Community discussions

MikroTik App
 
User avatar
Kentzo
Long time Member
Long time Member
Topic Author
Posts: 516
Joined: Mon Jan 27, 2014 3:35 pm
Location: California

CAPsMAN does not apply vlan-id on CAP's master interface

Fri Jan 07, 2022 9:57 am

I'm following the guide, it mostly works except that vlan-id is only applied to the slave port and not the master.

On CAPsMAN both CAP interfaces properly display vlan-id as was set. But on the CAP `/interface bridge port print` only shows correct pvid for the slave port. The master port shows the default pvid=1. Additionally, contrary to the guide, only the slave port is marked as dynamic.

Am I doing something wrong or should I just manually set pvid on the interfaces?

Both routers are on 6.49.2
 
User avatar
Hominidae
Member
Member
Posts: 309
Joined: Thu Oct 19, 2017 12:50 am

Re: CAPsMAN does not apply vlan-id on CAP's master interface

Fri Jan 07, 2022 11:48 am

Am I doing something wrong or should I just manually set pvid on the interfaces?
No to both parts of your question..
The Bridge in context is the Bridge at the Capsman-Router, not the Bridge at the CAP.
I see where maybe this guide given in the link is somewhat "tricking" a reader into thinking that the depicted Bridge Port print is actually on the CAP side, as it is put in the CAP section of the Guide.
But it clearly states, that this is the Caps-Router.
 
User avatar
Kentzo
Long time Member
Long time Member
Topic Author
Posts: 516
Joined: Mon Jan 27, 2014 3:35 pm
Location: California

Re: CAPsMAN does not apply vlan-id on CAP's master interface

Sat Jan 08, 2022 12:57 am

Hmm, I understand that CAPsMAN fully manages CAP's wlan interfaces. But I'm surprised to see misleading information on CAP's bridge port, especially given that for the slave interface pvid is as I expect it.

Do you know a way to confirm that packets that are entering bridge get tagged with as I want them? I cannot figure out how to sniff traffic on switch/router side of a port.
 
User avatar
Kentzo
Long time Member
Long time Member
Topic Author
Posts: 516
Joined: Mon Jan 27, 2014 3:35 pm
Location: California

Re: CAPsMAN does not apply vlan-id on CAP's master interface

Sat Jan 08, 2022 1:34 am

After reviewing the doc once more I don't think I agree with you. From the guide:
[admin@CAP_1] /interface bridge port pr
Flags: X - disabled, I - inactive, D - dynamic, H - hw-offload
# INTERFACE BRIDGE HW PVID PRIORITY PATH-COST INTERNAL-PATH-COST HORIZON
0 H ether1 bridge1 yes 1 0x80 10 10 none
1 D wlan1 bridge1 10 0x80 10 10 none
2 D wlan5 bridge1 20 0x80 10 10 none

Clearly the state of the bridge ports was captured on CAP. Moreover, CAPs wlans are not even added to CAPsMAN (although the UI/CLI seems to allow to do this manually, it seems pointless for local forwarding).
 
User avatar
Hominidae
Member
Member
Posts: 309
Joined: Thu Oct 19, 2017 12:50 am

Re: CAPsMAN does not apply vlan-id on CAP's master interface

Sat Jan 08, 2022 1:13 pm

...Aggree with you on the last part, as I thought you'd be using your setup in manager forwarding mode,So I've been referring to the second part of the guide.

So, maybe you did not follow the guide entrirely? PVID=1 is the standard ID, system wide....so maybe you actually want that VLAN-ID on that interface or you did not follow the guide?
Besides, on what VLAN is the DHCP-Server listening/responding for WiFi-Clients on that wlan interface?
If the VLANd is ID=10 for example and IPs are handed out on that VLAN and not by a DHCP-Server on VLANID=1, I'd say it works as designed.

