Community discussions

MikroTik App
 
hairfarmer
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 67
Joined: Thu Jan 31, 2008 1:11 am

Remote CAP Address inconsistent

Thu Aug 11, 2016 8:39 pm

Hi all,

This isn't really a problem as I have 40 some APs working perfectly with CAPsMAN now just upgraded to v6.36.

However I was wondering why some APs will identify with their IP address and some just have the MAC address.

Image

Many of the units were configured identically and I don't see any configuration differences.

Is this a bug or standard operating procedure?
 
rabienz
newbie
Posts: 48
Joined: Tue Oct 13, 2015 5:51 pm

Re: Remote CAP Address inconsistent

Tue Jun 13, 2017 11:59 pm

i have the same problem any solution to this ?
thank you in advance
 
hairfarmer
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 67
Joined: Thu Jan 31, 2008 1:11 am

Re: Remote CAP Address inconsistent

Wed Jun 14, 2017 1:33 am

No real change however may I ask if you are running Hotspot on this network?
 
rabienz
newbie
Posts: 48
Joined: Tue Oct 13, 2015 5:51 pm

Re: Remote CAP Address inconsistent

Wed Jun 14, 2017 3:14 am

No i am not
What hotspot is used for ?
 
uldis
MikroTik Support
MikroTik Support
Posts: 3446
Joined: Mon May 31, 2004 2:55 pm

Re: Remote CAP Address inconsistent

Wed Jun 14, 2017 10:13 am

by default the MAC address option is chosen but if the CAPsMAN was not accessible via MAC it switches to IP.
If you want you can force to use just the MAC or just the IP.
 
hairfarmer
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 67
Joined: Thu Jan 31, 2008 1:11 am

Re: Remote CAP Address inconsistent

Mon Jul 03, 2017 5:36 pm

by default the MAC address option is chosen but if the CAPsMAN was not accessible via MAC it switches to IP.
If you want you can force to use just the MAC or just the IP.
Thanks Uldis!

I looked closer into the documentation
For the CAPsMAN system to function and provide wireless connectivity, a CAP must establish management connection with CAPsMAN. A management connection can be established using MAC or IP layer protocols and is secured using 'DTLS'.

A CAP can also pass the client data connection to the Manager, but the data connection is not secured. If this is deemed necessary, then other means of data security needs to be used, e.g. IPSec or encrypted tunnels.

CAP to CAPsMAN connection can be established using 2 transport protocols (via Layer 2 and Layer3).

MAC layer connection features:
no IP configuration necessary on CAP
CAP and CAPsMAN must be on the same Layer 2 segment - either physical or virtual (by means of L2 tunnels)
IP layer (UDP) connection features:
can traverse NAT if necessary
CAP must be able to reach CAPsMAN using IP protocol
if the CAP is not on the same L2 segment as CAPsMAN, it must be provisioned with the CAPsMAN IP address, because IP multicast based discovery does not work over Layer3
In order to establish connection with CAPsMAN, CAP executes a discovery process. During discovery, CAP attempts to contact CAPsMAN and builds an available CAPsMANs list. CAP attempts to contact to an available CAPsMAN using:

configured list of Manager IP addresses
list of CAPsMAN IP addresses obtained from DHCP server
broadcasting on configured interfaces using both - IP and MAC layer protocols.
When the list of available CAPsMANs is built, CAP selects a CAPsMAN based on the following rules:

if caps-man-names parameter specifies allowed manager names (/system identity of CAPsMAN), CAP will prefer the CAPsMAN that is earlier in the list, if list is empty it will connect to any available Manager
suitable Manager with MAC layer connectivity is preferred to Manager with IP connectivity
After Manager is selected, CAP attempts to establish DTLS connection. There are the following authentication modes possible:

no certificates on CAP and CAPsMAN - no authentication
only Manager is configured with certificate - CAP checks CAPsMAN certificate, but does not fail if it does not have appropriate trusted CA certificate, CAPsMAN must be configured with require-peer-certificate=no in order to establish connection with CAP that does not possess certificate
CAP and CAPsMAN are configured with certificates - mutual authentication
After DTLS connection is established, CAP can optionally check CommonName field of certificate provided by CAPsMAN. caps-man-certificate-common-names parameter contains list of allowed CommonName values. If this list is not empty, CAPsMAN must be configured with certificate. If this list is empty, CAP does not check CommonName field.

If the CAPsMAN or CAP gets disconnected from the network, the loss of connection between CAP and CAPsMAN will be detected in approximately 10-20 seconds.
However I'm not seeing where I can specify one method over another. Could you please show me where on either the CAPsMAN or the AP to configure?

Very appreciated!
 
rabienz
newbie
Posts: 48
Joined: Tue Oct 13, 2015 5:51 pm

Re: Remote CAP Address inconsistent

Sat Sep 09, 2017 1:28 pm

me too can't where to do it
 
JanezFord
Member Candidate
Member Candidate
Posts: 269
Joined: Wed May 23, 2012 10:58 am

Re: Remote CAP Address inconsistent

Tue Nov 19, 2019 10:38 am

by default the MAC address option is chosen but if the CAPsMAN was not accessible via MAC it switches to IP.
If you want you can force to use just the MAC or just the IP.
How can I force just the IP ?

JF
 
sebastianh
just joined
Posts: 1
Joined: Thu Feb 03, 2022 4:47 pm

Re: Remote CAP Address inconsistent

Thu Feb 03, 2022 4:58 pm

Can anyone shed some light to this issue? I am experiencing the same behavior on "latest" v6.48.6 (long-term).

Did OP ever get an answer?

Some of my RBcAPGi-5acD2nD are shown by IP, others are shown by mac address. most irritating to me :)

The CAPS which are listed by IP are on different switches than those listed by mac address. Could this be a factor?
 
dibaq
just joined
Posts: 2
Joined: Tue Nov 28, 2023 1:58 pm

Re: Remote CAP Address inconsistent

Tue Nov 28, 2023 2:06 pm

Hello, I had the same problem - solution is disable discovering in CAP settings - use request certificate and lock to capsman. It works!

Who is online

Users browsing this forum: Ahrefs [Bot], morphema and 27 guests