M entire setup is vlan based and was working on l009, but i must done something wrong on CRS305
In short, I've:
- copied CAPsMAN configuration from L009 to CRS305
- added local-forward mode to home, guest and iot datapaths on CRS305
- spitted bridge/vlan configuratin per vlan (as it was trowing error when it was in bulk) on client
At this stage, caps is connecting to capsman and broadcasting proper networks, but I can't connect to wireless network as there is no DHCP broadcast there.
Connection is roughly like so: L009UIGS config:
/interface/bridge/export
Code: Select all
/interface bridge
add name=bridge-local vlan-filtering=yes
/interface bridge port
add bridge=bridge-local interface=ether3-962UiGS
add bridge=bridge-local interface=ether5-ipmi
add bridge=bridge-local interface=ether7-RB951G-2HnD
add bridge=bridge-local interface=ether8-260GS
add bridge=bridge-local interface=ether2-CRS305
add bridge=bridge-local interface=ether6-xen-eno1
add bridge=bridge-local interface=ether4-cAPGi-5acD2nD
/interface bridge settings
set use-ip-firewall-for-vlan=yes
/interface bridge vlan
add bridge=bridge-local tagged=bridge-local,ether2-CRS305,ether3-962UiGS,ether4-cAPGi-5acD2nD,ether5-ipmi,ether6-xen-eno1,ether7-RB951G-2HnD,ether8-260GS vlan-ids=16,32,48,64
Code: Select all
Flags: D - DYNAMIC
Columns: BRIDGE, VLAN-IDS, CURRENT-TAGGED, CURRENT-UNTAGGED
# BRIDGE VLAN-IDS CURRENT-TAGGED CURRENT-UNTAGGED
0 bridge-local 16 bridge-local
32 ether5-ipmi
48 ether8-260GS
64 ether6-xen-eno1
ether2-CRS305
ether3-962UiGS
ether7-RB951G-2HnD
ether4-cAPGi-5acD2nD
1 D bridge-local 1 bridge-local
ether5-ipmi
ether8-260GS
ether6-xen-eno1
ether2-CRS305
ether3-962UiGS
ether7-RB951G-2HnD
ether4-cAPGi-5acD2nD
2 D bridge-local 32 2G_ax-L009UiGS-2HaxD-IN2
/interface/bridge/export
Code: Select all
/interface bridge
add name=bridge-local vlan-filtering=yes
/interface bridge port
add bridge=bridge-local ingress-filtering=no interface=sfp-sfpplus1-desktop internal-path-cost=10 path-cost=10 pvid=64
add bridge=bridge-local ingress-filtering=no interface=sfp-sfpplus2-xen internal-path-cost=10 path-cost=10 pvid=64
add bridge=bridge-local interface=ether1-uplink
/interface bridge vlan
add bridge=bridge-local tagged=ether1-uplink,bridge-local untagged=sfp-sfpplus1-desktop,sfp-sfpplus2-xen vlan-ids=16,32,48,64
Code: Select all
/caps-man channel
add band=5ghz-a/n/ac extension-channel=eCee name=5Ghz skip-dfs-channels=yes
add band=2ghz-g/n extension-channel=Ce name=2.4Ghz skip-dfs-channels=yes
/caps-man datapath
add bridge=bridge-local local-forwarding=yes name=datapath-guest vlan-id=48 vlan-mode=use-tag
add bridge=bridge-local local-forwarding=yes name=datapath-iot vlan-id=32 vlan-mode=use-tag
add bridge=bridge-local local-forwarding=yes name=datapath-home vlan-id=64 vlan-mode=use-tag
/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm name=guest
add authentication-types=wpa2-psk encryption=aes-ccm name=home
add authentication-types=wpa2-psk encryption=aes-ccm name=iot
/caps-man configuration
add channel=2.4Ghz country=poland installation=indoor multicast-helper=disabled name=szatan-aktywator security=iot ssid=Pfizer_mRNA_CHIPEY3014
