Versions Compared

Old Version 26

changes.mady.by.user Mārtiņš S.

Saved on

compared with

New Version 34

changes.mady.by.user Serhii T.

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

In this example, we will assign VLAN10 to our main SSID, and will add VLAN20 for the guest network, ether5 from CAPsMAN is connected to CAP.

Info

CAPs using "wifi-qcom" package can get "vlan-id" via Datapath from CAPsMAN, CAPs using "wifi-qcom-ac" package will need to use the configuration provided at the end of this example.

CAPsMAN:

Code Block
languageros
/interface bridge
add name=br vlan-filtering=yes
/interface vlan
add interface=br name=MAIN vlan-id=10
add interface=br name=GUEST vlan-id=20
/interface wifi datapath
add bridge=br name=MAIN vlan-id=10
add bridge=br name=GUEST vlan-id=20
/interface wifi security
add authentication-types=wpa2-psk,wpa3-psk ft=yes ft-over-ds=yes name=Security_MAIN passphrase=HaveAg00dDay
add authentication-types=wpa2-psk,wpa3-psk ft=yes ft-over-ds=yes name=Security_GUEST passphrase=HaveAg00dDay
/interface wifi configuration
add datapath=MAIN name=MAIN security=Security_MAIN ssid=MAIN_Network
add datapath=GUEST name=GUEST security=Security_GUEST ssid=GUEST_Network
/ip pool
add name=dhcp_pool0 ranges=192.168.1.2-192.168.1.254
add name=dhcp_pool1 ranges=192.168.10.2-192.168.10.254
add name=dhcp_pool2 ranges=192.168.20.2-192.168.20.254
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=yes interface=br name=dhcp1
add address-pool=dhcp_pool1 interface=MAIN name=dhcp2
add address-pool=dhcp_pool2 interface=GUEST name=dhcp3
/interface bridge port
add bridge=br interface=ether5 
add bridge=br interface=ether4 
add bridge=br interface=ether3 
add bridge=br interface=ether2 
/interface bridge vlan
add bridge=br tagged=br,ether5,ether4,ether3,ether2 vlan-ids=20
add bridge=br tagged=br,ether5,ether4,ether3,ether2 vlan-ids=10
/interface wifi capsman
set enabled=yes interfaces=br
/interface wifi provisioning
add action=create-dynamic-enabled master-configuration=MAIN slave-configurations=GUEST supported-bands=5ghz-ax
add action=create-dynamic-enabled master-configuration=MAIN slave-configurations=GUEST supported-bands=2ghz-ax
/ip address
add address=192.168.1.1/24 interface=br network=192.168.1.0
add address=192.168.10.1/24 interface=MAIN network=192.168.10.0
add address=192.168.20.1/24 interface=GUEST network=192.168.20.0
/ip dhcp-server network
add address=192.168.1.0/24 gateway=192.168.1.1
add address=192.168.10.0/24 gateway=192.168.10.1
add address=192.168.20.0/24 gateway=192.168.20.1
/system identity
set name=cAP_Controller

CAP using "wifi-qcom" package:

Code Block
languageros
/interface bridge
add name=bridgeLocal
/interface wifi datapath
add bridge=bridgeLocal comment=defconf disabled=no name=capdp
/interface wifi
set [ find default-name=wifi1 ] configuration.manager=capsman datapath=capdp disabled=no
set [ find default-name=wifi2 ] configuration.manager=capsman datapath=capdp disabled=no
/interface bridge port
add bridge=bridgeLocal comment=defconf interface=ether1
add bridge=bridgeLocal comment=defconf interface=ether2
add bridge=bridgeLocal comment=defconf interface=ether3
add bridge=bridgeLocal comment=defconf interface=ether4
add bridge=bridgeLocal comment=defconf interface=ether5
/interface wifi cap
set discovery-interfaces=bridgeLocal enabled=yes slaves-datapath=capdp
/ip dhcp-client
add interface=bridgeLocal disabled=no

...

