facts from my config:
-
Bridge VLAN table coverage
Each VLAN must be explicitly mapped in/interface bridge vlanwith:-
tagged=the bridge itself (CPU), the router’s uplink(s), and the CAP uplink(s) -
untagged=the access ports (e.g., CAP’s ether2 if it should be an access port) -
pvid=set on access ports via/interface bridge port pvid=…
Missing or asymmetric entries frequently cause Discover → Offer one way but no Offer back to client.
-
-
CAPsMAN datapath VLAN tagging (wifiwave2)
For each SSID, ensurevlan-id=<X>+vlan-mode=use-tagin the applied configuration (and that thebridge=points to your main bridge). Ifuse-tagis missing, the CAP may bridge untagged frames while the upstream expects tags (or vice versa). -
Switch trunk consistency
The TL-SG605E port toward the CAP must be tagged for all SSID VLANs; the CAP’s ether1 (uplink) must be treated as tagged/trunk on the MikroTik side (no unintended PVID/untag). Conversely, the CAP’s ether2 (client access) should be untagged with a PVID matching the “Personal/Clients” VLAN. -
DHCP bound to the right interface
Make sure each DHCP server binds to the VLAN subinterface (e.g.,vlan10) and not to the rawbridge. That sounds correct in my setup, just noting it as a common pitfall. -
Ingress filtering & admit-only-tagged
Enablingingress-filtering=yesandframe-types=admit-only-vlan-taggedis good only when all expected frames truly arrive tagged and the bridge VLAN table is complete. If applied too early, CAP control traffic or management VLAN can get blocked (which is how I “lost” CAP visibility in a previous try).
Concrete questions
-
Does the above smell like a bridge VLAN table gap or a CAPsMAN VLAN tagging mismatch?
-
On wifiwave2 CAPsMAN, is the correct place to set
vlan-id/vlan-mode=use-tagthe configuration object bound to the SSID (and samebridge=as the main L2 domain)? -
For the CAP’s ether2 access port, is it correct to set
/interface bridge port pvid=<ClientsVLAN>on the CAP, and list that port asuntaggedfor that VLAN in/interface bridge vlan(CAP side)? -
Any best practices to keep CAP control/management reachable while tightening
ingress-filteringandframe-types?
Thanks a lot for any guidance. If you prefer, I can paste sanitized exports and the switch VLAN table right away.
####################################
ROUTER CONFIGURATION
####################################
# 2025-11-02 12:08:11 by RouterOS 7.20.2
# software id = 7KNG-QTPB
#
# model = C53UiG+5HPaxD2HPaxD
# serial number = ##########
/interface bridge
add admin-mac=F4:1E:57:xx:xx:xx auto-mac=no comment=defconf name=bridge \
vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] poe-out=off
/interface pppoe-client
add ac-name=accel-ppp add-default-route=yes comment="WAN PPPoE EOLO" \
disabled=no interface=ether1 name=pppoe-eolo password=mypsw user=\\
myuser
/interface vlan
add interface=bridge name=VLAN10-RL-Work vlan-id=10
add interface=bridge name=VLAN20-RL-Personal vlan-id=20
add interface=bridge name=VLAN30-RL-Soly vlan-id=30
add interface=bridge name=VLAN40-RL-IoT vlan-id=40
add interface=bridge name=VLAN88-Mgmt vlan-id=88
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wifi channel
add band=5ghz-ax comment=ch-5g-ax disabled=no frequency=5180 name=ch-5g-ax \
skip-dfs-channels=all width=20/40/80mhz
add band=2ghz-n comment=ch-24g-n20 disabled=no frequency=2462 name=ch-24g-n20 \
width=20mhz
/interface wifi datapath
add bridge=bridge disabled=no name=dp-vlan10 vlan-id=10
