Community discussions

MikroTik App
 
brg3466
Member Candidate
Member Candidate
Topic Author
Posts: 177
Joined: Sat Aug 01, 2015 7:29 am

VLan doesn't work on local forwarding CAPsMAN

Sat Feb 04, 2023 8:29 pm

Hello all,
I played with CAPsMAN with local forwarding mode with below simple topology. CAP's uplink is ether1 to the Router ether1. On the Router (CAPsMAN), I created 2 vlans on the bridge1. But the CAP cann't discover the CAPsMAN. I use hAP ax2 as the router and mAP as the CAP.
Appreciate if anyone can point what went wrong with the config.

Image

Config on CAP:
# model = RBmAP2nD
/interface bridge
add admin-mac=48:8F:5A:F2:C0:6E auto-mac=no comment=defconf \
    ingress-filtering=no name=bridgeLocal protocol-mode=none \
    vlan-filtering=yes

/interface bridge port
add bridge=bridgeLocal comment=defconf interface=ether1
add bridge=bridgeLocal comment=defconf interface=ether2
/interface bridge vlan
add bridge=bridgeLocal tagged=ether1 vlan-ids=10
add bridge=bridgeLocal tagged=ether1 vlan-ids=20
/interface wireless cap
# 
set bridge=bridgeLocal discovery-interfaces=bridgeLocal enabled=yes \
    interfaces=wlan1

Config on Router:
# model = C52iG-5HaxD2HaxD

/caps-man configuration
add country=latvia datapath.local-forwarding=yes .vlan-id=10 .vlan-mode=\
    use-tag name=Config_WORK security.authentication-types=wpa-psk,wpa2-psk \
    ssid=WiFi_WORK
add country=latvia datapath.local-forwarding=yes .vlan-id=20 .vlan-mode=\
    use-tag name=Config_GUEST security.authentication-types=wpa-psk,wpa2-psk \
    ssid=WiFi_GUEST

/interface bridge
add ingress-filtering=no name=bridge1 protocol-mode=none vlan-filtering=yes

/interface ethernet
set [ find default-name=ether1 ] name=ether1-trunk
set [ find default-name=ether5 ] name=ether5-WAN

/interface vlan
add interface=bridge1 name=VLAN10 vlan-id=10
add interface=bridge1 name=VLAN20 vlan-id=20

/caps-man manager
set enabled=yes
/caps-man manager interface
set [ find default=yes ] forbid=yes
add disabled=no interface=ether1-trunk

/caps-man provisioning
add action=create-dynamic-enabled master-configuration=Config_WORK \
    slave-configurations=Config_GUEST

/interface bridge port
add bridge=bridge1 interface=ether1-trunk

/interface bridge vlan
add bridge=bridge1 tagged=ether1-trunk,bridge1 vlan-ids=10
add bridge=bridge1 tagged=ether1-trunk,bridge1 vlan-ids=20

/ip address
add address=192.168.10.1/24 interface=VLAN10 network=192.168.10.0
add address=192.168.20.1/24 interface=VLAN20 network=192.168.20.0
/ip pool
add name=dhcp_pool10 ranges=192.168.10.2-192.168.10.254
add name=dhcp_pool20 ranges=192.168.20.2-192.168.20.254
/ip dhcp-server
add address-pool=dhcp_pool10 interface=VLAN10 name=dhcp10
add address-pool=dhcp_pool20 interface=VLAN20 name=dhcp20
/ip dhcp-client
add interface=ether5-WAN
/ip dhcp-server network
add address=192.168.10.0/24 dns-server=8.8.8.8 gateway=192.168.10.1
add address=192.168.20.0/24 dns-server=8.8.8.8 gateway=192.168.20.1
/ip dns
set allow-remote-requests=yes
/ip firewall nat
add action=masquerade chain=srcnat
/system clock
set time-zone-name=America/Los_Angeles
/system identity
set name=Router
/system routerboard settings
set auto-upgrade=yes
/tool romon
set enabled=yes
PS. If I don't create the bridge on Router, just put vlan10 and vlan20 on ether1, it works fine. As I would add other vlans into the network, I would like to set the vlan on the bridge.

Thank you in advance !
You do not have the required permissions to view the files attached to this post.
Last edited by brg3466 on Sat Feb 04, 2023 10:46 pm, edited 1 time in total.
 
brg3466
Member Candidate
Member Candidate
Topic Author
Posts: 177
Joined: Sat Aug 01, 2015 7:29 am

Re: VLan doesn't work on local forwarding CAPsMAN

Sat Feb 04, 2023 10:44 pm

Here is the Router config without bridge for comparison, and it works fine. CAP will get the config from CAPsMAN.
# model = C52iG-5HaxD2HaxD

/caps-man configuration
add country=latvia datapath.local-forwarding=yes .vlan-id=10 .vlan-mode=\
    use-tag name=Config_WORK security.authentication-types=wpa-psk,wpa2-psk \
    ssid=WiFi_WORK
add country=latvia datapath.local-forwarding=yes .vlan-id=20 .vlan-mode=\
    use-tag name=Config_GUEST security.authentication-types=wpa-psk,wpa2-psk \
    ssid=WiFi_GUEST
/interface ethernet
set [ find default-name=ether1 ] name=ether1-trunk
set [ find default-name=ether5 ] name=ether5-WAN

/interface vlan
add interface=ether1-trunk name=VLAN10 vlan-id=10
add interface=ether1-trunk name=VLAN20 vlan-id=20

