Community discussions

MikroTik App
 
h1ghrise
just joined
Topic Author
Posts: 19
Joined: Fri Apr 14, 2023 5:05 pm

Add Cap Interfaces as tagged to bridge?

Mon May 08, 2023 10:56 pm

Hi,
sorry for this maybe obvious and easy question.
If I'm running Caps Interfaces, residing on a VLAN (VLAN ID set to 10 and 20 in my case)
do I have to add those CAP interfaces on the main Router (Manager Forward mode) as tagged to VLAN config?
/interface bridge vlan
add bridge=BR-MAIN tagged="BR-MAIN,wlan1-AP1,wlan1-AP2" vlan-ids=10
add bridge=BR-MAIN tagged="BR-MAIN,wlan2-AP1,wlan2-AP2" vlan-ids=20
I have to add the bridge, to receive IP Services.. (which are assigned to the VLAN interfaces)
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Add Cap Interfaces as tagged to bridge?

Mon May 08, 2023 11:59 pm

Without knowing the context (network diagram and full config) its hard to say.
Typically WLAN ports are like any other ports going to dumb devices they are untagged
and on bridge ports with pvid.
Its is rare but in some cases one may be sending WIFI to a smart device.
 
h1ghrise
just joined
Topic Author
Posts: 19
Joined: Fri Apr 14, 2023 5:05 pm

Re: Add Cap Interfaces as tagged to bridge?

Tue May 09, 2023 9:50 am

Hi Anav,
thanks for your point of view. My configuration is pretty simple.
I run 2 CAP-ACs in CAPS Mode, Manager Forwarding mode, both having a SSID for 2,4Ghz (PVID20) and 5Ghz (PVID).
CAP Devices on CAPSMAN are in main bridge BR-MAIN. If both of them are already tagging the traffic from incoming clients with appropriate PVID (10/20) my thoughts were, that i do not need them to set in the Bridge VLAN config.

Interfaces:
Columns: NAME, TYPE, ACTUAL-MTU, L2MTU, MAX-L2MTU, MAC-ADDRESS
 #     NAME                    TYPE     ACTUAL-MTU  L2MTU  MAX-L2MTU  MAC-ADDRESS      
 0  R  ether1 - WAN            ether          1500   1596       2026  DC:2C:6E:81:0B:C8
 1  RS ether2 - HomeAssistant  ether          1500   1596       2026  DC:2C:6E:81:0B:C9
 2  RS ether3 - Proxmox        ether          1500   1596       2026  DC:2C:6E:81:0B:CA
 3  R  ether4 - AP1            ether          1500   1596       2026  DC:2C:6E:81:0B:CB
 4  R  ether5 - AP2            ether          1500   1596       2026  DC:2C:6E:81:0B:CC
 5  X  sfp1                    ether          1500   1596       2026  DC:2C:6E:81:0B:CD
 6  R  BR-MAIN                 bridge         1500   1596             DC:2C:6E:81:0B:C9
 7 DRS IoT 2.4Ghz-AP1-1        cap            1500   1600             18:FD:74:C2:2E:3A
 8 DRS IoT 2.4Ghz-AP2-1        cap            1500   1600             48:A9:8A:56:B7:3F
 9 DRS Owcahome 5Ghz-AP1-1     cap            1500   1600             18:FD:74:C2:2E:3B
10 DRS Owcahome 5Ghz-AP2-1     cap            1500   1600             48:A9:8A:56:B7:40
11  R  VLAN10 - WIFI           vlan           1500   1592             DC:2C:6E:81:0B:C9
12  R  VLAN20 - IOT            vlan           1500   1592             DC:2C:6E:81:0B:C9
13  R  VLAN50 - LAN            vlan           1500   1592             DC:2C:6E:81:0B:C9
14  R  VPN                     wg             1420                                     
15  X  ppp-out1                ppp-out

Bridge:
0 R name="BR-MAIN" mtu=auto actual-mtu=1500 l2mtu=1596 arp=enabled arp-timeout=auto mac-address=DC:2C:6E:81:0B:C9 protocol-mode=none fast-forward=yes igmp-snooping=no auto mac=yes ageing-time=5m vlan-filtering=yes ether-type=0x8100 pvid=1 frame-types=admit-all ingress-filtering=no dhcp-snooping=no

Bridge VLAN:
Flags: X - disabled, D - dynamic
0   ;;; Wifi
bridge=BR-MAIN vlan-ids=10 tagged=BR-MAIN,Owcahome 5Ghz-AP1-1,Owcahome 5Ghz-AP2-1 untagged="" current-tagged=BR-MAIN,Owcahome 5Ghz-AP1-1,Owcahome 5Ghz-AP2-1 current-untagged=""
1   ;;; IoT
bridge=BR-MAIN vlan-ids=20 tagged=BR-MAIN,ether3 - Proxmox,IoT 2.4Ghz-AP1-1,IoT 2.4Ghz-AP2-1 untagged=ether2 - HomeAssistant current-tagged=BR-MAIN,ether3 - Proxmox,IoT 2.4Ghz-AP2-1,IoT 2.4Ghz-AP1-1 current-untagged=ether2 - HomeAssistant 
2   ;;; LAN
bridge=BR-MAIN vlan-ids=50 tagged=BR-MAIN,ether3 - Proxmox untagged="" current-tagged=BR-MAIN,ether3 - Proxmox current-untagged=""
3 D bridge=BR-MAIN vlan-ids=1 tagged="" untagged="" current-tagged="" current-untagged=BR-MAIN,ether3 - Proxmox
As you can see, I have added the CAPs as tagged on the VLAN as well. Dunno if this is really necessary, so I'm happy if somebody can advise.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: Add Cap Interfaces as tagged to bridge?