I can't test, as I happen to have my Master WLAN-Interfaces on ID=1 by design (or on account of being lazy).
 
erlinden
Forum Guru
Forum Guru
Posts: 1920
Joined: Wed Jun 12, 2013 1:59 pm
Location: Netherlands

Re: CAPsMAN does not apply vlan-id on CAP's master interface

Sat Jan 08, 2022 1:16 pm

Can you please share your current CAPsMAN configuration (or the entire configuration):

/caps-man export hide-sensitive (or /export hide-sensitve)
 
User avatar
Kentzo
Long time Member
Long time Member
Topic Author
Posts: 516
Joined: Mon Jan 27, 2014 3:35 pm
Location: California

Re: CAPsMAN does not apply vlan-id on CAP's master interface

Sun Jan 09, 2022 7:40 am

/caps-man channel
add band=2ghz-onlyn control-channel-width=20mhz extension-channel=XX name="Matryoshka 2.4Ghz" \
reselect-interval=1h skip-dfs-channels=no
add band=5ghz-onlyac control-channel-width=20mhz extension-channel=XXXX name="Matryoshka 5Ghz" \
reselect-interval=1h skip-dfs-channels=no

/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm name=Matryoshka
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm name="Matryoshka IoT"

/caps-man access-list
add action=accept allow-signal-out-of-range=10s client-to-client-forwarding=no disabled=no interface=iot-2.4 mac-address=... ssid-regexp=""
add action=accept allow-signal-out-of-range=10s client-to-client-forwarding=no disabled=no interface=iot-2.4 mac-address=... ssid-regexp=""
add action=accept allow-signal-out-of-range=10s disabled=no interface=iot-2.4 mac-address=... ssid-regexp=""
add action=accept allow-signal-out-of-range=10s client-to-client-forwarding=no disabled=no interface=iot-2.4 mac-address=... ssid-regexp=""
add action=reject allow-signal-out-of-range=10s disabled=no interface=iot-2.4 mac-address-mask=FF:FF:FF:FF:FF:FF ssid-regexp=""

/caps-man configuration
add channel="Matryoshka 2.4Ghz" country="united states3" datapath=Matryoshka disconnect-timeout=10s \
installation=indoor mode=ap name="Matryoshka 2.4Ghz" security=Matryoshka ssid=Matryoshka
add channel="Matryoshka 5Ghz" country="united states3" datapath=Matryoshka installation=indoor mode=ap \
name="Matryoshka 5Ghz" security=Matryoshka ssid=Matryoshka
add channel="Matryoshka 2.4Ghz" country="united states3" datapath=Matryoshka datapath.vlan-id=99 \
datapath.vlan-mode=use-tag installation=indoor mode=ap name="Matryoshka IoT 2.4Ghz" security=\
"Matryoshka IoT" ssid="Matryoshka IoT"

/caps-man datapath
add bridge=bridge client-to-client-forwarding=yes local-forwarding=yes name=Matryoshka

/caps-man interface
add channel.tx-power=20 configuration="Matryoshka 2.4Ghz" datapath.vlan-id=2 datapath.vlan-mode=use-tag disabled=no l2mtu=1600 mac-address=A master-interface=none name=bedroom-2.4 radio-mac=A radio-name=""
add channel.tx-power=20 configuration="Matryoshka 5Ghz" datapath.vlan-id=2 datapath.vlan-mode=use-tag disabled=no l2mtu=1600 mac-address=B master-interface=none name=bedroom-5 radio-mac=B radio-name=""
add configuration="Matryoshka IoT 2.4Ghz" disabled=no l2mtu=1600 mac-address=C master-interface=bedroom-2.4 name=iot-2.4 radio-mac=C radio-name=""
add arp=enabled channel.tx-power=28 configuration="Matryoshka 2.4Ghz" disabled=no l2mtu=1600 mac-address=D master-interface=none mtu=1500 name=livingroom-2.4 radio-mac=D radio-name=...
add arp=enabled configuration="Matryoshka 5Ghz" disabled=no l2mtu=1600 mac-address=E master-interface=none mtu=1500 name=livingroom-5 radio-mac=E radio-name=...

/caps-man manager
set ca-certificate=CAPsMAN-CA-... certificate=CAPsMAN-... enabled=yes require-peer-certificate=yes upgrade-policy=suggest-same-version
As you can see the bedroom-* interfaces have inline vlan-id=2 while iot-2.4 has vlan-id=99 through the "Matryoshka IoT 2.4Ghz" config.

