Page 1 of 1

CAPsMAN manager forwarding: datapaths/bridges/VLANs

Posted: Fri Jul 12, 2019 11:48 am
by anuser

I use CCR devices for CAPsMAN Manager forwarding based setup, i.e.: Not only the management is done by CAPsMAN, but also the traffic is forwarded over the CAPWAP tunnel between the CAPsMAN controller and the cAP access points. Within the last time I added a lot of addtional datapaths. It´s time to think over the setup, especially the datapaths, the bridges and the VLANs being used, i.e. there are some questions I have concerning the correct use of bridges in that setup. Perhaps you could add your opinion:

VLAN 10 for client traffic, statically set on datapath - The PVID for the corresponding bridge itself stays on "1" and not on "1000", right?

/interface bridge
add admin-mac=B8:69:F4:32:76:1E auto-mac=no frame-types=\
admit-only-vlan-tagged igmp-snooping=yes igmp-version=3 \
ingress-filtering=yes mld-version=2 name=bridge-for-caps \
protocol-mode=none vlan-filtering=yes
Local DHCP-server on the CCR for VLAN 10

/ip pool
add name=dhcp_pool5 ranges=,

/ip dhcp-server
add address-pool=dhcp_pool5 disabled=no interface=vlan10 lease-time=1d \
name=dhcp1 src-address=
An EoIP tunnel for a second SSID, traffic from that SSID should be forwarded directly to that tunnel - The traffic will be forwarded untagged through the tunnel. Do I need an additional VLAN for this on /interface vlan?

/interface eoip
add local-address= loop-protect=on mac-address=02:05:86:5A:1A:B8 \
mtu=1500 name=eoip-tunnel remote-address=\
12.1.5..82 tunnel-id=40

VLANs for the uplink, the clients on VLAN10 (1. SSID), the clients for eoip tunnel (2. SSID)

/interface vlan
add interface=bridge-for-eoip-clients name=vlan-for-eoip-clients vlan-id=12
add interface=bridge-for-caps name=vlan10 vlan-id=10
add interface=bridge-for-uplink name=vlan85 vlan-id=85
add interface=bridge-for-uplink name=vlan86 vlan-id=86
2 datapaths for 2 SSID - Do I need that "vlan-id=12" for the "datapath-eoip-clients"?

/caps-man datapath
add bridge=bridge-for-caps bridge-horizon=3 \
client-to-client-forwarding=no local-forwarding=no name=datapath1 \
vlan-id=10 vlan-mode=use-tag
add bridge=bridge-for-eoip-clientsbridge-horizon=none \
client-to-client-forwarding=no local-forwarding=no name=\
datapath-eoip-clients vlan-id=12
bridge ports

/interface bridge port
add bridge=bridge-for-uplink frame-types=admit-only-vlan-tagged interface=\
add bridge=bridge-for-eoip-clients edge=yes interface=\
bridge VLANs - Should the "bridge-for-eoip-clients" have the "untagged=12"?

/interface bridge vlan
add bridge=bridge-for-uplink tagged=bridge-for-uplink,bonding1 vlan-ids=\
add bridge=bridge-for-caps tagged=\
add bridge=bridge-for-eoip-clients untagged=12\