add channel=2.4Ghz country=poland datapath=datapath-home distance=indoors hw-protection-mode=none hw-retries=10 installation=indoor keepalive-frames=enabled load-balancing-group="" multicast-helper=disabled name=home-2.4Ghz security=home ssid=urbinek_cAP-old
add channel=5Ghz country=poland datapath=datapath-guest disconnect-timeout=5s distance=indoors hw-retries=10 installation=indoor keepalive-frames=enabled multicast-helper=disabled name=guest-5Ghz security=guest ssid=urbinek_guest-old
add channel=5Ghz channel.skip-dfs-channels=yes country=poland datapath=datapath-home disconnect-timeout=5s distance=indoors hw-retries=10 installation=indoor keepalive-frames=enabled load-balancing-group="" multicast-helper=disabled name=home-5Ghz security=home ssid=urbinek_cAP-old
add channel=2.4Ghz country=poland datapath=datapath-guest disconnect-timeout=5s distance=indoors hw-retries=10 installation=indoor keepalive-frames=enabled multicast-helper=disabled name=guest-2.4Ghz security=guest ssid=urbinek_guest-old
add channel=2.4Ghz country=poland datapath=datapath-iot disconnect-timeout=5s distance=indoors hw-retries=10 installation=indoor keepalive-frames=enabled multicast-helper=disabled name= iot-2.4Ghz security=iot ssid=urbinek_iot-old
add channel=5Ghz country=poland datapath=datapath-iot disconnect-timeout=5s distance=indoors hw-retries=10 installation=indoor keepalive-frames=enabled multicast-helper=disabled name=iot-5Ghz security=iot ssid=urbinek_iot-old
/caps-man manager
set ca-certificate=auto certificate=auto enabled=yes upgrade-policy=suggest-same-version
/caps-man provisioning
add action=create-dynamic-enabled hw-supported-modes=gn master-configuration=home-2.4Ghz name-format=prefix-identity name-prefix=2.4Ghz slave-configurations=iot-2.4Ghz,guest-2.4Ghz
add action=create-dynamic-enabled hw-supported-modes=an,ac master-configuration=home-5Ghz name-format=prefix-identity name-prefix=5Ghz slave-configurations=guest-5Ghz,iot-5Ghz
Code: Select all
Flags: M - MASTER; D - DYNAMIC; B - BOUND
Columns: NAME, RADIO-MAC, MASTER-INTERFACE
# NAME RADIO-MAC MASTER-INTERFACE
0 MDB 2.4Ghz-urbinek_RB951G-1 E4:8D:8C:CC:F2:E3 none
1 DB 2.4Ghz-urbinek_RB951G-1-1 00:00:00:00:00:00 2.4Ghz-urbinek_RB951G-1
2 DB 2.4Ghz-urbinek_RB951G-1-2 00:00:00:00:00:00 2.4Ghz-urbinek_RB951G-1
3 MDB 2.4Ghz-urbinek_RB962UiGS-1 CC:2D:E0:C5:1C:7B none
4 DB 2.4Ghz-urbinek_RB962UiGS-1-1 00:00:00:00:00:00 2.4Ghz-urbinek_RB962UiGS-1
5 DB 2.4Ghz-urbinek_RB962UiGS-1-2 00:00:00:00:00:00 2.4Ghz-urbinek_RB962UiGS-1
6 MDB 5Ghz-urbinek_RB962UiGS-1 CC:2D:E0:C5:1C:7A none
7 DB 5Ghz-urbinek_RB962UiGS-1-1 00:00:00:00:00:00 5Ghz-urbinek_RB962UiGS-1
8 DB 5Ghz-urbinek_RB962UiGS-1-2 00:00:00:00:00:00 5Ghz-urbinek_RB962UiGS-1
/interface/bridge/export
Code: Select all
/interface bridge
add name=bridge-local vlan-filtering=yes
/interface bridge port
add bridge=bridge-local ingress-filtering=no interface=ether1-uplink internal-path-cost=10 path-cost=10
add bridge=bridge-local ingress-filtering=no interface=ether2-desktop internal-path-cost=10 path-cost=10 pvid=64
add bridge=bridge-local interface=ether3 pvid=64
/interface bridge vlan
add bridge=bridge-local tagged=ether1-uplink,bridge-local vlan-ids=16
