Hi,
Thank you in advance for the help!
So I have a RB4011iGS+5HacQ2HnD(CAPsMAN) and a (CAP) RBD53iG-5HacD2HnD(hap ac3). I have created a capsman network with two vlans, the main network, and a guest network which I want only to be via WLAN. I have DHCP, IP pools set up and ports assigned, I am writing this on my laptop connected via wire to the hap AC3 on the main netowrk. When I connect to the WLANi get IP i just fot get internet, Will post config, plz help,
MTBMcongif.cfg.rsc (11.5 KB)
You have many mistakes in your configuration…
As for the reason you don’t have internet when connecting to either vlan10 or vlan20 is because you do not allow neither of these VLANs to make DNS queries to the router…
More specifically, the DNS queries are blocked because there is a rule
action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
which will drop anything not coming from LAN… so it will drop VLAN10 and VLAN20 when making DNS queries too…
Above that rule for those VLAN interfaces allow tcp/udp ports 53 and test again…
Also when Bridge VLAN filtering is disabled, all VLAN related settings under interface bridge port and interface bridge vlan are ignored…
My main concern at this point had been to get it up and functional, then work on work on cleaning it up, tightening security, signal strengths, changing hap ac3 to just be access point for guest network and guest network shut off per schedule to shut off during certain hours.
So, did it work after changing the config according to my previous suggestion ?
The first thing I would do to simplify is get rid of capsman, and get the config working and if you decide you really need it, then complicate your life then.
(I dont review any config with capsman, I simply move to those that dont - my limitation )
(If you dont believe me have a look at the wifi forum and all the issues, and they spill over as capsman questions are huge in volume in the beginner forum as well )
(unless you have a large group of mt wifi, and until you know MT configs cold, best to avoid in most cases )
So the issue actually ended up being in my ip pool setup which led to the dns issue. So now I can connect to the internet via cabel or WiFi, everything gets ip addresses. New issue though when I go to connect to the guest WiFi (only on iphones, Android and laptops work fine) it asks for a user name??? Why!?
Because that is what you have enabled in the security settings.
In the Authentication Type settings, only WPA2 PSK should be selected, Encription aes ccm
K, found a iphone that dosen’t ask for a user name but still when i go to connect it just says unable to join network, changed the security to your recommened settings to no avail.
Thank you for all your help my friend!
So yes the authentication type was the issue. Thank you vary much for the help.
So I have a bridge w two vlan’s, one is the Home network WiFi and the other guest WiFi. I seem to be able to reach devices from my capdatapath to the MTB-M network but not vise-versa, I would like the guest to be completely isolated from anything but internet and client to client. I thought I had addressed it in the firewall but apparently not.