Community discussions

MikroTik App
 
22hn
just joined
Topic Author
Posts: 5
Joined: Fri Jan 25, 2013 7:47 pm

CAPsMAN with multiple SSIDs/VLANs?

Sat Jan 10, 2015 3:18 am

CAPsMAN 6.24

added 2 vlan intefaces (vlan1 & vlan100) to ether1
vlan1 is member of bridge1
vlan100 is member of bridge100
Two CAPsMAN configurations with 2 different SSIDs, one configured with datapath.bridge=bridge1 and the other one has datapath.bridge=bridge100

When CAPsMAN is provisioning, none of the wlanXX interfaces are added to a bridge... (hence, no communication...)

I also tried setting the vlan tagging on the actual capsman config, but no success...

How's CAPsMAN supposed to be configured when you want local forwarding and multiple SSIDs/VLANs?
 
uldis
MikroTik Support
MikroTik Support
Posts: 3443
Joined: Mon May 31, 2004 2:55 pm

Re: CAPsMAN with multiple SSIDs/VLANs?

Mon Jan 12, 2015 6:26 pm

Please use CAPsMAN v2 and use vlan-id setting for each SSID (CAP interface).
Then add a vlan interfaces on the ethernet/bridge interface on the CAPsMAN where the CAP boards are connected.
This is for the local-forwarding.

The datapath bridge option will only work if you use the full-forwarding and not the local forwarding.
 
22hn
just joined
Topic Author
Posts: 5
Joined: Fri Jan 25, 2013 7:47 pm

Re: CAPsMAN with multiple SSIDs/VLANs?

Tue Jan 13, 2015 1:44 am

I got it working with local forwarding when I moved mgmt traffic to its own vlan.

You can't have a vlan interface added for mgmt with the same vlan id used in one of the wireless SSIDs. The vlan interface seems to intercept all traffic and it will never reach the wireless client.
 
popovdv
just joined
Posts: 7
Joined: Thu Apr 16, 2015 7:15 pm

Re: CAPsMAN with multiple SSIDs/VLANs?

Fri Jan 15, 2016 11:39 pm

And how to use multiple SSIDs/Vlans with full forwarding (not local)
I tried:
CapsMAn Configutration>Datapath>
Bridge=guest-bridge
VLAN Mode = use tag
VLAN ID = 87

Interfaces>VLAN
vlan_87_ether2
ID = 87
interface=ether2

Bridge
guest-bridge add port vlan_87_ether2, ether2

cap client conected to AP but can't receive IP. Whout use tag 87 in CAPSMAN it works fine

I would like use vlan to separate traffic to from different SSID from Cap to CapsMan
 
User avatar
ploquets
Member Candidate
Member Candidate
Posts: 149
Joined: Tue Nov 17, 2015 12:49 pm
Location: Uruguaiana, RS, Brazil
Contact:

Re: CAPsMAN with multiple SSIDs/VLANs?

Fri Jan 29, 2016 12:22 am

Please use CAPsMAN v2 and use vlan-id setting for each SSID (CAP interface).
Then add a vlan interfaces on the ethernet/bridge interface on the CAPsMAN where the CAP boards are connected.
This is for the local-forwarding.

The datapath bridge option will only work if you use the full-forwarding and not the local forwarding.
Please, we need help to configure CAPsMAN with 6 RBCap2n

One of them is the CAPsMAN
All units are connected to a managed switch and all Ports that are used to connect those CAPs are tagged with two vlans.
Administration Network = VID 1000
Guest Network = VID 2000

So, my goal is:
Manage all CAPs with CAPsMAN (I think this is already done because inside the CAPsMAN I can see other CAPs)
Create two SSID on each CAP (one for VLAN 2000 and other for VLAN 1000)
Be able to segregate those SSID with those mentioned VLANs.

What I've done so far is:

Create a DataPath with local forwarding enable (because all CAPs have a possibility to achieve those VLANs networks)
Create a VLAN interface with same VID as mentioned before.
CAPsMAN are working with ether1 (without vlan) so, supposedly is using VID = 1 as access port (which is common for Switching)

Anyway, I'm kinda lost with all this process....
Hope that somebody could help! Thanks in advance.
Best regards
 
User avatar
ploquets
Member Candidate
Member Candidate
Posts: 149
Joined: Tue Nov 17, 2015 12:49 pm
Location: Uruguaiana, RS, Brazil
Contact:

Re: CAPsMAN with multiple SSIDs/VLANs?