add bridge=bridge disabled=no name=dp-vlan20 vlan-id=20
add bridge=bridge disabled=no name=dp-vlan30 vlan-id=30
add bridge=bridge disabled=no name=dp-vlan40 vlan-id=40
/interface wifi security
add authentication-types=wpa2-psk,wpa3-psk disabled=no encryption=ccmp name=\
sec-work passphrase=!supersecretpswphrase! wps=disable
add authentication-types=wpa2-psk,wpa3-psk disabled=no encryption=ccmp name=\
sec-personal passphrase=!supersecretpswphrase! wps=disable
add authentication-types=wpa2-psk disabled=no encryption=ccmp name=sec-soly \
passphrase=!supersecretpswphrase! wps=disable
add authentication-types=wpa2-psk disabled=no encryption=ccmp name=sec-iot \
passphrase=!supersecretpswphrase! wps=disable
/interface wifi configuration
add channel=ch-5g-ax channel.frequency=5180 country=Italy datapath=dp-vlan10 \
disabled=no mode=ap name=cfg-work security=sec-work ssid=RL-Work
add channel=ch-5g-ax channel.frequency=5180 country=Italy datapath=dp-vlan20 \
disabled=no mode=ap name=cfg-personal security=sec-personal ssid=\\
RL-Personal
add channel=ch-24g-n20 channel.frequency=2462 country=Italy datapath=\
dp-vlan30 disabled=no mode=ap name=cfg-soly security=sec-soly ssid=\\
RL-Soly
add channel=ch-24g-n20 channel.frequency=2462 country=Italy datapath=\
dp-vlan40 disabled=no mode=ap name=cfg-iot security=sec-iot ssid=RL-IoT
/interface wifi
add configuration=cfg-personal disabled=no name=cap-wifi1 radio-mac=\
04:F4:1C:xx:xx:xx
add configuration=cfg-work disabled=no mac-address=06:F4:1C:xx:xx:xx \
master-interface=cap-wifi1 name=cap-wifi1-virtual1
add configuration=cfg-iot disabled=no name=cap-wifi2 radio-mac=\
04:F4:1C:xx:xx:xx
add configuration=cfg-soly disabled=no mac-address=06:F4:1C:x:xx:xx \
master-interface=cap-wifi2 name=cap-wifi2-virtual1
add configuration=cfg-personal disabled=no name=cap-wifi3 radio-mac=\
04:F4:1C:xx:xx:xx
add configuration=cfg-work disabled=no mac-address=06:F4:1C:xx:xx:xx \
master-interface=cap-wifi3 name=cap-wifi3-virtual1
add configuration=cfg-iot disabled=no name=cap-wifi4 radio-mac=\
04:F4:1C:xx:xx:xx
add configuration=cfg-soly disabled=no mac-address=06:F4:1C:xx:xx:xx \
master-interface=cap-wifi4 name=cap-wifi4-virtual1
set [ find default-name=wifi1 ] configuration=cfg-personal disabled=no
add configuration=cfg-work disabled=no mac-address=F6:1E:57:xx:xx:xx \
master-interface=wifi1 name=wifi1-virtual1
set [ find default-name=wifi2 ] configuration=cfg-iot disabled=no
add configuration=cfg-soly disabled=no mac-address=F6:1E:57:xx:xx:xx \
master-interface=wifi2 name=wifi2-virtual1
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
add name=pool-rl-work ranges=192.168.10.100-192.168.10.199
add name=pool-rl-personal ranges=192.168.20.100-192.168.20.199
add name=pool-rl-soly ranges=192.168.30.100-192.168.30.199
add name=pool-rl-iot ranges=192.168.40.100-192.168.40.199
/ip dhcp-server
add address-pool=default-dhcp interface=VLAN88-Mgmt name=defconf
add address-pool=pool-rl-work interface=VLAN10-RL-Work lease-time=1d name=\
dhcp-rl-work
add address-pool=pool-rl-personal interface=VLAN20-RL-Personal lease-time=1d \
name=dhcp-rl-personal
add address-pool=pool-rl-soly interface=VLAN30-RL-Soly lease-time=1d name=\
dhcp-rl-soly
add address-pool=pool-rl-iot interface=VLAN40-RL-IoT lease-time=1d name=\
dhcp-rl-iot
/disk settings
set auto-media-interface=bridge auto-media-sharing=yes auto-smb-sharing=yes
/interface bridge port
add bridge=bridge comment=defconf frame-types=\
admit-only-untagged-and-priority-tagged interface=ether2 pvid=10
