Community discussions

 
oreggin
Member Candidate
Member Candidate
Topic Author
Posts: 102
Joined: Fri Oct 16, 2009 9:21 pm

CAPsMAN + local forwarding CAP + SSID/Vlan?

Wed Jul 11, 2018 11:31 am

Hi!

I found some topic under this issue but there is no clear to me if it would be possible to capsman assign vlan to ssid in local-forwarding mode where vlans specified on CAP device and not on capsman. I have a capsman device and caps devices in hub&spoke topology. CAPs are on some sites, and each site has different vlan set.
In manager forwardinbg mode I can set vlan for every SSID.
In local-forwarding mode I can assign CAP interfaces to a vlan.
Can I set in capsman to drop an SSID into a specific VLAN on a CAP and not on CAPsMAN? I mean CAP device has a trunk port on its uplink, MGMT vlan is untagged (but it could be tagged too) and client vlans are tagged and can I say to capsman to separate SSIDs by vlans on each CAP device on that local (CAP) vlan where that vlan is not on the capsman (or it is a dummy vlan)?

Thanks!
oreggin
 
User avatar
cdiedrich
Forum Veteran
Forum Veteran
Posts: 928
Joined: Thu Feb 13, 2014 2:03 pm
Location: Basel, Switzerland // Bremen, Germany
Contact:

Re: CAPsMAN + local forwarding CAP + SSID/Vlan?

Wed Jul 11, 2018 1:48 pm

You can edit this in the corresponding CAP interface under datapath.
select vlan-mode = tag and then set the corresponding vlan id.
A bit cumbersome, but it works.
-Chris
Christopher Diedrich
MTCNA, MTCUME, MTCWE
Basel, Switzerland
Bremen, Germany

There are 10 types of people: Those who understand binary and those who don't.
There are two types of people: Those who can extrapolate from incomplete data
 
oreggin
Member Candidate
Member Candidate
Topic Author
Posts: 102
Joined: Fri Oct 16, 2009 9:21 pm

Re: CAPsMAN + local forwarding CAP + SSID/Vlan?

Wed Jul 11, 2018 4:04 pm

You can edit this in the corresponding CAP interface under datapath.
select vlan-mode = tag and then set the corresponding vlan id.
A bit cumbersome, but it works.
-Chris
I tried it but it didn't work for me in local-forwarding mode. How to configure the CAP in this case? Now it has a bridge in MSTP as peer is MSTP too and under bridge I set the vlan assigment. How will control capsman the CAP network stack?

Thanks!
oreggin
 
User avatar
cdiedrich
Forum Veteran
Forum Veteran
Posts: 928
Joined: Thu Feb 13, 2014 2:03 pm
Location: Basel, Switzerland // Bremen, Germany
Contact:

Re: CAPsMAN + local forwarding CAP + SSID/Vlan?

Wed Jul 11, 2018 4:13 pm

For using local forwarding, your CAP devices must have a bridge configured with ethernet and wlan interfaces in them.
Then you set in cap settings bridge=<yourbridge>

-Chris
Christopher Diedrich
MTCNA, MTCUME, MTCWE
Basel, Switzerland
Bremen, Germany

There are 10 types of people: Those who understand binary and those who don't.
There are two types of people: Those who can extrapolate from incomplete data
 
oreggin
Member Candidate
Member Candidate
Topic Author
Posts: 102
Joined: Fri Oct 16, 2009 9:21 pm

Re: CAPsMAN + local forwarding CAP + SSID/Vlan?

