Layer3 roaming.

maigonis · August 1, 2020, 9:10pm

Is it possible to setup layer 3 roaming?

I have setup Capsman (main network router as server) whit CAPs on separate VLANs, if client device roams it gets a new IP. It is fine for me at home lab, but it can cause issues if I deploy this configuration at work.

My configuration:

# aug/02/2020 00:07:19 by RouterOS 6.47.1
# software id = BVLC-I6J1
#
# model = RB450Gx4
# serial number =
/caps-man channel
add band=2ghz-onlyn control-channel-width=20mhz extension-channel=disabled \
    frequency=2412 name=CH1
add band=2ghz-onlyn control-channel-width=20mhz extension-channel=disabled \
    frequency=2417 name=CH2
add band=2ghz-onlyn control-channel-width=20mhz extension-channel=disabled \
    frequency=2422 name=CH3
add band=2ghz-onlyn control-channel-width=20mhz extension-channel=disabled \
    frequency=2427 name=CH4
add band=2ghz-onlyn control-channel-width=20mhz extension-channel=disabled \
    frequency=2432 name=CH5
add band=2ghz-onlyn control-channel-width=20mhz extension-channel=disabled \
    frequency=2437 name=CH6
add band=2ghz-onlyn control-channel-width=20mhz extension-channel=disabled \
    frequency=2442 name=CH7
add band=2ghz-onlyn control-channel-width=20mhz extension-channel=disabled \
    frequency=2447 name=CH8
add band=2ghz-onlyn control-channel-width=20mhz extension-channel=disabled \
    frequency=2452 name=CH9
add band=2ghz-onlyn control-channel-width=20mhz extension-channel=disabled \
    frequency=2457 name=CH10
add band=2ghz-onlyn control-channel-width=20mhz extension-channel=disabled \
    frequency=2462 name=CH11
add band=2ghz-onlyn control-channel-width=20mhz extension-channel=disabled \
    frequency=2467 name=CH12
add band=2ghz-onlyn control-channel-width=20mhz extension-channel=disabled \
    frequency=2472 name=CH13
add band=5ghz-onlyac frequency=5180 name=CH36
add band=5ghz-onlyac frequency=5200 name=CH40
add band=5ghz-onlyac frequency=5220 name=CH44
add band=5ghz-onlyac frequency=5240 name=CH48
add band=5ghz-onlyac frequency=5260 name=CH52
add band=5ghz-onlyac frequency=5280 name=CH56
add band=5ghz-onlyac frequency=5300 name=CH60
add band=5ghz-onlyac frequency=5320 name=CH64
add band=5ghz-onlyac frequency=5500 name=CH100
add band=5ghz-onlyac frequency=5520 name=CH104
add band=5ghz-onlyac frequency=5540 name=CH108
add band=5ghz-onlyac frequency=5560 name=CH112
add band=5ghz-onlyac frequency=5580 name=CH116
add band=5ghz-onlyac frequency=5600 name=CH120
add band=5ghz-onlyac frequency=5620 name=CH124
add band=5ghz-onlyac frequency=5640 name=CH128
add band=5ghz-onlyac frequency=5660 name=CH132
add band=5ghz-onlyac frequency=5680 name=CH136
add band=5ghz-onlyac frequency=5700 name=CH140
add band=5ghz-onlyac frequency=5745 name=CH149
add band=5ghz-onlyac frequency=5765 name=CH153
add band=5ghz-onlyac frequency=5785 name=CH157
add band=5ghz-onlyac frequency=5805 name=CH161
add band=5ghz-onlyac frequency=5825 name=CH165
/interface bridge
add admin-mac=C4:AD:34:75:CA:B0 auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=ether1 ] comment=WAN mac-address=74:4D:28:78:2A:17
set [ find default-name=ether2 ] comment="Maigo\F2a ala"
set [ find default-name=ether3 ] comment="Mened\FEments"
set [ find default-name=ether5 ] comment="Mammas istaba/POE"
/interface vlan
add comment="Maigo\F2a ala vadi" interface=ether2 name=\
    vlan10_maigonja_ala_vadi vlan-id=10
add comment="Maigo\F2a ala 5ghz" interface=bridge name=\
    vlan11_maigonja_ala_5ghz vlan-id=11
add comment="Maigo\F2a ala 2.4ghz" interface=bridge name=\
    vlan12_maigonja_ala_2.4ghz vlan-id=12
add comment="Mammas istaba 5ghz" interface=bridge name=\
    vlan20_mammas_istaba_5ghz vlan-id=20
