CAPsMAN with VLAN no DHCP
Posted: Mon Sep 21, 2015 12:08 pm
I have been looking at this for a couple of days and unfortunately I can't find what I am doing wrong, hopefully someone here can point me in the right direction.
I am trying a simple setup, a CRS125-24G-1S as CAPsMAN and a RB2011 as CAP. The test I am running is for two ssid's, a public ssid (ssid-10, vlan 10) and a management ssid (ssid-99, vlan 99). The crs125 has a vlan trunk on port ether2 which is connected to the trunk port ether1 on the rb2011. On the crs125 I have 2 bridges for each vlan and each bridge has a dhcp-server running on it.
What is working:
- The rb2011 receives a management ip address on it's vlan-99 interface.
- The rb2011 is automatically provisioned with CAPsMAN and both ssid's are visible to clients
- When I create access ports on the rb2011 for vlan-10 or vlan-99, I am assigned an ip address from the correct dhcp server
- Wireless clients are able to connect & authenticate to the ssid's
What is not working:
- As said, wireless clients are able to connect & authenticate to the ssid's but when connected they are unable to receive an ip address from the dhcp server. The strange thing is, under dhcp server -> leases I see that an ip address is offered to the clients but that offer never reaches the clients. In the logs I get the message 'dhcp-99 offered lease 192.168.88.253 for [wireless client mac] without success'.
When I configure a manual ip address for the wireless client, I am still unable to reach the network. In the interface list on the rb2011 I will then see Rx traffic on bridge-local but never Tx.
Probably this is something minor but I have been looking at this for days and really dont know anymore. I have tried al kind of bridge/vlan combinations but I am unable to get this working.
Does one of you know what I am missing in my configuration? Many thanks!
Please find my configurations below:
crs125 config (capsman):
rb2011 config (cap):
The clients is offered an ip address, but never responds:
I am trying a simple setup, a CRS125-24G-1S as CAPsMAN and a RB2011 as CAP. The test I am running is for two ssid's, a public ssid (ssid-10, vlan 10) and a management ssid (ssid-99, vlan 99). The crs125 has a vlan trunk on port ether2 which is connected to the trunk port ether1 on the rb2011. On the crs125 I have 2 bridges for each vlan and each bridge has a dhcp-server running on it.
What is working:
- The rb2011 receives a management ip address on it's vlan-99 interface.
- The rb2011 is automatically provisioned with CAPsMAN and both ssid's are visible to clients
- When I create access ports on the rb2011 for vlan-10 or vlan-99, I am assigned an ip address from the correct dhcp server
- Wireless clients are able to connect & authenticate to the ssid's
What is not working:
- As said, wireless clients are able to connect & authenticate to the ssid's but when connected they are unable to receive an ip address from the dhcp server. The strange thing is, under dhcp server -> leases I see that an ip address is offered to the clients but that offer never reaches the clients. In the logs I get the message 'dhcp-99 offered lease 192.168.88.253 for [wireless client mac] without success'.
When I configure a manual ip address for the wireless client, I am still unable to reach the network. In the interface list on the rb2011 I will then see Rx traffic on bridge-local but never Tx.
Probably this is something minor but I have been looking at this for days and really dont know anymore. I have tried al kind of bridge/vlan combinations but I am unable to get this working.
Does one of you know what I am missing in my configuration? Many thanks! Please find my configurations below:
crs125 config (capsman):
Code: Select all
/caps-man channel
add band=2ghz-b/g/n frequency=2442 name=chan2 width=20
/interface bridge
add name=bridge-10 protocol-mode=none
add name=bridge-99
add mtu=1500 name=bridge-local protocol-mode=none
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce distance=indoors mode=ap-bridge ssid=MikroTik
/interface ethernet
set [ find default-name=ether1 ] name=ether1-master-local
set [ find default-name=ether2 ] master-port=ether1-master-local name=ether2-slave-local
set [ find default-name=ether3 ] master-port=ether1-master-local name=ether3-slave-local
set [ find default-name=ether4 ] master-port=ether1-master-local name=ether4-slave-local
set [ find default-name=ether5 ] master-port=ether1-master-local name=ether5-slave-local
set [ find default-name=ether6 ] master-port=ether1-master-local name=ether6-slave-local
set [ find default-name=ether7 ] master-port=ether1-master-local name=ether7-slave-local
set [ find default-name=ether8 ] master-port=ether1-master-local name=ether8-slave-local
set [ find default-name=ether9 ] master-port=ether1-master-local name=ether9-slave-local
set [ find default-name=ether10 ] master-port=ether1-master-local name=ether10-slave-local
