Ok, here is my configs.
Problems with getting a DHCP lease.
I the DHCP server I see offer but no accept (bond).
Hope someone can see what is wrong.
I also try to set the parameter for "Local Forwarding" but this makes no difference.
First is from the CAPsMAN.
# Maak VLANs
/interface vlan
add name=VLAN_LAN_MGMT interface=ether5 vlan-id=9
add name=VLAN_LAN_DATA interface=ether5 vlan-id=10
add name=VLAN_WLAN_DATA interface=ether5 vlan-id=12
add name=VLAN_WLAN_GUEST interface=ether5 vlan-id=14
add name=VLAN_LAN_MFP interface=ether5 vlan-id=15
add name=VLAN_LAN_GAME interface=ether5 vlan-id=16
add name=VLAN_LAN_CAMERA interface=ether5 vlan-id=17
add name=VLAN_LAN_TVMM interface=ether5 vlan-id=18
add name=VLAN_WLAN_SP interface=ether5 vlan-id=19
add name=VLAN_LAN_SERVER interface=ether5 vlan-id=900
# Bridge toevogen
/interface bridge
add name=BR_LAN_MGMT
add name=BR_WLAN_DATA
add name=BR_WLAN_GUEST
add name=BR_LAN_MFP
add name=BR_LAN_GAME
add name=BR_LAN_CAMERA
add name=BR_LAN_TVMM
add name=BR_WLAN_SP
# Poorten toevoegen aan een bridge
/interface bridge port
add bridge=BR_LAN_MGMT interface=ether1
add bridge=BR_LAN_MGMT interface=VLAN_LAN_MGMT
add bridge=BR_WLAN_DATA interface=VLAN_WLAN_DATA
add bridge=BR_WLAN_GUEST interface=VLAN_WLAN_GUEST
add bridge=BR_LAN_MFP interface=VLAN_LAN_MFP
add bridge=BR_LAN_GAME interface=VLAN_LAN_GAME
add bridge=BR_LAN_CAMERA interface=VLAN_LAN_CAMERA
add bridge=BR_LAN_TVMM interface=VLAN_LAN_TVMM
add bridge=BR_WLAN_SP interface=VLAN_WLAN_SP
# IP adressen toewijzen
/ip address
add address=172.16.0.1/25 network=172.16.0.0 interface=BR_LAN_MGMT
add address=172.16.1.1/24 network=172.16.1.0 interface=VLAN_LAN_DATA
add address=172.16.2.1/24 network=172.16.2.0 interface=BR_WLAN_DATA
add address=172.16.3.1/24 network=172.16.3.0 interface=BR_WLAN_GUEST
add address=172.16.4.1/26 network=172.16.4.0 interface=BR_LAN_MFP
add address=172.16.4.129/25 network=172.16.4.128 interface=BR_LAN_GAME
add address=172.16.5.1/25 network=172.16.5.1 interface=BR_LAN_CAMERA
add address=172.16.5.126/25 network=172.16.5.128 interface=BR_LAN_TVMM
add address=172.16.6.1/24 network=172.16.6.0 interface=BR_WLAN_SP
add address=172.16.0.129/27 network=172.16.0.128 interface=VLAN_LAN_SERVER
# DHCP Pools toevoegen
/ip pool
add name=POOL_LAN_DATA ranges=172.16.1.2-172.16.1.253
add name=POOL_WLAN_DATA ranges=172.16.2.1-172.16.2.253
add name=POOL_WLAN_GUEST ranges=172.16.3.1-172.16.3.253
add name=POOL_LAN_MFP ranges=172.16.4.1-172.16.4.125
add name=POOL_LAN_GAME ranges=172.16.4.130-172.16.4.253
add name=POOL_LAN_CAMERA ranges=172.16.5.1-172.16.5.125
add name=POOL_LAN_TVMM ranges=172.16.5.130-172.16.5.254
add name=POOL_WLAN_SP ranges=172.16.6.1-172.16.6.253
add name=POOL_LAN_SERVER ranges=172.16.0.130-172.16.0.157
add name=POOL_LAN_VPN ranges=172.16..161-172.16.0.190
#DHCP Server toevoegen
/ip dhcp-server
add address-pool=static-only disabled=no interface=VLAN_LAN_MGMT lease-time=7d name=DHCP_LAN_MGMT
/ip dhcp-server network
add address=172.16.0.0/25 dns-server=172.16.0.130,172.16.0.131 gateway=172.16.0.1 netmask=255.255.255.128
/ip dhcp-server
add address-pool=POOL_LAN_DATA disabled=no interface=VLAN_LAN_DATA lease-time=7d name=DHCP_LAN_DATA
/ip dhcp-server network
add address=172.16.1.0/24 dns-server=172.16.0.130,172.16.0.131 gateway=172.16.1.1 netmask=255.255.255.0
