Community discussions

MikroTik App
 
Spartacus
Member Candidate
Member Candidate
Topic Author
Posts: 132
Joined: Thu Apr 19, 2018 6:38 pm

NEED HELP! with cap AC and virtual AP managed by CAPsMAN

Sun Jul 01, 2018 2:58 pm

Hi,
I am a little bit lost with an issue on my capAC managed by CAPsMAN on RB3011
I wanted to put 2 VLANs "on Air":
  • VLAN60 (Intranet)
  • VLAN70 (Guest)
VLAN1 is the admin LAN and should not be "radioed"

CAPsMAN runs on the RB3011. All VLANS are "trunked" via SFP to a Cisco SG200 and can be accessed by a "cabeled" client on an "untagged" cofigured port of the Cisco. This works fine and for all of the configured vlans (vlan10-vlan99)

Ether1 of the cAP is connected to a "trunked" port (VLAN1: untagged, VLAN60:tagged, VLAN70: tagged) of the Cisco.
VLAN1 is ok. I can reach the cAP Interface via Web-Browes without any issues.
VLAN 60 runs also without issues "on air",
but VLAN 70 can not be accessed via WLAN (IP cannot be provided) VLAN70 is provisioned as slave config. Attempts to "host another vlan (e.g. VLAN99) as slave failed also.

Can some help here and find the issue in my config?

Please find below my Config on cAP and RB3011. I also posted my VLAN-Config of the RB3011. It is configured with VLAN-filtering:

########################################################################################
##
## cAP-Config
##
########################################################################################
/interface bridge add admin-mac=XX:XX:XX:XX:XX:XX auto-mac=no comment=defconf name=bridge

/interface wireless
# managed by CAPsMAN
# channel: 2412/20-Ce/gn(20dBm), SSID: Intranet, local forwarding
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \
    disabled=no distance=indoors frequency=auto mode=ap-bridge ssid=\
    MikroTik-F61D7F wireless-protocol=802.11
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
    20/40/80mhz-Ceee disabled=no distance=indoors frequency=auto mode=\
    ap-bridge ssid=MikroTik-F61D80 wireless-protocol=802.11

/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik

/interface wireless
# managed by CAPsMAN
# SSID: Gast, local forwarding
add area="" arp=enabled bridge-mode=enabled default-ap-tx-limit=0 \
    default-authentication=yes default-client-tx-limit=0 default-forwarding=\
    yes disable-running-check=no disabled=no hide-ssid=no \
    interworking-profile=disabled keepalive-frames=enabled l2mtu=1600 \
    mac-address=XX:XX:XX:XX:XX:XX master-interface=wlan1 max-station-count=\
    2007 mode=station mtu=1500 multicast-buffering=enabled multicast-helper=\
    default name=wlan3 security-profile=default ssid=MikroTik \
    station-bridge-clone-mac=00:00:00:00:00:00 station-roaming=enabled \
    update-stats-interval=disabled vlan-id=1 vlan-mode=no-tag wds-cost-range=\
    50-150 wds-default-bridge=none wds-default-cost=100 wds-ignore-ssid=no \
    wds-mode=disabled wmm-support=disabled wps-mode=push-button

	/interface bridge port
add bridge=bridge comment=defconf interface=ether1
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2

/interface wireless cap
# 
set certificate=request discovery-interfaces=ether1 enabled=yes interfaces=\
    wlan1 lock-to-caps-man=yes static-virtual=yes

/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface= bridge

########################################################################################
##
## RB3011-Config
##
########################################################################################
/caps-man channel
add band=2ghz-b/g/n control-channel-width=20mhz frequency=2412 name=channel01
add band=2ghz-b/g/n control-channel-width=20mhz frequency=2417 name=channel02
add band=2ghz-b/g/n control-channel-width=20mhz frequency=2422 name=channel03
add band=2ghz-b/g/n control-channel-width=20mhz frequency=2427 name=channel04
add band=2ghz-b/g/n control-channel-width=20mhz frequency=2432 name=channel05
add band=2ghz-b/g/n control-channel-width=20mhz frequency=2437 name=channel06
add band=2ghz-b/g/n control-channel-width=20mhz frequency=2442 name=channel07
add band=2ghz-b/g/n control-channel-width=20mhz frequency=2447 name=channel08
add band=2ghz-b/g/n control-channel-width=20mhz frequency=2452 name=channel09
add band=2ghz-b/g/n control-channel-width=20mhz frequency=2457 name=channel10
add band=2ghz-b/g/n control-channel-width=20mhz frequency=2462 name=channel11
add band=2ghz-b/g/n control-channel-width=20mhz frequency=2467 name=channel12
add band=2ghz-b/g/n control-channel-width=20mhz frequency=2472 name=channel13
add band=2ghz-b/g/n control-channel-width=20mhz frequency=2484 name=channel14