CAP using "wifi-qcom-ac" package:

Code Block
languageros
/interface bridge
add name=bridgeLocal vlan-filtering=yes
/interface wifi
set [ find default-name=wifi1 ] configuration.manager=capsman disabled=no
set [ find default-name=wifi2 ] configuration.manager=capsman disabled=no
add disabled=no  master-interface=wifi1 name=wifi21
add disabled=no  master-interface=wifi2 name=wifi22
/interface bridge port
add bridge=bridgeLocal comment=defconf interface=ether1
add bridge=bridgeLocal comment=defconf interface=ether2
add bridge=bridgeLocal comment=defconf interface=ether3
add bridge=bridgeLocal comment=defconf interface=ether4
add bridge=bridgeLocal comment=defconf interface=ether5
add bridge=bridgeLocal interface=wifi1 pvid=10
add bridge=bridgeLocal interface=wifi21 pvid=20
add bridge=bridgeLocal interface=wifi2 pvid=10
add bridge=bridgeLocal interface=wifi22 pvid=20
/interface bridge vlan
add bridge=bridgeLocal tagged=ether1 untagged=wifi1,wifi2 vlan-ids=10
add bridge=bridgeLocal tagged=ether1 untagged=wifi21,wifi22 vlan-ids=20
/interface wifi cap
set discovery-interfaces=bridgeLocal enabled=yes slaves-static=yes

Additionally, records the configuration below has to be added to the CAPsMAN configuration:

Code Block
languageros
/interface wifi datapath
add bridge=br name=DP_AC
/interface wifi configuration
add datapath=DP_AC name=MAIN_AC security=Security_MAIN ssid=MAIN_Network
add datapath=DP_AC name=GUEST_AC security=Security_GUEST ssid=GUEST_Network
/interface wifi provisioning
add action=create-dynamic-enabled master-configuration=MAIN_AC slave-configurations=GUEST_AC supported-bands=5ghz-ac
add action=create-dynamic-enabled master-configuration=MAIN_AC slave-configurations=GUEST_AC supported-bands=2ghz-n
Info

Passing datapaths "MAIN/GUEST" from the start of the example to "wifi-qcom-ac" CAP would be misconfiguration, make sure to use datapath without "vlan-id" specified to such devices.

Advanced examples

Enterprise wireless security with User Manager v5

...

  • WPA3 authentication and OWE (opportunistic wireless encryption)
  • 802.11w standard management frame protection
  • 802.11r/k/v
  • MU-MIMO and beamforming
  • 400Mb/s maximum data rate in the 2.4GHz band for IPQ4019 interfaces

Lost features

Info

These benefits apply both to the wifi-qcom and wifi-qcom-ac packages.

Lost features

The following notable The following notable features are lost when running 802.11ac products with drivers that are compatible with the 'wifi' management interface

  • Nstreme and Nv2 wireless protocols
  • VLAN configuration in the wireless settings (Per-interface VLANs can be configured in bridge settings)
  • Compatibility with station-bridging as implemented in the 'wireless' package, station-bridge only works between the same type of drivers. Wifi to Wifi, and Wireless to Wireless.

Property Reference

AAA properties

...

PropertyDescription
band (2ghz-g | 2ghz-n | 2ghz-ax | 5ghz-a | 5ghz-ac | 5ghz-an | 5ghz-ax)

Frequency band and wireless standard that will be used by the AP. Defaults to newest supported standard.
Note that band support is limited by radio capabilities.

frequency (list of integers or integer ranges)

Anchor
frequency-syntax
frequency-syntax
For an interface in AP mode, specifies frequencies (in MHz) to consider when picking control channel center frequency.

For an interface in station mode, specifies frequencies on which to scan for APs.

Leave unset (default) to consider all frequencies supported by the radio and permitted by the applicable regulatory profille.

The parameter can contain 1 or more comma-separated values of integers or, optionally, ranges of integers denoted using the syntax RangeBeginning-RangeEnd:RangeStep

Examples of valid channel.frequency values:

  • 2412
  • 2412,2432,2472
  • 5180-5240:20,5500-5580:20
secondary-frequency (list of integers | 'disabled') 

Frequency (in MHz) to use for the center of the secondary part of a split 80+80MHz channel.

Only official 80MHz channels (5210, 5290, 5530, 5610, 5690, 5775) are supported.

Leave unset (default) for automatic selection of secondary channel frequency.

skip-dfs-channels  (10min-cac | all | disabled)

Whether to avoid using channels, on which channel availability check (listening for presence of radar signals) is required.

