I am having difficulty getting this configuration to work. I currently have CAPsMAN setup and working to use a bridge as a datapath, though I would like to move to using Local Forwarding.
I have two SSIDs that I have VLANs for, a home network on VLAN 100 and a secondary network on VLAN 101. My APs (hAP AC and hAP AC Lite) will have ether1 configured as a trunk in the switch chip and a couple access ports each for VLAN 100 and 101. The APs and other network devices have IPs in the VLAN 100 network. All VLAN connectivity works through the configured switchports.
I enabled CAPsMAN on the AP, went into the CAPsMAN router to enable local forwarding, changed the VLAN mode to "use tag" and specified the VLAN ID. The AP picked up the config, though my wifi devices were not able to get any sort of network access after connecting to the SSIDs.
I was poking around at other posts on the forum and one poster had their VLAN interfaces on the bridge rather than the trunk port, but it didn't seem to make a difference either way. Neither did putting the wireless interfaces in the bridge. Is there something I'm missing?
Code: Select all
# jan/02/1970 01:10:01 by RouterOS 6.34.3
# software id = FXGL-NC1N
#
/interface bridge
add name=bridge-local
/interface ethernet
set [ find default-name=ether2 ] master-port=ether1
set [ find default-name=ether3 ] master-port=ether1
set [ find default-name=ether4 ] master-port=ether1
set [ find default-name=ether5 ] master-port=ether1
/interface wireless
# managed by CAPsMAN
# channel: 2412/20/gn(30dBm), SSID: XXXXXXXX, local forwarding
set [ find default-name=wlan1 ] disabled=no rx-chains=0 ssid=XXXXXXXX \
tx-chains=0
# managed by CAPsMAN
# channel: 5765/20-eC/ac(30dBm), SSID: XXXXXXXX, local forwarding
set [ find default-name=wlan2 ] disabled=no ssid=XXXXXXXX
/interface vlan
add interface=bridge-local name=vlan100 vlan-id=100
add interface=bridge-local name=vlan101 vlan-id=101
add interface=bridge-local name=vlan102 vlan-id=102
/interface ethernet switch port
set 0 vlan-header=add-if-missing vlan-mode=secure
set 1 default-vlan-id=100 vlan-header=always-strip vlan-mode=secure
set 2 default-vlan-id=100 vlan-header=always-strip vlan-mode=secure
set 3 default-vlan-id=100 vlan-header=always-strip vlan-mode=secure
set 4 default-vlan-id=100 vlan-header=always-strip vlan-mode=secure
set 5 vlan-header=add-if-missing vlan-mode=secure
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-128-cbc
/system logging action
set 1 disk-file-name=log
/interface bridge port
add bridge=bridge-local interface=ether1
/interface ethernet switch vlan
add ports=switch1-cpu,ether1,ether2,ether3,ether4,ether5 switch=switch1 \
vlan-id=100
add ports=switch1-cpu,ether1,ether2,ether3,ether4,ether5 switch=switch1 \
vlan-id=101
add ports=switch1-cpu,ether1,ether2,ether3,ether4,ether5 switch=switch1 \
vlan-id=102
/interface wireless cap
set discovery-interfaces=vlan100 enabled=yes interfaces=wlan2,wlan1
/ip address
add address=192.168.1.12/24 interface=vlan100 network=192.168.1.0
/system identity
set name="Downstairs AP"
/system routerboard settings
set cpu-frequency=650MHz protected-routerboot=disabled