Community discussions

MikroTik App
 
tuxtlequino
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 68
Joined: Tue Feb 16, 2016 12:46 am

Can I create a bridge to configure multiple CAP interfaces?

Tue Jun 07, 2022 7:34 am

Okay, this is the question.

I am starting to change our setup to CAPsMAN. I am using dynamic VLANs. One of the questions that I have is this.

In order to make sure that my dynamic VLAN allocation works, I need to add every single CAP interface into the appropriate "/interface bridge vlan"

But since I am still testing some things, I realize that some times I need to re-add every single interface back into the appropriate vlan. Now. this is my question.

Is there a way to aggregate all of those CAPs into a particular VLAN together instead of doing one at a time? I know that there is something in the datapath (adding them to a bridge) but IT DOESN'T WORK unless I manually add cap by cap into whatever VLAN.

Any help is appreciate it!
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11437
Joined: Thu Mar 03, 2016 10:23 pm

Re: Can I create a bridge to configure multiple CAP interfaces?

Tue Jun 07, 2022 9:00 am

bridge-related setup on CAPsMAN has two different meanings, depending on local-forwarding setting: if it's enabled, then bridge refers to bridge on CAP client (which needs to be properly configured beforehand to make it work), if local-forwarding is disabled, then bridge refers to bridge on CAPsMAN.

By default it will try to use the default bridge named bridge ... if you decided to make your setup complex, then ... well, you'll have to get intimate with capsman in its whole complexity :wink:
 
tuxtlequino
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 68
Joined: Tue Feb 16, 2016 12:46 am

Re: Can I create a bridge to configure multiple CAP interfaces?

Tue Jun 07, 2022 7:48 pm

@Mkx

Thank you for the response. Yes, I figured that maybe using the term "bridge" would be confusing.

I found out this is something other people have been having problems with before. viewtopic.php?f=7&t=119494&sid=95dcbca3 ... 45#p779264 and they even started a feature request to fix this. But do you happen to know a solution to this?

Like @ashpri mentioned,
If I have 200 CAPs, I have to add all 200 CAP Interfaces manually to the bridge? This doesn't seem like the normal Mikrotik way. I must be missing something.
It feels like there must be a better way. Or maybe it was a bug or something. Anyway. Let me know if you have a solution :)
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11437
Joined: Thu Mar 03, 2016 10:23 pm

Re: Can I create a bridge to configure multiple CAP interfaces?

Wed Jun 08, 2022 8:53 am

CAPsMAN provisioned radios automatically add wireless (cap) interface to configured bridge (either on CAPsMAN or CAP, depending on configuration) and manually adding it actually causes problem. What does seem to be an issue (with some users at least) is that bridge itself has to be fully configured beforehand. If VLANs are used for wireless interface, then those VLANs have to be configured on appropriate bridge manually, CAPsMAN only takes care of provisioning wireless interface, nothing else.

So yes, if you want to have some additional setup for cap interface (such as setting up IP subnet or some such), then CAPsMAN can't do it.

So back to your original question: what exactly bothers you? Explain it in plain English so we can figure out if it is possible to achieve what you want and if yes, how.
 
tuxtlequino
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 68
Joined: Tue Feb 16, 2016 12:46 am

Re: Can I create a bridge to configure multiple CAP interfaces?

Wed Jun 08, 2022 7:02 pm

@mkx

Thank you for taking the time to respond and try to help. This is a problem that is related to data paths and RADIUS. I know that it is a pain when someone sends you somewhere to read a series of posts when, but believe me that in this case, reading the posts will give you a better idea. I am completely new to CAPsMAN and maybe that is why is hard to explain what is the problem. Someone tried to explain it there this way.
The Capsman automatically creates the necessary VLAN membership in the bridge based on the configured VLAN ID in the Capsman data path. If a different VLAN ID is given via access list or radius, this does not work because the tagged VLAN membership is missing.
This can be tested by manually setting the appropriate memberships, then it works.
Since the caps interfaces are dynamic (changing IDs?), this configuration is lost after a reboot or reprovisioning.
If Capsman is not operated in forwarding mode but in local mode, you can supply the physical WLAN interfaces in the caps with the appropriate VLANs and this configuration remains in place.

