Jump to content
  • 0

CAPsMAN с Vlan на ROS7

DuMbh3aD

Asked by DuMbh3aD,

 Share

Question

DuMbh3aD Apprentice

DuMbh3aD

Posted
Posted

Здравейте,

Може ли малко помощ?

Клиентските устройства се закачат и към 2-те мрежи, но след 36 секунди се разкачат

  

# 2024-10-13 13:16:20 by RouterOS 7.16
# software id = 83B0-35IU
#
# model = L009UiGS

/interface bridge
add admin-mac=8E:25:5B:11:40:4B auto-mac=no name=bridge1 vlan-filtering=yes
/interface vlan
add interface=bridge1 name=vlan71 vlan-id=71
add interface=bridge1 name=vlan99 vlan-id=99
add interface=bridge1 name=vlan100 vlan-id=100
/caps-man datapath
add bridge=bridge1 name=datapath71 vlan-id=71
add bridge=bridge1 name=datapath100 vlan-id=100
/caps-man security
add authentication-types=wpa-psk,wpa2-psk encryption=aes-ccm group-encryption=aes-ccm name=security71
add authentication-types=wpa-psk,wpa2-psk encryption=aes-ccm group-encryption=aes-ccm name=security100
/caps-man configuration
add channel=channel-2.4-G/N country=bulgaria datapath=datapath71 mode=ap name=cfg71-2.4 security=security71 ssid=XXXXX
add channel=channel-2.4-G/N country=bulgaria datapath=datapath100 mode=ap name=cfg100-2.4 security=security100 ssid=YYYYY
add channel=channel-5-N/AC country=bulgaria datapath=datapath71 mode=ap name=cfg71-5 security=security71 ssid=XXXXX
add channel=channel-5-N/AC country=bulgaria datapath=datapath100 mode=ap name=cfg100-5 security=security100 ssid=YYYYY
/interface wifi channel
add band=2ghz-ax disabled=no frequency=2412,2437,2462,2484 name=channel-2.4-AX width=20mhz
add band=2ghz-n disabled=no frequency=2412,2437,2462 name=channel-2.4-N width=20mhz
add band=5ghz-ax disabled=no name=channel-5-AX width=20/40/80mhz
add band=5ghz-ac disabled=no name=channel-5-AC width=20/40mhz
/interface wifi datapath
add bridge=bridge1 disabled=no name=datapath71 vlan-id=71
add bridge=bridge1 client-isolation=yes disabled=no name=datapath100 vlan-id=100
/interface wifi security
add authentication-types=wpa-psk,wpa2-psk disabled=no ft=yes ft-over-ds=yes group-encryption=ccmp name=sec71
add authentication-types=wpa-psk,wpa2-psk disabled=no ft=yes ft-over-ds=yes group-encryption=ccmp name=sec100
/interface wifi configuration
add channel=channel-5-AX country=Bulgaria datapath=datapath71 disabled=no mode=ap name=cfg71-5-ax security=sec71 ssid=XXXXX
add channel=channel-5-AC country=Bulgaria datapath=datapath71 disabled=no mode=ap name=cfg71-5-ac security=sec71 ssid=XXXXX
add channel=channel-2.4-AX country=Bulgaria datapath=datapath71 disabled=no mode=ap name=cfg71-2.4-ax security=sec71 ssid=XXXXX
add channel=channel-2.4-N country=Bulgaria datapath=datapath71 disabled=no mode=ap name=cfg71-2.4-n security=sec71 ssid=XXXXX
add channel=channel-5-AX country=Bulgaria datapath=datapath100 disabled=no mode=ap name=cfg100-5-ax security=sec100 ssid=YYYYY
add channel=channel-5-AC country=Bulgaria datapath=datapath100 disabled=no mode=ap name=cfg100-5-ac security=sec100 ssid=YYYYY
add channel=channel-2.4-AX country=Bulgaria datapath=datapath100 disabled=no mode=ap name=cfg100-2.4-ax security=sec100 ssid=YYYYY
add channel=channel-2.4-N country=Bulgaria datapath=datapath100 disabled=no mode=ap name=cfg100-2.4-n security=sec100 ssid=YYYYY
/ip pool
add name=dhcp_pool71 ranges=192.168.71.120-192.168.71.254
add name=dhcp_pool1 ranges=192.168.1.100-192.168.1.254
add name=dhcp_pool99 ranges=192.168.99.2-192.168.99.254
/ip dhcp-server
add address-pool=dhcp_pool71 interface=vlan71 name=dhcp71
add address-pool=dhcp_pool1 interface=vlan100 name=dhcp1
add address-pool=dhcp_pool99 interface=vlan99 name=dhcp99
/interface bridge port
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=ether3-MGMT pvid=99
add bridge=bridge1 frame-types=admit-only-vlan-tagged interface=ether8
add bridge=bridge1 frame-types=admit-only-vlan-tagged interface=sfp1
/interface bridge vlan
add bridge=bridge1 tagged=sfp1,ether8,bridge1 vlan-ids=71
add bridge=bridge1 tagged=sfp1,ether8,bridge1 vlan-ids=100
add bridge=bridge1 tagged=sfp1,ether8,bridge1 vlan-ids=99
/interface wifi capsman
set ca-certificate=auto certificate=auto enabled=yes interfaces=vlan99 package-path="" require-peer-certificate=yes upgrade-policy=none
/interface wifi provisioning
add action=create-dynamic-enabled disabled=no master-configuration=cfg71-5-ax slave-configurations=cfg100-5-ax supported-bands=5ghz-ax
add action=create-dynamic-enabled disabled=no master-configuration=cfg71-5-ac slave-configurations=cfg100-5-ac supported-bands=5ghz-ac
add action=create-dynamic-enabled disabled=no master-configuration=cfg71-2.4-ax slave-configurations=cfg100-2.4-ax supported-bands=2ghz-ax
add action=create-dynamic-enabled disabled=no master-configuration=cfg71-2.4-n slave-configurations=cfg100-2.4-n supported-bands=2ghz-n
/ip address
add address=192.168.71.1/24 interface=vlan71 network=192.168.71.0
add address=192.168.1.1/24 interface=vlan100 network=192.168.1.0
add address=192.168.99.1/24 interface=vlan99 network=192.168.99.0
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=192.168.1.1 gateway=192.168.1.1
add address=192.168.71.0/24 dns-server=192.168.71.1 gateway=192.168.71.1
add address=192.168.99.0/24 dns-server=192.168.99.1 gateway=192.168.99.1