/ip dhcp-server
add address-pool=POOL_WLAN_DATA disabled=no interface=BR_WLAN_DATA lease-time=00:10:00 name=DHCP_WLAN_DATA
/ip dhcp-server network
add address=172.16.2.0/24 dns-server=172.16.0.130,172.16.0.131 gateway=172.16.2.1 netmask=255.255.255.0
/ip dhcp-server
add address-pool=POOL_WLAN_GUEST disabled=no interface=BR_WLAN_GUEST lease-time=00:10:00 name=DHCP_WLAN_GUEST
/ip dhcp-server network
add address=172.16.3.0/24 dns-server=8.8.8.8 gateway=172.16.3.1 netmask=255.255.255.0
/ip dhcp-server
add address-pool=POOL_LAN_MFP disabled=no interface=BR_LAN_MFP lease-time=7d name=DHCP_LAN_MFP
/ip dhcp-server network
add address=172.16.4.0/25 dns-server=172.16.0.130,172.16.0.131 gateway=172.16.4.1 netmask=255.255.255.128
/ip dhcp-server
add address-pool=POOL_LAN_GAME disabled=no interface=BR_LAN_GAME lease-time=7d name=DHCP_LAN_1_GAME
/ip dhcp-server network
add address=172.16.4.128/25 dns-server=172.16.0.130,172.16.0.131 gateway=172.16.4.129 netmask=255.255.255.128
/ip dhcp-server
add address-pool=POOL_LAN_CAMERA disabled=no interface=BR_LAN_CAMERA lease-time=7d name=DHCP_LAN_CAMERA
/ip dhcp-server network
add address=172.16.5.0/25 dns-server=172.16.0.130,172.16.0.131 gateway=172.16.1.1 netmask=255.255.255.128
/ip dhcp-server
add address-pool=POOL_LAN_TVMM disabled=no interface=BR_LAN_TVMM lease-time=7d name=DHCP_LAN_TVMM
/ip dhcp-server network
add address=172.16.5.128/25 dns-server=172.16.0.130,172.16.0.131 gateway=172.16.5.129 netmask=255.255.255.128
/ip dhcp-server
add address-pool=POOL_WLAN_SP disabled=no interface=BR_WLAN_SP lease-time=7d name=DHCP_WLAN_SP
/ip dhcp-server network
add address=172.16.6.0/24 dns-server=172.16.0.130,172.16.0.131 gateway=172.16.6.1 netmask=255.255.255.0
/ip dhcp-server
add address-pool=static-only disabled=no interface=VLAN_LAN_SERVER lease-time=7d name=DHCP_LAN_SERVER
/ip dhcp-server network
add address=172.16.0.128/27 dns-server=172.16.0.130,172.16.0.131 gateway=172.16.0.129 netmask=255.255.255.224
# Static leases toevogen aan DHCP Scopes
# Management (LAN_MGMT
/ip dhcp-server lease add address=172.16.0.60 mac-address=00:0C:29:04:A3:20 server=DHCP_LAN_MGMT lease-time=7d comment="LibreNMS"
/ip dhcp-server lease add address=172.16.0.120 mac-address=E0:69:95:F4:94:1C server=DHCP_LAN_MGMT lease-time=7d comment="ESXi02 Ring 225"
/ip dhcp-server lease add address=172.16.0.122 mac-address=00:0C:29:66:4F:54 server=DHCP_LAN_MGMT lease-time=7d comment="WIN-MGMT"
/ip dhcp-server lease add address=172.16.0.123 mac-address=00:25:90:F5:1B:82 server=DHCP_LAN_MGMT lease-time=7d comment="ESXi01 Supermicro"
/ip dhcp-server lease add address=172.16.0.124 mac-address=00:25:90:F6:C9:39 server=DHCP_LAN_MGMT lease-time=7d comment="BMC_SuperMicro_Server"
# Servers (LAN_SERVER)
/ip dhcp-server lease add address=172.16.0.130 mac-address=00:0c:29:86:52:9a server=DHCP_LAN_SERVER lease-time=7d comment="DC1 Domain Controller"
/ip dhcp-server lease add address=172.16.0.131 mac-address=00:0c:29:D9:DE:F3 server=DHCP_LAN_SERVER lease-time=7d comment="DC2 Domain Controller"
/ip dhcp-server lease add address=172.16.0.132 mac-address=00:0C:29:EE:92:01 server=DHCP_LAN_SERVER lease-time=7d comment="KMS Kerio Mailserver"
/ip dhcp-server lease add address=172.16.0.133 mac-address=00:0c:29:08:78:9e server=DHCP_LAN_SERVER lease-time=7d comment="WDS Windows Deployment"
