Feasibility of CAPsMAN VLAN and VPN Configuration on Point to Multi-Point with RB4011iGS+RM

RouterOS Wireless Networking
21

Commenting on config from attached rsc file …

You shouldn’t set use-service-tag=yes, it switches over to different type of VLAN headers. And no tag stacking.

All in all device config is a mess. So I suggest you to start over:

  1. install ROS 7.16.1 on your hAP ac2, it’ll improve wifi performance quite a lot compared to legacy wireless driver you have currently installed. I suggest you to use netinstall and if you’re going with 7.16.1, you have to install also optional package “wifi-qcom-ac”
  2. use winbox to connect to device and go from empty config
  3. create single bridge with VLAN filtering enabled, add all ether ports except tge one you’ll use to configure it (you’ll add it later when you check that other ports are fine). Also add both wifi interfaces.
  4. configure wifi parameters. The new driver has configuratiin under /interface/wifi , configuration philosophy is a bit different. Don’t configure VLANs in wifi section (wifi-qcom.ac doesn’t even support it)
    You’ll configure one SSID on master interface (e.g. wifi1) and you’ll create additional slave wifi interfaces (using wifi1 as their master but setting otger SSIDs)
  5. on bridge port wifi1 set PVID to desired VLAN ID for main SSID (e.g. 30 for baita_sp)
  6. add the slave wifi interfaces as bridge ports and set pvid to values appropriate for SSIDs (e.g. 10 for wifi interface configured with SSID vwlan-iot
  7. you only need bridge port to be set as tagged member of management VLAN (e.g. 30) and you only need VLAN interface for tgat VLAN. Add IP address to that VLAN interface, don’t forget to include netmask (e.g. 192.168.10.220/24, netmask is missing in your current config) and set default route.
  8. set ether1 as tagged memver of all VLANs involved and set the rest of ether ports as access ports to appropriate VLANs (set pvid on port and they will be automatically added as untagged members of corresponding VLAN)

If you don’t want to go with ROS v7, then you can proceed with current version, but the config is not correct either.

I guess VLANs are overwhelming you. I suggest you to study this excellent tutorial: http://forum.mikrotik.com/t/using-routeros-to-vlan-your-network/126489/1
Bridge has a few personalities and this article will help you understand them: http://forum.mikrotik.com/t/routeros-bridge-mysteries-explained/147832/1

I suspect that VLAN setup might be suboptimal on RB4011 as well, so you may want to post config as well. Or, if you’re into learning, try fixing them after you read the articles linked above (but come back for help if you get stuck).