My setup seems to work, if I disable local forwarding in the datapaths. If I enable local-forwarding, my devices only get a link-local-address and cannot connect to the DHCP in the specific VLAN. What do I have to change to use VLANs and local forwarding?
RB5009 capsman config:
Code: Select all
/caps-man interface
add disabled=no l2mtu=1600 mac-address=48:8F:5A:75:F2:60 master-interface=none name=cap4 \
radio-mac=48:8F:5A:75:F2:60 radio-name=488F5A75F260
/caps-man datapath
add bridge=bridge1 client-to-client-forwarding=yes local-forwarding=no name=datapath-31 vlan-id=\
31 vlan-mode=use-tag
add bridge=bridge1 client-to-client-forwarding=no local-forwarding=no name=datapath-32 vlan-id=32 \
vlan-mode=use-tag
add bridge=bridge1 client-to-client-forwarding=no local-forwarding=no name=datapath-33 vlan-id=33 \
vlan-mode=use-tag
/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm name=wpa2-psk-aes
/caps-man configuration
add country=germany datapath=datapath-31 name=test-31 security=wpa2-psk-aes ssid=test31
add country=germany datapath=datapath-32 name=test-32 security=wpa2-psk-aes ssid=test32
add country=germany datapath=datapath-33 name=test-33 security=wpa2-psk-aes ssid=test33
/caps-man interface
add configuration=test-31 disabled=no l2mtu=1600 mac-address=48:8F:5A:75:F2:5F master-interface=\
none name=cap1 radio-mac=48:8F:5A:75:F2:5F radio-name=488F5A75F25F
add configuration=test-32 disabled=no l2mtu=1600 mac-address=4A:8F:5A:75:F2:5F master-interface=\
cap1 name=cap2 radio-mac=00:00:00:00:00:00 radio-name=4A8F5A75F25F
add configuration=test-33 disabled=no l2mtu=1600 mac-address=4A:8F:5A:75:F2:60 master-interface=\
cap1 name=cap3 radio-mac=00:00:00:00:00:00 radio-name=4A8F5A75F260
/caps-man manager
set ca-certificate=auto certificate=auto enabled=yes
/caps-man provisioning
add action=create-enabled hw-supported-modes=gn master-configuration=test-31 \
slave-configurations=test-32,test-33
Code: Select all
/interface bridge
add name=bridge1 vlan-filtering=yes
/interface vlan
add interface=bridge1 name=vlan_31 vlan-id=31
add interface=bridge1 name=vlan_32 vlan-id=32
add interface=bridge1 name=vlan_33 vlan-id=33
/interface bridge port
add bridge=bridge1 interface=ether2 pvid=31
add bridge=bridge1 interface=ether3 pvid=31
add bridge=bridge1 interface=ether4 pvid=32
add bridge=bridge1 interface=ether5 pvid=33
/interface bridge vlan
add bridge=bridge1 tagged=bridge1,ether2 untagged=vlan_31 vlan-ids=31
add bridge=bridge1 tagged=bridge1,ether2 untagged=vlan_32 vlan-ids=32
add bridge=bridge1 tagged=bridge1,ether2 untagged=vlan_33 vlan-ids=33
Code: Select all
/interface bridge
add name=bridge1 vlan-filtering=yes
/interface vlan
add interface=bridge1 name=vlan_31 vlan-id=31
/interface lte apn
set [ find default=yes ] ip-type=ipv4
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk mode=dynamic-keys name=test-local supplicant-identity=MikroTik
/interface wireless
# managed by CAPsMAN
# channel: 2412/20-Ce/gn(17dBm), SSID: test31, CAPsMAN forwarding
set [ find default-name=wlan1 ] mode=ap-bridge name=wlan1-2g security-profile=test-local ssid=\
Mikrotik-hap1 wps-mode=disabled
# managed by CAPsMAN
# channel: 5785/20-eeCe/ac(27dBm), SSID: , CAPsMAN forwarding
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-Ceee mode=ap-bridge \
name=wlan2-5g security-profile=test-local ssid=Mikrotik-hap1 wps-mode=disabled
/interface bridge port
add bridge=bridge1 interface=ether2 pvid=31
add bridge=bridge1 interface=ether3 pvid=32
add bridge=bridge1 interface=ether4 pvid=33
add bridge=bridge1 interface=ether1
/interface bridge vlan
add bridge=bridge1 tagged=ether1,bridge1 vlan-ids=31
add bridge=bridge1 tagged=ether1 vlan-ids=32
add bridge=bridge1 tagged=ether1 vlan-ids=33
/interface ovpn-server server
set auth=sha1,md5
/interface wireless cap
#
set certificate=request discovery-interfaces=vlan_31 enabled=yes interfaces=wlan1-2g,wlan2-5g