/caps-man manager
set enabled=yes
/caps-man manager interface
set [ find default=yes ] forbid=yes
add disabled=no interface=ether1-trunk
/caps-man provisioning
add action=create-dynamic-enabled master-configuration=Config_WORK \
    slave-configurations=Config_GUEST

/ip pool
add name=dhcp_pool10 ranges=192.168.10.2-192.168.10.254
add name=dhcp_pool20 ranges=192.168.20.2-192.168.20.254
/ip dhcp-server
add address-pool=dhcp_pool10 interface=VLAN10 name=dhcp10
add address-pool=dhcp_pool20 interface=VLAN20 name=dhcp20
/ip address
add address=192.168.10.1/24 interface=VLAN10 network=192.168.10.0
add address=192.168.20.1/24 interface=VLAN20 network=192.168.20.0
/ip dhcp-client
add interface=ether5-WAN
/ip dhcp-server network
add address=192.168.10.0/24 dns-server=8.8.8.8 gateway=192.168.10.1
add address=192.168.20.0/24 dns-server=8.8.8.8 gateway=192.168.20.1
/ip dns
set allow-remote-requests=yes
/ip firewall nat
add action=masquerade chain=srcnat
/system clock
set time-zone-name=America/Los_Angeles
/system identity
set name=Router
 
tdw
Forum Guru
Forum Guru
Posts: 1841
Joined: Sat May 05, 2018 11:55 am

Re: VLan doesn't work on local forwarding CAPsMAN

Sat Feb 04, 2023 11:52 pm

On the CAP you are missing the bridge-to-CPU interface, this is required to pass traffic to the wlan interfaces as they have software drivers.

/interface bridge vlan
add bridge=bridgeLocal tagged=bridgeLocal,ether1 vlan-ids=10
add bridge=bridgeLocal tagged=bridgeLocal,ether1 vlan-ids=20
 
brg3466
Member Candidate
Member Candidate
Topic Author
Posts: 177
Joined: Sat Aug 01, 2015 7:29 am

Re: VLan doesn't work on local forwarding CAPsMAN

Sun Feb 05, 2023 12:46 am

@tdw Thank you for your time looking into it. Unfortunately, after I added the bridgelocal as tagged on CAP bridge vlan table, it still doesn't work.

Also, if I add bridgelocal as tagged on CAP's bridge vlan table and I use the config of Router without bridge, it still works. which means, no matter with or without CAP local bridge as tagged on the bridge vlan table, as long as the vlan is on the Router ether1 instead of bridge, the system works.

Furthermore, even without any setup on CAP vlan table, it works if vlan is setup on ether1 on the Router.

On the router, when trying to move the vlan from ether1 to the bridge, it fails.
 
tdw
Forum Guru
Forum Guru
Posts: 1841
Joined: Sat May 05, 2018 11:55 am

Re: VLan doesn't work on local forwarding CAPsMAN  [SOLVED]

Sun Feb 05, 2023 2:03 pm

On the router when you change from VLANs on ether1 to VLANs on a bridge with ether1 as a bridge port did you update the CAPsMAN settings too:
/caps-man manager interface
set [ find default=yes ] forbid=yes
add disabled=no interface=ether1-trunkbridge1
 
brg3466
Member Candidate
Member Candidate
Topic Author
Posts: 177
Joined: Sat Aug 01, 2015 7:29 am

Re: VLan doesn't work on local forwarding CAPsMAN

Sun Feb 05, 2023 9:22 pm

My bad ! Can't imagine I am such an idiot! Spent almost 2 days trying to figure out why.

You rock !!!

Thank you so much for your time and help! Really appreciated !

PS. Regarding the ether1 port connecting AP and router, I consider it as trunk port on both AP and Router, but if I specify the frame-type as "admit only vlan tagged" (on either AP or Router), the CAPsMAN cannot push the config to AP. Below is what happened if I change it on CAP. You can see wlan interface was dynamically added to the bridge port, after specifying the frame-type, the wlan interface disconnected. Do you know why ? Thanks !
# model = RBmAP2nD
[brg3466@CAP] > /interface bridge port/print
Flags: D - DYNAMIC
Columns: INTERFACE, BRIDGE, HW, PVID, PRIORITY, PATH-COST, INTERNAL-PATH-COST, HORIZON
#   INTERFACE  BRIDGE       HW   PVID  PRIORITY  PATH-COST  INTERNAL-PATH-COST  HORIZON
;;; defconf
0   ether1     bridgeLocal  yes     1  0x80             10                  10  none   
;;; defconf
1   ether2     bridgeLocal  yes    99  0x80             10                  10  none   
2 D wlan1      bridgeLocal         10  0x80             10                  10  none   
3 D wlan14     bridgeLocal         20  0x80             10                  10  none   
[brg3466@CAP] > /interface bridge port set [find interface=ether1] frame-types=admit-only-vlan-tagged ingress-filtering=yes
[brg3466@CAP] > /interface bridge port/print
Columns: INTERFACE, BRIDGE, HW, PVID, PRIORITY, PATH-COST, INTERNAL-PATH-COST, HORIZON
# INTERFACE  BRIDGE       HW   PVID  PRIORITY  PATH-COST  INTERNAL-PATH-COST  HORIZON
;;; defconf
0 ether1     bridgeLocal  yes     1  0x80             10                  10  none   
;;; defconf
1 ether2     bridgeLocal  yes    99  0x80             10                  10  none   

Who is online

Users browsing this forum: DeltaCreek, Fasder, korg, ptoump, TeWe, Victorvgw and 84 guests