I think Mikrotik Support should be able to confirm this and consider it a feature request.
The Capsman Datapath configuration should actually allow multiple VLANs, one as default and the rest to ensure dynamic VLAN assignment on the bridges.
At the moment, an SSID with several VLANs only works in local mode after the VLAN memberships have been set manually.
But here is my attempt to describe the problem.

Let's say that I have a bridge name "br-VLANs" with all of my VLANs and that it is working correctly any other way. Now, this is my data path in CAPsMAN
/caps-man datapath
add bridge=br-VLANs name="Dynamic VLANs" vlan-mode=use-tag

To set up the VLAN ingress of an interface, this is what we do when they are untagged,
/interface bridge port

# EXAMPLE VLAN50
add bridge=br-VLANs interface=ether1 pvid=50
# EXAMPLE VLAN40
add bridge=br-VLANs interface=ether2 pvid=50

And this is the way that we add the ingress on tagged interfaces,
add bridge=br-VLANs interface=sfp1

Finally, we need to finish by setting up the egress behavior,
/interface bridge vlan
add bridge=br-VLANs comment="Sample VLAN" tagged=sfp1 vlan-ids=40
add bridge=br-VLANs comment="Sample VLAN" tagged=sfp1 vlan-ids=50
We don't have to add the untagged interfaces above, because recent ROS6-7 does that automatically inferring that info from the ingress setup.

Now, going back to CAPsMAN,
/caps-man datapath
add bridge=br-VLANs name="Dynamic VLANs" vlan-mode=use-tag
When setting up dynamic VLAN assignment using CAPsMAN, that configuration is not enough. Well, kind off because the ingress behavior is "added automatically" by ROS6-7, but the egress setup is not automatically done WHEN TAGGED.

So, in order to setup dynamic VLANs on CAPsMAN, this needs to be done,
/interface bridge vlan
add bridge=br-VLANs comment="Sample VLAN" tagged=sfp1,cap-1,cap-2,etc... vlan-ids=40
add bridge=br-VLANs comment="Sample VLAN" tagged=sfp1,cap-1,cap-2,etc... vlan-ids=50

And that is where the problems start. Because if one of your CAP routers go down, they are removed from the configuration above and you need to re-add them. Also, if you happen to have a lot of CAPs, this means that you need to add each CAP to every possible VLAN you would like to get a dynamic id.

My question was. Is there a way to aggregate the CAP interfaces so that one just has to keep those lists up to date without having to check and see if you CAP is still in the right place or do that a hundred times (supposing that you have 10 VLANs and 20 CAPs)

Something that in my mind looks like,
/interface bridge vlan
add bridge=br-VLANs comment="Sample VLAN" tagged=sfp1,aggregate1 vlan-ids=40
add bridge=br-VLANs comment="Sample VLAN" tagged=sfp1,aggregate1,aggregate2 vlan-ids=50
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11437
Joined: Thu Mar 03, 2016 10:23 pm

Re: Can I create a bridge to configure multiple CAP interfaces?

Wed Jun 08, 2022 9:52 pm

Right, RADIUS wasn't in my mental picture of your problem before your last post. And I don't have any experience with RADIUS. But I guess ROS doesn't support what you want to do (but I may be wrong).
 
tuxtlequino
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 68
Joined: Tue Feb 16, 2016 12:46 am

Re: Can I create a bridge to configure multiple CAP interfaces?

Wed Jun 08, 2022 10:05 pm

@mkx

Thank you for trying to help. Hopefully someone comes up with something.

It sounded like common sense to me to use the existing "lists" inside the interfaces to configure such a thing. Then you just have to add your CAPs into a certain list and use those "lists" to configure. But sadly, it is not possible. I did notice that "bridges" can be use to tag interfaces in the `\interface\bridge\vlan` configuration. That is why I originally used the word "bridges"...

Anyway. Thank you again for your help and response.

Who is online

Users browsing this forum: lmeira, petardo and 28 guests