add comment="Mammas istaba 2.4ghz" interface=bridge name=\
    vlan21_mammas_istaba_2.4ghz vlan-id=21
/caps-man rates
add basic=24Mbps ht-basic-mcs=mcs-3 ht-supported-mcs="mcs-3,mcs-4,mcs-5,mcs-6,\
    mcs-7,mcs-8,mcs-9,mcs-10,mcs-11,mcs-12,mcs-13,mcs-14,mcs-15,mcs-16,mcs-17,\
    mcs-18,mcs-19,mcs-20,mcs-21,mcs-22,mcs-23" name=ieteicamie supported=\
    24Mbps,36Mbps,48Mbps,54Mbps vht-basic-mcs="" vht-supported-mcs=""
add basic="1Mbps,2Mbps,5.5Mbps,11Mbps,6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,\
    48Mbps,54Mbps" name=visi supported="1Mbps,2Mbps,5.5Mbps,11Mbps,6Mbps,9Mbps\
    ,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps"
add basic=12Mbps ht-basic-mcs=mcs-1 ht-supported-mcs="mcs-1,mcs-2,mcs-3,mcs-4,\
    mcs-5,mcs-6,mcs-7,mcs-8,mcs-9,mcs-10,mcs-11,mcs-12,mcs-13,mcs-14,mcs-15,mc\
    s-16,mcs-17,mcs-18,mcs-19,mcs-20,mcs-21,mcs-22,mcs-23" name=\
    "ieteicamie 12" supported=12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps \
    vht-basic-mcs="" vht-supported-mcs=""
/caps-man configuration
add country=latvia datapath.bridge=bridge datapath.local-forwarding=no \
    installation=indoor name=cfg1 rates=ieteicamie \
    security.authentication-types=wpa2-psk security.disable-pmkid=yes \
    security.encryption=aes-ccm security.group-encryption=aes-ccm ssid=\
    Sleepnis
add country=latvia datapath.bridge=bridge datapath.local-forwarding=no \
    installation=indoor name=test rates=ieteicamie \
    security.authentication-types=wpa2-psk security.disable-pmkid=yes \
    security.encryption=aes-ccm security.group-encryption=aes-ccm ssid=test
add country=latvia datapath.bridge=bridge datapath.local-forwarding=no \
    installation=indoor name=TV rates=ieteicamie \
    security.authentication-types=wpa2-psk security.disable-pmkid=yes \
    security.encryption=aes-ccm security.group-encryption=aes-ccm ssid=\
    Sleepnis_TV
/caps-man interface
add channel=CH6 channel.frequency="" channel.tx-power=11 configuration=cfg1 \
    datapath.vlan-id=12 datapath.vlan-mode=use-tag disabled=no l2mtu=1600 \
    mac-address=C4:AD:34:C5:F0:9B master-interface=none mtu=1500 name=\
    "Maigonja ala 2.4Ghz" radio-mac=C4:AD:34:C5:F0:9B radio-name=C4AD34C5F09B
add channel=CH36 channel.tx-power=18 configuration=cfg1 \
    datapath.client-to-client-forwarding=yes datapath.vlan-id=11 \
    datapath.vlan-mode=use-tag disabled=no l2mtu=1600 mac-address=\
    C4:AD:34:C5:F0:9C master-interface=none name="Maigonja ala 5GHz" \
    radio-mac=C4:AD:34:C5:F0:9C radio-name=C4AD34C5F09C
add channel=CH11 channel.frequency="" channel.tx-power=10 configuration=cfg1 \
    datapath.vlan-id=21 datapath.vlan-mode=use-tag disabled=no l2mtu=1600 \
    mac-address=C4:AD:34:D9:4B:06 master-interface=none mtu=1500 name=\
    "Mammas istaba 2.4Ghz" radio-mac=C4:AD:34:D9:4B:06 radio-name=\
    C4AD34D94B06
add channel=CH100 channel.tx-power=18 configuration=cfg1 datapath.vlan-id=20 \
    datapath.vlan-mode=use-tag disabled=no l2mtu=1600 mac-address=\
    C4:AD:34:D9:4B:07 master-interface=none name="Mammas istaba 5Ghz" \
    radio-mac=C4:AD:34:D9:4B:07 radio-name=C4AD34D94B07
add channel=CH36 channel.frequency=5180 channel.tx-power=18 configuration=TV \
    datapath.client-to-client-forwarding=yes datapath.vlan-id=11 \
    datapath.vlan-mode=use-tag disabled=no l2mtu=1600 mac-address=\
    C4:AD:34:C5:F0:9D master-interface="Maigonja ala 5GHz" name="TV SSID" \
    radio-mac=C4:AD:34:C5:F0:9C radio-name=C4AD34C5F09C
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.88.100-192.168.88.254
add name=maigonja_ala_vadi ranges=192.168.1.10-192.168.1.254
add name=maigonja_ala_5ghz ranges=192.168.2.10-192.168.2.254
add name=maigonja_ala_2.4ghz ranges=192.168.3.10-192.168.3.254
