I tried doing some searches, have tried a dozen different settings and I must be missing something. My setup is this, I have Internet coming into a hEX RB750Gr3 which has been working wonderfully. I have 3 VLANs configured on the hEX, VLANs 1, 10, 1003. VLAN 1003 is mapped for guest WiFi as my existing AirPort Extremes use that VLAN ID, and that works fine on them so it seems that VLAN tags within the hEX are OK.
terms:
router = hEX = RB750Gr3
access point or AP = RBwAPG-5HacT2HnD-US
The hEX VLAN configuration is pretty basic:
Code: Select all
/interface ethernet switch vlan
add independent-learning=yes ports=ether2-master,ether3,ether4,ether5,switch1-cpu switch=switch1 vlan-id=10
add independent-learning=yes ports=ether2-master,ether3,ether4,ether5,switch1-cpu switch=switch1 vlan-id=1003
add independent-learning=no ports=ether2-master,ether3,ether4,ether5,switch1-cpu switch=switch1 vlan-id=1I then have a TL-SG108PE PoE switch connected to one of the ports of the hEX and have 2 Mikrotik wAP ac (RBwAPG-5HacT2HnD-US) connected to that. The RBwAPG-5HacT2HnD-US are configured for both wlan to be managed by the CAPsMAN and register to it by IP. I can create wireless network configurations and provision them to the access points all day, but none of the clients actually get connectivity.
I am running the default "blank" configuration on the RBwAPG-5HacT2HnD-US:
Code: Select all
/interface bridge
add admin-mac=6C:3B:6B:76:E5:74 auto-mac=no name=bridgeLocal
/interface wireless
# managed by CAPsMAN
set [ find default-name=wlan1 ] ssid=MikroTik
# managed by CAPsMAN
set [ find default-name=wlan2 ] ssid=MikroTik
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/interface wireless cap
#
set bridge=bridgeLocal caps-man-addresses=192.168.1.1 discovery-interfaces=ether1 enabled=yes interfaces=wlan1,wlan2
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether1
/system clock
set time-zone-name=America/Los_Angeles
/system identity
set name=UpstairsAP
/tool sniffer
set filter-interface=all only-headers=yes
Code: Select all
/caps-man datapath
add arp=enabled bridge=bridgeLocal local-forwarding=yes mtu=1500 name=guest-lan vlan-id=1003 vlan-mode=use-tag
/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm name=default
/caps-man configuration
add channel=1 channel.band=2ghz-b/g/n channel.extension-channel=disabled channel.width=20 country="united states3" datapath=guest-lan mode=ap name="Guest 2.4 WLAN" security=default ssid=guest24
add channel.band=5ghz-a/n/ac country="united states3" datapath=guest-lan mode=ap name="Guest 5 WLAN" security=default ssid=guest5
/caps-man manager
set ca-certificate=auto certificate=auto enabled=yes
/caps-man provisioning
add action=create-dynamic-enabled hw-supported-modes=ac master-configuration="Guest 5 WLAN" name-format=prefix name-prefix=5G-
add action=create-dynamic-enabled hw-supported-modes=gn master-configuration="Guest 2.4 WLAN" name-format=prefix name-prefix=2.4G-It is apparent that there is some step I am missing on getting the bridging/local forwarding on the WAP access points to work correctly. I have tried creating VLAN interfaces on the access points that correspond to the VLAN IDs and adding them to the default bridgeLocal with no change. I do see the MAC for those VLAN interfaces propagate the network within the expected VLANs, so the plumbing all seems to work outside of the WAP.
I am sure this is just some stupid obvious thing and I will learn from my mistakes and help educate others. When I look at the "guides" for CAPsMAN they all reference creating a bridge but none of them actually go into details of the bridge configuration that I have seen.