set [ find default-name=ether11 ] master-port=ether1-master-local name=ether11-slave-local
set [ find default-name=ether12 ] master-port=ether1-master-local name=ether12-slave-local
set [ find default-name=ether13 ] master-port=ether1-master-local name=ether13-slave-local
set [ find default-name=ether14 ] master-port=ether1-master-local name=ether14-slave-local
set [ find default-name=ether15 ] master-port=ether1-master-local name=ether15-slave-local
set [ find default-name=ether16 ] master-port=ether1-master-local name=ether16-slave-local
set [ find default-name=ether17 ] master-port=ether1-master-local name=ether17-slave-local
set [ find default-name=ether18 ] master-port=ether1-master-local name=ether18-slave-local
set [ find default-name=ether19 ] master-port=ether1-master-local name=ether19-slave-local
set [ find default-name=ether20 ] master-port=ether1-master-local name=ether20-slave-local
set [ find default-name=ether21 ] master-port=ether1-master-local name=ether21-slave-local
set [ find default-name=ether22 ] master-port=ether1-master-local name=ether22-slave-local
set [ find default-name=ether23 ] master-port=ether1-master-local name=ether23-slave-local
set [ find default-name=ether24 ] master-port=ether1-master-local name=ether24-slave-local
set [ find default-name=sfp1 ] disabled=yes name=sfp1-gateway
/interface vlan
add interface=ether1-master-local l2mtu=1584 name=vlan-10 vlan-id=10
add interface=ether1-master-local l2mtu=1584 name=vlan-99 vlan-id=99
/caps-man datapath
add bridge=bridge-10 local-forwarding=yes name=path-10 vlan-id=10 vlan-mode=use-tag
add bridge=bridge-99 local-forwarding=yes name=path-99 vlan-id=99 vlan-mode=use-tag
/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm name=sec passphrase=test1234
/caps-man configuration
add datapath=path-10 mode=ap name=cfg-10 security=sec ssid=ssid10
add datapath=path-99 mode=ap name=cfg-99 security=sec ssid=ssid99
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
add name=pool-10 ranges=192.168.100.10-192.168.100.20
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge-99 lease-time=3d name=dhcp-99
add address-pool=pool-10 authoritative=yes disabled=no interface=bridge-10 name=dhcp-10
/caps-man manager
set ca-certificate=auto certificate=auto enabled=yes upgrade-policy=require-same-version
/caps-man provisioning
add action=create-dynamic-enabled master-configuration=cfg-99 name-prefix=capp slave-configurations=cfg-10
/interface bridge port
add bridge=bridge-99 interface=vlan-99
add bridge=bridge-local interface=wlan1
add bridge=bridge-10 interface=vlan-10
add bridge=bridge-local interface=ether1-master-local
/interface ethernet switch egress-vlan-tag
add tagged-ports=ether1-master-local,ether2-slave-local,ether3-slave-local,switch1-cpu vlan-id=10
add tagged-ports=ether1-master-local,ether2-slave-local,ether3-slave-local,switch1-cpu vlan-id=99
/interface ethernet switch ingress-vlan-translation
add customer-vid=0 new-customer-vid=99 ports=ether23-slave-local sa-learning=yes
/interface ethernet switch vlan
add ports=ether1-master-local,ether2-slave-local,ether3-slave-local,switch1-cpu vlan-id=10
add ports=ether1-master-local,ether2-slave-local,ether3-slave-local,ether23-slave-local,switch1-cpu vlan-id=99
/interface wireless cap
set bridge=bridge-local discovery-interfaces=ether1-master-local interfaces=wlan1
/ip address
add address=192.168.88.1/24 comment="default configuration" interface=bridge-99 network=192.168.88.0
add address=192.168.100.1/24 interface=bridge-10 network=192.168.100.0
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid interface=ether1-master-local
add default-route-distance=0 dhcp-options=hostname,clientid disabled=no interface=ether24-slave-local
/ip dhcp-server network
add address=192.168.88.0/24 comment="default configuration" dns-server=192.168.88.1 gateway=192.168.88.1
add address=192.168.100.0/24 dns-server=192.168.100.1 gateway=192.168.100.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router
Code: Select all
/interface bridge
add name=bridge-local
/interface wireless
# managed by CAPsMAN
# channel: 2422/20-Ce/gn(30dBm), SSID: ssid10, local forwarding
set [ find default-name=wlan1 ] band=2ghz-b disabled=no ssid=MikroTik
/interface vlan
add interface=ether1 l2mtu=1594 name=vlan-10 vlan-id=10
add interface=ether1 l2mtu=1594 name=vlan-99 vlan-id=99
/interface ethernet switch port
set 1 vlan-header=add-if-missing vlan-mode=secure
set 11 vlan-mode=secure
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-128-cbc
/interface bridge port
add auto-isolate=yes bridge=bridge-local interface=ether1
/interface ethernet switch vlan
add independent-learning=no ports=ether1,switch1-cpu switch=switch1 vlan-id=\
10
add independent-learning=no ports=ether1,switch1-cpu switch=switch1 vlan-id=\
99
/interface wireless cap
set bridge=bridge-local discovery-interfaces=vlan-99 enabled=yes interfaces=\
wlan1
/ip dhcp-client
add default-route-distance=0 dhcp-options=hostname,clientid disabled=no \
interface=vlan-99