Community discussions

MikroTik App
 
tikker
newbie
Topic Author
Posts: 49
Joined: Tue Nov 19, 2019 11:40 pm

Using Capsman with VLANs and local forwarding

Sun Jan 23, 2022 9:57 pm

Hi, I've setup my RB5009 with a HAPac2 using VLANs. I want to add the radios of the HAP to the CAPsMAN running on the RB5009.

My setup seems to work, if I disable local forwarding in the datapaths. If I enable local-forwarding, my devices only get a link-local-address and cannot connect to the DHCP in the specific VLAN. What do I have to change to use VLANs and local forwarding?

RB5009 capsman config:
/caps-man interface
add disabled=no l2mtu=1600 mac-address=48:8F:5A:75:F2:60 master-interface=none name=cap4 \
    radio-mac=48:8F:5A:75:F2:60 radio-name=488F5A75F260
/caps-man datapath
add bridge=bridge1 client-to-client-forwarding=yes local-forwarding=no name=datapath-31 vlan-id=\
    31 vlan-mode=use-tag
add bridge=bridge1 client-to-client-forwarding=no local-forwarding=no name=datapath-32 vlan-id=32 \
    vlan-mode=use-tag
add bridge=bridge1 client-to-client-forwarding=no local-forwarding=no name=datapath-33 vlan-id=33 \
    vlan-mode=use-tag
/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm name=wpa2-psk-aes
/caps-man configuration
add country=germany datapath=datapath-31 name=test-31 security=wpa2-psk-aes ssid=test31
add country=germany datapath=datapath-32 name=test-32 security=wpa2-psk-aes ssid=test32
add country=germany datapath=datapath-33 name=test-33 security=wpa2-psk-aes ssid=test33
/caps-man interface
add configuration=test-31 disabled=no l2mtu=1600 mac-address=48:8F:5A:75:F2:5F master-interface=\
    none name=cap1 radio-mac=48:8F:5A:75:F2:5F radio-name=488F5A75F25F
add configuration=test-32 disabled=no l2mtu=1600 mac-address=4A:8F:5A:75:F2:5F master-interface=\
    cap1 name=cap2 radio-mac=00:00:00:00:00:00 radio-name=4A8F5A75F25F
add configuration=test-33 disabled=no l2mtu=1600 mac-address=4A:8F:5A:75:F2:60 master-interface=\
    cap1 name=cap3 radio-mac=00:00:00:00:00:00 radio-name=4A8F5A75F260
/caps-man manager
set ca-certificate=auto certificate=auto enabled=yes
/caps-man provisioning
add action=create-enabled hw-supported-modes=gn master-configuration=test-31 \
    slave-configurations=test-32,test-33
RB5009 interface config:
/interface bridge
add name=bridge1 vlan-filtering=yes
/interface vlan
add interface=bridge1 name=vlan_31 vlan-id=31
add interface=bridge1 name=vlan_32 vlan-id=32
add interface=bridge1 name=vlan_33 vlan-id=33
/interface bridge port
add bridge=bridge1 interface=ether2 pvid=31
add bridge=bridge1 interface=ether3 pvid=31
add bridge=bridge1 interface=ether4 pvid=32
add bridge=bridge1 interface=ether5 pvid=33
/interface bridge vlan
add bridge=bridge1 tagged=bridge1,ether2 untagged=vlan_31 vlan-ids=31
add bridge=bridge1 tagged=bridge1,ether2 untagged=vlan_32 vlan-ids=32
add bridge=bridge1 tagged=bridge1,ether2 untagged=vlan_33 vlan-ids=33
HAPac interface config:
/interface bridge
add name=bridge1 vlan-filtering=yes
/interface vlan
add interface=bridge1 name=vlan_31 vlan-id=31
/interface lte apn
set [ find default=yes ] ip-type=ipv4
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk mode=dynamic-keys name=test-local supplicant-identity=MikroTik
/interface wireless
# managed by CAPsMAN
# channel: 2412/20-Ce/gn(17dBm), SSID: test31, CAPsMAN forwarding
set [ find default-name=wlan1 ] mode=ap-bridge name=wlan1-2g security-profile=test-local ssid=\
    Mikrotik-hap1 wps-mode=disabled
# managed by CAPsMAN
# channel: 5785/20-eeCe/ac(27dBm), SSID: , CAPsMAN forwarding
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-Ceee mode=ap-bridge \
    name=wlan2-5g security-profile=test-local ssid=Mikrotik-hap1 wps-mode=disabled
/interface bridge port
add bridge=bridge1 interface=ether2 pvid=31
add bridge=bridge1 interface=ether3 pvid=32
add bridge=bridge1 interface=ether4 pvid=33
add bridge=bridge1 interface=ether1
/interface bridge vlan
add bridge=bridge1 tagged=ether1,bridge1 vlan-ids=31
add bridge=bridge1 tagged=ether1 vlan-ids=32
add bridge=bridge1 tagged=ether1 vlan-ids=33
/interface ovpn-server server
set auth=sha1,md5
/interface wireless cap
# 
set certificate=request discovery-interfaces=vlan_31 enabled=yes interfaces=wlan1-2g,wlan2-5g
 
