I want to connect the cAP's to VLAN's so I can separate the traffic, among 2 VLANs, I am using a small mAP as a test cap, and I thought I had it correct, but the cap never shows up in remote cap in capsman. I can see it in neighbors, but it never shows up as a cap.
If anyone has any tips on what I have wrong here, would be a huge help. It seems the example in the docs shows untagged ports going to the AP's from a switch, so I even tried it plugged into a trunk port on the router. I tried it with untagged and tagged. Going to dig again to see if I can find my notes, I know I am missing a step, just not sure which just yet. I think the cap needs to have pvid set on the bridge, but I didn't see that in the docs.
Here are the configs for reference:
Router config
Code: Select all
# sep/30/2022 21:00:06 by RouterOS 7.4
# software id = GJYP-PF1L
#
# model = RB5009UG+S+
# serial number = xxxxx
/interface bridge
add name=bridge protocol-mode=none vlan-filtering=yes
/interface vlan
add comment=Users interface=bridge name=VLAN10 vlan-id=10
add comment=CCTV interface=bridge name=VLAN20 vlan-id=20
add comment=Guest interface=bridge name=VLAN30 vlan-id=30
add comment=SRV interface=bridge name=VLAN40 vlan-id=40
add comment=MGMT interface=bridge name=VLAN99 vlan-id=99
/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm name=security1
/interface list
add comment=DJ name=WAN
add comment=DJ name=LAN
add comment=DJ name=VLAN
add comment=DJ name=MGMT
/caps-man datapath
add interface-list=all local-forwarding=yes name=datapath1 vlan-id=20 vlan-mode=use-tag
/caps-man configuration
add country="united states" datapath=datapath1 datapath.local-forwarding=yes .vlan-id=20 .vlan-mode=use-tag distance=\
indoors installation=indoor mode=ap name=cfg1 security.authentication-types=wpa-psk,wpa2-psk .encryption=aes-ccm \
ssid=Mikrotik-2
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool1 ranges=192.168.120.2-192.168.120.254
add comment=MGMT name=VLAN99_POOL ranges=192.168.0.10-192.168.0.240
add comment=Users name=VLAN10_POOL ranges=192.168.1.15-192.168.1.220
add comment=CCTV name=VLAN20_POOL ranges=192.168.2.10-192.168.2.240
add comment=Guest name=VLAN30_POOL ranges=192.168.3.10-192.168.3.240
add name=vpn-pool ranges=192.168.5.10-192.168.5.25
/ip dhcp-server
add address-pool=dhcp_pool1 interface=ether8 name=dhcp1
add address-pool=VLAN10_POOL interface=VLAN10 name=VLAN10_DHCP
add address-pool=VLAN20_POOL interface=VLAN20 name=VLAN20_DHCP
add address-pool=VLAN30_POOL interface=VLAN30 name=VLAN30_DHCP
add address-pool=VLAN99_POOL interface=VLAN99 name=VLAN99_DHCP
add address-pool=vpn-pool disabled=yes interface=bridge name=vpn-DHCP
/caps-man manager
set enabled=yes
/caps-man manager interface
set [ find default=yes ] forbid=yes
add disabled=no interface=ether4
/caps-man provisioning
add action=create-dynamic-enabled master-configuration=cfg1
/interface bridge port
add bridge=bridge comment=Trunk frame-types=admit-only-vlan-tagged interface=sfp-sfpplus1
add bridge=bridge comment=Trunk frame-types=admit-only-vlan-tagged interface=ether5
add bridge=bridge comment=Trunk frame-types=admit-only-vlan-tagged interface=ether6
add bridge=bridge comment=Trunk frame-types=admit-only-vlan-tagged interface=ether7
add bridge=bridge comment=Access frame-types=admit-only-untagged-and-priority-tagged interface=ether2 pvid=10
add bridge=bridge comment=Access frame-types=admit-only-untagged-and-priority-tagged interface=ether3 pvid=10
add bridge=bridge comment=Access frame-types=admit-only-untagged-and-priority-tagged interface=ether4 pvid=20
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface bridge vlan
add bridge=bridge tagged=bridge,sfp-sfpplus1,ether5,ether6,ether7 vlan-ids=30,40,99
add bridge=bridge tagged=bridge,sfp-sfpplus1,ether5,ether6,ether7 untagged=ether2,ether3 vlan-ids=10
add bridge=bridge tagged=bridge,sfp-sfpplus1,ether5,ether6,ether7 untagged=ether4 vlan-ids=20
CAP config
Code: Select all
# model = RBmAP2nD
# serial number = DE500E06D2E7
/interface bridge
add admin-mac=2C:C8:1B:ED:D3:FA auto-mac=no comment=defconf name=bridgeLocal \
vlan-filtering=yes
/interface wireless
# managed by CAPsMAN
set [ find default-name=wlan1 ] ssid=MikroTik
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/interface bridge port
add bridge=bridgeLocal comment=defconf interface=ether1
/interface wireless cap
#
set bridge=bridgeLocal discovery-interfaces=ether1 enabled=yes interfaces=wlan1
/ip dhcp-client
add comment=defconf disabled=no interface=bridgeLocal
/system clock
set time-zone-name=America/New_York