Hi,
I'm trying to setup add a guest VLAN to a legacy config and I'm encountering issues when I use a VLAN on the master interface.
The legacy setup is using a CCR could series routerOS 6.44.6 to connect to the ISP over fibre with hosts untagged and tagged VLAN, and using an HAPax2 routerOS 7.12.1 with more hosts untagged and tagged VLAN. The CCR and HAP are bridged together. The CCR does all the DHCP and routing.
Then I purchased an Audience and reinstalled it with routerOS 7.12.1 so it could get its Wifi config from the HAP using capsman and both routers would be using the same wifiwave2. Everything works with OK with my WiFi clients untagged.
Next I tried to configure another VLAN for guest WiFI - but inevitably encountered the issue that you can't have a VLAN tagged slave wifi on an untagged master wifi because the slave interface can't join the bridge. (PS: I tried tagged master and untagged slave, same issue)
Here is that setupNow if I run command
/interface/wifiwave2/configuration/set datapath.vlan-id=100 numbers=0,1
and now capsman doesn't work, yet I can see that the Audience has connected from its MAC address in the registration table
PS: The Audience has both IP addresses of the HAP on the untagged and the VLAN 100 address
I cannot ping the Audience on either of its IP addresses either
What needs to be changed to get capsman to work?
I'm trying to setup add a guest VLAN to a legacy config and I'm encountering issues when I use a VLAN on the master interface.
The legacy setup is using a CCR could series routerOS 6.44.6 to connect to the ISP over fibre with hosts untagged and tagged VLAN, and using an HAPax2 routerOS 7.12.1 with more hosts untagged and tagged VLAN. The CCR and HAP are bridged together. The CCR does all the DHCP and routing.
Then I purchased an Audience and reinstalled it with routerOS 7.12.1 so it could get its Wifi config from the HAP using capsman and both routers would be using the same wifiwave2. Everything works with OK with my WiFi clients untagged.
Next I tried to configure another VLAN for guest WiFI - but inevitably encountered the issue that you can't have a VLAN tagged slave wifi on an untagged master wifi because the slave interface can't join the bridge. (PS: I tried tagged master and untagged slave, same issue)
Here is that setup
Code:
[admin@HAP] > /interface/wifiwave2/configuration/print detail Flags: X - disabled 0 name="5ghz" ssid="privateSSID=5G" country=Switzerland security=sec1 1 name="2ghz" ssid="privateSSID" country=Switzerland security=sec1 2 name="5ghz-backend" mode=station-bridge ssid="privateSSID-5G" country=Switzerland security=sec1 channel.band=5ghz-ac 3 name="2ghz-backend" mode=station-bridge ssid="privateSSID" country=Switzerland security=sec1 channel.band=2ghz-n 4 name="5ghz-guest" ssid="guestSSID-5G" country=Switzerland security=sec2 datapath.vlan-id=200 5 name="2ghz-guest" ssid="guestSSID" country=Switzerland security=sec2 datapath.vlan-id=200 [admin@HAP] > /interface/wifiwave2/provisioning/print detail Flags: X - disabled 0 supported-bands=5ghz-ax action=create-enabled master-configuration=5ghz slave-configurations=5ghz-guest 1 supported-bands=2ghz-ax action=create-enabled master-configuration=2ghz slave-configurations=2ghz-guest 2 radio-mac=XXXXXXX supported-bands=5ghz-ac action=create-dynamic-enabled master-configuration=5ghz-backend 3 supported-bands=2ghz-n action=create-dynamic-enabled master-configuration=2ghz slave-configurations=2ghz-guest 4 supported-bands=5ghz-ac action=create-dynamic-enabled master-configuration=5ghz slave-configurations=5ghz-guest [admin@HAP] > /interface/wifiwave2/print detail Flags: M - master; D - dynamic; B - bound; X - disabled, I - inactive, R - running 0 M B default-name="wifi2" name="ax2-2ghz" l2mtu=1560 mac-address=XXXXXXX arp-timeout=auto radio-mac=XXXXX configuration=2ghz 1 B name="ax2-2ghz-guest" l2mtu=1560 mac-address=XXXXXX arp-timeout=auto master-interface=ax2-2ghz configuration=2ghz-guest 2 M BR default-name="wifi1" name="ax2-5ghz" l2mtu=1560 mac-address=XXXXXX arp-timeout=auto radio-mac=XXXXXX configuration=5ghz 3 BR name="ax2-5ghz-guest" l2mtu=1560 mac-address=XXXXXX arp-timeout=auto master-interface=ax2-5ghz configuration=5ghz-guest 4 MDB name="cap-wifi1" mac-address=XXXXXX arp-timeout=auto radio-mac=XXXXXX configuration=2ghz 5 DB ;;; vlan-id configured, but interface does not support assigning vlans name="cap-wifi2" mac-address=XXXXXX arp-timeout=auto master-interface=cap-wifi1 configuration=2ghz-guest 6 MDB name="cap-wifi3" mac-address=XXXXX arp-timeout=auto radio-mac=XXXXXX configuration=5ghz 7 DB ;;; vlan-id configured, but interface does not support assigning vlans name="cap-wifi4" mac-address=1A:FD:74:FA:4D:D4 arp-timeout=auto master-interface=cap-wifi3 configuration=5ghz-guest [admin@HAP] > /interface/bridge/port/print detail Flags: X - disabled, I - inactive; D - dynamic; H - hw-offload ... 