Community discussions

MikroTik App
 
mfrey
newbie
Topic Author
Posts: 36
Joined: Wed Jan 06, 2021 12:31 am

Feature Request: CAPsMAN - Add dynamic bridge VLAN entries for Access List Rules

Thu Apr 29, 2021 8:51 pm

Current behaviour

When bridge filtering on a CAPsMAN managed client is enabled, dynamic VLAN entries with the VLAN-IDs from the datapaths are created for the WiFi interfaces on the bridge.

However, when assigning a VLAN-ID to a particular WiFi client via an access list rule, no dynamic VLAN entry is created on the bridge for the WiFi interfaces matching this rule.

Why this is a problem

Since the VLAN entry is not created automatically on the bridge, the bridge filters out the traffic from the clients which got their VLAN-ID by an access rule. The entries may be created manually on each AP, but this is cumbersome and annoying, especially if the WiFi configuration (and therefore the interface names) changes regularly.

Proposed solution

If an access list rule contains a VLAN-ID, add a dynamic VLAN rule to the bridge for each WiFi interface which is matched by the rule.
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: Feature Request: CAPsMAN - Add dynamic bridge VLAN entries for Access List Rules

Fri Apr 30, 2021 6:28 pm

If an access list rule contains a VLAN-ID, add a dynamic VLAN rule to the bridge for each WiFi interface which is matched by the rule.
I agree it would be nice to have a solution for this, but in most cases you can simply avoid using bridge VLAN filtering on the CAP device and use it only on the switches, and possibly routers. In that case, this is not an issue.
 
mfrey
newbie
Topic Author
Posts: 36
Joined: Wed Jan 06, 2021 12:31 am

Re: Feature Request: CAPsMAN - Add dynamic bridge VLAN entries for Access List Rules

Mon May 03, 2021 1:25 pm

I know that I can turn off bridge VLAN filtering, but if I want to use the extra port(s) on a cAP ac or hAP ac as access ports, the only other way besides VLAN filtering is to mess around with VLAN interfaces and extra bridges.

I just wanted to throw the idea into the ring, maybe the implementation efforts for this are low enough to make it into some ROS7 release.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: Feature Request: CAPsMAN - Add dynamic bridge VLAN entries for Access List Rules

Mon May 03, 2021 3:43 pm

The big problem about what OP requested is that CAPsMAN only provisions wireless interface of a cAP. When dynamic VID appears on bridge it's not because capsman would provision bridge, it's because this is how bridge reacts to addition of a new bridge port with PVID set.

The only solution would be to stretch capsman to provision just everything on remote cAPs ... which is a lot and many things are HW specific. So I'm not holding my breath waiting for this to happen.
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: Feature Request: CAPsMAN - Add dynamic bridge VLAN entries for Access List Rules

Mon May 03, 2021 9:04 pm

I know that I can turn off bridge VLAN filtering, but if I want to use the extra port(s) on a cAP ac or hAP ac as access ports, the only other way besides VLAN filtering is to mess around with VLAN interfaces and extra bridges.
I wouldn't say this is the case - what I usually do is I configure the switchports going to the APs as hybrid ports instead of trunk ports, so that the user VLAN is untagged going to the AP instead of all VLANs tagged. In this case it is possible to simply plug in and get connectivity on the remaining ports.

Who is online

Users browsing this forum: No registered users and 17 guests