/caps-man datapath
add local-forwarding=yes name=vlan60 vlan-id=60 vlan-mode=use-tag
add local-forwarding=yes name=vlan70 vlan-id=70 vlan-mode=use-tag
#
/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm name=Intranet \
    passphrase=1234567890
add authentication-types=wpa2-psk encryption=aes-ccm name=Guests passphrase=\
    1234567890
#
/caps-man configuration
add channel=channel01 country=germany datapath=vlan60 datapath.bridge=br_vlan \
    datapath.local-forwarding=yes datapath.vlan-id=60 datapath.vlan-mode=\
    use-tag mode=ap name=intranet security=Intranet ssid=Intranet
add channel=channel11 country=germany datapath=vlan70 datapath.bridge=br_vlan \
    datapath.local-forwarding=yes datapath.vlan-id=70 datapath.vlan-mode=\
    use-tag mode=ap name=guests security=Guests ssid=Gast
#
/caps-man manager set ca-certificate=auto certificate=auto enabled=yes
/caps-man manager interface add disabled=no interface=vlan1
/caps-man provisioning add action=create-dynamic-enabled master-configuration=intranet name-prefix=\
    vlan radio-mac=xx:xx:xx:xx:xx:xx slave-configurations=guests

...and the vlan-config on RB3011:
/interface bridge
add fast-forward=no name=br_vlan vlan-filtering=yes
#
/interface vlan
add comment=Admin interface=br_vlan name=vlan1 vlan-id=1
add comment=Office interface=br_vlan name=vlan10 vlan-id=10
add comment=VoiP interface=br_vlan name=vlan20 vlan-id=20
add comment=Sonos interface=br_vlan name=vlan30 vlan-id=30
add comment=IPTV interface=br_vlan name=vlan40 vlan-id=40
add comment=SmartHome interface=br_vlan name=vlan50 vlan-id=50
add comment=WLAN interface=br_vlan name=vlan60 vlan-id=60
add comment=Gast interface=br_vlan name=vlan70 vlan-id=70
add comment=Gaming interface=br_vlan name=vlan80 vlan-id=80
add comment=FritzBox interface=br_vlan name=vlan99 vlan-id=99
#
/interface list
add name=WAN
add name=LAN
add name=MAC-WinBox
#
/interface bridge port
add bridge=br_vlan hw=no interface=sfp1
add bridge=br_vlan frame-types=admit-only-untagged-and-priority-tagged \
    interface=ether2
add bridge=br_vlan frame-types=admit-only-untagged-and-priority-tagged \
    interface=ether3 pvid=10
add bridge=br_vlan frame-types=admit-only-untagged-and-priority-tagged \
    interface=ether4 pvid=20
add bridge=br_vlan frame-types=admit-only-untagged-and-priority-tagged \
    interface=ether10 pvid=99
add bridge=br_vlan frame-types=admit-only-untagged-and-priority-tagged \
    interface=ether5 pvid=50
add bridge=br_vlan interface=ether6
#
/interface bridge vlan
add bridge=br_vlan comment=Admin tagged=br_vlan,vlan1 untagged=sfp1,ether6 \
    vlan-ids=1
add bridge=br_vlan comment=Office tagged=sfp1,br_vlan,vlan10 untagged=ether3 \
    vlan-ids=10
add bridge=br_vlan comment=VoIP tagged=sfp1,br_vlan,vlan20 untagged=ether4 \
    vlan-ids=20
add bridge=br_vlan comment=FritzBox tagged=sfp1,br_vlan,vlan99 untagged=\
    ether10 vlan-ids=99
add bridge=br_vlan comment=SmartHome tagged=sfp1,br_vlan,vlan50 untagged=\
    ether5 vlan-ids=50
add bridge=br_vlan comment=Sonos tagged=sfp1,br_vlan,vlan30 vlan-ids=30
add bridge=br_vlan comment=IPTV tagged=sfp1,br_vlan,vlan40 vlan-ids=40
add bridge=br_vlan comment=WLAN tagged=sfp1,br_vlan,vlan60,vlan99 vlan-ids=60
add bridge=br_vlan comment=Gast tagged=sfp1,br_vlan,vlan70 vlan-ids=70
add bridge=br_vlan comment=Gaming tagged=sfp1,br_vlan,vlan80 vlan-ids=80
#
Regards,
Christian

Who is online

Users browsing this forum: No registered users and 34 guests