I am having difficulty getting this configuration to work. I currently have CAPsMAN setup and working to use a bridge as a datapath, though I would like to move to using Local Forwarding.
I have two SSIDs that I have VLANs for, a home network on VLAN 100 and a secondary network on VLAN 101. My APs (hAP AC and hAP AC Lite) will have ether1 configured as a trunk in the switch chip and a couple access ports each for VLAN 100 and 101. The APs and other network devices have IPs in the VLAN 100 network. All VLAN connectivity works through the configured switchports.
I enabled CAPsMAN on the AP, went into the CAPsMAN router to enable local forwarding, changed the VLAN mode to "use tag" and specified the VLAN ID. The AP picked up the config, though my wifi devices were not able to get any sort of network access after connecting to the SSIDs.
I was poking around at other posts on the forum and one poster had their VLAN interfaces on the bridge rather than the trunk port, but it didn't seem to make a difference either way. Neither did putting the wireless interfaces in the bridge. Is there something I'm missing?
Code: Select all
# jan/02/1970 01:10:01 by RouterOS 6.34.3 # software id = FXGL-NC1N # /interface bridge add name=bridge-local /interface ethernet set [ find default-name=ether2 ] master-port=ether1 set [ find default-name=ether3 ] master-port=ether1 set [ find default-name=ether4 ] master-port=ether1 set [ find default-name=ether5 ] master-port=ether1 /interface wireless # managed by CAPsMAN # channel: 2412/20/gn(30dBm), SSID: XXXXXXXX, local forwarding set [ find default-name=wlan1 ] disabled=no rx-chains=0 ssid=XXXXXXXX \ tx-chains=0 # managed by CAPsMAN # channel: 5765/20-eC/ac(30dBm), SSID: XXXXXXXX, local forwarding set [ find default-name=wlan2 ] disabled=no ssid=XXXXXXXX /interface vlan add interface=bridge-local name=vlan100 vlan-id=100 add interface=bridge-local name=vlan101 vlan-id=101 add interface=bridge-local name=vlan102 vlan-id=102 /interface ethernet switch port set 0 vlan-header=add-if-missing vlan-mode=secure set 1 default-vlan-id=100 vlan-header=always-strip vlan-mode=secure set 2 default-vlan-id=100 vlan-header=always-strip vlan-mode=secure set 3 default-vlan-id=100 vlan-header=always-strip vlan-mode=secure set 4 default-vlan-id=100 vlan-header=always-strip vlan-mode=secure set 5 vlan-header=add-if-missing vlan-mode=secure /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik /ip hotspot profile set [ find default=yes ] html-directory=flash/hotspot /ip ipsec proposal set [ find default=yes ] enc-algorithms=aes-128-cbc /system logging action set 1 disk-file-name=log /interface bridge port add bridge=bridge-local interface=ether1 /interface ethernet switch vlan add ports=switch1-cpu,ether1,ether2,ether3,ether4,ether5 switch=switch1 \ vlan-id=100 add ports=switch1-cpu,ether1,ether2,ether3,ether4,ether5 switch=switch1 \ vlan-id=101 add ports=switch1-cpu,ether1,ether2,ether3,ether4,ether5 switch=switch1 \ vlan-id=102 /interface wireless cap set discovery-interfaces=vlan100 enabled=yes interfaces=wlan2,wlan1 /ip address add address=192.168.1.12/24 interface=vlan100 network=192.168.1.0 /system identity set name="Downstairs AP" /system routerboard settings set cpu-frequency=650MHz protected-routerboot=disabled