Hey, thanks for such a quick response
Yes of course I read it, without the documentation and YT, I wouldn't do it. Although I don't hide the fact that not everything is clear to me in the documentation.
So ,i can connect to the Stou_CAP_Iot network, but I cannot connect to the Stou_CAP_home network.
my config :
# 2024-09-29 18:51:32 by RouterOS 7.15.3
# software id = 9L00-VFBB
#
# model = C52iG-5HaxD2HaxD
# serial number =
/interface bridge
add admin-mac=auto-mac=no comment=defconf name=bridge \
vlan-filtering=yes
/interface wifi
set [ find default-name=wifi1 ] configuration.mode=ap
set [ find default-name=wifi2 ] configuration.mode=ap
/interface vlan
add interface=bridge name=vlan-10-home vlan-id=10
add interface=bridge name=vlan-20-iot vlan-id=20
add interface=bridge name=vlan-33-mgmt vlan-id=33
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wifi channel
add band=2ghz-ax disabled=no frequency=2412 name=ch-2G-ax width=20mhz
add band=2ghz-n disabled=no name=ch-2G-n width=20mhz
add band=5ghz-ax disabled=no frequency=5180 name=ch-5G-ax skip-dfs-channels=\
all width=20/40/80mhz
add band=5ghz-ac disabled=no name=ch-5G-ac skip-dfs-channels=all width=\
20/40/80mhz
/interface wifi datapath
add client-isolation=no disabled=no name=datapath-home vlan-id=10
add client-isolation=yes disabled=no name=datapath-iot vlan-id=20
/interface wifi security
add authentication-types=wpa2-psk,wpa3-psk disabled=no ft=yes ft-over-ds=yes \
name=sec-home
add authentication-types=wpa-psk,wpa2-psk disabled=no ft=yes ft-over-ds=yes \
name=sec-iot
/interface wifi configuration
add channel=ch-2G-ax country="United States" datapath=datapath-home disabled=\
no mode=ap name=cfg-home-2G-ax security=sec-home ssid=Stou_CAP_home \
tx-power=22
add channel=ch-2G-n country="United States" datapath=datapath-home disabled=\
no mode=ap name=cfg-home-2G-n security=sec-home ssid=Stou_CAP_home \
tx-power=22
add channel=ch-5G-ax country="United States" datapath=datapath-home disabled=\
no mode=ap name=cfg-home-5G-ax security=sec-home ssid=Stou_CAP_home \
tx-power=22
add channel=ch-5G-ac country="United States" datapath=datapath-home disabled=\
no mode=ap name=cfg-home-5G-ac security=sec-home ssid=Stou_CAP_home \
tx-power=22
add channel=ch-2G-n country=Poland datapath=datapath-iot disabled=no mode=ap \
name=cfg-iot-2G-n security=sec-iot ssid=Stou_CAP_iot
add channel=ch-2G-ax country=Poland datapath=datapath-iot disabled=no mode=ap \
name=cfg-iot-2G-ax security=sec-iot ssid=Stou_CAP_iot
add channel=ch-5G-ac country=Poland datapath=datapath-iot disabled=no mode=ap \
name=cfg-iot-5G-ac security=sec-iot ssid=Stou_CAP_iot
add channel=ch-5G-ax country=Poland datapath=datapath-iot disabled=no mode=ap \
name=cfg-iot-5G-ax security=sec-iot ssid=Stou_CAP_iot
/interface wifi steering
add disabled=no name=steering_Stou_CAP_home neighbor-group=\
dynamic-Stou_CAP_home-f18a66d1 rrm=yes wnm=yes
add disabled=no name=steering_Stou_CAP_iot neighbor-group=\
dynamic-Stou_CAP_iot-c6d7975b rrm=yes wnm=yes
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
add name=dhcp_pool2 ranges=20.20.20.2-20.20.20.254
add name=dhcp_pool3 ranges=10.33.33.2-10.33.33.254
add name=dhcp_pool6 ranges=10.10.10.2-10.10.10.254
/ip dhcp-server
add address-pool=default-dhcp interface=bridge name=defconf
add address-pool=dhcp_pool2 interface=vlan-20-iot name=dhcp-vlan-20
add address-pool=dhcp_pool3 interface=vlan-33-mgmt name=dhcp-vlan-33
add address-pool=dhcp_pool6 interface=vlan-10-home name=dhcp-vlan-10
/disk settings
set auto-media-interface=bridge auto-media-sharing=yes auto-smb-sharing=yes
/interface bridge port
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge interface=ether2
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface bridge vlan
add bridge=bridge tagged=bridge,ether2,ether3 vlan-ids=10
add bridge=bridge tagged=bridge,ether2,ether3 vlan-ids=20
add bridge=bridge tagged=bridge,ether2,ether3 vlan-ids=33
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/interface wifi capsman
set ca-certificate=auto enabled=yes interfaces=vlan-33-mgmt package-path="" \
require-peer-certificate=no upgrade-policy=none
/interface wifi provisioning