Wed Jul 11, 2018 5:20 pm

For using local forwarding, your CAP devices must have a bridge configured with ethernet and wlan interfaces in them.
Then you set in cap settings bridge=<yourbridge>

-Chris
I did it:
[oreggin@ap11] > interface bridge print      
Flags: X - disabled, R - running 
 0 R name="LAN" mtu=auto actual-mtu=1500 l2mtu=1600 arp=enabled arp-timeout=auto 
     mac-address=E4:8D:8C:XX:XX:XX protocol-mode=mstp fast-forward=no igmp-snooping=no 
     auto-mac=yes ageing-time=5m priority=0x8000 max-message-age=20s forward-delay=15s 
     transmit-hold-count=6 region-name="LAN" region-revision=1 max-hops=20 
     vlan-filtering=yes pvid=1 
[oreggin@ap11] > interface bridge port print 
Flags: X - disabled, I - inactive, D - dynamic, H - hw-offload 
 #     INTERFACE      BRIDGE     HW  PVID PRIORITY  PATH-COST INTERNAL-PATH-COST    HORIZON
 0     ether1         LAN        yes  800     0x80         10                 10       none
 1     wlan_2.4GHz    LAN               1     0x80         10                 10       none
 2     wlan_5GHz      LAN               1     0x80         10                 10       none
 3  D  wlan19         LAN               1     0x80         10                 10       none
 4  D  wlan20         LAN               1     0x80         10                 10       none
[oreggin@ap11] > interface bridge vlan print 
Flags: X - disabled, D - dynamic 
 #   BRIDGE               VLAN-IDS  CURRENT-TAGGED             CURRENT-UNTAGGED            
 0   LAN                  800       LAN                        ether1                      
 1   LAN                  808       LAN                       
                                    ether1                    
 2 D LAN                  1                                    LAN                         
                                                               wlan_2.4GHz                 
                                                               wlan_5GHz                   
                                                               wlan_2.4GHz                 
                                                               wlan_5GHz                   
                                                               wlan_2.4GHz                 
                                                               wlan19                      
                                                               wlan_5GHz                   
                                                               wlan20                      
[oreggin@ap11] > interface wireless cap print 
                            enabled: yes
                         interfaces: wlan_2.4GHz,wlan_5GHz
                        certificate: request
                   lock-to-caps-man: no
               discovery-interfaces: 
                 caps-man-addresses: 10.1.1.1
                     caps-man-names: 
  caps-man-certificate-common-names: 
                             bridge: LAN
                     static-virtual: no
              requested-certificate: CAP-E48D8CXXXXXX
[oreggin@ap11] > 
As I add two master wireless interface to the bridge it will has a pvid=1 and every dynamically created wlanX interface has pvid=1 too. How they would be dropped into the proper vlan? Initially it would be good to drop every wireless IF into vlan808.

Thanks!
oreggin
 
User avatar
cdiedrich
Forum Veteran
Forum Veteran
Posts: 928
Joined: Thu Feb 13, 2014 2:03 pm
Location: Basel, Switzerland // Bremen, Germany
Contact:

Re: CAPsMAN + local forwarding CAP + SSID/Vlan?

Wed Jul 11, 2018 5:53 pm

/int bri po set (number) pvid=808
-Chris
Christopher Diedrich
MTCNA, MTCUME, MTCWE
Basel, Switzerland
Bremen, Germany

There are 10 types of people: Those who understand binary and those who don't.
There are two types of people: Those who can extrapolate from incomplete data
 
oreggin
Member Candidate
Member Candidate
Topic Author
Posts: 102
Joined: Fri Oct 16, 2009 9:21 pm

Re: CAPsMAN + local forwarding CAP + SSID/Vlan?

Thu Jul 12, 2018 12:40 pm

Thanks, but the topic started at somewhere "can capsman assign vlan to SSID on CAP instead of configuring it on every CAP by hand?" At the moment I assign vlans on CAP to SSID by hand.

Kind regards,
oreggin
 
User avatar
cdiedrich
Forum Veteran
Forum Veteran
Posts: 928
Joined: Thu Feb 13, 2014 2:03 pm
Location: Basel, Switzerland // Bremen, Germany
Contact:

Re: CAPsMAN + local forwarding CAP + SSID/Vlan?

Thu Jul 12, 2018 12:42 pm

Yes, this can be done in datapath.
I jumped on the "do it manually per interface" train b/c you said that vlans differ from site to site for the same ssid... And this can only be done by hand ;-)

-Chris
Christopher Diedrich
MTCNA, MTCUME, MTCWE
Basel, Switzerland
Bremen, Germany

There are 10 types of people: Those who understand binary and those who don't.
There are two types of people: Those who can extrapolate from incomplete data
 
oreggin
Member Candidate
Member Candidate
Topic Author
Posts: 102
Joined: Fri Oct 16, 2009 9:21 pm

Re: CAPsMAN + local forwarding CAP + SSID/Vlan?