add bridge=bridge comment=defconf interface=ether3 pvid=88
add bridge=bridge comment=defconf frame-types=\
admit-only-untagged-and-priority-tagged interface=ether4 pvid=30
add bridge=bridge comment=defconf frame-types=\
admit-only-untagged-and-priority-tagged interface=ether5 pvid=88
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface bridge vlan
add bridge=bridge comment="RL-Work access ether2" tagged=bridge,ether3 \
untagged=ether2 vlan-ids=10
add bridge=bridge comment="RL-Personal (solo Wi-Fi)" tagged=bridge,ether3 \
vlan-ids=20
add bridge=bridge comment="RL-Soly access ether4" tagged=bridge,ether3 \
untagged=ether4 vlan-ids=30
add bridge=bridge comment="RL-IoT (solo Wi-Fi)" tagged=bridge,ether3 \
vlan-ids=40
add bridge=bridge comment="Mgmt untagged ether5+ether3" tagged=bridge \
untagged=ether5,ether3 vlan-ids=88
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=pppoe-eolo list=WAN
add interface=VLAN10-RL-Work list=LAN
add interface=VLAN20-RL-Personal list=LAN
add interface=VLAN30-RL-Soly list=LAN
add interface=VLAN40-RL-IoT list=LAN
add interface=ether5 list=LAN
add interface=VLAN88-Mgmt list=LAN
/interface wifi cap
set caps-man-addresses=127.0.0.1 caps-man-names=hAP-ax3-RL certificate=\
request discovery-interfaces=bridge enabled=yes
/interface wifi capsman
set ca-certificate=auto certificate=auto enabled=yes interfaces=VLAN88-Mgmt \
package-path="" require-peer-certificate=no upgrade-policy=\\
suggest-same-version
/interface wifi provisioning
add action=create-enabled disabled=no master-configuration=cfg-personal \
slave-configurations=cfg-work supported-bands=5ghz-ax
add action=create-enabled disabled=no master-configuration=cfg-iot \
slave-configurations=cfg-soly supported-bands=2ghz-n
/ip address
add address=192.168.88.1/24 comment=defconf interface=VLAN88-Mgmt network=\
192.168.88.0
add address=192.168.10.1/24 comment="GW RL-Work" interface=VLAN10-RL-Work \
network=192.168.10.0
add address=192.168.20.1/24 comment="GW RL-Personal" interface=\
VLAN20-RL-Personal network=192.168.20.0
add address=192.168.30.1/24 comment="GW RL-Soly" interface=VLAN30-RL-Soly \
network=192.168.30.0
add address=192.168.40.1/24 comment="GW RL-IoT (solo Wi-Fi)" interface=\
VLAN40-RL-IoT network=192.168.40.0
/ip dhcp-client
add comment=defconf disabled=yes interface=ether1
/ip dhcp-server lease
add address=192.168.88.253 client-id=1:4:f4:1c:xx:xx:xx comment=\
"cAP #2 (port3)" mac-address=04:F4:1C:xx:xx:xx server=defconf
add address=192.168.88.252 client-id=1:4:f4:1c:xx:xx:xx comment=\
"cAP #1 (port2)" mac-address=04:F4:1C:xx:xx:xx server=defconf
/ip dhcp-server network
add address=192.168.10.0/24 dns-server=192.168.10.1 gateway=192.168.10.1
add address=192.168.20.0/24 dns-server=192.168.20.1 gateway=192.168.20.1
add address=192.168.30.0/24 dns-server=192.168.30.1 gateway=192.168.30.1
add address=192.168.40.0/24 dns-server=192.168.40.1 gateway=192.168.40.1
add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 gateway=\
192.168.88.1
/ip dns
set allow-remote-requests=yes doh-max-concurrent-queries=100 servers=\
1.1.1.1,1.0.0.1,8.8.8.8,8.8.4.4 use-doh-server=\\
https://dns.google/dns-query verify-doh-cert=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan type=A
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=accept chain=input comment="Allow NTP to router from LAN" \
dst-port=123 in-interface-list=LAN protocol=udp
add action=accept chain=input comment="Allow CAPsMAN TCP from LAN" dst-port=\
