Hi, I've tried myself and spent many hours, but I'm a disaster.
I need to create 2 SSID, one for internal private network, the second for public/guests, with bandiwith limitation and that will not access to the private network.
For this purposes I setup a CAPs with two satellite routers connected directly by ethernet (eth3 and 4) to the main one, CAPSMAN, that also has its WiFi as CAP. The main router is not DHCP for the private network, it is connected by eth2 to the main internet router (also DHCP). The caps are working, then I created on the CAPSMAN a new bridge for public, assigned slave SSID to this bridge in any CAPS, and created on it a DHCP. Then I NAT the new bridge on the default one with IP firewall, all public IP are source natted in the private network, I filtered the private IP ad destination to avoid from public to access privates.. In the result public is working with roaming, but private SSID works only on CAPSMAN, on other routers private SSID goes up and down and when I try to connect it is not connecting. I think the problem is the new bridge become somehow the root one, the CAP can't send nothng to CAPSMAN, there are neither log of the attempts to connect. If I disable on that CAP the piblic SSID it works, teorically once worked also if I assign the public SSID to the default bridge.
Now, which is the correct way to work? Can you please briefly tell me the logic how to build up my idea? Should I use the VLANs? Please write me something like:
- Do the CAPS, create new bridge, assig to it.. bla bla. Please remember I need also to include a simple bandwith limitation to the public SSID.
Thanks a lot!!