Community discussions

MikroTik App
 
smalla
just joined
Topic Author
Posts: 1
Joined: Sat Jul 10, 2021 8:29 pm

No DHCP on wireless slave CAPsMAN

Mon Jul 12, 2021 2:01 pm

Hi All,

newbie here, be patient.
Want to set up a quite simple wireless with guest wifi in a separate VLAN. Followed these docs for capsman router https://wiki.mikrotik.com/wiki/Manual:C ... VLANs#CAPs

I cannot get it to work, wifi comes up, but clients dont get IP from DHCP, it seems that there is no traffic in vlan20 at all. What do I do wrong?

Get a routerboard rb2011il with RBcAP2nD. Here is my config so far:
# jul/08/2021 19:31:40 by RouterOS 6.48.3
# software id = DUKW-Y044
#
# model = RB2011iL
# serial number = E7DE0EF807D7
/interface bridge
add ingress-filtering=yes name=LANbridge vlan-filtering=yes
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 name=pppoe-out1 \
    service-name=t use-peer-dns=yes 
/interface vlan
add interface=LANbridge name=vlan20 vlan-id=20
/caps-man configuration
add country=hungary datapath.bridge=LANbridge datapath.local-forwarding=yes \
    name=Conf_Office security.authentication-types=wpa-psk,wpa2-psk \
    security.passphrase=Titok2021 ssid=RLOffice
add country=hungary datapath.bridge=LANbridge datapath.vlan-id=20 \
    datapath.vlan-mode=use-tag name=conf_guest security.authentication-types=\
    wpa-psk,wpa2-psk security.passphrase=Titok2021 ssid=RLGuest
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
add name=GUEST
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_vlan10-88 ranges=192.168.88.2-192.168.88.254
add name=dhcp_vlan20-81 ranges=192.168.81.2-192.168.81.254
/ip dhcp-server
add address-pool=dhcp_vlan10-88 disabled=no interface=LANbridge name=server1
add address-pool=dhcp_vlan20-81 disabled=no interface=vlan20 name=dhcp20
/caps-man manager
set enabled=yes
/caps-man manager interface
set [ find default=yes ] forbid=yes
add disabled=no interface=LANbridge
/caps-man provisioning
add action=create-dynamic-enabled master-configuration=Conf_Office \
    name-prefix=LR slave-configurations=conf_guest
/interface bridge port
add bridge=LANbridge interface=ether2
add bridge=LANbridge interface=ether3
add bridge=LANbridge interface=ether6
add bridge=LANbridge interface=ether7
add bridge=LANbridge interface=ether8
add bridge=LANbridge interface=ether9
add bridge=LANbridge interface=ether10
add bridge=LANbridge interface=ether4
add bridge=LANbridge interface=ether5
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add interface=pppoe-out1 list=WAN
add interface=LANbridge list=LAN
add interface=LANbridge list=GUEST
/ip address
add address=192.168.88.1/24 interface=LANbridge network=192.168.88.0
add address=192.168.81.1/24 interface=vlan20 network=192.168.81.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add comment=defconf interface=ether1
/ip dhcp-server network
add address=192.168.81.0/24 dns-server=8.8.8.8 gateway=192.168.81.1
add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 gateway=\
    192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid disabled=yes
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=accept chain=input dst-port=8291 protocol=tcp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN

Thank You

Who is online

Users browsing this forum: BioMax, cdblue and 40 guests