5246,5247 in-interface-list=LAN protocol=tcp
add action=accept chain=input comment="Allow CAPsMAN UDP from LAN" dst-port=\
5246,5247 in-interface-list=LAN protocol=udp
add action=accept chain=input comment="Allow DHCP from LAN" dst-port=67,68 \
in-interface-list=LAN protocol=udp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \\
connection-state=new in-interface-list=WAN
add action=accept chain=forward comment=\
"TEMP allow VLAN88 -> 192.168.20.2 HTTP/HTTPS" dst-address=192.168.20.2 \\
dst-port=80,443 protocol=tcp src-address=192.168.88.0/24
add action=accept chain=forward comment="Allow DHCP LAN<->LAN" \
in-interface-list=LAN out-interface-list=LAN protocol=udp src-port=67,68
add action=drop chain=forward comment="Inter-VLAN isolation by default" \
in-interface-list=LAN out-interface-list=LAN
add action=accept chain=forward comment="Explicit LAN->WAN allow" \
in-interface-list=LAN out-interface-list=WAN
add action=drop chain=input comment="Block router management from WAN" \
in-interface-list=WAN
add action=drop chain=forward comment="Final drop (default deny)"
/ip firewall mangle
add action=change-mss chain=forward comment="Clamp MSS for TLS/DoH" new-mss=\
clamp-to-pmtu out-interface=pppoe-eolo protocol=tcp tcp-flags=syn
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
add action=redirect chain=dstnat comment="Force local DNS (UDP 53)" dst-port=\
53 in-interface-list=LAN protocol=udp to-ports=53
add action=redirect chain=dstnat comment="Force local DNS (TCP 53)" dst-port=\
53 in-interface-list=LAN protocol=tcp to-ports=53
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=\
icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" \
dst-port=33434-33534 protocol=udp
add action=accept chain=input comment=\
"defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\\
udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \
protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=\
ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\
ipsec-esp
add action=accept chain=input comment=\
"defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment=\
"defconf: drop everything else not coming from LAN" in-interface-list=\\
!LAN
add action=fasttrack-connection chain=forward comment="defconf: fasttrack6" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related,untracked" connection-state=\\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment=\
"defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \
hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\
icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=\
500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\
ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\
ipsec-esp
add action=accept chain=forward comment=\
"defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment=\
"defconf: drop everything else not coming from LAN" in-interface-list=\\
!LAN
/system clock
set time-zone-name=Europe/Rome
/system identity
set name=hAP-ax3-RL
/system leds settings
set all-leds-off=after-1min
/system logging
add topics=wireless,caps,debug
add topics=wireless,info
/system ntp client
set enabled=yes
/system ntp server
set enabled=yes
/system ntp client servers
add address=162.159.200.1
add address=216.239.35.0
add address=time.cloudflare.com
/system routerboard mode-button
set enabled=yes on-event=dark-mode
/system routerboard wps-button
set enabled=yes on-event=wps-accept
/system script