  • 10min-cac - interface will avoid using channels, on which 10 minute long CAC is required
  • all - interface will avoid using all channels, on which CAC is required
  • disabled (default) - interface may select any supported channel, regardless of CAC requirements
width ( 20mhz | 20/40mhz | 20/40mhz-Ce | 20/40mhz-eC | 20/40/80mhz | 20/40/80+80mhz20/40/80/160mhz)

Width of radio channel. Defaults to widest channel supported by the radio hardware.

reselect-interval (time interval)

Specifies when the interface should rescan channel availability and select the most appropriate one to use. Specifying intervall will allow the system to select this interval dynamically and randomly. This helps to avoid a situation when many APs at the same time scan network, select the same channel and prefer to use it at the same time.

Configuration properties

This section includes properties relating to the operation of the interface and the associated radio.

PropertyDescription

antenna-gain (integer 0..30)

Overrides the default antenna gain. The master interface of each radio sets the antenna gain for every interface which uses the same radio.

This setting cannot override the antenna gain to be lower than the minimum antenna gain of a radio.
No default value.

beacon-interval (time interval 100ms..1s)

Interval between beacon frames of an AP. Default: 100ms.

Info

The 802.11 standard defines beacon interval in terms of time units (1 TU = 1.024 ms). The actual interval between beacons will be 1 TU for every 1 ms configured.

Note

Every AP running on the same radio (i.e. a master AP and all its 'virtual'/'slave' APs) must use the same beacon interval.

chains (list of integer 0..7 )

Radio chains to use for receiving signals. Defaults to all chains available to the corresponding radio hardware.

country (name of a country)

Determines, which regulatory domain restrictions are applied to an interface. Defaults to "

United States

Latvia".

Note

It is important to set this value correctly to comply with local regulations and ensure interoperability with other devices.

distance ()

Maximum link distance in kilometers, needs to be set for long-range outdoor links. The value should reflect the distance to the AP or station that is furthest from the device. Unconfigured value allows usage of 3KM links. 

Note

distance is not used by the wifi-qcom-ac package. Setting distance above the actual needed value can have detrimental effects on throughput and latency.

dtim-period (integer 1..255)

Period at which to transmit multicast traffic, when there are client devices in power save mode connected to the AP. Expressed as a multiple of the beacon interval.

Higher values enable client devices to save more energy, but increase network latency.

Default: 1

hide-ssid (no | yes)

  • yes - AP does not include its SSID in beacon frames, and does not reply to probe requests that have broadcast SSID.

  • no - AP includes its SSID in the beacon frames, and replies to probe requests that have broadcast SSID.

Default: no

manager (capsman |capsman-or-local | local)

capsman - the interface will act as CAP only, this option should not be passed via provisioning rules to the CAP

capsman-or-local - the interface will get configuration via CAPsMAN or use its own, if /interface/wifi/cap is not enabled.

local - interface won't contact CAPsMAN in order to get configuration.

Default: local

mode (ap | station)

Interface operation mode

  • ap (default) - interface operates as an access point
  • station - interface acts as a client device, scanning for access points advertising the configured SSID
  • station-bridge - interface acts as a client device and enables support for a 4-address frame format, so that the interface can be used as a bridge port
Info

The station-bridge mode, as implemented for 'wifi'

intefaces

interfaces, is incompatible with APs running the older 'wireless' package and vice versa.


multicast-enhance (enabled disabled)

With the multicast-enhance feature enabled, an AP will convert every multicast-addressed IP or IPv6 packet into multiple unicast-addressed frames for each connected station.
This may improve link throughput and reliability since, unlike multicast frames, unicasts are acknowledged by stations and transmitted using a higher data rate.

Default: disabled

qos-classifier (dscp-high-3-bits priority)
  • dscp-high-3-bits - interface will transmit data packets using a WMM priority equal to the value of the 3 most significant bits of the IP DSCP field
  • priority - interface will transmit data packets using a WMM priority equal to that set by IP firewall or bridge filter

Default: priority

Info

802.11ac wireless chipsets do not support the dscp-high-3-bits classifier mode. For 802.11ac interfaces, please see DSCP from priority.


ssid (string)The name of the wireless network, aka the (E)SSID. No default value.
tx-chains (list of integer 0..7)Radio chains to use for transmitting signals. Defaults to all chains available to the corresponding radio hardware.
tx-power (integer 0..40)A limit on the transmit power (in dBm) of the interface. Can not be used to set power above limits imposed by the regulatory profile. Unset by default.

Datapath properties

Parameters relating to forwarding packets to and from wireless client devices.

...