Based on my configuration:
Core Router : RB3011 ( 6.48 stable )
Port 1 Connected to WAN
AP(s) : 4 x HAP ac ( 2.4GHz , 5GHz ) ( 6.48 stable )
Connected to Core From Port 2 to 5
Bridge : MainTrunk
VLAN(s)(MainTrunk) : 100 For Manage, 200 For Admin(s), 300 For IP-Phones, 400 For LAN, 500 For Guests
DHCP Server : One for each VLAN
CAPSMAN : Single SSID Configuration ( Based on my policy )
: Clients Connect to AP(s) with ther Access list Policy ( Taged with it's VLAN ID ) 200,300,400 or 500
: For Example : My Laptop tagged with 200, WiFi Cell-Phones tagged with 300, Other Laptop tagged with 400, ...
: CAPSMAN Bridge is MainTrunk
Provisioning : Dynamic Add ( Because number of AP(s) isn,t fix )
With these Configuration everything is ok, But with new Bridge VLAN Capibility
( VLAN Filtering, 0x8100, admit only vlan tagged. )
VLANs are not properly labeled in Bridge.!!!
Because in the new settings, the VLAN will be allowed to pass through an interface, provided that it is added in the VLAN section.
I found two temporary solutions to this problem
First, use a few Virtual Access Points
Second, change the Provisioning settings so that static interfaces are added and allow all VLANs on those interfaces.
For security reasons and wireless network efficiency
I do not want to use multiple SSIDs and Because the number of interfaces and access points may change frequently, Adding or removing Interfaces To VLAN Section is too hard.
I think the solution to the problem is:
When a wireless client is labeled VLAN in the Access List section
Add the desired interface automatically to the VLANs section.
Do you have a better solution?