I started a new capsman with two types of access points - hap ax2 and cap ac. I use VLAN.
On Hap ax2, for some reason, tagged ports are dynamically created. When I transfer them to untagged, then wifi connects and disconnects constantly and does not work. It also does not work if I put bridge in datapath in the controller, although it is there in the configuration example.
On the contrary, untagged ports are dynamically created in CAP AC and only work like that.
Please help and tell me where I made a mistake in the settings
Controller:
Code: Select all
/interface bridge add igmp-snooping=yes name=bridge1 vlan-filtering=yes
/interface vlan add interface=bridge1 name=vlan_120_WiFi vlan-id=120
/interface vlan add interface=bridge1 loop-protect=on name=vlan_200_Auth vlan-id=200
/interface vlan add interface=bridge1 loop-protect=on name=vlan_210_System_WiFi vlan-id=210
/interface wifi channel add band=2ghz-ax disabled=no frequency=2412,2437,2462 name=ch-24GHz-AX width=20mhz
/interface wifi channel add band=5ghz-ax disabled=no frequency=5150-5350,5650-5850 name=ch-5GHz-AX skip-dfs-channels=all width=20mhz
/interface wifi channel add band=2ghz-n disabled=no frequency=2412,2437,2462 name=ch-24GHz-N width=20mhz
/interface wifi channel add band=5ghz-ac disabled=no frequency=5150-5350,5650-5850 name=ch-5GHz-AC skip-dfs-channels=all width=20mhz
/interface wifi channel add band=5ghz-ac disabled=no frequency=5180,5200,5220,5240 name=ch-5GHz-AC-best skip-dfs-channels=all width=20mhz
/interface wifi channel add band=5ghz-ax disabled=no frequency=5180,5200,5220,5240 name=ch-5GHz-AX-best skip-dfs-channels=all width=20mhz
/interface wifi datapath add disabled=no name=datapath-Staff-AC-N
/interface wifi datapath add client-isolation=yes disabled=no name=datapath-Guest-AC-N
/interface wifi datapath add bridge-horizon=10 client-isolation=yes disabled=no name=datapath-Guest-AX vlan-id=200
/interface wifi datapath add client-isolation=no disabled=no name=datapath-Staff-AX vlan-id=120
/interface wifi security add authentication-types=wpa2-psk disabled=no ft=yes ft-over-ds=yes group-key-update=40m name=sec-Staff passphrase=SuperPassword
/interface wifi security add disabled=no ft=yes ft-over-ds=yes name=sec-Guest
/interface wifi security add authentication-types=wpa2-psk disabled=no ft=yes ft-over-ds=yes group-key-update=40m name=sec-SB passphrase=SuperPassword2
/interface wifi configuration add channel=ch-5GHz-AX-best datapath=datapath-Staff-AX disabled=no hide-ssid=yes mode=ap name=cfg-5Ghz-Staff-AX qos-classifier=dscp-high-3-bits security=sec-Staff ssid=Staff
/interface wifi configuration add channel=ch-24GHz-AX datapath=datapath-Staff-AX disabled=no hide-ssid=yes mode=ap name=cfg-24Ghz-Staff-AX qos-classifier=dscp-high-3-bits security=sec-Staff ssid=Staff
/interface wifi configuration add channel=ch-5GHz-AC-best disabled=no hide-ssid=yes mode=ap name=cfg-5Ghz-Staff-AC qos-classifier=priority security=sec-Staff ssid=Staff
/interface wifi configuration add channel=ch-24GHz-N disabled=no hide-ssid=no mode=ap name=cfg-24Ghz-Guest-N security=sec-Guest ssid=Guest
/interface wifi configuration add channel=ch-5GHz-AC-best disabled=no hide-ssid=no mode=ap name=cfg-5Ghz-Guest-AC security=sec-Guest ssid=Guest