add bridge=bridge-local tagged=bridge-local untagged=ether2-desktop,ether3 vlan-ids=64
add bridge=bridge-local tagged=bridge-local,ether1-uplink vlan-ids=48
add bridge=bridge-local tagged=bridge-local,ether1-uplink vlan-ids=32
Code: Select all
Flags: D - DYNAMIC
Columns: BRIDGE, VLAN-IDS, CURRENT-TAGGED, CURRENT-UNTAGGED
# BRIDGE VLAN-IDS CURRENT-TAGGED CURRENT-UNTAGGED
0 bridge-local 16 bridge-local
ether1-uplink
1 bridge-local 64 bridge-local ether3
wlan2
wlan1
2 bridge-local 48 bridge-local
ether1-uplink
wlan59
wlan62
3 bridge-local 32 bridge-local
ether1-uplink
wlan60
wlan61
4 D bridge-local 1 bridge-local
ether1-uplink
Code: Select all
# managed by CAPsMAN
# channel: 2412/20-Ce/gn(17dBm), SSID: urbinek_cAP-old, local forwarding
set [ find default-name=wlan1 ] disabled=no ssid=MikroTik
# managed by CAPsMAN
# channel: 5200/20-eCee/ac/P(21dBm), SSID: urbinek_cAP-old, local forwarding
set [ find default-name=wlan2 ] disabled=no ssid=MikroTik
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface wireless cap
set bridge=bridge-local certificate=request discovery-interfaces=ether1-uplink enabled=yes interfaces=wlan1,wlan2
Code: Select all
Flags: X - disabled; R - running
0 R ;;; managed by CAPsMAN
;;; channel: 2412/20-Ce/gn(17dBm), SSID: urbinek_cAP-old, local forwarding
name="wlan1" mtu=1500 l2mtu=1600 mac-address=CC:2D:E0:C5:1C:7B arp=enabled interface-type=Atheros AR9300 mode=station
ssid="MikroTik" frequency=2412 band=2ghz-b/g channel-width=20mhz secondary-frequency="" scan-list=default wireless-protocol=any
vlan-mode=no-tag vlan-id=1 wds-mode=disabled wds-default-bridge=none wds-ignore-ssid=no bridge-mode=enabled
default-authentication=yes default-forwarding=yes default-ap-tx-limit=0 default-client-tx-limit=0 hide-ssid=no
security-profile=default compression=no
1 R ;;; managed by CAPsMAN
;;; channel: 5200/20-eCee/ac/P(21dBm), SSID: urbinek_cAP-old, local forwarding
name="wlan2" mtu=1500 l2mtu=1600 mac-address=CC:2D:E0:C5:1C:7A arp=enabled interface-type=Atheros AR9888 mode=station
ssid="MikroTik" frequency=5180 band=5ghz-a channel-width=20mhz secondary-frequency="" scan-list=default wireless-protocol=any
vlan-mode=no-tag vlan-id=1 wds-mode=disabled wds-default-bridge=none wds-ignore-ssid=no bridge-mode=enabled
default-authentication=yes default-forwarding=yes default-ap-tx-limit=0 default-client-tx-limit=0 hide-ssid=no
security-profile=default compression=no
2 R ;;; managed by CAPsMAN
;;; SSID: urbinek_guest-old, local forwarding
name="wlan59" mtu=1500 l2mtu=1600 mac-address=CE:2D:E0:C5:1C:7A arp=enabled interface-type=virtual master-interface=wlan2
3 R ;;; managed by CAPsMAN
;;; SSID: urbinek_iot-old, local forwarding
name="wlan60" mtu=1500 l2mtu=1600 mac-address=CE:2D:E0:C5:1C:7D arp=enabled interface-type=virtual master-interface=wlan2
4 R ;;; managed by CAPsMAN
;;; SSID: urbinek_iot-old, local forwarding
name="wlan61" mtu=1500 l2mtu=1600 mac-address=CE:2D:E0:C5:1C:7B arp=enabled interface-type=virtual master-interface=wlan1
5 R ;;; managed by CAPsMAN
;;; SSID: urbinek_guest-old, local forwarding
name="wlan62" mtu=1500 l2mtu=1600 mac-address=CE:2D:E0:C5:1C:7C arp=enabled interface-type=virtual master-interface=wlan1