I'm trying to set up my first CAPsMAN network, and having issue that isn't a big issue but I'd like to fix.
The setup is basically:
RB1100AHx4 -> CRS328 -> cAP's
The RB1100AHx4 is the CAPsMAN and also main router, so I want CAPsMAN forwarding so all traffic comes to this router, and dont want possibility of traffic between clients / other APs in the switch.
RB1100AHx4 has 2 VLANS:
VLANID 10 - Management
VLANID 20 - Customers
Both VLANs are TAGGED to CRS328, then the ports that the cAPs are on are untagged VLAN 10, and tagged VLAN 20. CAPsMAN runs on vlan 10 for provisioning, and the datapath I have setup is as follows:
on the cAP's the wireless interface and ether1 are in the same bridge.
Code: Select all
/caps-man datapath add client-to-client-forwarding=no local-forwarding=no name=Customers vlan-id=20 vlan-mode=use-tag
What I am seeing - if I leave local-forwarding off, then connected clients never see DHCP server running on VLAN 20. When I turn local-forwarding on, it does use the VLAN tag and hit the DHCP server, but then it seems clients have the potential to talk to each other without traffic hitting the RB1100AHx4, which is not what I want.
What am i missing to make sure all customer traffic hits RB1100AHx4 in the vlan id 20?