  

# 2024-10-13 13:16:38 by RouterOS 7.16.1
# software id = L5UX-7379
#
# model = L22UGS-5HaxD2HaxD

/interface bridge
add auto-mac=no name=bridge1 vlan-filtering=yes
/interface wifi
set [ find default-name=wifi1 ] configuration.manager=capsman .mode=ap disabled=no name=wifi-2.4GHz
add configuration.mode=ap disabled=no master-interface=wifi-2.4GHz name=wifi-2.4GHz-Sl
set [ find default-name=wifi2 ] configuration.manager=capsman .mode=ap disabled=no name=wifi-5GHz
add configuration.mode=ap disabled=no master-interface=wifi-5GHz name=wifi-5GHz-Sl
/interface vlan
add interface=bridge1 name=vlan99 vlan-id=99
/interface bridge port
add bridge=bridge1 frame-types=admit-only-vlan-tagged interface=ether1
add bridge=bridge1 frame-types=admit-only-vlan-tagged interface=sfp1
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=wifi-2.4GHz-Sl pvid=100
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=wifi-5GHz-Sl pvid=100
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=wifi-2.4GHz pvid=71
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=wifi-5GHz pvid=71
/interface bridge vlan
add bridge=bridge1 tagged=ether1,sfp1 vlan-ids=71
add bridge=bridge1 tagged=ether1,sfp1,bridge1 vlan-ids=99
add bridge=bridge1 tagged=ether1,sfp1 vlan-ids=100
/interface wifi cap
set certificate=request discovery-interfaces=vlan99 enabled=yes slaves-static=yes
/ip dhcp-client
add interface=vlan99

