As 7.13 is live I’ve decided to move wireless configs to CAPsMAN.
The InCAPable Manager: (pun unintended at first 
)
rb5009
CAPs:
cAP ax, hAP ax2, Chateau 5g ax - CAPs
Up until now I had wifi interfaces configured manually on each config per SSID and VLANs were handled by adding interfaces as bridge ports with subsequent PVID (thus under bridge/VLANs were UNTAGGED .
After setting up capsman as per (is it really?) fresh Mikrotik manual:
- used Datapaths in configs:
/interface wifi datapath
add bridge=bridge1 disabled=no name=vlan10-prv vlan-id=10
add bridge=bridge1 disabled=no name=vlan20-xyz vlan-id=20
- set wifi interface on cap:
/interface wifi datapath
add bridge=bridge1 disabled=no name=capdp
/interface wifi
set [ find default-name=wifi1 ] configuration.manager=capsman .mode=ap datapath=capdp disabled=no
set [ find default-name=wifi2 ] configuration.manager=capsman .mode=ap datapath=capdp disabled=no
- set provisioning on manager:
/interface wifi provisioning
add action=create-dynamic-enabled disabled=no identity-regexp=capax master-configuration=abcssid-5G name-format=5G-%I slave-configurations=abcssid-g-5G supported-bands=\
5ghz-ax,5ghz-ac,5ghz-n,5ghz-a
add action=create-dynamic-enabled disabled=no identity-regexp=capax master-configuration=abcssid-2G name-format=2G-%I slave-configurations=abcssid-i-2G,abcssid-k-2G,abcssid-v-2G,abcssid-w-2G \
supported-bands=2ghz-ax,2ghz-n,2ghz-g
- set capsman:
/interface wifi capsman
set enabled=yes interfaces=vlan10-prv package-path="" require-peer-certificate=no upgrade-policy=suggest-same-version
- set cap:
/interface wifi cap
set discovery-interfaces=vlan10-prv enabled=yes slaves-datapath=capdp
Interfaces showed up, clients connected correct VLAN IDs visible, everything looks fine.. BUT
- When connecting my laptop over wifi I’m not getting IP address from vlan10-prv DHCP server (on rb5009) - can it be somehow dependent on fact that CAPSMAN discovery interface is vlan10-prv aka management vlan?
- Wifi interfaces are being dynamically added as tagged:
I have configured:
/interface bridge vlan
add bridge=bridge1 tagged=ether1,bridge1 vlan-ids=10
add bridge=bridge1 tagged=bridge1,ether1 vlan-ids=11
add bridge=bridge1 tagged=bridge1,ether1 vlan-ids=40
add bridge=bridge1 tagged=bridge1,ether1 vlan-ids=60
#export
/interface bridge port export
add bridge=bridge1 comment=trunk frame-types=admit-only-vlan-tagged interface=ether1 internal-path-cost=10 path-cost=10
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=wifi1 internal-path-cost=10 path-cost=10 pvid=10
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=wifi2 internal-path-cost=10 path-cost=10 pvid=10
#print
/interface bridge port print
0 ether1 bridge1 yes 1 0x80 10 10 none
1 wifi1 bridge1 10 0x80 10 10 none
2 wifi2 bridge1 10 0x80 10 10 none
3 D wifi13 bridge1 40 0x80 none
4 D wifi14 bridge1 60 0x80 none
5 D wifi15 bridge1 12 0x80 none
6 D wifi16 bridge1 11 0x80 none
7 D wifi17 bridge1 111 0x80 none
# BRIDGE VLAN-IDS CURRENT-TAGGED CURRENT-UNTAGGED
0 bridge1 100 bridge1 wifi1
ether1 wifi2
1 bridge1 111 bridge1
ether1
wifi17
2 bridge1 40 bridge1
ether1
3 bridge1 60 bridge1
ether1
4 D bridge1 12 wifi15
5 D bridge1 11 wifi16
6 D bridge1 40 wifi13
WHY?
)