3 ;;; defconf interface=ether5 bridge=bridge priority=0x80 path-cost=10 internal-path-cost=10 edge=auto point-to-point=auto learn=auto horizon=none hw=yes auto-isolate=no restricted-role=no restricted-tcn=no pvid=1 frame-types=admit-all ingress-filtering=yes unknown-unicast-flood=yes unknown-multicast-flood=yes broadcast-flood=yes tag-stacking=no bpdu-guard=no trusted=no multicast-router=temporary-query fast-leave=no 4 ;;; defconf interface=ax2-5ghz bridge=bridge priority=0x20 path-cost=10 internal-path-cost=10 edge=auto point-to-point=auto learn=auto horizon=none auto-isolate=no restricted-role=no restricted-tcn=no pvid=1 frame-types=admit-all ingress-filtering=yes unknown-unicast-flood=yes unknown-multicast-flood=yes broadcast-flood=yes tag-stacking=no bpdu-guard=no trusted=no multicast-router=temporary-query fast-leave=no 5 I ;;; defconf interface=ax2-2ghz bridge=bridge priority=0x30 path-cost=10 internal-path-cost=10 edge=auto point-to-point=auto learn=auto horizon=none auto-isolate=no restricted-role=no restricted-tcn=no pvid=1 frame-types=admit-all ingress-filtering=yes unknown-unicast-flood=yes unknown-multicast-flood=yes broadcast-flood=yes tag-stacking=no bpdu-guard=no trusted=no multicast-router=temporary-query fast-leave=no 7 I interface=ax2-2ghz-guest bridge=bridge priority=0x80 path-cost=10 internal-path-cost=10 edge=auto point-to-point=auto learn=auto horizon=none auto-isolate=no restricted-role=no restricted-tcn=no pvid=1 frame-types=admit-all ingress-filtering=yes unknown-unicast-flood=yes unknown-multicast-flood=yes broadcast-flood=yes tag-stacking=no bpdu-guard=no trusted=no multicast-router=temporary-query fast-leave=no 8 I interface=ax2-5ghz-guest bridge=bridge priority=0x80 path-cost=10 internal-path-cost=10 edge=auto point-to-point=auto learn=auto horizon=none auto-isolate=no restricted-role=no restricted-tcn=no pvid=1 frame-types=admit-all ingress-filtering=yes unknown-unicast-flood=yes unknown-multicast-flood=yes broadcast-flood=yes tag-stacking=no bpdu-guard=no trusted=no multicast-router=temporary-query fast-leave=no [admin@HAP] > /interface/wifiwave2/cap/print as-value file interval without-paging [admin@WifiMikroTik] > /interface/wifiwave2/cap/print enabled: yes caps-man-addresses: 127.0.0.1[admin@HAP] > /interface/wifiwave2/capsman/remote-cap edit export get print set [admin@HAP] > /interface/wifiwave2/capsman/print enabled: yes interfaces: bridge ca-certificate: auto require-peer-certificate: no upgrade-policy: suggest-same-version generated-ca-certificate: CAPsMAN-CA-XXXXXX generated-certificate: CAPsMAN-XXXXXX[admin@HAP] > /interface/wifiwave2/capsman/remote-cap/print detail 0 address="" identity="Audience-1" board-name="RBD25G-5HPacQD2HPnD" serial="XXXXX" version="7.12.1" base-mac=XXXX common-name="" state="Ok" [admin@Audience-1] > /interface/wifiwave2/cap print enabled: yes discovery-interfaces: bridge certificate: none caps-man-addresses: XXXX,YYYY lock-to-caps-man: no[admin@Audience-1] > /interface/wifiwave2/capsman/print enabled: no generated-ca-certificate: CAPsMAN-CA-XXXXX generated-certificate: CAPsMAN-XXXXX/interface/wifiwave2/configuration/set datapath.vlan-id=100 numbers=0,1
and now capsman doesn't work, yet I can see that the Audience has connected from its MAC address in the registration table
Code:
[admin@HAP] > /interface/wifiwave2/print detail Flags: M - master; D - dynamic; B - bound; X - disabled, I - inactive, R - running 0 M B default-name="wifi2" name="ax2-2ghz" l2mtu=1560 mac-address=XXXXX arp-timeout=auto radio-mac=XXXXXX configuration=2ghz 1 B name="ax2-2ghz-guest" l2mtu=1560 mac-address=XXXXXXX arp-timeout=auto master-interface=ax2-2ghz configuration=2ghz-guest 2 M BR default-name="wifi1" name="ax2-5ghz" l2mtu=1560 mac-address=XXXXXX arp-timeout=auto radio-mac=XXXXXXX configuration=5ghz 3 B name="ax2-5ghz-guest" l2mtu=1560 mac-address=XXXXXX arp-timeout=auto master-interface=ax2-5ghz configuration=5ghz-guest [admin@HAP] > /interface/wifiwave2/registration-table/print Flags: A - AUTHORIZEDColumns: INTERFACE, SSID, MAC-ADDRESS, UPTIME, SIGNAL# INTERFACE SSID MAC-ADDRESS UPTIME SIGNAL0 A ax2-5ghz KensWifiLAN2_5G XXXXXXX 1m29s -58 [admin@HAP] > /interface/wifiwave2/capsman/remote-cap/print detail [admin@HAP] > I cannot ping the Audience on either of its IP addresses either
What needs to be changed to get capsman to work?
Statistics: Posted by ojnab — Thu Jan 11, 2024 11:13 pm