Zacharias
Forum Guru
Forum Guru
Posts: 3459
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: Using Capsman with VLANs and local forwarding

Sun Jan 23, 2022 10:09 pm

I don't understand some parts of your VLAN configuration, for example setting as untagged the VLAN itslef untagged=vlan_31...
A network diagram would really help to understand your topology and configure your VLANs better...

Don't forget that in Local forwarding, in the CAP, you should specify the bridge interface that will dynamically add the wireless interface to...
/interface wireless cap
#
set certificate=request discovery-interfaces=vlan_31 enabled=yes interfaces=wlan1-2g,wlan2-5g
So in the above line you should specify the Bridge interface of your CAP.
 
tikker
newbie
Topic Author
Posts: 49
Joined: Tue Nov 19, 2019 11:40 pm

Re: Using Capsman with VLANs and local forwarding

Sun Jan 23, 2022 10:40 pm

at the moment it's just the RB5009 and the HAPac2.

I've configured ether2 as the trunk port in the RB5009 and ether 1 on the HAP.

For testing I have configured one access port per VLAN on both devices. Just to see, if I get the appropriate addresses from the specific DHCP server on each VLAN.

The HAP shall also act as a DHCP client in VLAN 31 on the trunk port, so I can configure it.
set certificate=request discovery-interfaces=vlan_31 enabled=yes interfaces=wlan1-2g,wlan2-5g
So in the above line you should specify the Bridge interface of your CAP.
You mean as the disconvery-interface?
 
Zacharias
Forum Guru
Forum Guru
Posts: 3459
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: Using Capsman with VLANs and local forwarding  [SOLVED]

Sun Jan 23, 2022 10:48 pm

No i don't mean as discovery interface...

For example:
/interface wireless cap
set bridge=bridge1 discovery-interfaces=bridge1 enabled=yes interfaces=wlan1

Also you could read a nice example here https://wiki.mikrotik.com/wiki/Manual:C ... Ns#Summary
 
tikker
newbie
Topic Author
Posts: 49
Joined: Tue Nov 19, 2019 11:40 pm

Re: Using Capsman with VLANs and local forwarding

Sun Jan 23, 2022 10:54 pm

I don't understand some parts of your VLAN configuration, for example setting as untagged the VLAN itslef untagged=vlan_31...
OK, I don't know what I thought. I removed that untagged self interfaces and it make it worse on the wired part... ;-)
 
tikker
newbie
Topic Author
Posts: 49
Joined: Tue Nov 19, 2019 11:40 pm

Re: Using Capsman with VLANs and local forwarding

Sun Jan 23, 2022 10:55 pm

Also you could read a nice example here https://wiki.mikrotik.com/wiki/Manual:C ... Ns#Summary
I read that multiple times and still don't get it...

With your suggestion of assigning the bridge and also put the bridge as the discovery-interface, it seems to work with local forwarding enabled, but I still don't see the portion of the linked manual from what I should have guessed that.
 
Zacharias
Forum Guru
Forum Guru
Posts: 3459
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: Using Capsman with VLANs and local forwarding

Sun Jan 23, 2022 11:21 pm

That's how Local forwarding works... It has nothing to do with the VLANs...
The discovery interface is where the CAP should search for the capsman, it can as well be left empty. You could set the capsman address only for example.
The bridge=bridge1 is where the CAP will add the wireless interfaces to... In your case, you left it empty, so the wireless interface was never added inside the CAPs bridge...

Who is online

Users browsing this forum: No registered users and 13 guests