First you have to configure VLANs properly on bridge. After that configure capsman datapath with vlan-id=XY vlan-mode=use-tag, you'll need one datapath per SSID. In /capsman configuration then merge SSID with corresponding datapath.
The remaining thing is to match /capsman manager interface setting on capsman with /interface wireless cap discovery-interfaces on CAP devices (they have to use VLAN interfaces belonging to same VID).
For some reason I didn't get the email notification that you replied to my question. Must have went to spam. Sorry about that!
Will definitely try your suggestions. In the meantime decided to try baby steps and have a "lab" setup with an old RB951G-2HnD from work since I really ticked off the family by constantly breaking the internet
I'm tryign to make sure I have the fundamentals correct before I tackle Capsman and am having a basic problem with wlans as access ports. It was discussed here
viewtopic.php?t=143620 as to whether wlan interfaces should be set using:
1.) "vlan-mode=use-tag", "vlan-id=something" or
2.) It should be handled by the bridge by setting "ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged".
The consensus is that number 2 is correct but it doesn't work for me, only method 1 does. The symptom is that no dhcp address is obtained. Here are the pertinent sections exported:
/interface bridge
add name=vlan_bridge protocol-mode=none
/interface bridge vlan
add bridge=vlan_bridge tagged=vlan_bridge vlan-ids=10
add bridge=vlan_bridge tagged=vlan_bridge vlan-ids=20
/interface wireless
set [ find default-name=wlan1 ] antenna-gain=5 arp=reply-only band=2ghz-g/n \
country="united states" default-forwarding=no disabled=no distance=\
indoors frequency=2462 mode=ap-bridge ssid=EE_Dept station-roaming=\
enabled wireless-protocol=802.11 wps-mode=disabled
add disabled=no keepalive-frames=disabled mac-address=CE:2D:E0:5E:CF:A5 \
master-interface=wlan1 multicast-buffering=disabled name=wlan2 ssid=\
EE_Guest wds-cost-range=0 wds-default-cost=0 wps-mode=disabled
/interface vlan
add comment=Trusted interface=vlan_bridge name=VLAN10 vlan-id=10
add comment=Guest interface=vlan_bridge name=VLAN20 vlan-id=20
/ip address
add address=172.16.1.99/16 interface=ether1 network=172.16.0.0
add address=10.40.10.1/24 comment=Trusted interface=VLAN10 network=10.40.10.0
add address=10.40.20.1/24 comment=Guest interface=VLAN20 network=10.40.20.0
/ip pool
add name=pool_vlan10 ranges=10.40.10.2-10.40.10.254
add name=pool_vlan20 ranges=10.40.20.2-10.40.20.254
/ip dhcp-server
add address-pool=pool_vlan10 disabled=no interface=VLAN10 name=dhcp_vlan10
add address-pool=pool_vlan20 disabled=no interface=VLAN20 name=dhcp_vlan20
/ip dhcp-server network
add address=10.40.10.0/24 gateway=10.40.10.1
add address=10.40.20.0/24 gateway=10.40.20.1
/interface bridge port
add bridge=vlan_bridge comment=defconf frame-types=\
admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=\
ether2 pvid=10
add bridge=vlan_bridge comment=defconf frame-types=\
admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=\
ether3 pvid=10
add bridge=vlan_bridge comment=defconf frame-types=\
admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=\
ether4 pvid=20
add bridge=vlan_bridge frame-types=admit-only-untagged-and-priority-tagged \
ingress-filtering=yes interface=wlan1 pvid=10
add bridge=vlan_bridge frame-types=admit-only-untagged-and-priority-tagged \
ingress-filtering=yes interface=wlan2 pvid=20