Hello all,
I'm experiencing an issue when I set my AP to work on a VLAN AND using CAPsMAN.
Without CAPsMAN no issue at all, as I can configure all parameters for the VLAN on AP.
It does not seem so when using CAPsMAN, even though I have tried to play with vlan sets on datapath from the CAPsMAN router.
Basically I have VLAN10 from router to switch and to AP and VLAN99 which I use as management.
CAPsMAN is able to see and set the AP using VLAN99.
Clients can register to AP, but they say no internet.
In CAPsMAN datapath settings I have VLAN mode=no tag and VLAN id=10.
I can see on the associated wlan interface the setting for admit all, no ingress filter being selected; I can't change it, as CAPsMAN controls that.
However when I disable CAPsMAN on that AP, I set the wlan interface as part of the bridge with Ingress filter ON and VLAN10 admit only untagged and prio tagged traffic, WiFi clients get internet, as expected.
Is there a way to manage the same through CAPsMAN ???
Thanks in advance for any help.
Armando
Re: No internet from AP on VLAN when using CAPsMAN
Export config and we can see but I had a simular issue when I started using CapsMAN.
I use local forwarding so the AP do not tunnel the traffic to the router.
What solved my issue was that I had forgotten to add the Bridge in CAP config on the AP. Once I added the bridge in the config on the ap it all started to work.
I use local forwarding so the AP do not tunnel the traffic to the router.
What solved my issue was that I had forgotten to add the Bridge in CAP config on the AP. Once I added the bridge in the config on the ap it all started to work.
Re: No internet from AP on VLAN when using CAPsMAN
Thanks for the quick replay and it's encouraging that you had a similar issue, but then resolved.
Below is the current configuration, using CAPsMAN which does not allow clients to get internet (because in my opinion CAPsMAN is not setting wlan1 and wlan2 with proper VLAN info).
Do you see anything where I could add the VLAN10 setting for wlan1 and wlan2 using CAPsMAN ?
In the CAPsMAN router I have enabled a Datapath set which has VLAN Mode=no tag and VLAN ID=10, so that those wlan should have had such untagged vlan10.
But it does not work, even though the interfaces are managed by CAPsMAN.
However when setting wlan1 and wlan2 manually, and assigned untagged and vlan id10, then clients get access to internet as those wlans act as untagged ports.
Below is the current configuration, using CAPsMAN which does not allow clients to get internet (because in my opinion CAPsMAN is not setting wlan1 and wlan2 with proper VLAN info).
Code: Select all
# jan/09/2021 08:36:13 by RouterOS 6.46.8
# software id = 9R4M-XPCB
#
# model = RBD52G-5HacD2HnD
# serial number = D7160CB42EC8
/interface bridge
add admin-mac=48:8F:5A:C4:20:69 auto-mac=no comment=defconf name=bridge \
protocol-mode=none vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] l2mtu=1592
set [ find default-name=ether2 ] l2mtu=1592
set [ find default-name=ether3 ] l2mtu=1592
set [ find default-name=ether4 ] l2mtu=1592
set [ find default-name=ether5 ] l2mtu=1592 name=ether5-mgmt
/interface vlan
add comment="VLAN99 - mgmt" interface=bridge name=mgmt-VLAN vlan-id=99
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk eap-methods="" mode=dynamic-keys name=\
CRLNetWPA2_5G supplicant-identity=""
add authentication-types=wpa2-psk eap-methods="" mode=dynamic-keys name=\
CRLNetWPA2_2G supplicant-identity=""
/interface wireless
# managed by CAPsMAN
# channel: 2472/20/gn(-3dBm), SSID: CRLNet.072.2G, local forwarding
# managed by CAPsMAN
# channel: 5745/20-Ceee/ac(4dBm), SSID: CRLNet.072, local forwarding
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add comment=mgmt-lan name=mgmt-lan ranges=192.168.88.2-192.168.88.239
/ip dhcp-server
add address-pool=mgmt-lan disabled=no interface=ether5-mgmt name=mgmt-dhcp
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
sword,web,sniff,sensitive,api,romon,dude,tikapp"
/interface bridge port
add bridge=bridge comment=defconf frame-types=\
admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=\
ether2 pvid=10
add bridge=bridge comment=defconf frame-types=\
admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=\
ether3 pvid=10
add bridge=bridge comment=defconf frame-types=\
admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=\
ether4 pvid=10
add bridge=bridge frame-types=admit-only-vlan-tagged ingress-filtering=yes \
interface=ether1
/ip neighbor discovery-settings
set discover-interface-list=all
/interface bridge vlan
add bridge=bridge comment=Mgmt tagged=bridge,ether1 vlan-ids=99
add bridge=bridge tagged=ether1 untagged=wlan1,wlan2 vlan-ids=10
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/interface wireless cap
#
set bridge=bridge discovery-interfaces=mgmt-VLAN enabled=yes interfaces=\
wlan2,wlan1
/ip address
add address=192.168.88.1/24 comment="Mgmt subnet" interface=ether5-mgmt \
network=192.168.88.0
add address=192.168.99.251/24 comment="Mgmt VLAN99 subnet" interface=\
mgmt-VLAN network=192.168.99.0
/ip dhcp-server network
add address=192.168.88.0/24 comment="Management network" dns-server=\
208.67.222.222 domain=mgmt.lan gateway=192.168.88.1 netmask=24
/ip dns
set servers=10.5.5.5
/ip dns static
add address=192.168.10.251 comment=defconf name=rb7ap.router.lan
/ip route
add distance=1 gateway=192.168.99.240
/ip service
set telnet disabled=yes
set ftp disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/system clock
set time-zone-name=Europe/Rome
/system identity
set name=rb7ap
/system ntp client
set enabled=yes primary-ntp=193.204.114.233 secondary-ntp=37.247.53.178 \
server-dns-names=10.5.5.5
/system package update
set channel=long-term
/system watchdog
set watchdog-timer=no
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool romon
set enabled=yes
In the CAPsMAN router I have enabled a Datapath set which has VLAN Mode=no tag and VLAN ID=10, so that those wlan should have had such untagged vlan10.
But it does not work, even though the interfaces are managed by CAPsMAN.
However when setting wlan1 and wlan2 manually, and assigned untagged and vlan id10, then clients get access to internet as those wlans act as untagged ports.
Re: No internet from AP on VLAN when using CAPsMAN [SOLVED]
Actually it looks like I fixed the issue.
I have changed in CAPsMAN router the data path to VLAN Mode=use tag instead of no tag.
Then in APs I have seen that the wlan interfaces got VLAN id10 and all admit.
At this point I removed those wlan from VLAN10 from untagged to tagged and now clients can get internet access.
I have most likely mis-understood the meaning of that not tag in CAPsMAN setup.
I have changed in CAPsMAN router the data path to VLAN Mode=use tag instead of no tag.
Then in APs I have seen that the wlan interfaces got VLAN id10 and all admit.
At this point I removed those wlan from VLAN10 from untagged to tagged and now clients can get internet access.
I have most likely mis-understood the meaning of that not tag in CAPsMAN setup.