/interface wifi configuration add channel=ch-24GHz-N disabled=no hide-ssid=yes mode=ap name=cfg-24Ghz-Staff-N qos-classifier=priority security=sec-Staff ssid=Staff
/interface wifi configuration add channel=ch-5GHz-AX-best datapath=datapath-Guest-AX disabled=no hide-ssid=no mode=ap name=cfg-5Ghz-Guest-AX security=sec-Guest ssid=Guest
/interface wifi configuration add channel=ch-24GHz-AX datapath=datapath-Guest-AX disabled=no hide-ssid=no mode=ap name=cfg-24Ghz-Guest-AX security=sec-Guest ssid=Guest
/interface wifi configuration add channel=ch-24GHz-N disabled=no hide-ssid=no mode=ap name=cfg-24Ghz-SB-N qos-classifier=priority security=sec-SB ssid=SB
/interface wifi configuration add channel=ch-24GHz-AX datapath=datapath-Staff-AX disabled=no hide-ssid=no mode=ap name=cfg-24Ghz-SB-AX qos-classifier=dscp-high-3-bits security=sec-SB ssid=SB
/interface bridge vlan add bridge=bridge1 tagged=bridge1,ether13 vlan-ids=200
/interface bridge vlan add bridge=bridge1 tagged=bridge1,ether13 vlan-ids=120
/interface bridge vlan add bridge=bridge1 tagged=bridge1,ether13 vlan-ids=210
/interface wifi access-list add action=accept allow-signal-out-of-range=10s disabled=no signal-range=-83..120
/interface wifi access-list add action=reject allow-signal-out-of-range=10s disabled=no signal-range=-120..-84
/interface wifi capsman set enabled=yes interfaces=vlan_120_WiFi package-path=sata1-part1/dude/files require-peer-certificate=no upgrade-policy=none
/interface wifi provisioning add action=create-dynamic-enabled disabled=no master-configuration=cfg-5Ghz-Staff-AX name-format=5GhzAX_Staff_%I slave-configurations=cfg-24Ghz-Guest-AX slave-name-format=5GhzAX_Guest_%I supported-bands=5ghz-ax
/interface wifi provisioning add action=create-dynamic-enabled disabled=no master-configuration=cfg-24Ghz-Staff-AX name-format=24GhzAX_Staff_%I slave-configurations=cfg-24Ghz-Guest-AX,cfg-24Ghz-SB-AX slave-name-format=24GhzAX_Guest_%I supported-bands=2ghz-ax
/interface wifi provisioning add action=create-dynamic-enabled disabled=no master-configuration=cfg-24Ghz-Staff-N name-format=24GhzN_Staff_%I slave-configurations=cfg-24Ghz-Guest-N,cfg-24Ghz-SB-N slave-name-format=24GhzN_Guest_%I supported-bands=2ghz-n
/interface wifi provisioning add action=create-dynamic-enabled disabled=no master-configuration=cfg-5Ghz-Staff-AC name-format=5GhzAC_Staff_%I slave-configurations=cfg-5Ghz-Guest-AC slave-name-format=5GhzAC_Guest_%I supported-bands=5ghz-ac
/interface wifi provisioning add action=none disabled=yes
/ip dhcp-client add interface=vlan_120_WiFi
Code: Select all
/interface bridge add name=bridge1 vlan-filtering=yes
/interface vlan add interface=bridge1 name=vlan_120_WiFi vlan-id=120
/interface vlan add interface=bridge1 name=vlan_200_Auth vlan-id=200
/interface wifi datapath add bridge=bridge1 bridge-horizon=10 client-isolation=yes disabled=no name=data-cap-ax-guest vlan-id=200
/interface wifi datapath add bridge=bridge1 client-isolation=no disabled=no name=data-cap-ax-staff vlan-id=120
/interface wifi datapath add bridge=bridge1 disabled=no name=datapath1
/interface wifi
# managed by CAPsMAN
# mode: AP, SSID: Staff, channel: 5240/ax
set [ find default-name=wifi1 ] configuration.manager=capsman .mode=ap datapath=data-cap-ax-staff disabled=no
/interface wifi