/ip dhcp-server lease add address=172.16.0.134 mac-address=00:0c:29:df:36:61 server=DHCP_LAN_SERVER lease-time=7d comment="NVR01 Camera Security"
##/ip dhcp-server lease add address=172.16.0.135 mac-address= server=DHCP_LAN_SERVER lease-time=7d comment="SYSLOG01 Syslog server"
##/ip dhcp-server lease add address=172.16.0.136 mac-address= server=DHCP_LAN_SERVER lease-time=7d comment="ZABBIX01 SNMP Server"
/ip dhcp-server lease add address=172.16.0.137 mac-address=00:08:9B:C4:44:06 server=DHCP_LAN_SERVER lease-time=7d comment="NAS01 Ether1"
/ip dhcp-server lease add address=172.16.0.138 mac-address=00:08:9B:CB:C7:3A server=DHCP_LAN_SERVER lease-time=7d comment="NAS02 Ether1"
/ip dhcp-server lease add address=172.16.0.139 mac-address=00:08:9B:CB:C7:3B server=DHCP_LAN_SERVER lease-time=7d comment="NAS02 Ether2"
/ip dhcp-server lease add address=172.16.0.140 mac-address=00:08:9B:CD:D0:49 server=DHCP_LAN_SERVER lease-time=7d comment="NAS03 Ether1"
#/ip dhcp-server lease add address=172.16.0.141 mac-address=00:08:9B:CE:EA:A7 server=DHCP_LAN_SERVER lease-time=7d comment="NAS03 Ether2"
/ip dhcp-server lease add address=172.16.0.142 mac-address=00:08:9B:BF:A0:0E server=DHCP_LAN_SERVER lease-time=7d comment="NAS04 Ether1"
/ip dhcp-server lease add address=172.16.0.143 mac-address=00:08:9B:BF:A0:0F server=DHCP_LAN_SERVER lease-time=7d comment="NAS04 Ether2"
##/ip dhcp-server lease add address=172.16.0.144 mac-address=0C:C4:7A:31:85:81 server=DHCP_LAN_SERVER lease-time=7d comment="ESXi01"
# Camera's (LAN_CAMERA)
/ip dhcp-server lease add address=172.16.5.2 mac-address=4C:11:BF:8B:98:48 server=DHCP_LAN_CAMERA lease-time=7d comment="IPCAM1 Dahua Bullet Woonkamer"
/ip dhcp-server lease add address=172.16.5.3 mac-address=4C:11:BF:8B:99:B8 server=DHCP_LAN_CAMERA lease-time=7d comment="IPCAM2 Dahua Bullet Slaapkamer Quinn"
/ip dhcp-server lease add address=172.16.5.4 mac-address=00:00:1B:03:CF:A1 server=DHCP_LAN_CAMERA lease-time=7d comment="IPCAM3 CHD-B1 Spare"
/ip dhcp-server lease add address=172.16.5.5 mac-address=4C:11:BF:BA:C7:C5 server=DHCP_LAN_CAMERA lease-time=7d comment="IPCAM4 Danua Dome Straat"
/ip dhcp-server lease add address=172.16.5.6 mac-address=4C:11:BF:AC:5B:E8 server=DHCP_LAN_CAMERA lease-time=7d comment="IPCAM5 Danua Bullet Blokhut DH-IPC-HFW1300SP-0360B"
/ip dhcp-server lease add address=172.16.5.7 mac-address=4C:11:BF:65:D9:99 server=DHCP_LAN_CAMERA lease-time=7d comment="IPCAM6 Danua Dome PTZ Slaapkamer"
##/ip dhcp-server lease add address=172.16.1.180 mac-address=00:40:8C:AC:51:7D server=DHCP_LAN_CAMERA lease-time=7d comment="Axis M1104"
##/ip dhcp-server lease add address=172.16.1.181 mac-address=00:40:8C:95:D9:83 server=DHCP_LAN_CAMERA lease-time=7d comment="Axis 207 PIR"
##/ip dhcp-server lease add address=172.16.1.182 mac-address=00:40:8C:9E:03:73 server=DHCP_LAN_CAMERA lease-time=7d comment="IPCAM05"
##/ip dhcp-server lease add address=172.16.1.183 mac-address=00:1F:1F:F9:C5:87 server=DHCP_LAN_CAMERA lease-time=7d comment="IPCAM06"
##/ip dhcp-server lease add address=172.16.1.184 mac-address=00:08:10:76:C7:3D server=DHCP_LAN_CAMERA lease-time=7d comment="IPCAM07"
##/ip dhcp-server lease add address=172.16.1.185 mac-address=4C:11:BF:8B:99:B8 server=DHCP_LAN_CAMERA lease-time=7d comment="IPCAM08"
