Trying to build one scheme, and after a couple of days I start thinking I’m stupid. I will be grateful for the advice
Short description of the scheme (only the important part): ccr as an edge router, dozens of mikrotik wi-fi aps (hap ac 2, cap ac) and a bunch of devices connected to wi-fi aps with wire.
For now, everything works perfect in the following format – capsman on ccr, a dozen subnets, each in a separate vlan, two wi-fi networks, bridge vlan filtering on wi-fi aps for two ssids and for wired devices.
The task is to make wi-fi networks for all departments. Yeah, I can just make more virtual aps and job is done but I’m not attracted with 14 new ssids. So, I decided to test scheme “1 ssid + usermanager vlan assignment”
Test setup:
ccr1016 (7.13.5) as a router, capsman, usermanager
hap ac 2 (7.13.5) as a cap with “wireless” package (no dynamic vlans at all in qcom-ac)
needs: 1 ssid with dynamic vlans (v240/v241), 1 ssid for guest (v272), vlans on ether (v240/v241)
On CCR - legacy capsman + usermanager + bridge vlan filtering and vlan to port with ap
On AP - legacy package, cap, bridge vlan filtering and vlans.
First problem I got – usermanager with vlan assignment works only when bridge vlan filtering is disabled on cap. But in case with no bridge vlan filtering I’m losing vlans on ether and virtual ssid for guest without dynamic vlans. And if vlans on ether I solved with vlan on switch chip I just can’t find solution for guest ssid without bridge vlan filtering.
So, the main question is how to make usermanager with vlan on user work with bridge vlan filtering on cap? And if it’s not possible any other solution for 1 ssid and multiply vlans?
p.s. some parts of configs for better "picture"
Short description of the scheme (only the important part): ccr as an edge router, dozens of mikrotik wi-fi aps (hap ac 2, cap ac) and a bunch of devices connected to wi-fi aps with wire.
For now, everything works perfect in the following format – capsman on ccr, a dozen subnets, each in a separate vlan, two wi-fi networks, bridge vlan filtering on wi-fi aps for two ssids and for wired devices.
The task is to make wi-fi networks for all departments. Yeah, I can just make more virtual aps and job is done but I’m not attracted with 14 new ssids. So, I decided to test scheme “1 ssid + usermanager vlan assignment”
Test setup:
ccr1016 (7.13.5) as a router, capsman, usermanager
hap ac 2 (7.13.5) as a cap with “wireless” package (no dynamic vlans at all in qcom-ac)
needs: 1 ssid with dynamic vlans (v240/v241), 1 ssid for guest (v272), vlans on ether (v240/v241)
On CCR - legacy capsman + usermanager + bridge vlan filtering and vlan to port with ap
On AP - legacy package, cap, bridge vlan filtering and vlans.
First problem I got – usermanager with vlan assignment works only when bridge vlan filtering is disabled on cap. But in case with no bridge vlan filtering I’m losing vlans on ether and virtual ssid for guest without dynamic vlans. And if vlans on ether I solved with vlan on switch chip I just can’t find solution for guest ssid without bridge vlan filtering.
So, the main question is how to make usermanager with vlan on user work with bridge vlan filtering on cap? And if it’s not possible any other solution for 1 ssid and multiply vlans?
p.s. some parts of configs for better "picture"
Statistics: Posted by omgnono — Sun Mar 10, 2024 3:24 am