Tue Feb 16, 2016 4:13 am

Please use CAPsMAN v2 and use vlan-id setting for each SSID (CAP interface).
Then add a vlan interfaces on the ethernet/bridge interface on the CAPsMAN where the CAP boards are connected.
This is for the local-forwarding.

The datapath bridge option will only work if you use the full-forwarding and not the local forwarding.
Please, we need help to configure CAPsMAN with 6 RBCap2n

One of them is the CAPsMAN
All units are connected to a managed switch and all Ports that are used to connect those CAPs are tagged with two vlans.
Administration Network = VID 1000
Guest Network = VID 2000

So, my goal is:
Manage all CAPs with CAPsMAN (I think this is already done because inside the CAPsMAN I can see other CAPs)
Create two SSID on each CAP (one for VLAN 2000 and other for VLAN 1000)
Be able to segregate those SSID with those mentioned VLANs.

What I've done so far is:

Create a DataPath with local forwarding enable (because all CAPs have a possibility to achieve those VLANs networks)
Create a VLAN interface with same VID as mentioned before.
CAPsMAN are working with ether1 (without vlan) so, supposedly is using VID = 1 as access port (which is common for Switching)

Anyway, I'm kinda lost with all this process....
Hope that somebody could help! Thanks in advance.
Best regards
If you are here and reading this post, I did resolve this by adding those vlans to a bridge.
Not adding vlan inside a bridge, but creating a vlan with bridge as interface.
/interface vlan add name=XXXX vlan-id=1234 interface=bridge
This will do the job.
 
ZETA992
just joined
Posts: 10
Joined: Wed Feb 24, 2016 6:01 pm

Re: CAPsMAN with multiple SSIDs/VLANs?

Wed Feb 24, 2016 6:29 pm

Please use CAPsMAN v2 and use vlan-id setting for each SSID (CAP interface).
Then add a vlan interfaces on the ethernet/bridge interface on the CAPsMAN where the CAP boards are connected.
This is for the local-forwarding.

The datapath bridge option will only work if you use the full-forwarding and not the local forwarding.
Can you help with 1 little problem?

I have 1 CapsManager and 2 Caps- 2 SSID and 2 VLANs
If clients connect to free SSID(cap x.2) then (cap x.1- is General SSID with mac-filter)"xx:..:xx:xx:xx@Capx.1 rejected, forbidden by access-list"

What i do wrong?
p.s. Sorry for bad eng language.
/caps-man access-list
add ap-tx-limit=15000000 client-tx-limit=15000000 disabled=no interface=\
    cap2.2 ssid-regexp=""
add ap-tx-limit=15000000 client-tx-limit=15000000 disabled=no interface=\
    cap1.2 ssid-regexp=""
add ap-tx-limit=15000000 client-tx-limit=15000000 disabled=no interface=\
    CapsMan1.2 ssid-regexp=""
add action=accept disabled=no interface=all mac-address=xx:xx:xx:xx:xx:xx \
    ssid-regexp="" vlan-id=1 vlan-mode=no-tag
add action=reject disabled=no interface=CapsMan1.1 ssid-regexp=""
add action=reject disabled=no interface=cap1.1 ssid-regexp=""
add action=reject disabled=no interface=cap2.1 ssid-regexp=""
/caps-man configuration
add channel=general datapath=General ssid=AP
add channel=guest datapath=guest max-sta-count=30 mode=ap \
    name=Guest security=Guest ssid=AP_FREE
/caps-man datapath
add bridge=bridge-local client-to-client-forwarding=yes local-forwarding=no \
    name=General
add bridge=bridge_VLAN client-to-client-forwarding=no local-forwarding=no \
    name=guest vlan-id=2 vlan-mode=use-tag
 
ZETA992
just joined
Posts: 10
Joined: Wed Feb 24, 2016 6:01 pm

Re: CAPsMAN with multiple SSIDs/VLANs?

