Community discussions

MikroTik App
 
tihovsky
newbie
Topic Author
Posts: 47
Joined: Mon Aug 13, 2012 11:11 pm

Capsman to push bridge VLAN to CAPs

Mon Nov 28, 2022 3:31 pm

We use Capsman local forwarding and have three VLANs/SSIDs to push to many CAPs.

Bridge VLANs are pushed normally to CAPs from Capsman, together with tagged WiFi interfaces as Dynamic.
However, this is just part of the required setup since "bridgeLocal" and "eth1" don't get pushed to CAPs bridge VLAN dynamically.
So traffic cannot be bridged from CAP and the rest of the network, through eth1 which is used as CAP uplink port.

I managed to sort it out by manually adding Bridge VLAN statically, then adding "BridgeLocal" and "eth1" as tagged ports to it.
Afterwards WLAN interfaces get appended dynamically by Capsman and bridging works properly.

But this is clumsy solution since when adding new VLAN/SSID through Capsman, every CAP needs to be manually changed accordingly.
Is there any better option to push this from Capsman in an automated fashion?
 
tdw
Forum Guru
Forum Guru
Posts: 1841
Joined: Sat May 05, 2018 11:55 am

Re: Capsman to push bridge VLAN to CAPs  [SOLVED]

Mon Nov 28, 2022 4:22 pm

Set the cAP bridge vlan-filtering=no, any tagged VLANs arriving via eth1 will be available to the dynamic wlan interfaces.
 
tihovsky
newbie
Topic Author
Posts: 47
Joined: Mon Aug 13, 2012 11:11 pm

Re: Capsman to push bridge VLAN to CAPs

Mon Nov 28, 2022 5:39 pm

Set the cAP bridge vlan-filtering=no, any tagged VLANs arriving via eth1 will be available to the dynamic wlan interfaces.
Thank you, works as described.
 
tihovsky
newbie
Topic Author
Posts: 47
Joined: Mon Aug 13, 2012 11:11 pm

Re: Capsman to push bridge VLAN to CAPs

Wed Nov 30, 2022 8:23 pm

... however, now I am unable to set bridge VLANs anymore to ethernet ports, like it worked earlier.

We use mostly HAP AC as CAP and it has eth1 as trunk port carrying all VLANs, but eth2-4 & SFP are used to connect other equipment in different VLANs as either tagged or untagged ports.
How to achieve that? If I turn off bridge VLAN filtering on CAP this stops working.

I don't mind manually adding these VLANs for eth ports as appropriate on all CAPs requiring this kind of setup,
but I would like that Capsman pushes WLAN (sub)interfaces and their associated VLANs to CAPs together with other configuration as a part of centralized WiFi management of >200 CAPs.

Thanks!
 
tdw
Forum Guru
Forum Guru
Posts: 1841
Joined: Sat May 05, 2018 11:55 am

Re: Capsman to push bridge VLAN to CAPs

Wed Nov 30, 2022 9:02 pm

You can configure the switch chip to make a subset of VLANs available on the ethernet ports and handle untagging, there isn't much you can do for the SFP port - maybe bridge filters. The CPU in the original hAP AC isn't great so you will only get wirespeed port-to-port throughput using the switch, i.e. not using a vlan-aware bridge.

If the port-to-port throughput isn't a concern you could go back to using a vlan-aware bridge and tag many/all of the VLANs not presented on the local wired ports, e.g. if you are using VLAN IDs 102 to 105 untagged on the wired ports
/interface bridge port
add bridge=bridge ingress-filtering=yes interface=ether1
add bridge=bridge ingress-filtering=yes interface=ether2 pvid=102
add bridge=bridge ingress-filtering=yes interface=ether3 pvid=103
add bridge=bridge ingress-filtering=yes interface=ether4 pvid=104
add bridge=bridge ingress-filtering=yes interface=ether5 pvid=105
/interface bridge vlan
add bridge=bridge tagged=bridge,ether1 vlan-ids=2-101
add bridge=bridge tagged=bridge,ether1 untagged=ether2 vlan-ids=102
add bridge=bridge tagged=bridge,ether1 untagged=ether3 vlan-ids=103
add bridge=bridge tagged=bridge,ether1 untagged=ether4 vlan-ids=104
add bridge=bridge tagged=bridge,ether1 untagged=ether5 vlan-ids=105
add bridge=bridge tagged=bridge,ether1 vlan-ids=106-4094


Note the untagged= setting is optional, it will be dynamically added based on the bridge port pvid= setting. Also note from the Wiki / help pages "The vlan-ids parameter can be used to specify a set or range of VLANs, but specifying multiple VLANs in a single bridge VLAN table entry should only be used for ports that are tagged ports. In case multiple VLANs are specified for access ports, then tagged packets might get sent out as untagged packets through the wrong access port, regardless of the PVID value. "

You would have to manage this on each of the multi-port devices as and when you want to change the VLAN memberships of the ports other than the uplink, but any other VLANs used for WiFi interfaces would just work.

Nothing currently on the horizon for wired VLAN management, but Mikrotik have been eliciting requirements for potential future developments.

Who is online

Users browsing this forum: diasdm and 25 guests