add name=mammas_istaba_5ghz ranges=192.168.10.10-192.168.10.254
add name=mammas_istaba_2.4ghz ranges=192.168.11.10-192.168.11.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge lease-time=8h name=defconf
add address-pool=maigonja_ala_vadi disabled=no interface=\
    vlan10_maigonja_ala_vadi lease-time=8h name=dhcp_maigonja_ala_vadi
add address-pool=maigonja_ala_5ghz disabled=no interface=\
    vlan11_maigonja_ala_5ghz lease-time=8h name=dhcp_maigonja_ala_5ghz
add address-pool=maigonja_ala_2.4ghz disabled=no interface=\
    vlan12_maigonja_ala_2.4ghz lease-time=8h name=dhcp_maigonja_ala_2.4ghz
add address-pool=mammas_istaba_5ghz disabled=no interface=\
    vlan20_mammas_istaba_5ghz lease-time=8h name=dhcp_mammas_istaba_5ghz
add address-pool=mammas_istaba_2.4ghz disabled=no interface=\
    vlan21_mammas_istaba_2.4ghz lease-time=8h name=dhcp_mammas_istaba_2.4ghz
/queue simple
add disabled=yes max-limit=10M/10M name=queue1 target=\
    vlan11_maigonja_ala_5ghz
/system logging action
set 1 disk-file-count=5
/caps-man access-list
add action=accept allow-signal-out-of-range=always disabled=yes interface=\
    "Maigonja ala 5GHz" mac-address=F0:86:20:89:85:24 ssid-regexp=""
add action=reject allow-signal-out-of-range=10s disabled=yes interface=any \
    mac-address=F0:86:20:89:85:24 ssid-regexp=""
add action=accept allow-signal-out-of-range=10s disabled=yes interface=\
    "Mammas istaba 2.4Ghz" mac-address=40:CD:7A:D1:3B:20 ssid-regexp=""
add action=reject allow-signal-out-of-range=10s disabled=yes interface=any \
    mac-address=40:CD:7A:D1:3B:20 ssid-regexp=""
add action=accept allow-signal-out-of-range=10s disabled=yes interface=\
    "Mammas istaba 2.4Ghz" mac-address=B4:E1:C4:D3:40:AC ssid-regexp=""
add action=reject allow-signal-out-of-range=10s disabled=yes interface=any \
    mac-address=B4:E1:C4:D3:40:AC ssid-regexp=""
add action=accept allow-signal-out-of-range=10s disabled=yes interface=\
    "Mammas istaba 5Ghz" mac-address=D0:37:45:85:C5:F0 ssid-regexp=""
add action=reject allow-signal-out-of-range=10s disabled=yes interface=any \
    mac-address=D0:37:45:85:C5:F0 ssid-regexp=""
add action=accept allow-signal-out-of-range=10s disabled=yes interface=\
    "Maigonja ala 2.4Ghz" mac-address=10:B1:F8:05:21:E2 ssid-regexp=""
add action=reject allow-signal-out-of-range=10s disabled=yes interface=any \
    mac-address=10:B1:F8:05:21:E2 ssid-regexp=""
add action=accept allow-signal-out-of-range=10s disabled=no signal-range=\
    -70..120 ssid-regexp=""
add action=reject
/caps-man manager
set enabled=yes
/caps-man manager interface
set [ find default=yes ] forbid=yes
add disabled=no interface=bridge
/caps-man provisioning
add action=create-dynamic-enabled master-configuration=cfg1
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether2 network=\
    192.168.88.0
add address=192.168.1.1/24 comment="Maigo\F2a ala" interface=\
    vlan10_maigonja_ala_vadi network=192.168.1.0
add address=192.168.2.1/24 comment="Maigo\F2a ala 5ghz" interface=\
    vlan11_maigonja_ala_5ghz network=192.168.2.0
add address=192.168.3.1/24 comment="Maigo\F2a ala 2.4ghz" interface=\
    vlan12_maigonja_ala_2.4ghz network=192.168.3.0
add address=192.168.10.1/24 comment="Mammas istaba 5ghz" interface=\
    vlan20_mammas_istaba_5ghz network=192.168.10.0
add address=192.168.11.1/24 comment="Mammas istaba 2.4ghz" interface=\
    vlan21_mammas_istaba_2.4ghz network=192.168.11.0
/ip dhcp-client
add comment=defconf disabled=no interface=ether1 use-peer-dns=no
/ip dhcp-server lease
add address=192.168.88.2 comment="Me\FEonis" mac-address=E0:D5:5E:A3:EF:5B \
    server=defconf
add address=192.168.88.51 comment="cAP ac Mammas istaba" mac-address=\
