[SOLVED] CAPsMAN: Datapath VLAN assignment on Slave/VirtualAP possible?

emuell · February 21, 2015, 10:11am

Hi @ All!

Please consider following setup: I have 2 AP’s (AP1/AP2) controlled by CAPsMAN which is installed on router1. Router1 has 2 VLAN’s (private/public) which are in trunk port to AP1 and AP2. Now i will provision (over CAPsMAN) on both AP’s two separeted WLAN’s in local-forwarding mode, one for private and one for public.
So i create on both AP’s a brdige where trunk-ethernet-port is member and configure CAP to the same bridge. On CAPsMAN in Datapath section i create 2 profiles with corresbonding VLAN-ID for private (Master-Interface) and public (Slave/VirtualAP) and assign it to both AP’s.

After that, wireless connection will only work to private-network but not to public-network. If i change the datapath-profiles, public to Master-Interface and private to Slave/VirtualAP, public is working and private failed.

So it looks like that datapath VLAN assignment will only work for Master-Interfaces but not for Virtual-AP’s!

Can anyone confirm that and if it is so, how can i get my setup (with CAPsMAN!) to work?

Thanks!

emuell · February 24, 2015, 6:44am

Nobody has an idea ?
In CAPsMAN wiki there are no more infomations about datapath.vlan tag on slave/virtual ap interfaces. Should this work ?

Please help!

NetworkMeister · February 24, 2015, 8:47am

When you look at your bridge member ports, are both physical and virtual WLAN interfaces present?
Capture.JPG

emuell · February 24, 2015, 9:28am

Thx for your reply.
Yes, there are both wlan Interfaces member of the bridge, but VLAN Tag seems to work only on Master Interface !?

emuell · February 25, 2015, 6:16am

where are the mikrotik guy’s ?

PLEASE, i only need a short statement if datapath.vlan-options should work for virtual ap interfaces or how i can manage two separted wireless-network interfaces through CAPsMAN in local-forwarding-mode?

i would’nt ask this question if i find anything in the wiki or WWW - so this is my last option to get on.

THX!!

NetworkMeister · February 25, 2015, 9:17pm

Yes, it should work, I have identical setup working - 2 routers, 3 VLANs, 3 SSIDs, trunk in between the routers and CAPsMAN 2. Can you paste or send me your configuration output on PM?

emuell · February 26, 2015, 6:44am

Yes, it should work, I have identical setup working - 2 routers, 3 VLANs, 3 SSIDs, trunk in between the routers and CAPsMAN 2. Can you paste or send me your configuration output on PM?

Thats good news!

Here is my configuration:

 /caps-man datapath> print
 0 name="ps-privat" client-to-client-forwarding=no local-forwarding=yes 
   vlan-mode=use-tag vlan-id=25 

 1 name="ps-public" client-to-client-forwarding=no local-forwarding=yes 
   vlan-mode=use-tag vlan-id=66

 /interface> print
Flags: D - dynamic, X - disabled, R - running, S - slave 
 #     NAME                                TYPE       ACTUAL-MTU L2MTU  MAX-L2MTU
 0  RS ether1-master-local                 ether            1500  1598       4074
 1  XS ether2-slave-local                  ether            1500  1598       4074
 2  XS ether3-slave-local                  ether            1500  1598       4074
 3  XS ether4-slave-local                  ether            1500  1598       4074
 4     ether5-mgmt                         ether            1500  1598       4074
 5  RS ;;; managed by CAPsMAN
       ;;; channel: 2442/20-Ce/gn(20dBm), SSID: ps-privat, local forwarding
       wlan1                               wlan             1500  1600
 6 DRS ;;; managed by CAPsMAN
       ;;; SSID: ps-public, local forwarding
       wlan2                               wlan             1500  1600
 7  R  bridge-vlan-trunk                   bridge           1500  1598
 8  R  vlan25                              vlan             1500  1594

/interface bridge> print
Flags: X - disabled, R - running 
 0  R name="bridge-vlan-trunk" mtu=auto actual-mtu=1500 l2mtu=1598 arp=enabled 
      mac-address=D4:CA:6D:07:4C:EC protocol-mode=rstp priority=0x8000 
      auto-mac=yes admin-mac=00:00:00:00:00:00 max-message-age=20s 
      forward-delay=15s transmit-hold-count=6 ageing-time=5m

/interface bridge port> print
Flags: X - disabled, I - inactive, D - dynamic 
 #    INTERFACE                BRIDGE               PRIORITY  PATH-COST    HORIZON
 0    ether1-master-local      bridge-vlan-trunk        0x80         10       none
 1  D wlan1                    bridge-vlan-trunk        0x80         10       none
 2  D wlan2                    bridge-vlan-trunk        0x80         10       none

ether1-master-local is the trunk-port which includes tagged VLAN’s 25 & 66.

Thank you for your support!!