add action=create-dynamic-enabled disabled=no master-configuration=\
cfg-home-2G-ax slave-configurations=cfg-iot-2G-ax supported-bands=2ghz-ax
add action=create-dynamic-enabled disabled=no master-configuration=\
cfg-home-5G-ax slave-configurations=cfg-iot-5G-ax supported-bands=5ghz-ax
add action=create-dynamic-enabled disabled=no identity-regexp=.*ac.* \
master-configuration=cfg-home-2G-n slave-configurations=cfg-iot-2G-n \
supported-bands=2ghz-n
add action=create-dynamic-enabled disabled=no identity-regexp=.*ac.* \
master-configuration=cfg-home-5G-ac slave-configurations=cfg-iot-5G-ac \
supported-bands=5ghz-ac
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=\
192.168.88.0
add address=10.10.10.1/24 interface=vlan-10-home network=10.10.10.0
add address=20.20.20.1/24 interface=vlan-20-iot network=20.20.20.0
add address=10.33.33.1/24 interface=vlan-33-mgmt network=10.33.33.0
/ip dhcp-client
add comment=defconf interface=ether1
/ip dhcp-server network
add address=10.10.10.0/24 dns-server=192.168.88.1 gateway=10.10.10.1
add address=10.33.33.0/24 dns-server=192.168.88.1 gateway=10.33.33.1
add address=10.40.40.0/24 dns-server=192.168.88.1 gateway=10.40.40.1
add address=20.20.20.0/24 dns-server=192.168.88.1 gateway=20.20.20.1
add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 gateway=\
192.168.88.1
add address=192.168.90.0/24 gateway=192.168.90.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" disabled=yes \
dst-address=127.0.0.1
add action=accept chain=input in-interface=vlan-10-home
add action=accept chain=input in-interface=vlan-20-iot
add action=accept chain=input in-interface=vlan-33-mgmt
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat disabled=yes out-interface=ether1
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=\
icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" \
dst-port=33434-33534 protocol=udp
add action=accept chain=input comment=\
"defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\
udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \
protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=\
ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\
ipsec-esp
add action=accept chain=input comment=\
"defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment=\
"defconf: drop everything else not coming from LAN" in-interface-list=\
!LAN
add action=accept chain=forward comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment=\
"defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \
hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\
icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=\
500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\
ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\
ipsec-esp
add action=accept chain=forward comment=\
"defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment=\
"defconf: drop everything else not coming from LAN" in-interface-list=\
!LAN
/system clock
set time-zone-name=Europe/Warsaw
/system note
set show-at-login=no
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
# 2024-09-29 18:52:17 by RouterOS 7.15.3
# software id = V4TH-LBHQ
#
# model = cAPGi-5HaxD2HaxD
# serial number =
/interface bridge
add name=bridge-wifi vlan-filtering=yes
/interface wifi
# managed by CAPsMAN
# mode: AP, SSID: Stou_CAP_home, channel: 5180/ax/Ceee
set [ find default-name=wifi1 ] configuration.manager=capsman .mode=ap \
disabled=no
# managed by CAPsMAN
# mode: AP, SSID: Stou_CAP_home, channel: 2412/ax
set [ find default-name=wifi2 ] configuration.manager=capsman .mode=ap \
disabled=no
/interface vlan
add interface=bridge-wifi name=vlan-33-mgmt vlan-id=33
/interface wifi datapath
add bridge=bridge-wifi disabled=no name=data-cap
/interface bridge port
add bridge=bridge-wifi interface=ether1
/interface bridge vlan
add bridge=bridge-wifi tagged=bridge-wifi,ether1 vlan-ids=10
add bridge=bridge-wifi tagged=bridge-wifi,ether1 vlan-ids=20
add bridge=bridge-wifi tagged=bridge-wifi,ether1 vlan-ids=33
/interface wifi cap
set caps-man-addresses=10.33.33.1 enabled=yes slaves-datapath=data-cap
/ip dhcp-client
add interface=vlan-33-mgmt
/system clock
set time-zone-name=Europe/Warsaw
/system identity
set name=CAP_1_Flor
/system note
set show-at-login=no