add comment=defconf dont-require-permissions=no name=dark-mode owner=*sys \
policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \\
source="\\r\\
\\n :if (\[system leds settings get all-leds-off\] = \\"never\\") do={\\r\\
\\n /system leds settings set all-leds-off=immediate \\r\\
\\n } else={\\r\\
\\n /system leds settings set all-leds-off=never \\r\\
\\n }\\r\\
\\n "
add comment=defconf dont-require-permissions=no name=wps-accept owner=*sys \
policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \\
source="\\r\\
\\n :foreach iface in=\[/interface/wifi find where (configuration.mode=\\"a\\
p\\" && disabled=no)\] do={\\r\\
\\n /interface/wifi wps-push-button \\$iface;}\\r\\
\\n "
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
####################################
cAP CONFIGURATION
####################################
# 2025-11-02 11:58:38 by RouterOS 7.20.2
# software id = I0VU-GLRL
#
# model = cAPGi-5HaxD2HaxD
# serial number = ##########
/interface bridge
add admin-mac=04:F4:1C:xx:xx:xx auto-mac=no comment=defconf name=bridgeLocal \
pvid=88 vlan-filtering=yes
/interface vlan
add interface=bridgeLocal name=VLAN88-Mgmt vlan-id=88
/interface wifi datapath
add bridge=bridgeLocal comment=defconf disabled=no name=capdp
/interface wifi
# managed by CAPsMAN F4:1E:57:xx:xx:xx%VLAN88-Mgmt, traffic processing on CAP
# mode: AP, SSID: RL-Personal, channel: 5180/ax/Ceee/I
set [ find default-name=wifi1 ] configuration.manager=capsman datapath=capdp \
disabled=no
# managed by CAPsMAN F4:1E:57:xx:xx:xx%VLAN88-Mgmt, traffic processing on CAP
# mode: AP, SSID: RL-IoT, channel: 2462/n
set [ find default-name=wifi2 ] configuration.manager=capsman datapath=capdp \
disabled=no
/certificate settings
set builtin-trust-anchors=not-trusted
/interface bridge port
add bridge=bridgeLocal comment=defconf frame-types=\
admit-only-untagged-and-priority-tagged interface=ether1 pvid=88
add bridge=bridgeLocal comment=defconf frame-types=\
admit-only-untagged-and-priority-tagged interface=ether2 pvid=20
/interface bridge vlan
add bridge=bridgeLocal tagged=bridgeLocal untagged=ether1 vlan-ids=88
add bridge=bridgeLocal tagged=bridgeLocal,ether1 untagged=ether2 vlan-ids=20
/interface wifi cap
set caps-man-addresses=192.168.88.1 certificate=request discovery-interfaces=\
VLAN88-Mgmt enabled=yes slaves-datapath=capdp
/ip dhcp-client
add comment=defconf disabled=yes interface=bridgeLocal
add comment="mgmt on vlan88" interface=VLAN88-Mgmt
/system clock
set time-zone-name=Europe/Rome
/system identity
set name=cAP-Garage
/system ntp client
set enabled=yes
/system ntp client servers
add address=192.168.88.1
####################################
TP-LINK SWITCH CONFIGURATION
####################################
TL-SG605E – Current Switch Settings (text dump)
[IGMP SNOOPING]
- IGMP Snooping: Disabled
- Report Message Suppression: Disabled
[QOS – GLOBAL CONFIG]
- QoS Mode: DSCP / 802.1P Based
[802.1Q VLAN – PVID (Default VLAN per Port)]
- Port 1: PVID 88
- Port 2: PVID 88
- Port 3: PVID 88
- Port 4: PVID 20
- Port 5: PVID 20
[802.1Q VLAN – MEMBERSHIP / TAGGING]
-
VLAN 1 (Default)
• Member Ports: 1–3
• Tagged: —
• Untagged: — -
VLAN 10 (Work)
• Member Ports: 1–3
• Tagged: 1–3
• Untagged: — -
VLAN 20 (Personal)
• Member Ports: 1–5
• Tagged: 1–3
• Untagged: 4–5 -
VLAN 30 (Soly)
• Member Ports: 1–3
• Tagged: 1–3
• Untagged: — -
VLAN 40 (IoT)
• Member Ports: 1–3
• Tagged: 1–3
• Untagged: — -
VLAN 88 (Mgmt)
• Member Ports: 1–3
• Tagged: —
• Untagged: 1–3