It is possible to create another SSID with another IP domain on a remote CAPS? How to proceed with it?
Is it just necessary do create a second bridge on the CAP manager and assign this new bridge to the configs containing the second ssid? The second ssid should be slave of the first one?
Or it is necessary to create VLANs on the ethernet connections for remote the second brigde? CAPS is already a VLAN? will it create automatically a new one for the second datapath?
On the main router CAP manager I created a new IP addess assigned the the new bridge, a DHCP server and a source NAT from this new IP domain to the other main IP of router. Is it correct?
Thank you a lot
I disagree - this is only necessary if you use local forwarding.
all wireless interfaces with local forwarding (local-forwarding=yes) are connected to a single bridge on the CAP itself (configured under /interface wireless cap), so you need to use VLAN tagging to separate the traffic to/from the individual wireless interfaces from each other. A wireless frame received from the air on the CAP is forwarded directly to the local bridge on the CAP.
wireless interfaces with CAPsMAN forwarding (local-forwarding=no) can be connected to different bridges on the CAPsMAN router, because the wireless frames received from the air are delivered to the CAPsMAN and only there they are forwarded to the bridge specified in the /caps-man datapath configuration. So in this case, you only need to use VLAN tagging if you have other reasons to do so, e.g. if you want to integrate the wireless interfaces into an existing wired network with VLANs.
As explained above - with local-forwarding=no, this is one possibility, the other one is the same bridge with individual VLAN IDs.
One of the wireless interfaces on each physical radio interface must be a master (have no master set), all the other ones on the same radio must use that one as their master. The "physical" parameters (frequency channel, power, modulations) are set at the master one and the other interfaces inherit them, the "logical" ones (SSID, security settings, datapath settings) are individual per interface.
This is the case if you use local-forwarding=yes and the CAPsMAN nevertheless acts as a DHCP server and router for that SSID.
No. A VLAN interface (to attach the IP configuration to) will not be created automatically, nor will be a VLAN ID automatically permitted on all trunk ports of the bridge if you add a wireless interface with that VLAN ID if vlan-filtering=yes on the bridge.
With local-forwarding=no, the above is enough if all the" main IPs of the router" are attached to the same WAN interface and use the same gateway towards internet. If they are not, you need to use some kind of policy routing to choose the proper gateway (WAN interface) depending on source address.
Thank you, it works
Exactly I used local-forwarding=no and it suddenly worked, there is no reasons for VLAN since CAPS are connected directly to CAPSman. I’ve created a new IP on the CAPSman and NATted on it the new bridge, on the new bridge I created a DCHP, that’s all.
Interesting to know how CAPs sending 2 different packets from the 2 different SSID to the manager, maybe it is just using a different mac source address? ))
I’ve a question, I want to limit the bandwith for the new bridge, the best way I can do is to give a limit on the NAT on the firewall? It has sense..
I would ask, if I have the first SSID transparent to the bridge and all the rest of the LAN, can I introduce a QoS on the second SSID? I mean, leave the second SSID the full bandwith if there is no one using it on the LAN.. but I guess no because as it is trasparent (the main internet router is another) it can’t know the situation of the traffic of the main LAN, so I guess I can only make a simple bandwith limitation
I have 2 NATs, one is the default masquerade, (with OUT interface WAN), the other is what I created to nat any request from the new network to the old one. There is something I don’t understand, the masqueade default seems NATting but it’s set to use the WAN, and the ethernet 1 wan port is not connected, Ethernet2 is the uplink to internet, how it is working then?
settings for default: srcnat, out interface list: WAN, IP sec policy: out:none, action:masquerade
my NAT (probably wrong): scrnat, src address: 10.0.0.0/22, connection rate: 10M, action: accept
maybe I’ve to disable the default, and change action to masquerade? I’ve probably to select the in interface the new bridge, and how can I specify to use for NAT as source ip address the second IP of the router?
thanks
i’ve tried a souce nat chain, src addr: 10.0.0.0/22, out interface: bridge, connection rate: 10M, action src-nat to address: the desidered one. But I need to wait tomorrow to test it
