I’m trying to get a cAP AX configured to talk to my hEX. On the hEX I have multiple VLANs coming through a trunk port which I am running into the cAP. No matter what SSID I connect to on the cAP it wants to assign me an address from my LAN VLAN (10). I feel like I am missing something somewhere in the configuration. Any help would be greatly appreciated.
cap-connected.rsc (2.87 KB)
You are missing the wifi interfaces in your “/interface bridge vlan” section.
They should be added as untagged for VLANs 10, 20, 30 and 40 where appropriate.
Added comment:
Your time settings are dead wrong on that cap.
Use IP cloud for time sync or NTP client.
Added comment 2:
consider upgrading that device to 7.10.2. From 7.8 to that version there have been quite a bit of fixes related to wifiwave2.
Of course for bridge vlan filtering one does need to assign vlan-filtering=yes for the bridge.
Assumptions…
a. the trusted or management LAN is vlan10
b. the IP assigned to the cap is 10.20.30.3 on the main router vlan.
d. your wifi5 settings are wrong on bridge ports.
e. config below does not include the wifi as its not the issue.
f. BIG PROBLEM is your address for the vlan10 has the wrong interface…should be vlan10
OH I see, you named it LAN, DO NOT !!! LAN and WAN are assumed and used names for many default settings on the router and thus best not to do such things.
g. some additions to interface list
h. added ether2 as an excellent location to access the router from off the bridge!
model = cAPGi-5HaxD2HaxD
/interface bridge
add name=BR0 protocol-mode=none vlan-filtering=yes
/interface vlan
add interface=BR0 name=TrustedLAN vlan-id=10
/interface list
add name=manage
/interface list member
add interface=TrustedLAN list=manage
add interface=ether2 list=manage
/ip neighbor discovery-settings
set discover-interface-list=manage
/interface bridge port
add bridge=BR0 frame-types=admit-only-vlan-tagged interface=ether1
add bridge=BR0 frame-types=admit-only-untagged-and-priority-tagged interface=
wifi1 pvid=10
add bridge=BR0 frame-types=admit-only-untagged-and-priority-tagged interface=
wifi2 pvid=10
add bridge=BR0 frame-types=admit-only-untagged-and-priority-tagged interface=
wifi3 pvid=20
add bridge=BR0 frame-types=admit-only-untagged-and-priority-tagged interface=
wifi4 pvid=20
add bridge=BR0 frame-types=admit-only-untagged-and-priority-tagged interface=
wifi5 pvid=40
add bridge=BR0 frame-types=admit-only-untagged-and-priority-tagged interface=
wifi6 pvid=40
add bridge=BR0 frame-types=admit-only-untagged-and-priority-tagged interface=
wifi7 pvid=30
/interface bridge vlan
add bridge=BR0 tagged=ether1,BR0 untagged=wifi1,wifi2 vlan-ids=10
add bridge=BR0 tagged=ether1, untagged=wifi3,wifi4 vlan-ids=20
add bridge=BR0 tagged=ether1 untagged=wifi5,wifi6 vlan-ids=40
add bridge=BR0 tagged=ether1 untagged=wifi7 vlan-ids=30
/ip address
add address=10.20.30.3/24 interface=TrustedLAN network=10.20.30.0
add address=192.168.55.1/24 interface=ether2 network=192.168.55.0
/ip dns
set allow-remote-requests=yes servers=10.20.30.1
/ip route
add distance=1 gateway=10.20.30.1
/tool mac-server mac-winbox
set allowed-interface-list=manage
Yeah I updated the times manually but this is still setup in my lab and not connected to the actual internet. Also, I will pull the new upgrade and apply it later tonight. Glad to hear there are continued improvements! I added the untagged interfaces thank you!
As usual you are awesome! Added your changes and everything is working as expected! Even got the cAP working through my Mikrotik switch now. I also like the addition of the ether2 interface as direct management access should something happen on the other one. That’s a good tip.