Community discussions

MikroTik App
  4. RouterOS
  5. General

Changing pvid via ACL -> Connect only if active network

Post Reply
 
RicSan
just joined
Topic Author
Posts: 8
Joined: Tue Jul 05, 2022 9:47 am

Changing pvid via ACL -> Connect only if active network

Thu Sep 05, 2024 10:20 am

Hi,
I'm facing an issue with no DHCP when using ACL to move wireless users to another VLAN.
Hardware is: Mikrotik CCR2004-16G-2S+ Router with 3 hAP ac^2

The DHCP IP is given just fine when in the normal preset vlan-id 151 (standard for this wifi-network).
But using the ACL and setting the pvid to 152 is only working in two cases:

A) You immediately reconnect to the same network within 3 seconds.
I noticed the interface "v222.21-A-1" and "caps_21A1_vid152" go inactive afterwards.
As long as they are active you can successfully connect and get an IP.

B) Someone is already in this network, making it active as well.


As I'm using a hybrid port to my understanding I tried to set the inferface "caps_21A1_vid152" to TAGGED in the bridge. Which didn't help.
After reading alot in the forums I also tried several combinations, but couldn't find an answer.


Hopefully you can clearify and help me to understand what the problem is.
Thanks.
Code: Select all

/interface vlan
add interface=Bridge_Master name=Bridge_Trunk_vlan151 vlan-id=151
add interface=Bridge_Master name=Bridge_Trunk_vlan152 vlan-id=152
add interface=Bridge_Master name=Bridge_Trunk_vlan222 vlan-id=222

/interface vlan
add interface=v222.21-A-1 name=caps_21A1_vid152 vlan-id=152


/interface bridge
add ingress-filtering=no name=Bridge_Master port-cost-mode=short priority=\
    0x1000 protocol-mode=mstp vlan-filtering=yes

/interface bridge port
add bridge=Bridge_Master interface=caps_21A1_vid152 internal-path-cost=10 \
    path-cost=10 pvid=152


/interface bridge vlan
    "Bond_e1+e2,Bridge_Master,e3_trunk,e15_trunk" vlan-ids=151
add bridge=Bridge_Master tagged=\
    "Bond_e1+e2,Bridge_Master,e3_trunk,e15_trunk" vlan-ids=152
add bridge=Bridge_Master tagged=\
    "Bond_e1+e2,Bridge_Master,e3_trunk,e15_trunk" vlan-ids=222
add bridge=Bridge_Master tagged=\	
	
/caps-man interface
add configuration="WiFi_2,4" disabled=no l2mtu=1600 \
    mac-address=xx master-interface=none name=v222.21-A-1 \
    radio-mac=xx radio-name=xx
/interface wifi datapath
add bridge=Bridge_Master disabled=no name="vlan151" vlan-id=151

/caps-man access-list
add action=accept allow-signal-out-of-range=10s comment=\
    "xx" disabled=no mac-address=\
    xx ssid-regexp="xx" vlan-id=152 vlan-mode=\
    use-tag

/interface wifi capsman
set ca-certificate=auto certificate=auto interfaces=Bridge_Trunk_vlan222 \
    package-path=/packages require-peer-certificate=no upgrade-policy=\
    suggest-same-version
I tried to include only the important parts.
Top
Post Reply
  4. RouterOS
  5. General