Community discussions

MikroTik App
 
Dezmond1976
just joined
Topic Author
Posts: 5
Joined: Tue Nov 19, 2019 10:14 am

Help Caps-man with VLAN

Fri May 05, 2023 1:12 pm

Hello,
I am trying to setup a small test network:
1) Main router as internet gateway and caps manager with trunk port (ether5) connected to AVAYA switch
2) On the switch the ports witch is connected to main router and Cap is configured as trunk ports (allowed vlan 10,20,99, default vlan 100)
3) PC on access port on switch (vlan 99)

My goal whas that the Caps obtain ip from Mgmt vlan 99, to have two SSID on separate vlans with local forwarding enabled.
I succeeded.
I can access from pc to Caps but in Neighbors dosent showing.

Here are the configs
Main router
# may/09/2023 10:38:18 by RouterOS 6.49.6
# software id = HF70-HDHZ
#
# model = 750

/interface bridge
add name=SOS
add admin-mac=00:0C:42:56:08:00 auto-mac=no name=bridge pvid=1 vlan-filtering=yes

/interface vlan
add interface=bridge name=VLAN10 vlan-id=10
add interface=bridge name=VLAN20 vlan-id=20
add interface=bridge name=VLAN99 vlan-id=99

/interface bridge port
add bridge=bridge frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=ether5 pvid=1
add bridge=SOS hw=no interface=ether2

/interface bridge vlan
add bridge=bridge tagged=bridge,ether5 vlan-ids=10
add bridge=bridge tagged=bridge,ether5 vlan-ids=20
add bridge=bridge tagged=bridge,ether5 vlan-ids=99

/caps-man datapath
add client-to-client-forwarding=yes local-forwarding=yes name=test10 vlan-id=10 vlan-mode=use-tag
add client-to-client-forwarding=yes local-forwarding=yes name=test20 vlan-id=20 vlan-mode=use-tag

/caps-man security
add authentication-types=wpa-psk,wpa2-psk encryption=aes-ccm,tkip name=Test passphrase=xxxxxxx

/caps-man configuration
add country=serbia datapath=test10 mode=ap name=Test10 security=Test ssid=Test10
add country=serbia datapath=test20 mode=ap name=Test20 security=Test ssid=Test20

/caps-man interface
add configuration=Test10 disabled=no l2mtu=1600 mac-address=C4:AD:34:45:BF:A9 master-interface=none name=MikroTik-1 radio-mac=C4:AD:34:45:BF:A9 radio-name=C4AD3445BFA9
add configuration=Test20 disabled=no l2mtu=1600 mac-address=C6:AD:34:45:BF:A9 master-interface=MikroTik-1 name=MikroTik-1-1 radio-mac=00:00:00:00:00:00 radio-name=C6AD3445BFA9

/caps-man manager
set ca-certificate=auto certificate=auto enabled=yes

/caps-man provisioning
add action=create-enabled master-configuration=Test10 name-format=identity slave-configurations=Test20


/ip neighbor discovery-settings
set discover-interface-list=LAN

/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN

/interface list member
add interface=ether1 list=WAN
add interface=bridge list=LAN
add interface=ether2 list=LAN
add interface=VLAN10 list=LAN
add interface=VLAN20 list=LAN
add interface=VLAN99 list=LAN

/ip address
add address=192.168.1.1/24 interface=ether2 network=192.168.1.0
add address=192.168.10.1/24 comment=Office interface=VLAN10 network=192.168.10.0
add address=192.168.20.1/24 comment=Guest interface=VLAN20 network=192.168.20.0
add address=192.168.99.1/24 comment=Mgmt interface=VLAN99 network=192.168.99.0

/ip dhcp-server
add address-pool=SOS_pool disabled=no interface=SOS lease-time=1d name=SOS_dhcp
add add-arp=yes address-pool=Office_pool disabled=no interface=VLAN10 lease-time=1d name=Office_DHCP
add add-arp=yes address-pool=Guest_pool disabled=no interface=VLAN20 lease-time=1d name=Guest_DHCP
add add-arp=yes address-pool=Mgmt_pool disabled=no interface=VLAN99 lease-time=1d name=Mgmt_DHCP

/ip pool
add name=SOS_pool ranges=192.168.1.2-192.168.1.254
add name=Office_pool ranges=192.168.10.2-192.168.10.254
add name=Guest_pool ranges=192.168.20.2-192.168.20.254
add name=Mgmt_pool ranges=192.168.99.2-192.168.99.254

/ip dhcp-client
add comment=defconf disabled=no interface=ether1

/ip dhcp-server config
set store-leases-disk=1d

/ip dhcp-server lease
add address=192.168.1.254 client-id=1:f0:de:f1:d3:7b:da mac-address=F0:DE:F1:D3:7B:DA server=SOS_dhcp

/ip dhcp-server network
add address=192.168.1.0/24 dns-server=192.168.1.1 gateway=192.168.1.1
add address=192.168.10.0/24 dns-server=192.168.10.1 gateway=192.168.10.1
add address=192.168.20.0/24 dns-server=192.168.20.1 gateway=192.168.20.1
add address=192.168.99.0/24 dns-server=192.168.99.1 gateway=192.168.99.1

/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4

/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked log-prefix=1
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input src-address=192.168.1.254
add action=accept chain=input src-address=192.168.99.249
add action=accept chain=input src-address=192.168.0.120
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=WAN log-prefix="not from lan"
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked log-prefix=10
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid log-prefix="drop invalid"
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN

/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN

/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
Caps
# may/09/2023 10:37:02 by RouterOS 6.48.4
# software id = 7IUM-VYL3
#
# model = RBMetalG-52SHPacn

/interface bridge
add admin-mac=C4:AD:34:45:BF:A8 auto-mac=no name=bridgeLocal pvid=99 vlan-filtering=yes

/interface wireless
# managed by CAPsMAN
# channel: 5180/20-Ceee/ac/P(23dBm), SSID: Test10, local forwarding
# managed by CAPsMAN
# SSID: Test20, local forwarding

/interface bridge port
add bridge=bridgeLocal frame-types=admit-only-vlan-tagged pvid=1 ingress-filtering=yes interface=ether1

/interface bridge vlan
add bridge=bridgeLocal tagged=ether1 vlan-ids=99
add bridge=bridgeLocal tagged=ether1 vlan-ids=10
add bridge=bridgeLocal tagged=ether1 vlan-ids=20

/interface wireless cap
set bridge=bridgeLocal discovery-interfaces=bridgeLocal enabled=yes interfaces=wlan1

/ip dhcp-client
add disabled=no interface=bridgeLocal

Who is online

Users browsing this forum: ansky, spookymulder84 and 26 guests