On CAP's `/interface bridge vlan print` only the iot-2.4 interface is recognized as tagged for vlan-id=99. The bedroom-* interfaces are untagged for the dynamic vlan-id=1.

I have also noticed that the physical interfaces on the CAP for bedroom-* cannot be deleted and, unlike the virtual-AP interface created for iot-2.4, can be edited in `/interface bridge port`.
 
User avatar
Kentzo
Long time Member
Long time Member
Topic Author
Posts: 516
Joined: Mon Jan 27, 2014 3:35 pm
Location: California

Re: CAPsMAN does not apply vlan-id on CAP's master interface

Sun Jan 09, 2022 7:56 am

There is a related thread: viewtopic.php?t=131449
 
User avatar
Hominidae
Member
Member
Posts: 309
Joined: Thu Oct 19, 2017 12:50 am

Re: CAPsMAN does not apply vlan-id on CAP's master interface

Sun Jan 09, 2022 12:07 pm

As you can see the bedroom-* interfaces have inline vlan-id=2 while iot-2.4 has vlan-id=99 through the "Matryoshka IoT 2.4Ghz" config.

On CAP's `/interface bridge vlan print` only the iot-2.4 interface is recognized as tagged for vlan-id=99. The bedroom-* interfaces are untagged for the dynamic vlan-id=1.
IMHO all the vlan config needs to go with "/caps-man configuration path". So why not create one config with vlanid=2 that then gets applied to that specific CAP?
 
User avatar
Kentzo
Long time Member
Long time Member
Topic Author
Posts: 516
Joined: Mon Jan 27, 2014 3:35 pm
Location: California

Re: CAPsMAN does not apply vlan-id on CAP's master interface

Sun Jan 09, 2022 10:00 pm

That change does not seem to have any effect on the behavior I’m observing.
 
User avatar
Kentzo
Long time Member
Long time Member
Topic Author
Posts: 516
Joined: Mon Jan 27, 2014 3:35 pm
Location: California

Re: CAPsMAN does not apply vlan-id on CAP's master interface

Sun Jan 09, 2022 11:12 pm

Maybe I'm reading it wrong and the whole VLAN configuration on a wireless interface covers exclusively virtual-APs?
 
User avatar
Hominidae
Member
Member
Posts: 309
Joined: Thu Oct 19, 2017 12:50 am

Re: CAPsMAN does not apply vlan-id on CAP's master interface

Sun Jan 09, 2022 11:37 pm

That change does not seem to have any effect on the behavior I’m observing.
..but then, what is actually the ID used for traffic?
For example on the interface "bedroom"...is it vid=2 or vid/pvid=1 ? ... attach a dhcp-server with a different pool to each vid and see which one feeds IPs to clients that connects to that interface.
 
User avatar
Kentzo
Long time Member
Long time Member
Topic Author
Posts: 516
Joined: Mon Jan 27, 2014 3:35 pm
Location: California

Re: CAPsMAN does not apply vlan-id on CAP's master interface

Mon Jan 10, 2022 12:15 am

Alright, looks like I figured out what I was missing: on the CAP I had to manually mark the CAPsMAN managed master interface as tagged in `/interface bridge vlan` for the vlan-id I set on the wireless interface on CAPsMAN
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11433
Joined: Thu Mar 03, 2016 10:23 pm

Re: CAPsMAN does not apply vlan-id on CAP's master interface  [SOLVED]

Tue Jan 11, 2022 8:45 am

Did you add wlan interface (the master wlan) to bridge on CAP manually, before configuring device as CAP client? If you use CAPsMAN to provision wireless interfaces on CAP, this should not be done.
 
User avatar
Kentzo
Long time Member
Long time Member
Topic Author
Posts: 516
Joined: Mon Jan 27, 2014 3:35 pm
Location: California

Re: CAPsMAN does not apply vlan-id on CAP's master interface

Tue Jan 11, 2022 10:24 am

Hmm, good question. It was there since I was migrating my old config.

Who is online

Users browsing this forum: No registered users and 26 guests