Tue May 09, 2023 10:59 am

Post export from capsman device ... the capsman section. It will tell the whole truth and nothing but the truth.

But generally, if you configure capsman datapath with properties vlan-id=XX and vlan-mode=use-tag, then capsman will add interfaces to configured bridge as access ports (i.e. with pvid set to XX). So manually changing those interfaces to tagged (for same vlan ID) will generally screw things up.
However, the old capsman (pre-wave2) was a bit inconsistent with regard to settings (and I didn't play with capsman v2 so far, I only have one wave2-capable device). You can check what exactly capsman does by reverting the VLAN-related changes you did on bridge, then (just as precaution) reboot capsman device ... and then run command
/interface bridge vlan
print detail
(you can try to run it without detail property to get output formatted a bit nicer but to me less readable).
 
h1ghrise
just joined
Topic Author
Posts: 19
Joined: Fri Apr 14, 2023 5:05 pm

Re: Add Cap Interfaces as tagged to bridge?

Tue May 09, 2023 12:20 pm

Post export from capsman device ... the capsman section. It will tell the whole truth and nothing but the truth.
There you go
/caps-man channel
add band=2ghz-g/n control-channel-width=20mhz extension-channel=disabled frequency=2412 name=Ch1 tx-power=10
add band=2ghz-g/n control-channel-width=20mhz extension-channel=disabled frequency=2437 name=Ch6 tx-power=10
add band=2ghz-g/n control-channel-width=20mhz extension-channel=disabled frequency=2462 name=Ch11 tx-power=10
/caps-man configuration
add channel.band=5ghz-a/n/ac .control-channel-width=20mhz .extension-channel=disabled .skip-dfs-channels=yes .tx-power=20 country=austria datapath.bridge=\
    BR-MAIN .client-to-client-forwarding=yes .vlan-id=10 .vlan-mode=use-tag installation=indoor mode=ap name=Owcahome rates.basic=\
    12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps .supported=12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps security.authentication-types=wpa2-psk .encryption=aes-ccm \
    .group-encryption=aes-ccm .group-key-update=10m ssid=Owcahome
add channel.band=2ghz-g/n .control-channel-width=20mhz .extension-channel=disabled .frequency=2412,2437,2462 .skip-dfs-channels=no .tx-power=10 country=\
    austria datapath.bridge=BR-MAIN .vlan-id=20 .vlan-mode=use-tag installation=indoor mode=ap name=IoT rates.basic=12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps \
    .supported=12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps security.authentication-types=wpa2-psk .encryption=aes-ccm .group-encryption=aes-ccm \
    .group-key-update=10m ssid=IoT
/caps-man manager
set ca-certificate=auto certificate=auto enabled=yes require-peer-certificate=yes
/caps-man manager interface
set [ find default=yes ] forbid=yes
add disabled=no interface="ether4 - AP1"
add disabled=no interface="ether5 - AP2"
/caps-man provisioning
add action=create-dynamic-enabled hw-supported-modes=ac master-configuration=Owcahome name-format=prefix-identity name-prefix="Owcahome 5Ghz"
add action=create-dynamic-enabled hw-supported-modes=gn master-configuration=IoT name-format=prefix-identity name-prefix="IoT 2.4Ghz"
But generally, if you configure capsman datapath with properties vlan-id=XX and vlan-mode=use-tag, then capsman will add interfaces to configured bridge as access ports (i.e. with pvid set to XX). So manually changing those interfaces to tagged (for same vlan ID) will generally screw things up.
Exactly, that's why I'm asking. Just want to make sure it's fine (before locking myself out :D)
If they are added as access ports, I do not have to mess with tagging/untagging? My understanding is, that these Ports, are treated the same way as any ether port, hence to be considered in tagged/untagged?
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: Add Cap Interfaces as tagged to bridge?

Tue May 09, 2023 6:49 pm

It's been a while since I played with capsman ... and I always used local forwarding ... And I'm using VLANs. So when I configured capsman to provision CAP with VLAN-enabled wireless interfaces, I didn't have to do anything on CAP device about it ... those wireless interfaces were added to bridge as ports and traffic was flowing. The interfaces were actually added as tagged ports (due to legacy with pre-6.41 bridge which did not know about VLANs), but manual configuration of bridge vlan table was not necessary (normally only ports with PVID set are atuomatically set as untagged members of configured VLAN). I never tried with capsman forwarding so I don't know if things behave differently when using bridge on CAPsMAN device.

As I suggested: undo the bridge vlan setup you did manually for wireless interfaces, reboot device and check what CAPsMAN does to those interfaces. Probably things will work just fine (for stations connected to CAPs) so the best is to leave things alone.
 
h1ghrise
just joined
Topic Author
Posts: 19
Joined: Fri Apr 14, 2023 5:05 pm

Re: Add Cap Interfaces as tagged to bridge?  [SOLVED]

Tue May 09, 2023 9:23 pm

I guess i found the anwer :)
viewtopic.php?p=956155#p956155
" Any vlan associated with a bridge must be identified with at least one interface on the bridge in the /interface bridge vlan settings. "
So you CAN add the interfaces manually, but as long as one interface is added as tagged, the router will figure it out by itself..
Crazy stuff this Mikrotik Equipment :D

Who is online

Users browsing this forum: Cmon169, dioeyandika and 27 guests