Community discussions

MikroTik App
 
User avatar
Hominidae
Member
Member
Topic Author
Posts: 309
Joined: Thu Oct 19, 2017 12:50 am

add Hybrid-Port (wired VLAN) to CAP

Tue Jun 01, 2021 6:00 pm

Hi Folks,

just need some help to get my head around this thing.
I have a working capsman setup, that is privisioning several SSIDs, with their respective VLANs enabled to a set of CAP devices (using local forwarding in datapath)

What I need to do is to enable VLANs (hybrid port) on another physical port of a CAP.
Now, looking a a CAP device in capsman mode, that does not have a visible VLAN setup inside (no VLAN-Filtering on bridge.local, no wlan & VLAN ports on bridge as these are added dynamically, no VLAN config locally on bridge).
How am I to go about it?

I tried this (with a cAP-ac with VLAN ID=11 on ether2)...here's the export:
/interface bridge
add admin-mac=48:8F:XX:XX:XX:XX auto-mac=no comment=defconf name=bridgeLocal vlan-filtering=yes
/interface bridge port
add bridge=bridgeLocal comment=defconf interface=ether1
add bridge=bridgeLocal comment=VL11 ingress-filtering=yes interface=ether2 pvid=11 # note: VID=11 untagged, all other traffic tagged via ether2
/interface bridge vlan
add bridge=bridgeLocal tagged=ether1 untagged=ether2 vlan-ids=11
But then, wifi clients can connect to the AP, but will not receive an IP from the DHCP-Server in their respective VLAN (SSID with default VLAN 1 works, though).

...any ideas?

TIA,
hominidae
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: add Hybrid-Port (wired VLAN) to CAP

Tue Jun 01, 2021 6:54 pm

Hi there, dont use CAP and thus unable to help on that front.
What I am getting is that you have a physical port on the CAP that you wish to use as a hybrid VLAN port.
Thus you have some sort of device wired to the cap, lets say on etherport2 that is capable of receiving both tagged and untagged frames and knows how to deal with them.

a. VOIP phone (a. tagged to phone, b. untagged to PC).
b. UNIFI AP (needs management vlan untagged and the wlans tagged).

????????

If so the magic is done at the CAPAC bridge settings.

BRIDGE PORT (settings) ------------------> Assume etherport 2 is an access port and set PVID to the untagged vlan
BRIDGE VLAN (settings) --------------------> Ignore the port settings and besides the untagged vlan for ether2, add the tagged vlans to etherport 2 as required.
 
tdw
Forum Guru
Forum Guru
Posts: 1841
Joined: Sat May 05, 2018 11:55 am

Re: add Hybrid-Port (wired VLAN) to CAP  [SOLVED]

Tue Jun 01, 2021 7:26 pm

wifi clients can connect to the AP, but will not receive an IP from the DHCP-Server in their respective VLAN (SSID with default VLAN 1 works, though).

That configuration has VLAN 1 untagged plus VLAN 11 tagged on ether1, VLAN 11 untagged on ether2, and only VLAN 1 on the implicit CPU bridge port. If you use any other VLANs for your SSIDs no traffic will pass unless that VLAN is tagged on the port connected upstream (ether1 in this case) AND on the bridge itself (the implicit CPU bridge port) to make the VLAN accessible to the CPU for the wireless driver - see viewtopic.php?f=2&t=173692

Given that the cAP ac has a gigabit switch chip you could go back to your previous non-VLAN-aware setup and just configure the switch chip https://wiki.mikrotik.com/wiki/Manual:S ... p_Examples, again the switch-to-CPU switch port should be included in the switch VLAN list.
 
User avatar
Hominidae
Member
Member
Topic Author
Posts: 309
Joined: Thu Oct 19, 2017 12:50 am

Re: add Hybrid-Port (wired VLAN) to CAP

Tue Jun 01, 2021 8:20 pm

wifi clients can connect to the AP, but will not receive an IP from the DHCP-Server in their respective VLAN (SSID with default VLAN 1 works, though).

That configuration has VLAN 1 untagged plus VLAN 11 tagged on ether1, VLAN 11 untagged on ether2, and only VLAN 1 on the implicit CPU bridge port. If you use any other VLANs for your SSIDs no traffic will pass unless that VLAN is tagged on the port connected upstream (ether1 in this case) AND on the bridge itself (the implicit CPU bridge port) to make the VLAN accessible to the CPU for the wireless driver - see viewtopic.php?f=2&t=173692
Thanks @tdw ... I actually got confused as a "naked" CAP with VLAN tagging on its SSIDs, that are provisioned via capsman, has no VLAN config on the local bridge at all.
The solution actually was, after enabling VLAN filtering on the local bridge to configure the tagged/untagged association for ether1, ether2 and bridge for all VLAN IDs, including those on the SSIDs.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: add Hybrid-Port (wired VLAN) to CAP

Tue Jun 01, 2021 11:33 pm

Using VLAN1 is insanity, after you have completed the config, both you and tdw should check into the funny farm for therapy. ;-)
 
User avatar
Hominidae
Member
Member
Topic Author
Posts: 309
Joined: Thu Oct 19, 2017 12:50 am

Re: add Hybrid-Port (wired VLAN) to CAP

Wed Jun 02, 2021 9:52 am

;-) yes, i know...but this is a complete different story....besides, as a person with kids and a house, the challenge never ends and the config will never be completed ... funny farm will have to wait ;-)
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: add Hybrid-Port (wired VLAN) to CAP

Wed Jun 02, 2021 7:41 pm

hahah, yes well the challenge is when to make changes as 2am one shouldnt be making changes to the config, living the same nightmare.

Who is online

Users browsing this forum: AkosGergely, Amazon [Bot], JohnTRIVOLTA, mkx and 43 guests