NetworkMeister · February 26, 2015, 9:39am

We do seem to have identical configuration:

/caps-man datapath> print
 0 name="local-vlan10" local-forwarding=yes vlan-mode=use-tag vlan-id=10 

 1 name="local-vlan20" local-forwarding=yes vlan-mode=use-tag vlan-id=20 


/interface> print
Flags: D - dynamic, X - disabled, R - running, S - slave 
 #     NAME                                TYPE       ACTUAL-MTU L2MTU  MAX-L2MTU
 0  R  eth1-internet                       ether            1500  1598       4074
 1  RS eth2-master                         ether            1500  1598       4074
 2   S eth3                                ether            1500  1598       4074
 3   S eth4                                ether            1500  1598       4074
 4   S eth5                                ether            1500  1598       4074
 5  RS ;;; managed by CAPsMAN
       ;;; channel: 2437/20-Ce/gn(27dBm), SSID: private, local forwarding
       wlan1                               wlan             1500  1600           
 6 DRS ;;; managed by CAPsMAN
       ;;; SSID: guest, local forwarding
       wlan15                              wlan             1500  1600           
 8  R  bridge                              bridge           1500  1598           
13  R  vlan10                              vlan             1500  1594           
14  R  vlan20                              vlan             1500  1594           


/interface bridge> print
Flags: X - disabled, R - running 
 0  R name="bridge" mtu=auto actual-mtu=1500 l2mtu=1598 arp=enabled protocol-mode=rstp 
      priority=0x8000 auto-mac=no max-message-age=20s forward-delay=15s 
      transmit-hold-count=6 ageing-time=5m 


/interface bridge port> print
Flags: X - disabled, I - inactive, D - dynamic 
 #    INTERFACE               BRIDGE               PRIORITY  PATH-COST    HORIZON
 0    wlan1                   bridge                   0x80         10       none
 1    eth2-master             bridge                   0x80         10       none
 2  D wlan15                  bridge                   0x80         10       none

Just to be sure:

ether1 is really the master port in switch group?
you have identical problem on both routers?

emuell · February 26, 2015, 9:55am

ether1 is really the master port in switch group?

you have identical problem on both routers?

Both → Yes!

Which CAP to CAPsMAN connection type do you use ? Layer 2 or Layer 3 (IP) and if L3, do you use one of the two VLAN’s for connection?

NetworkMeister · February 26, 2015, 2:30pm

I use L2 through VLAN 10. It does seem to me your CAP → CAPsMAN link is OK, as you have both dynamic wlan interfaces provisioned and bridged on CAP, and that is done by CAPsMAN.

emuell · April 27, 2015, 10:18am

In the meanwhile i got it work.
I use switch-chip feature for VLAN-Tagging and forgot to assign both VLAN’s to switch_cpu “port”.

Now everything works fine.

Thx for your assistance!

eMuell

ploquets · January 28, 2016, 4:46pm

I've read your configuration export, but, could you please teach me how to do it ?

I'm not aware about what needs to be done on CAP to have this cenario:

6 CAPs (one of them being the CAPsMAN)

Every CAP are connected to a switch, and all CAPs ports on Switch are tagged on two vlans.

What I need to do is:
Be able to control all CAPs with CAPsMAN (this step I think is done because they are visible at CAPsMAN page)
Two SSIDs per CAP, one for Administration Network and one for Guest
Two VLANS (VID 1000 for Administration and VID 3000 for Guest)

How to be able to connect to Guest network and be tagged to VID 3000 ?
And How to be able to connect to Administration Network and be tagged to VID 1000 ?

I have a DHCP server behind a pfSense which is a part of both VLANs but is not delivering any address to hosts. So, no comunication.

Equipments are all RBcap2n

Please, help! Thanks

If you are here and reading this post, I did resolve this by adding those vlans to a bridge.
Not adding vlan inside a bridge, but creating a vlan with bridge as interface.

/interface vlan add name=XXXX vlan-id=1234 interface=bridge

That will do the job.

KennyPowers · May 24, 2016, 7:43am

I’m looking to do the same thing, any chance you could share a print of this config?

ploquets:

emuell:

In the meanwhile i got it work.
I use switch-chip feature for VLAN-Tagging and forgot to assign both VLAN’s to switch_cpu “port”.

Now everything works fine.

Thx for your assistance!

eMuell

I’ve read your configuration export, but, could you please teach me how to do it ?

I’m not aware about what needs to be done on CAP to have this cenario:

6 CAPs (one of them being the CAPsMAN)

Every CAP are connected to a switch, and all CAPs ports on Switch are tagged on two vlans.

What I need to do is:
Be able to control all CAPs with CAPsMAN (this step I think is done because they are visible at CAPsMAN page)
Two SSIDs per CAP, one for Administration Network and one for Guest
Two VLANS (VID 1000 for Administration and VID 3000 for Guest)

How to be able to connect to Guest network and be tagged to VID 3000 ?
And How to be able to connect to Administration Network and be tagged to VID 1000 ?

I have a DHCP server behind a pfSense which is a part of both VLANs but is not delivering any address to hosts. So, no comunication.

Equipments are all RBcap2n

Please, help! Thanks

If you are here and reading this post, I did resolve this by adding those vlans to a bridge.
Not adding vlan inside a bridge, but creating a vlan with bridge as interface.
/interface vlan add name=XXXX vlan-id=1234 interface=bridge
That will do the job.