I’m trying to figured out the how to configure following maybe somebody can help
I need users connect to one SSID.but I do not want to use hotspot package
After user is connected I will add him to access list manually but unti than user cannot connect to internet.
After user is added to access list I need to isolate the traffic through two different vlans
In addition to that I need this to be performance focused so I need to use HW acceleration (no CPU)
Doe anyone has any examples how correctly configure this?
If you want to do it in hardware, then you’ll have to tell which hardware. BTW anything passing wireless can’t be HW offloaded, only traffic between ethernet ports (managed by same switch chip) can be handled in hardware.
by any chance do you have any configuration example for caps-man with ACL
What about manual configuration without caps-man? any examples?
Currently I’m trying to implement something like VLAN on a bridge in a bridge https://wiki.mikrotik.com/wiki/Manual:Layer2_misconfiguration
Only a complete psycho path wants to use capsman, i avoid it like covid lol.
The only time is if you have so many capacs they are untenable otherwise but then i would have to chastise you for getting so many of what most consider a sub standard wifi device.
Standalone will do that as well with the access-list, even if it is not DPSK (Ruckus way).
Other possibility is using EAP-Enterprise RADIUS authentication for another centralised VLAN allocation database.
RADIUS authentication can be MAC based or username (PEAP/MSCHAPv2) based, so that will work for “local administered MAC addresses” as well.
Usermanager 5 (ROS 7) does support EAP/PEAP/MSCHAPv2 for wifi authentication.
The Engenius crap I was subjected to yesterday has a myPSK option. You assign different passwords on the same SSID. Then those break out to different VLAN tags.
The service is part of their Pro license, and requires you to pay $50 per access point on your network per year.
The access points really were the brains of the system. With a pretty serious"control panel" interface. Sure had some pretty graphics and slick GUI…
The switches were the problem at yesterday’s deployment. Seems Engenius absolutely lied in their marketing (no F–king surprise there), that with their pro licence… You get topology maps that INCLUDE non Engenius devices. Yeah… That didn’t actually work. Support said they would need to get back to me, about why it didn’t work as advertised and promised. It even shows in their online document and demonstration.
You can’t even open a hosts table on the switches. Leaving you completely lost when you are trying to figure out where something is plugged into.
(And if you think I give Mikrotik S–t about the wifi drivers… Just wait and see what I am gonna do to the project manager for this crap.)
Cambium on the other hand… Using EPSK does what it promised. You can either use a password with no Mac address and define a VLAN. Or tie a Mac address to a password too pick a VLAN.
The radio performance of their WiFi 6 gear is closer to the Ruckus gear I have relied on for years.
@bpwl Would you be able to share configuration example how to attach multiple vlans to single SSID and use EAP-Enterprise RADIUS authentication to assign device to proper vlan?