    C4:AD:34:D9:4B:04 server=defconf
add address=192.168.88.3 client-id=1:f0:86:20:89:85:24 comment="LG TV WiFi" \
    disabled=yes mac-address=F0:86:20:89:85:24 server=defconf
add address=192.168.88.30 comment="Spuldz\EEte 1 Maigo\F2a ala" disabled=yes \
    mac-address=04:CF:8C:A0:BF:2A server=defconf
add address=192.168.88.31 comment="Spuldz\EEte 2 Maigo\F2a ala" disabled=yes \
    mac-address=04:CF:8C:A0:B6:4B server=defconf
add address=192.168.88.21 client-id=1:40:cd:7a:d1:3b:20 comment="Mammas TV" \
    disabled=yes mac-address=40:CD:7A:D1:3B:20 server=defconf
add address=192.168.88.50 client-id=1:c4:ad:34:c5:f0:96 comment=\
    "hAP ac2 Maigo\F2a ala" mac-address=C4:AD:34:C5:F0:96 server=defconf
add address=192.168.88.20 client-id=1:d0:37:45:85:c5:f0 comment=\
    "Mammas dators" disabled=yes mac-address=D0:37:45:85:C5:F0 server=defconf
add address=192.168.88.4 client-id=1:64:95:6c:2d:1d:3a comment="LG TV LAN" \
    disabled=yes mac-address=64:95:6C:2D:1D:3A server=defconf
/ip dhcp-server network
add address=192.168.1.0/24 comment="Maigo\F2a ala vadi" dns-server=\
    1.1.1.1,1.0.0.1 gateway=192.168.1.1
add address=192.168.2.0/24 comment="Maigo\F2a ala 5ghz" dns-server=\
    1.1.1.1,1.0.0.1 gateway=192.168.2.1
add address=192.168.3.0/24 comment="Maigo\F2a ala 2.4ghz" dns-server=\
    1.1.1.1,1.0.0.1 gateway=192.168.3.1
add address=192.168.10.0/24 comment="Mammas istaba 5ghz" dns-server=\
    1.1.1.1,1.0.0.1 gateway=192.168.10.1
add address=192.168.11.0/24 comment="Mammas istaba 2.4ghz" dns-server=\
    1.1.1.1,1.0.0.1 gateway=192.168.11.1
add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 gateway=\
    192.168.88.1
/ip dns
set allow-remote-requests=yes cache-size=1024KiB use-doh-server=\
    https://1.1.1.1/dns-query verify-doh-cert=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan type=A
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
add action=accept chain=forward comment=\
    "At\EFaut savienojumu me\FEonim no 5ghz Maigo\F2a t\EEkla" dst-address=\
    192.168.2.0/24 src-address=192.168.88.2
add action=accept chain=forward comment=\
    "At\EFaut savienojumu me\FEonim no 5ghz Maigo\F2a t\EEkla #2" \
    dst-address=192.168.88.2 src-address=192.168.2.0/24
add action=accept chain=forward comment=\
    "At\EFaut savienojumu me\FEonim no 5ghz Mammas t\EEkla" dst-address=\
    192.168.88.2 src-address=192.168.10.0/24
add action=accept chain=forward comment=\
    "At\EFaut savienojumu me\FEonim no 5ghz Mammas t\EEkla #2" dst-address=\
    192.168.10.0/24 src-address=192.168.88.2
add action=drop chain=forward comment=\
    "Blo\ED\E7 vlan savstarp\E7jo savienojumu" in-interface=bridge \
    out-interface=all-vlan
/ip firewall nat
add action=masquerade chain=srcnat dst-address=192.168.88.0/24 src-address=\
    192.168.88.0/24
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat dst-port=63718 in-interface=ether1 protocol=\
    tcp to-addresses=192.168.88.2 to-ports=63718
add action=dst-nat chain=dstnat comment=Aspia dst-port=5135 in-interface=\
    ether1 protocol=tcp to-addresses=192.168.88.2 to-ports=5135
add action=dst-nat chain=dstnat comment=VNC dst-address=89.254.164.110 \
    dst-port=61595 protocol=tcp to-addresses=192.168.88.2 to-ports=61595
add action=dst-nat chain=dstnat comment=Plex dst-address=89.254.164.110 \
    dst-port=32400 protocol=tcp to-addresses=192.168.88.2 to-ports=32400
add action=dst-nat chain=dstnat disabled=yes dst-port=32400 in-interface=\
    ether1 protocol=tcp to-addresses=192.168.88.2 to-ports=32400
add action=dst-nat chain=dstnat disabled=yes dst-address=89.254.164.110 \
    dst-port=61595 protocol=tcp to-addresses=192.168.88.2
