Ty anav, I'm moving forward and I would like to keep you updated so as to improve or correct any errors.
Next step will be configure CAPsMAN on the CSR112 and setup ssid with separate VID
Some other questions/improvements:
- For CAPsMAN manager i'd like to use an internal management, how to do it? Dhcp client of the APs need to be different?
- Using the ISP ROUTER subnet from a port of an access port of a remote AP, the ingress of that port need a PVID set?
- For blocking inter-VLAN routing is better to use vlan filtering or firewall?
Thank you!
CSR112
/interface bridge
add admin-mac=48:A9:8A:73:8F:B5 auto-mac=no name=bridge
/interface vlan
add interface=bridge name=vlan10 vlan-id=10
add interface=bridge name=vlan11 vlan-id=11
add interface=bridge name=vlan12 vlan-id=12
/ip pool
add name=dhcp_pool0 ranges=192.168.11.2-192.168.11.254
add name=dhcp_pool1 ranges=192.168.12.2-192.168.12.254
/ip dhcp-server
add address-pool=dhcp_pool0 interface=vlan11 name=dhcp1
add address-pool=dhcp_pool1 interface=vlan12 name=dhcp2
/interface bridge port
add bridge=bridge interface=ether1
add bridge=bridge interface=ether2
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4
add bridge=bridge interface=ether5
add bridge=bridge interface=ether6
add bridge=bridge interface=ether7
add bridge=bridge interface=ether8 pvid=10
/interface bridge vlan
add bridge=bridge tagged=ether1,ether2,ether3,ether4,ether5,ether6,ether7 vlan-ids=10
add bridge=bridge tagged=ether1,ether2,ether3,ether4,ether5,ether6,ether7 vlan-ids=11
add bridge=bridge tagged=ether1,ether2,ether3,ether4,ether5,ether6,ether7 vlan-ids=12
/ip address
add address=192.168.11.1/24 interface=vlan11 network=192.168.11.0
add address=192.168.12.1/24 interface=vlan12 network=192.168.12.0
/ip dhcp-server network
add address=192.168.11.0/24 dns-server=192.168.11.1 gateway=192.168.11.1
add address=192.168.12.0/24 dns-server=192.168.12.1 gateway=192.168.12.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,1.1.1.1
cAP XL AC
/interface bridge
add name=bridge1
/interface bridge port
add bridge=bridge1 ingress-filtering=no interface=ether1
add bridge=bridge1 ingress-filtering=no interface=ether2
add bridge=bridge1 interface=wlan1
add bridge=bridge1 interface=wlan2
/interface bridge vlan
add bridge=bridge1 tagged=ether1,ether2,wlan1,wlan2 vlan-ids=11
add bridge=bridge1 tagged=ether1,ether2,wlan1,wlan2 vlan-ids=12
add bridge=bridge1 tagged=ether1,ether2 vlan-ids=10
/ip dhcp-client
add interface=bridge1
hAP AC2
/interface bridge
add ingress-filtering=no name=bridge1 vlan-filtering=yes
/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4 pvid=11
add bridge=bridge1 interface=ether5 pvid=12
add bridge=bridge1 interface=wlan1
add bridge=bridge1 interface=wlan2
/interface bridge vlan
add bridge=bridge1 tagged=ether1 untagged=ether4 vlan-ids=11
add bridge=bridge1 tagged=ether1 untagged=ether5 vlan-ids=12
add bridge=bridge1 tagged=ether1 untagged=ether3 vlan-ids=10
/ip dhcp-client
add interface=bridge1