I have an issue with WiFi CapsMan CAP ax devices. It seems (to me) that the packets don’t get tagged to their appropriate VLAN.
The switch AP is connected to has the VLANs defined:
- 10 management for switches and such
- 11 for CAP management - left untagged on ether8
- others for SSIDs
- ether 7 I used for testing if explicitly set VLANs (untagged) work
- SFPs are trunks and management
/interface bridge port
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged interface=ether7-laptop internal-path-cost=10 path-cost=10 pvid=11
add bridge=BR1 interface=ether8-VLAN-TEST internal-path-cost=10 path-cost=10 pvid=11
add bridge=BR1 frame-types=admit-only-vlan-tagged interface=sfp-sfpplus1-TRUNK internal-path-cost=10 path-cost=10
add bridge=BR1 frame-types=admit-only-vlan-tagged interface=sfp-sfpplus2-TRUNK internal-path-cost=10 path-cost=10
add bridge=BR1 frame-types=admit-only-vlan-tagged interface=sfp-sfpplus3-TRUNK internal-path-cost=10 path-cost=10
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged interface=sfp-sfpplus4-MGMT internal-path-cost=10 path-cost=10 pvid=10
/interface bridge vlan
add bridge=BR1 tagged=BR1,sfp-sfpplus1-TRUNK,sfp-sfpplus2-TRUNK,sfp-sfpplus3-TRUNK vlan-ids=10
add bridge=BR1 tagged=sfp-sfpplus1-TRUNK,sfp-sfpplus2-TRUNK,sfp-sfpplus3-TRUNK vlan-ids=11
add bridge=BR1 tagged=sfp-sfpplus1-TRUNK,sfp-sfpplus2-TRUNK,sfp-sfpplus3-TRUNK,ether8-VLAN-TEST vlan-ids=20
add bridge=BR1 tagged=sfp-sfpplus1-TRUNK,sfp-sfpplus2-TRUNK,sfp-sfpplus3-TRUNK,ether8-VLAN-TEST vlan-ids=30
add bridge=BR1 tagged=sfp-sfpplus1-TRUNK,sfp-sfpplus2-TRUNK,sfp-sfpplus3-TRUNK,ether8-VLAN-TEST vlan-ids=40
add bridge=BR1 tagged=sfp-sfpplus1-TRUNK,sfp-sfpplus2-TRUNK,sfp-sfpplus3-TRUNK,ether8-VLAN-TEST vlan-ids=50
add bridge=BR1 tagged=sfp-sfpplus1-TRUNK,sfp-sfpplus2-TRUNK,sfp-sfpplus3-TRUNK,ether8-VLAN-TEST vlan-ids=60
add bridge=BR1 tagged=sfp-sfpplus1-TRUNK,sfp-sfpplus2-TRUNK,sfp-sfpplus3-TRUNK,ether8-VLAN-TEST vlan-ids=999
The CAP is in default CAP mode, and CapsMan is also simple:
/interface wifi configuration
add channel="AUTO - 2GHz - 1, 5, 9, 11" channel.band=2ghz-ax .reselect-interval=30m..1h .width=20mhz country=Croatia datapath=TECH disabled=no mode=ap name="2GHz - MASTER - BOBER" security=TEST ssid=BOBER tx-power=0
add channel="AUTO - 5GHz - INDOOR, no DFS, preferred - CH36, CH40, CH44, CH48" channel.band=5ghz-ax .reselect-interval=30m..1h .width=20mhz country=Croatia datapath=BOBER disabled=no mode=ap name="5GHz - MASTER - BOBER" security=TEST \
ssid=BOBER tx-power=2
add datapath=MV-LINK disabled=no name=MV-LINK security=TEST ssid=MV-LINK
add datapath=BANANA disabled=no name=BANANA security=TEST ssid=BANANA
add datapath=TECH disabled=no name=TECH security=TEST ssid=TECH
add datapath=TERMINALS disabled=no name=TERMINALS security=TEST ssid=TERMINALS
/interface wifi datapath
add bridge=BR1 client-isolation=yes disabled=no name=BOBER vlan-id=70
add bridge=BR1 disabled=no name=MV-LINK vlan-id=90
add bridge=BR1 disabled=no name=BANANA vlan-id=40
add bridge=BR1 client-isolation=yes disabled=no name=TERMINALS vlan-id=80
add bridge=BR1 client-isolation=yes disabled=no name=TECH vlan-id=999
/interface wifi provisioning
add action=create-enabled disabled=no master-configuration="2GHz - MASTER - BOBER" name-format="2G - %I - MSTR " slave-configurations=MV-LINK,BANANA,TERMINALS,TECH slave-name-format="2G - %I - V " supported-bands=2ghz-ax
add action=create-enabled disabled=no master-configuration="5GHz - MASTER - BOBER" name-format="5G - %I - MSTR " slave-configurations=MV-LINK,BANANA,TERMINALS,TECH slave-name-format="5G - %I - V " supported-bands=5ghz-ax
My understanding is that all should work. - PVIDS should be set by WiFi CAP itself and packets taken up by the switch and forwarded, and should be dandy. HOWEVER - onlz PVID 999 (SSID TECH) works, and on other SSIDs client authenticates, but can’t get an IP and communicate…
I am not sure how to approach this. What is possible is to fully VLAN the CAP, but the idea behind CAP ax device was exactly to skip doing that.
I hope someone could point me into the right direction, how and what to test to make this work.