I will like to setup Audience AP device, but wanted to know if we manage this with CAPsMAN also or not.
I know CAPsMAN is for managing multiple CAP AP devices, but is audience AP considered a CAP?

So i have setup a VLAN to put the audience AP device on from CCR router, i created a bridge to setup management address on management VLAN to access the audience device. I have VLAN that devices connected to audience device will communicate on.

Is that proper setup? will i use CAPsMAN to manage audience device as well? I see Mesh in winbox, do i need to setup mesh?
All questions i have
I would have been able to test things but GNS3 does not have a way to setup audience device to test with. No way to add wifi interfaces to test with.
If anyone know how i can test audience device in GNS3, please let me know and i can figure the setup out myself

Nope, you do NOT need to use Capsman. As you have noted its typically for larger deployments of access points so that managing several is easier.
However, I consider capsman an advanced configuration process and should not be attempted by newer users UNTIL they can handle a straightforward access point and vlan configuraiton.
Think of it as a second configuration on top of the normal configuration and thus adds complexity and some CPU overhead, that in your case is not necessary.

In terms of setting up the Access Point there is an excellent vlan tutorial
here see Item C. - viewtopic.php?t=182373

In general, if using vlans, its cleaner to use ALL vlans and just have the bridge be a bridge (not doing any dhcp etc.).
So in short
- one bridge
-define all subnets via vlans with interface bridge
-all vlans get ip pool, ip address, dhcp-server, dhcp-server-network
-config /interface bridge ports (which are access ports and which are trunk ports)
-config /interface bridge vlans that should match up with the port settings etc.

Note: one should have a management subnet, and all smart devices, such as managed switched or smart Access Points, will get their IP address from this subnet, which clearly needs to get trunked to the managed device ( trunk ports between smart devices to carry all necessary vlans). In the home scenario, most simply use the TRUSTED subnet as the managment subnet as that is where the home admin usually resides and is thus convenient.

The default uses CAPsMAN, but it's CAPsMAN manager is itself. It does to make "meshing" automatic. But since it has "local-forwarding" enabled, no CAPsMAN "tunnels" are created. e.g. Wi-Fi interface remain on the local bridge, even though CAPsMAN is enable (again "local-fowarding=yes" is default). So Mikrotik is just using CAPsMAN to findand provision a new Audience units on the default bridge.

All the VLAN+bridging stuff is the same, while you could disable CAPsMAN... But you could use it to your advantage here. Wi-Fi interfaces support a "use tag" and set VLAN ID, so you can change these in the Audience's local CAPsMAN "configurations" and it will apply it to, well, itself. The one benefit of CAPsMAN more generally is that part you can automate and control at least that in GNS3 – so then it could provision Wi-Fi to a test device in a consistent way. The trick is the data path has to be "local-forwarding=yes" otherwise it will create tunnels to the manager.

Alternatively, the Audience supports WifiWave2, which does not use CAPsMAN. And a lot simpler, and likely at some point going to be the default package for the Audience I'd imagine.

In general, if using vlans, its cleaner to use ALL vlans and just have the bridge be a bridge (not doing any dhcp etc.).
So in short
- one bridge
-define all subnets via vlans with interface bridge
-all vlans get ip pool, ip address, dhcp-server, dhcp-server-network
-config /interface bridge ports (which are access ports and which are trunk ports)
-config /interface bridge vlans that should match up with the port settings etc.

So if i have multiple VLANs on the audience AP, how will devices connect wireless to different VLANs?
how can i have multiple VLANs on audience device


for example i can have VLAN5 192.168.5.0/24 and VLAN6 192.168.6.0/24
and i want certain devices to connect to wifi on VLAN5 and others on wifi on VLAN6

that is part i will like to know

I am able to create the VLANs from the CCR router with no problem, just the way it devices will connect to different VLANs on the audience AP is what i need guidance on

edit duplicate, LOL

By reading the link!!! I posted above.
viewtopic.php?t=143620

The link from the CCR will be a TRUNK Port to the Audience.
The only vlan you need to identify on the audience itself for vlans is the
management or trusted subnet.

The rest of your question is easy
by /interface bridge ports and /interface bridge vlans

See the example here.
viewtopic.php?t=182276
EXAMPLE (ANY RoS) DEVICE SETUP and read the notes!

(vlans not assigned in wifi settings, but associated to WLANs via bridge port and bridge lan interface settings).

(vlans not assigned in wifi settings, but associated to WLANs via bridge port and bridge lan interface settings).

Totally. If VLAN part is the confusing part, that's very true. The OP in fact already has a VLAN, so in theory CAPsMAN "use tag" method be a shortcut... But this is pretty subtle — kinda need to under VLAN & RouterOS FIRST, before getting to understanding the "use tag" in CAPsMAN vs Bridge>Port+Bridge>VLAN part.

e.g. CAPsMAN on the Audience is the default config, fiddling with the "use tag" there is kinda handy since the Audience's mesh will still work if you do it this way. Thus, you to keep the Audience's "mesh" abilities, even if you applied the "VLAN your network" for @avnu's link above, WITHOUT having to reconfigure anything for the 2nd Audience since CAPsMAN will manage it's own tag.