Sun Feb 28, 2016 1:09 pm

Can you help with 1 little problem?

I have 1 CapsManager and 2 Caps- 2 SSID and 2 VLANs
If clients connect to free SSID(cap x.2) then (cap x.1- is General SSID with mac-filter)"xx:..:xx:xx:xx@Capx.1 rejected, forbidden by access-list"

What i do wrong?
Problem with certificate
I delete server certificates, restart server capsman and add caps again- its working!))

RouterOS 6.34.2
note: to use different vlan's in datapath: vlan=no tag.
i use capsman forwarding
my config:
/caps-man configuration
add channel=general country= datapath=General \
datapath.client-to-client-forwarding=yes mode=ap name=General security=\
 General ssid=WIFI
add country= datapath=guest max-sta-count=50 mode=ap name=Guest \
security=Guest security.encryption=aes-ccm ssid=WIFI_FREE
/caps-man datapath
add bridge=bridge-local client-to-client-forwarding=yes local-forwarding=no \
name=General
add bridge=bridge_VLAN client-to-client-forwarding=no local-forwarding=no \
name=guest
/caps-man channel
add band=2ghz-b/g/n extension-channel=Ce frequency=2412 name=general \
tx-power=16 width=20
/caps-man interface
add arp=enabled configuration=General disabled=no l2mtu=1600 mac-address=\
xx:xx:xx:xx:xx:xx master-interface=none mtu=1500 name=CapsM1.1 radio-mac=\
xx:xx:xx:xx:xx:xx
add arp=enabled configuration=Guest disabled=no l2mtu=1600 mac-address=\
xx:xx:xx:xx:xx:xx master-interface=CapsM1.1 mtu=1500 name=CapsM1.2 \
 radio-mac=00:00:00:00:00:00
/caps-man manager
set ca-certificate=auto certificate=auto enabled=yes
/caps-man provisioning
add action=create-dynamic-enabled master-configuration=\
General name-format=identity radio-mac=xx:xx:xx:xx:xx:xx \
 slave-configurations=Guest
Last question what is SSID-REGEXP and how work it?
/caps-man access-list
add action=accept disabled=yes signal-range=-100..120 ssid-regexp=""
 
User avatar
czolo
Member
Member
Posts: 418
Joined: Fri Mar 04, 2005 9:49 am
Location: Poland (Warsaw)
Contact:

Re: CAPsMAN with multiple SSIDs/VLANs?

Sun Feb 28, 2016 1:49 pm

Last question what is SSID-REGEXP and how work it?
/caps-man access-list
add action=accept disabled=yes signal-range=-100..120 ssid-regexp=""
Let's suppose that your master SSID is "My office network" and slave "My private WiFI". Now you can use a part of SSID: "My" in regexp for both networks or for single one of this: "office network", office, network "private WiFI", etc.
| --= Czo|_o =--
| http://wifi4eu.pl
| Innovation in WiFi
 
ZETA992
just joined
Posts: 10
Joined: Wed Feb 24, 2016 6:01 pm

Re: CAPsMAN with multiple SSIDs/VLANs?

Sun Feb 28, 2016 10:24 pm

Let's suppose that your master SSID is "My office network" and slave "My private WiFI". Now you can use a part of SSID: "My" in regexp for both networks or for single one of this: "office network", office, network "private WiFI", etc.
Wow...Made adjustments to the rules- working..
I thought a direct link is used.. I have 2 SSID like "WIfi" and "Wifi_Free"- rules to "Wifi" is work to all SSID..
Thanks for the help.
 
Mirage
just joined
Posts: 4
Joined: Tue Nov 29, 2016 9:50 pm
Location: Bulgaria

Re: CAPsMAN with multiple SSIDs/VLANs?

Fri Feb 17, 2017 9:51 pm

And how does the configuration on the CAP side in case of local forwarding look like? Do I need to define a bridge which is connected to the ether1? Or, do I need to define vlan on ether1 and add it to the bridge configuration or the Vlan tagging in the access menu on the CAPSMAN side is sufficient?
Tzvetomir

Who is online

Users browsing this forum: vector85 and 42 guests