Hi All!
I need some help. Now I'm testing a new WiFi Package in RouterOS ver.7.13. I do not have ax device, but I manage a few instalations with cAP ac's and planing to replace them with cAPax. Everything work with CAPsMAN with VLAN's.
I'm testimng with one CCR1009 and one cAPac with new wifi-qcom-ac package.
Here's my configurations:
------------------------------------------------
CCR1009
---------------------------------------------------
# 2023-12-19 08:59:02 by RouterOS 7.13
# software id = KKBZ-8RBC
#
# model = CCR1009-7G-1C
# serial number = 84A1078D835A
/interface bridge
add name=LAN
/interface vlan
add interface=LAN name=1.V10_VLAN vlan-id=10
add interface=LAN name=2.V16_VLAN vlan-id=16
add interface=LAN name=4.Management_VLAN vlan-id=222
/interface wifi channel
add band=2ghz-n disabled=no frequency=2412,2437,2462 name=channel2GHz \
skip-dfs-channels=all width=20mhz
add band=5ghz-ac disabled=no frequency=5180,5220,5745,5785 name=channel5GHz \
skip-dfs-channels=all width=20/40mhz
/interface wifi datapath
add bridge=LAN client-isolation=no disabled=no interface-list=dynamic name=\
V10Datapath vlan-id=10
add bridge=LAN disabled=no name=V16Datapath vlan-id=16
/interface wifi security
add authentication-types=wpa2-psk,wpa3-psk disabled=no group-encryption=ccmp \
group-key-update=1h name=V10Sec
add authentication-types=wpa2-psk,wpa3-psk disabled=no group-encryption=ccmp \
group-key-update=1h name=V16Sec
/interface wifi configuration
add channel=channel2GHz country=Latvia datapath=V10Datapath disabled=no mode=\
ap name=V10_2GHz security=V10Sec ssid=WiFi6_10
add channel=channel5GHz country=Latvia datapath=V10Datapath disabled=no mode=\
ap name=V10_5GHz security=V10Sec ssid=WiFi6_10
add channel=channel2GHz country=Latvia datapath=V16Datapath disabled=no mode=\
ap name=V16_2GHz security=V10Sec ssid=WiFi6_16
add channel=channel5GHz country=Latvia datapath=V16Datapath disabled=no mode=\
ap name=V16_5GHz security=V10Sec ssid=WiFi6_16
/ip pool
add name=dhcp_pool0 ranges=10.10.10.101-10.10.10.200
add name=dhcp_pool1 ranges=10.10.16.2-10.10.23.254
add name=dhcp_pool3 ranges=10.10.223.201-10.10.223.250
add name=dhcp_pool4 ranges=192.168.23.2-192.168.23.254
/ip dhcp-server
add address-pool=dhcp_pool0 interface=1.V10_VLAN name=dhcp1
add address-pool=dhcp_pool1 interface=2.V16_VLAN name=dhcp2
add address-pool=dhcp_pool3 interface=4.Management_VLAN name=dhcp4
add address-pool=dhcp_pool4 interface=LAN name=dhcp5
/port
set 0 name=serial0
set 1 name=serial1
/interface bridge port
add bridge=LAN interface=ether1
add bridge=LAN interface=ether2
add bridge=LAN interface=ether3
/ip neighbor discovery-settings
set discover-interface-list=all
/interface wifi capsman
set enabled=yes interfaces=LAN package-path="" require-peer-certificate=no \
upgrade-policy=none
/interface wifi provisioning
add action=create-dynamic-enabled disabled=no master-configuration=V10_2GHz \
name-format=%I slave-configurations=V16_2GHz supported-bands=2ghz-g
add action=create-dynamic-enabled disabled=no master-configuration=V10_5GHz \
name-format=%I slave-configurations=V16_5GHz supported-bands=5ghz-ac
/ip address
add address=10.20.31.61/23 interface=combo1 network=10.20.30.0
add address=10.10.10.1/24 interface=1.V10_VLAN network=10.10.10.0
add address=10.10.16.1/21 interface=2.V16_VLAN network=10.10.16.0
add address=10.10.222.1/23 interface=4.Management_VLAN network=10.10.222.0
add address=192.168.23.1/24 interface=LAN network=192.168.23.0
/ip dhcp-server
add address-pool=*3 interface=*C name=dhcp3
/ip dhcp-server network
add address=10.10.10.0/24 gateway=10.10.10.1
add address=10.10.16.0/21 gateway=10.10.16.1
add address=10.10.30.0/24 gateway=10.10.30.1
add address=10.10.222.0/23 gateway=10.10.222.1
add address=192.168.23.0/24 gateway=192.168.23.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip firewall nat
add action=masquerade chain=srcnat out-interface=combo1
/ip route
add dst-address=0.0.0.0/0 gateway=10.20.30.1
/system clock
set time-zone-name=Europe/Sofia
/system identity
set name=CAPsMAN2
/system note
set show-at-login=no
/tool romon
set enabled=yes
--------------------
cAPac
------------------
# 2023-12-19 09:03:34 by RouterOS 7.13
# software id = 412Z-1PJ5
#
# model = RBcAPGi-5acD2nD
# serial number = 9E7209C0433F
/interface bridge
add admin-mac=B8:69:F4:A7:80:55 auto-mac=no comment=defconf name=bridgeLocal \
vlan-filtering=yes
/interface vlan
add disabled=yes interface=bridgeLocal name=vlan10 vlan-id=10
add disabled=yes interface=bridgeLocal name=vlan16 vlan-id=16
/interface wifi datapath
add bridge=bridgeLocal comment=defconf disabled=no name=capdp
/interface wifi configuration
add datapath=capdp disabled=no manager=capsman name=cfg1
/interface wifi
# managed by CAPsMAN
# mode: AP, SSID: WiFi6_10, channel: 2437/n
set [ find default-name=wifi1 ] configuration=cfg1 configuration.mode=ap \
disabled=no
# managed by CAPsMAN
# mode: AP, SSID: WiFi6_10, channel: 5180/ac/Ce
set [ find default-name=wifi2 ] configuration=cfg1 configuration.mode=ap \
disabled=no
/interface wifi security
add authentication-types=wpa2-psk,wpa3-psk disabled=no group-encryption=ccmp \
name=sec1
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/interface bridge port
add bridge=bridgeLocal comment=defconf interface=ether1
add bridge=bridgeLocal comment=defconf interface=ether2
/interface bridge vlan
add bridge=bridgeLocal tagged=ether1,bridgeLocal vlan-ids=10
/interface wifi cap
set discovery-interfaces=bridgeLocal enabled=yes
/ip dhcp-client
add comment=defconf interface=bridgeLocal
#error exporting "/ip/ssh" (timeout)
/system clock
set time-zone-name=Europe/Sofia
/system identity
set name=cAp_01_
/system note
set show-at-login=no
/tool romon
set enabled=yes
cAP's interfaces receives configuration and are dinamiclly added to localBridge of cAPac and start transmiting SSID, bur when I try to connect to WIFi there's no success (maybe information do not flow through VLAN)
I red :
vlan-id (none | integer 1..4095)
Default VLAN ID to assign to client devices connecting to this interface (only relevant to interfaces in AP mode).
When a client is assigned a VLAN ID, traffic coming from the client is automatically tagged with the ID and only packets tagged with with this ID are forwarded to the client.
Default: none
802.11ac chipsets do not support this type of VLAN tagging , but they can be configured as VLAN access ports in bridge settings.
but do not understand how to tag dinamicly created ports
I hope someone help with this complicated situation. Thank You