The rest of your question is easy
by /interface bridge ports and /interface bridge vlans

I know how to setup VLANs on switches already and all that, issue here is audience device does not have ports i can use as access ports, devices will connect via wireless, that is the issue am having.
Also no way to set this up in GNS3, which would have been great as i can test things

So are you saying follow same setup as if audience is a switch? so what ports will i use for wireless connections? when there are no ports?

The rest of your question is easy
by /interface bridge ports and /interface bridge vlans

I know how to setup VLANs on switches already and all that, issue here is audience device does not have ports i can use as access ports, devices will connect via wireless, that is the issue am having.
Also no way to set this up in GNS3, which would have been great as i can test things

So are you saying follow same setup as if audience is a switch? so what ports will i use for wireless connections? when there are no ports?

Yup, sound like you want it to be a switch (i.e. a bridge). If you're used to setting VLANs using /interface/ethernet/switch, that won't work for Wi-Fi as you point out. But for Audience and Wi-Fi, you'd have to use the "Bridge VLAN Table" method, Mikrotik docs me it here: https://help.mikrotik.com/docs/display/ ... VLAN+Table. - This is actually want @anav was referring to above, specifically the "VLAN Access Point" case: viewtopic.php?t=143620#p706999

In your case, essentially, you'd want ether1, ether2, wlan1, wlan2, wlan3 all as a bridge ports, using "vlan-filtering=yes" on the bridge interface, assigning the PVID/tagging on ports, and finally associating the bridge port with your existing VLAN IDs. You'd want a DHCP client the untagged bridged (or a VLAN interface added to Audience for management), basically the Audience will need some IP address, but in theory your CCR is doing the routing so the Audience doesn't firewalls etc. "Bridge VLAN Tagging" would let you set the Wi-Fi to specific VLAN ID. The Wi-Fi mode as AP or station, depends on your need. The key is Bridge>VLAN is where the mapping happens.

Now if you want a NEW subnet on the Audience, then you'd need VLAN interface, firewalls, etc... But if your CCR is managing the VLANs, the Audience is just a switch, or "bridge".

In your case, essentially, you'd want ether1, ether2, wlan1, wlan2, wlan3 all as a bridge ports, using "vlan-filtering=yes" on the bridge interface, assigning the PVID/tagging on ports, and finally associating the bridge port with your existing VLAN IDs. You'd want a DHCP client the untagged bridged (or a VLAN interface added to Audience for management), basically the Audience will need some IP address, but in theory your CCR is doing the routing so the Audience doesn't firewalls etc. "Bridge VLAN Tagging" would let you set the Wi-Fi to specific VLAN ID. The Wi-Fi mode as AP or station, depends on your need. The key is Bridge>VLAN is where the mapping happens.

In my GNS3 setup
Yes i already have the audience(switch in GNS3) on an IP in management VLAN, so i can reach audience by IP
So yeah what i was thinking also is i will create a bridge with

ether1, ether2, wlan1, wlan2, wlan3 all as a bridge ports,

Yes CCR will be the one setting things up really
Yeah i will be setting things up physically, now that i have some steps to follow

Wanted to be sure i know what to try before going physical
Anyone know when GNS3 will support Ap/wifi setups?

Wanted to be sure i know what to try before going physical
Anyone know when GNS3 will support Ap/wifi setups?

#Asked&Answered
viewtopic.php?p=879461&hilit=gns3+wireless#p879461

You need at least one physical port on the audience from the router, This is a trunk port carrying all the vlans.

IF there are no more etherports you still have WLAN PORTS!!!

THus your bridge ports will be all WLANS except for ether1 carrying all the vlans to the audience

/interface bridge ports
add bridge=bridge interface=ether1 (trunk port)
add bridge=bridge interface=WLAN1 pvid=20 (access port)
add bridge=bridge interface=WLAN2 pvid=30 (access port)
add bridge=bridge interface=vWLAN3 pvid=40 (access port)
add bridge=bridge interface=vWLAN4 pvid=50 (access port)

( v is for virtual )

/interface bridge vlans
add bridge=bridge tagged=bridge,ether1 untagged=WLAN1 vlan-ids=20
add bridge=bridge tagged=ether1 untagged=WLAN2 vlan-ids=30
add bridge=bridge tagged=ether1 untagged=vWLAN3 vlan-ids=40
add bridge=bridge tagged=ether1 untagged=vWLAN4 vlan-ids=50

Assuming vlan20 is the 'trusted subnet, this is the only vlan that needs to be identified on the audience
/interface vlan
add interface=bridge name=vlanhome20 vlan-id=20
Also you will note its the only vlan that is also tagged to the bridge as the rest are simply connected to ether1 (switch connectivity)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Lets say you had a separate management vlan10 (no traffic other than for admin to config device)

Only vlan required for identification
/interface vlan
add interface=bridge name=vlanmanage-10 vlan-id=10

/interface bridge ports (same as above)

/interface bridge vlans
add bridge=bridge tagged=bridge,ether1 vlan-ids=10
add bridge=bridge tagged=ether1 untagged=WLAN1 vlan-ids=20
add bridge=bridge tagged=ether1 untagged=WLAN2 vlan-ids=30
add bridge=bridge tagged=ether1 untagged=vWLAN3 vlan-ids=40
add bridge=bridge tagged=ether1 untagged=vWLAN4 vlan-ids=50