add action=masquerade chain=srcnat disabled=yes out-interface=ether1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/system clock
set time-zone-name=Europe/Riga
/system identity
set name="Sleepnja Kastiite"
/system logging
set 0 disabled=yes
set 1 disabled=yes
set 2 disabled=yes
set 3 disabled=yes
add action=disk topics=critical
add action=disk topics=error
add action=disk topics=info
add action=disk topics=warning
add action=disk disabled=yes topics=dhcp
add action=disk prefix=debug topics=wireless,debug
add action=disk prefix=debug topics=caps,debug
add action=disk topics=ntp
add action=disk disabled=yes topics=dns
/system ntp client
set enabled=yes primary-ntp=162.159.200.1
/system ntp server
set enabled=yes
/system scheduler
add interval=1d name="Auto Upgrade" on-event=\
    "/system script run \"Auto Upgrade\"" policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-date=nov/11/2019 start-time=03:00:00
/system script
add dont-require-permissions=no name="Auto Upgrade" owner=maigonis policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="#\
    #\r\
    \n##   Automatically upgrade RouterOS and Firmware\r\
    \n##   https://github.com/massimo-filippi/mikrotik\r\
    \n##\r\
    \n##   script by Maxim Krusina, maxim@mfcc.cz\r\
    \n##   based on: http://wiki.mikrotik.com/wiki/Manual:Upgrading_RouterOS\r\
    \n##   created: 2014-12-05\r\
    \n##   updated: 2019-01-26\r\
    \n##   tested on: RouterOS 6.43.8 / multiple HW devices\r\
    \n##\r\
    \n########## Set variables\r\
    \n## Update channel can take values before 6.43.8: bugfix    | current | d\
    evelopment | release-candidate\r\
    \n## Update channel can take values after  6.43.8: long-term | stable  | d\
    evelopment | testing\r\
    \n:local updChannel       \"stable\"\r\
    \n## Notify via Slack\r\
    \n:local notifyViaSlack   false\r\
    \n:global SlackChannel    \"#log\"\r\
    \n## Notify via E-mail\r\
    \n:local notifyViaMail    false\r\
    \n:local email            \"your@email.com\"\r\
    \n########## Upgrade firmware\r\
    \n## Let's check for updated firmware\r\
    \n:local rebootRequired false\r\
    \n/system routerboard\r\
    \n\r\
    \n:if ( [get current-firmware] != [get upgrade-firmware]) do={\r\
    \n\r\
    \n   ## New version of firmware available, let's upgrade\r\
    \n   ## Notify via Log\r\
    \n   :log info (\"Upgrading firmware on router \$[/system identity get nam\
    e] from \$[/system routerboard get current-firmware] to \$[/system routerb\
    oard get upgrade-firmware]\")\r\
    \n   ## Notify via Slack\r\
    \n   :if (\$notifyViaSlack) do={\r\
    \n       :global SlackMessage \"Upgrading firmware on router *\$[/system i\
    dentity get name]* from \$[/system routerboard get current-firmware] to *\
    \$[/system routerboard get upgrade-firmware]*\";\r\
    \n       :global SlackMessageAttachements  \"\";\r\
    \n       /system script run \"Message To Slack\";\r\
    \n   }\r\
    \n   ## Notify via E-mail\r\
    \n   :if (\$notifyViaMail) do={\r\
    \n       /tool e-mail send to=\"\$email\" subject=\"Upgrading firmware on \
    router \$[/system identity get name]\" body=\"Upgrading firmware on router\
    \_\$[/system identity get name] from \$[/system routerboard get current-fi\
    rmware] to \$[/system routerboard get upgrade-firmware]\"\r\
    \n   }\r\
    \n   ## Upgrade (it will no reboot, we'll do it later)\r\
    \n   upgrade\r\
    \n   :set rebootRequired true\r\
    \n\r\
    \n}\r\
    \n\r\
    \n\r\
    \n########## Upgrade RouterOS\r\
    \n\r\
    \n## Check for update\r\
    \n/system package update\r\
    \nset channel=\$updChannel\r\
    \ncheck-for-updates\r\
    \n## Wait on slow connections\r\