/ip dhcp-server lease add address=172.16.5.126 mac-address=00:1C:FA:62:9C:07 server=DHCP_LAN_CAMERA lease-time=7d comment="NVR02"
# TV en Multimedia apparatuur
/ip dhcp-server lease add address=172.16.5.130 mac-address=00:0F:60:00:D6:75 server=DHCP_LAN_TVMM lease-time=7d comment="Musicbox01 wlan"
/ip dhcp-server lease add address=172.16.5.131 mac-address=B8:27:EB:BE:33:EB server=DHCP_LAN_TVMM lease-time=7d comment="Musicbox01 lan"
/ip dhcp-server lease add address=172.16.5.132 mac-address=B8:27:EB:0E:46:C1 server=DHCP_LAN_TVMM lease-time=7d comment="Raspberry Pi3 Boven"
# PC's (LAN_DATA)
/ip dhcp-server lease add address=172.16.1.2 mac-address=6C:F0:49:DD:48:39 server=DHCP_LAN_DATA lease-time=7d comment="PC045 Henk Verheij"
/ip dhcp-server lease add address=172.16.1.3 mac-address=00:0F:FE:AC:9F:3E server=DHCP_LAN_DATA lease-time=7d comment="PC015 Siska Verheij"
/ip dhcp-server lease add address=172.16.1.4 mac-address=00:1B:21:47:B2:4B server=DHCP_LAN_DATA lease-time=7d comment="PC044 Dirk Vlot"
/ip dhcp-server lease add address=172.16.1.5 mac-address=00:1D:60:59:AD:F1 server=DHCP_LAN_DATA lease-time=7d comment="PC032 (Paul Kok)"
# Printers en Multifunctionals (LAN_MFP)
/ip dhcp-server lease add address=172.16.4.2 mac-address=64:EB:8C:14:35:3A server=DHCP_LAN_MFP lease-time=7d comment="PR001 Epson XP720"
/ip dhcp-server lease add address=172.16.4.3 mac-address=08:00:37:75:94:ED server=DHCP_LAN_MFP lease-time=7d comment="PR002 Dell 1320C"
# DNS Instellen
/ip dns set server=172.16.0.130 allow-remote-requests=yes
# Default route toevoegen
/ip route add dst-address=0.0.0.0/0 gateway=172.16.0.125 distance=1 comment="Sonicwall TZ215 Ring 393"
/ip route add dst-address=0.0.0.0/0 gateway=172.16.0.126 distance=2 comment="R02 Mikrotik x86 Ring 225"
# SNTP Client configureren
/system ntp client set primary-ntp=172.16.0.130 secondary-ntp=172.16.0.131 enabled=yes
# SNMP Server configureren
/snmp set contact="
ronald.verheij@skiffkick.nl" location="Ring 393, Pernis, The Netherlands, Zolder" enabled=yes trap-version=2
/snmp community set address=172.16.0.60 numbers=0
# SYSLOG Server configureren
/system logging action
set 3 remote=172.16.0.60
/system logging
add action=remote topics=warning
add action=remote topics=info
add action=remote topics=critical
add action=remote topics=error
add action=remote topics=wireless
add action=remote topics=hotspot
# Zet de tijdzone goed
/system clock set time-zone-name=Europe/Amsterdam
# Setup HOTSPOT server with Radius for GUESTS
# Setup Hotspot Profile
/ip hotspot profile add name="WLAN_GUEST" hotspot-address=172.16.3.1 dns-name="" html-directory=hotspot http-proxy=0.0.0.0:0 login-by=http-chap,cookie use-radius=yes radius-accounting=yes
# Setup Hotspot Server
/ip hotspot add name="HOTSPOT-WLAN_1_GUEST" interface=VLAN_WLAN_GUEST address-pool="POOL_WLAN_GUEST" profile="WLAN_GUEST" disabled=no
# Setup Radius
/radius add service=hotspot address=127.0.0.1 secret="password"
# Add user (Manger voor usermanager)
/ip hotspot user add name=admin password="!@49er4All#\$"
# Einde HOTSPOT config
# Enide HOTSPOT config
# Instellen van het admin password
/password old-password="" new-password="!@49er4All#\$" confirm-new-password="password"
# CAPsMAN Configuration
/caps-man datapath
add bridge=BR_WLAN_DATA name=datapath_WLAN_DATA vlan-id=12 vlan-mode=use-tag