  

 13:31:00 wireless,info xx:xx:xx:xx:xx:xx@cap-wifi2 connected, signal strength -59
 13:31:36 wireless,info xx:xx:xx:xx:xx:xx@cap-wifi2 disconnected, connection lost, signal strength -60
 13:31:58 wireless,info xx:xx:xx:xx:xx:xx@cap-wifi2 connected, signal strength -59
 13:32:34 wireless,info xx:xx:xx:xx:xx:xx@cap-wifi2 disconnected, connection lost, signal strength -61
 13:32:36 wireless,info xx:xx:xx:xx:xx:xx@cap-wifi2 connected, signal strength -61
 13:33:13 wireless,info xx:xx:xx:xx:xx:xx@cap-wifi2 disconnected, connection lost, signal strength -61
 13:33:15 wireless,info xx:xx:xx:xx:xx:xx@cap-wifi2 connected, signal strength -59
 13:33:51 wireless,info xx:xx:xx:xx:xx:xx@cap-wifi2 disconnected, connection lost, signal strength -63
 13:34:13 wireless,info xx:xx:xx:xx:xx:xx@cap-wifi2 connected, signal strength -59
 13:34:49 wireless,info xx:xx:xx:xx:xx:xx@cap-wifi2 disconnected, connection lost, signal strength -63
 13:58:10 wireless,info xx:xx:xx:xx:xx:xx@cap-wifi2 connected, signal strength -59
 13:58:46 wireless,info xx:xx:xx:xx:xx:xx@cap-wifi2 disconnected, connection lost, signal strength -60
 13:59:08 wireless,info xx:xx:xx:xx:xx:xx@cap-wifi2 connected, signal strength -59
 13:59:44 wireless,info xx:xx:xx:xx:xx:xx@cap-wifi2 disconnected, connection lost, signal strength -62
 14:00:07 wireless,info xx:xx:xx:xx:xx:xx@cap-wifi2 connected, signal strength -59
 14:00:43 wireless,info xx:xx:xx:xx:xx:xx@cap-wifi2 disconnected, connection lost, signal strength -61
 14:00:45 wireless,info xx:xx:xx:xx:xx:xx@cap-wifi2 connected, signal strength -61
 14:01:21 wireless,info xx:xx:xx:xx:xx:xx@cap-wifi2 disconnected, connection lost, signal strength -60
 14:01:23 wireless,info xx:xx:xx:xx:xx:xx@cap-wifi2 connected, signal strength -59
 14:01:59 wireless,info xx:xx:xx:xx:xx:xx@cap-wifi2 disconnected, connection lost, signal strength -60

 

Link to comment
Share on other sites

3 answers to this question

Recommended Posts

  • 0
hgd Explorer

hgd

Posted
Posted (edited)

промени си Group Key на поне 1 час, ако не и повече 

group-key-update=1h

Преди е имало този бъг:

if you set the group-key-update timer to 1:00:00 (1 Hour) on versions 6.43.7 and older the group-key is updated every 36 seconds instead of 3600

 

3sec.jpeg

Edited by hgd
Link to comment
Share on other sites
  • 0
DuMbh3aD
Apprentice

DuMbh3aD

Posted
  • Author
Posted

Промених го, но без успех.

Клиента не взема адрес от DHCP или DHCP-то не раздава на клиентите

Link to comment
Share on other sites
  • 0
Асен Нейков Apprentice

Асен Нейков

Posted
Posted

Малко късно виждам, но може да е полезно на някой. В Datapath на capsman-a използвай vlan-mode=use tag 

/caps-man datapath
add bridge=bridge1 name=datapath1-vlan40 vlan-id=40 vlan-mode=use-tag

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to question listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept