I use CCR devices for CAPsMAN Manager forwarding based setup, i.e.: Not only the management is done by CAPsMAN, but also the traffic is forwarded over the CAPWAP tunnel between the CAPsMAN controller and the cAP access points. Within the last time I added a lot of addtional datapaths. It´s time to think over the setup, especially the datapaths, the bridges and the VLANs being used, i.e. there are some questions I have concerning the correct use of bridges in that setup. Perhaps you could add your opinion:
VLAN 10 for client traffic, statically set on datapath - The PVID for the corresponding bridge itself stays on "1" and not on "1000", right?
Local DHCP-server on the CCR for VLAN 10
/interface bridge
add admin-mac=B8:69:F4:32:76:1E auto-mac=no frame-types=\
admit-only-vlan-tagged igmp-snooping=yes igmp-version=3 \
ingress-filtering=yes mld-version=2 name=bridge-for-caps \
protocol-mode=none vlan-filtering=yes
/ip pool
add name=dhcp_pool5 ranges=10.80.0.1-10.80.0.239,10.80.0.241-10.80.255.254
An EoIP tunnel for a second SSID, traffic from that SSID should be forwarded directly to that tunnel - The traffic will be forwarded untagged through the tunnel. Do I need an additional VLAN for this on /interface vlan?
/ip dhcp-server
add address-pool=dhcp_pool5 disabled=no interface=vlan10 lease-time=1d \
name=dhcp1 src-address=10.80.0.240
/interface eoip
add local-address=12.1.5.18 loop-protect=on mac-address=02:05:86:5A:1A:B8 \
mtu=1500 name=eoip-tunnel remote-address=\
12.1.5..82 tunnel-id=40
VLANs for the uplink, the clients on VLAN10 (1. SSID), the clients for eoip tunnel (2. SSID)
2 datapaths for 2 SSID - Do I need that "vlan-id=12" for the "datapath-eoip-clients"?
/interface vlan
add interface=bridge-for-eoip-clients name=vlan-for-eoip-clients vlan-id=12
add interface=bridge-for-caps name=vlan10 vlan-id=10
add interface=bridge-for-uplink name=vlan85 vlan-id=85
add interface=bridge-for-uplink name=vlan86 vlan-id=86
bridge ports
/caps-man datapath
add bridge=bridge-for-caps bridge-horizon=3 \
client-to-client-forwarding=no local-forwarding=no name=datapath1 \
vlan-id=10 vlan-mode=use-tag
add bridge=bridge-for-eoip-clientsbridge-horizon=none \
client-to-client-forwarding=no local-forwarding=no name=\
datapath-eoip-clients vlan-id=12
bridge VLANs - Should the "bridge-for-eoip-clients" have the "untagged=12"?
/interface bridge port
add bridge=bridge-for-uplink frame-types=admit-only-vlan-tagged interface=\
bonding1
add bridge=bridge-for-eoip-clients edge=yes interface=\
eoip-tunnel
/interface bridge vlan
add bridge=bridge-for-uplink tagged=bridge-for-uplink,bonding1 vlan-ids=\
85,86
add bridge=bridge-for-caps tagged=\
bridge-for-caps
add bridge=bridge-for-eoip-clients untagged=12\