Thu Jul 12, 2018 12:54 pm

Yes, this can be done in datapath.
I jumped on the "do it manually per interface" train b/c you said that vlans differ from site to site for the same ssid... And this can only be done by hand ;-)
I can configure as many datapath/configuration as I need and then assign it to provision and I can separate APs on different site based on identifier for example. For example I configure datapath properly and under configuration I change the VlanID if it needed.
So now, I would like to see a configuration example (both capsman and cap) as my configuration doesn't works :(

Thanks,
oreggin
 
User avatar
cdiedrich
Forum Veteran
Forum Veteran
Posts: 928
Joined: Thu Feb 13, 2014 2:03 pm
Location: Basel, Switzerland // Bremen, Germany
Contact:

Re: CAPsMAN + local forwarding CAP + SSID/Vlan?

Thu Jul 12, 2018 2:52 pm

## cap config

/interface wireless cap
set bridge=bridge1 caps-man-addresses=172.10.11.12 enabled=yes interfaces=wlan1,wlan2
/interface bridge
add name=bridge1
/interface bridge port
add bridge=bridge1 hw=no interface=ether1
add bridge=bridge1 interface=wlan1
add bridge=bridge1 interface=wlan2


## manager config
/caps-man datapath
add client-to-client-forwarding=yes local-forwarding=yes name=v444 vlan-id=444 vlan-mode=use-tag

/caps-man configuration
add country=switzerland datapath=v444 datapath.client-to-client-forwarding=yes hide-ssid=no mode=ap multicast-helper=full name=myVlanConfig rx-chains=0,1,2 security=mysecurity ssid=mySSID tx-chains=0,1,2
That is extracted from a working production config here.
And looking at the state of the bridge ports,I think by now that it's even unnecessary to add the h/w wlan interfaces to the bridge, just ether1 should work.

-Chris
Christopher Diedrich
MTCNA, MTCUME, MTCWE
Basel, Switzerland
Bremen, Germany

There are 10 types of people: Those who understand binary and those who don't.
There are two types of people: Those who can extrapolate from incomplete data
 
gotsprings
Forum Veteran
Forum Veteran
Posts: 778
Joined: Mon May 14, 2012 9:30 pm

Re: CAPsMAN + local forwarding CAP + SSID/Vlan?

Thu Jul 12, 2018 3:01 pm

If you have local forwarding checked in caps-man configuration... There is the option to set VLAN tag. That's it. All devices that get config from that controller will have the SSID vlan tagged.

Here is a working example
/caps-man configuration
add country="united states3" datapath.client-to-client-forwarding=yes datapath.local-forwarding=yes datapath.vlan-id=100 datapath.vlan-mode=use-tag mode=ap name=TaggedSSID security.authentication-types=wpa-psk,wpa2-psk security.encryption=aes-ccmsecurity.group-encryption=aes-ccm security.group-key-update=1h security.passphrase=someoddpassword ssid=SSIDwithaTag
"It ain't what you don't know that gets you into trouble. It's what you know for sure that just ain't so."
Mark Twain
 
oreggin
Member Candidate
Member Candidate
Topic Author
Posts: 102
Joined: Fri Oct 16, 2009 9:21 pm

Re: CAPsMAN + local forwarding CAP + SSID/Vlan?  [SOLVED]

Fri Jul 13, 2018 11:49 am

Thanks to all!
So, the solution is disabling vlan-filtering on the CAP's bridge and then voilà! CAP drops selected SSID to its vlan what I set in CAPsMAN, so now CAPsMAN controlling the CAPs Vlan selection based on SSID.
If I enabling vlan-filtering, this method is not works! As this is not a problem on CAPs so this issue is resolved :)

Best regards,
oreggin

Who is online

Users browsing this forum: No registered users and 29 guests