    \n:delay 15s;\r\
    \n## Important note: \"installed-version\" was \"current-version\" on olde\
    r Roter OSes\r\
    \n:if ([get installed-version] != [get latest-version]) do={\r\
    \n   ## Notify via Log\r\
    \n   :log info (\"Upgrading RouterOS on router \$[/system identity get nam\
    e] from \$[/system package update get installed-version] to \$[/system pac\
    kage update get latest-version] (channel:\$[/system package update get cha\
    nnel])\")\r\
    \n   ## Notify via Slack\r\
    \n   :if (\$notifyViaSlack) do={\r\
    \n       :global SlackMessage \"Upgrading RouterOS on router *\$[/system i\
    dentity get name]* from \$[/system package update get installed-version] t\
    o *\$[/system package update get latest-version] (channel:\$[/system packa\
    ge update get channel])*\";\r\
    \n       :global SlackMessageAttachements  \"\";\r\
    \n       /system script run \"Message To Slack\";\r\
    \n   }\r\
    \n\r\
    \n   ## Notify via E-mail\r\
    \n   :if (\$notifyViaMail) do={\r\
    \n       /tool e-mail send to=\"\$email\" subject=\"Upgrading RouterOS on \
    router \$[/system identity get name]\" body=\"Upgrading RouterOS on router\
    \_\$[/system identity get name] from \$[/system package update get install\
    ed-version] to \$[/system package update get latest-version] (channel:\$[/\
    system package update get channel])\"\r\
    \n   }\r\
    \n   ## Wait for mail to be sent & upgrade\r\
    \n   :delay 15s;\r\
    \n   install\r\
    \n} else={\r\
    \n    :if (\$rebootRequired) do={\r\
    \n        # Firmware was upgraded, but not RouterOS, so we need to reboot \
    to finish firmware upgrade\r\
    \n        ## Notify via Slack\r\
    \n        :if (\$notifyViaSlack) do={\r\
    \n            :global SlackMessage \"Rebooting...\";\r\
    \n            :global SlackMessageAttachements  \"\";\r\
    \n            /system script run \"Message To Slack\";\r\
    \n        }\r\
    \n        /system reboot\r\
    \n    } else={\r\
    \n        # No firmware nor RouterOS upgrade available, nothing to do, jus\
    t log info\r\
    \n        :log info (\"No firmware nor RouterOS upgrade found.\")\r\
    \n        ## Notify via Slack\r\
    \n        :if (\$notifyViaSlack) do={\r\
    \n            :global SlackMessage \"No firmware nor RouterOS upgrade foun\
    d.\";\r\
    \n            :global SlackMessageAttachements  \"\";\r\
    \n            /system script run \"Message To Slack\";\r\
    \n        }\r\
    \n    }\r\
    \n}"
add dont-require-permissions=yes name=netdownreboot owner=maigonis policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":\
    if ([/ping 8.8.8.8 interval=5 count=60] =0) do={\r\
    \nlog info \"my ping watchdog is down\" ; /system reboot\r\
    \n}"
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool netwatch
add down-script="/system script run netdownreboot" host=8.8.8.8
/tool romon
set enabled=yes

PS; VLAN implementation is a bit messy and not complete right now, ignore that. I will sort that out later.

mkx · August 16, 2020, 1:06pm

In short: you can’t.

1st of all, it would be against idea of VLANs which is separation between (V)LANs. 2nd it would mean that certain L2 network functions whould have to be somehow shared between different L2 networks (such as DHCP server and gateway MAC and IP address) to make it work seamlessly. Not to mention firewall.

What usually gets done is to create a (V)LAN connecting all APs so that wifi client can do L2 roaming between them.

maigonis · August 16, 2020, 9:14pm

I know that it would require a lot of things, thats why I ask, is it possible or not? Not that surprised about answer.