add bridge=BR_WLAN_GUEST name=datapath_WLAN_GUEST vlan-id=14 vlan-mode=use-tag
add bridge=BR_LAN_MFP name=datapath_LAN_MFP vlan-id=15 vlan-mode=use-tag
add bridge=BR_LAN_GAME name=datapath_LAN_GAME vlan-id=16 vlan-mode=use-tag
add bridge=BR_LAN_CAMERA name=datapath_LAN_CAMERA vlan-id=17 vlan-mode=use-tag
add bridge=BR_LAN_TVMM name=datapath_LAN_TVMM vlan-id=18 vlan-mode=use-tag
add bridge=BR_WLAN_SP name=datapath_WLAN_SP vlan-id=19 vlan-mode=use-tag
/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm name=sec_WLAN_DATA passphrase=WLAN_DATA
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm name=sec_WLAN_GUEST passphrase=WLAN_GUEST
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm name=sec_LAN_MFP passphrase=LAN_MFP01
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm name=sec_LAN_GAME passphrase=LAN_GAME
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm name=sec_LAN_CAMERA passphrase=LAN_CAMERA
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm name=sec_LAN_TVMM passphrase=LAN_TVMM
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm name=sec_WLAN_SP passphrase=WLAN_SP01
/caps-man configuration
add datapath=datapath_WLAN_DATA mode=ap name=conf_WLAN_DATA security=sec_WLAN_DATA ssid=WLAN_DATA
add datapath=datapath_WLAN_GUEST mode=ap name=conf_WLAN_GUEST security=sec_WLAN_GUEST ssid=WLAN_GUEST
add datapath=datapath_LAN_MFP mode=ap name=conf_LAN_MFP security=sec_LAN_MFP ssid=LAN_MFP
add datapath=datapath_LAN_GAME mode=ap name=conf_LAN_GAME security=sec_LAN_GAME ssid=LAN_GAME
add datapath=datapath_LAN_CAMERA mode=ap name=conf_LAN_CAMERA security=sec_LAN_CAMERA ssid=LAN_CAMERA
add datapath=datapath_LAN_TVMM mode=ap name=conf_LAN_TVMM security=sec_LAN_TVMM ssid=LAN_TVMM
add datapath=datapath_WLAN_SP mode=ap name=conf_WLAN_SP security=sec_WLAN_SP ssid=WLAN_SP
/caps-man access-list
add action=accept comment="MOB01-Ronald Verheij Huawei" disabled=no \
mac-address=C4:07:2F:C1:46:E3 ssid-regexp=SP vlan-mode=no-tag
/caps-man manager
set ca-certificate=auto certificate=auto enabled=yes
/caps-man provisioning
add action=create-dynamic-enabled \
master-configuration=conf_WLAN_DATA name-format=identity \
slave-configurations=conf_WLAN_GUEST,conf_LAN_MFP,conf_LAN_GAME,conf_LAN_CAMERA,conf_LAN_TVMM,conf_WLAN_SP
This is the config on a CAP.
# Geef het apparaat een identitiet
/system identity set name="Ring 393 AP01"
# Maak VLANs
/interface vlan
add name=VLAN_LAN_MGMT interface=ether1 vlan-id=9
add name=VLAN_LAN_DATA interface=ether1 vlan-id=10
add name=VLAN_WLAN_DATA interface=ether1 vlan-id=12
add name=VLAN_WLAN_GUEST interface=ether1 vlan-id=14
add name=VLAN_LAN_MFP interface=ether1 vlan-id=15
add name=VLAN_LAN_GAME interface=ether1 vlan-id=16
add name=VLAN_LAN_CAMERA interface=ether1 vlan-id=17
add name=VLAN_LAN_TVMM interface=ether1 vlan-id=18
add name=VLAN_WLAN_SP interface=ether1 vlan-id=19
# Bridge toevogen
/interface bridge
add name=BR_LAN_MGMT
# Poorten toevoegen aan een bridge
/interface bridge port
add bridge=BR_LAN_MGMT interface=ether1
add bridge=BR_LAN_MGMT interface=VLAN_LAN_MGMT
# IP adressen toewijzen
/ip address
add address=172.16.0.2/25 network=172.16.0.0 interface=BR_LAN_MGMT
#CAP Configuration
/interface wireless cap
set interfaces=wlan1 certificate=request discovery-interfaces=ether1 \
caps-man-address=172.16.0.1 bridge=BR_LAN_MGMT enabled=yes