# managed by CAPsMAN
# mode: AP, SSID: Staff, channel: 2437/ax
set [ find default-name=wifi2 ] configuration.manager=capsman .mode=ap datapath=data-cap-ax-staff disabled=no
/interface wifi
# managed by CAPsMAN
# mode: AP, SSID: Guest
add configuration.mode=ap datapath=data-cap-ax-guest disabled=no master-interface=wifi1 name=wifi3
/interface wifi
# managed by CAPsMAN
# mode: AP, SSID: Guest
add configuration.mode=ap datapath=data-cap-ax-guest disabled=no master-interface=wifi2 name=wifi4
/interface wifi
# managed by CAPsMAN
# mode: AP, SSID: SB
add configuration.mode=ap datapath=data-cap-ax-staff disabled=no master-interface=wifi2 name=wifi5
/interface bridge port add bridge=bridge1 interface=ether1
/interface bridge vlan add bridge=bridge1 comment=Wi-Fi tagged=bridge1,ether1 vlan-ids=120
/interface bridge vlan add bridge=bridge1 comment=Auth tagged=bridge1,ether1 vlan-ids=200
/interface wifi cap set caps-man-addresses=10.10.12.2 enabled=yes slaves-datapath=datapath1 slaves-static=yes
/ip dhcp-client add interface=vlan_120_WiFi
/system identity set name=hAP_AX
CAP AC (manual config) :
Code: Select all
/interface bridge add name=bridge1 vlan-filtering=yes
/interface vlan add interface=bridge1 name=vlan120_WiFi vlan-id=120
/interface vlan add interface=bridge1 name=vlan200_Auth vlan-id=200
/interface wifi datapath add bridge=bridge1 client-isolation=no disabled=no name=data-staff vlan-id=120
/interface wifi datapath add bridge=bridge1 bridge-horizon=10 client-isolation=yes disabled=no name=data-guest vlan-id=200
/interface wifi datapath add bridge=bridge1 disabled=no name=datapath1
/interface wifi
# managed by CAPsMAN
# mode: AP, SSID: Staff, channel: 2412/n
set [ find default-name=wifi1 ] configuration.manager=capsman .mode=ap datapath=data-staff disabled=no
/interface wifi
# managed by CAPsMAN
# mode: AP, SSID: Staff, channel: 5180/ac
set [ find default-name=wifi2 ] configuration.manager=capsman .mode=ap datapath=data-staff disabled=no
/interface wifi
# managed by CAPsMAN
# mode: AP, SSID: Guest
add configuration.mode=ap datapath=data-guest disabled=no master-interface=wifi2 name=wifi3
/interface wifi
# managed by CAPsMAN
# mode: AP, SSID: Guest
add configuration.mode=ap datapath=data-guest disabled=no master-interface=wifi1 name=wifi4
/interface wifi
# managed by CAPsMAN
# mode: AP, SSID: SB
add configuration.mode=ap datapath=data-staff disabled=no master-interface=wifi1 name=wifi5
/interface bridge port add bridge=bridge1 interface=ether1
/interface bridge port add bridge=bridge1 interface=ether2
/interface bridge port add bridge=bridge1 interface=wifi1 pvid=120
/interface bridge port add bridge=bridge1 interface=wifi2 pvid=120
/interface bridge port add bridge=bridge1 horizon=10 interface=wifi3 pvid=200
/interface bridge port add bridge=bridge1 horizon=10 interface=wifi4 pvid=200
/interface bridge port add bridge=bridge1 interface=wifi5 pvid=120
/interface bridge vlan add bridge=bridge1 tagged=bridge1,ether1 untagged=wifi1,wifi2,wifi5 vlan-ids=120
/interface bridge vlan add bridge=bridge1 tagged=bridge1,ether1 untagged=wifi3,wifi4 vlan-ids=200
/interface wifi cap set caps-man-addresses=10.10.12.2 enabled=yes slaves-datapath=datapath1 slaves-static=yes
/ip dhcp-client add interface=vlan120_WiFi