Community discussions

MikroTik App
  4. RouterOS
  5. Wireless Networking

CAPsMAN on v7.13 and cAP ac datapath not working correctly

Post Reply
 
4wojtek5
just joined
Topic Author
Posts: 2
Joined: Wed Oct 18, 2023 11:30 pm

CAPsMAN on v7.13 and cAP ac datapath not working correctly

Sun Dec 17, 2023 12:25 am

So i have a RB5009 that i upgraded to 7.13 and cAP ac with same firmware. i had in old CAPsMAN 2 networks each with different datapath via bridge and on new it isn't working because guest network is getting same addresses as main network. (main is 192.168.70.0/24 bridge-domWew, guset is 10.0.0.0/24 bidge-port7-guest, and 10.0.1.0/24 is my flatmate)
config for RB5009 (CAPsMAN):
Code: Select all
# 2023-12-16 22:59:57 by RouterOS 7.13
# model = RB5009UG+S+
/caps-man channel
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=Ce \
    frequency=5180,5220,5260,5300 name=channel-5g-36 tx-power=23
add band=2ghz-b/g/n control-channel-width=20mhz extension-channel=disabled \
    frequency=2412,2437,2462 name=channel-2g-1-6-11 tx-power=20
/interface bridge
add arp=proxy-arp name=bridge-domWew port-cost-mode=short
add name=bridge-port7-guest port-cost-mode=short
add arp=proxy-arp name=bridge-port8-piotrek port-cost-mode=short
/interface ethernet
set [ find default-name=ether1 ] name=ether1-WAN
/interface vlan
add interface=bridge-domWew name=Guest-Vlan-100 vlan-id=100
/caps-man datapath
add bridge=bridge-domWew client-to-client-forwarding=yes name=Dom
add bridge=bridge-port7-guest client-to-client-forwarding=yes name=guest
/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm \
    name=NaszDom
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm \
    name=guest
/caps-man configuration
add channel=channel-2g-1-6-11 country=poland datapath=Dom distance=indoors \
    installation=indoor mode=ap name="Dom 2ghz" rx-chains=0,1,2,3 security=\
    NaszDom ssid=NaszDom2 tx-chains=0,1,2,3
add channel=channel-5g-36 country=poland datapath=Dom distance=indoors \
    installation=indoor mode=ap name="Dom 5ghz" rx-chains=0,1,2,3 security=\
    NaszDom ssid=NaszDom5 tx-chains=0,1,2,3
add channel=channel-2g-1-6-11 country=poland datapath=guest distance=indoors \
    installation=indoor mode=ap name="Guest 2ghz" rx-chains=0,1,2,3 security=\
    guest ssid=NaszGuest tx-chains=0,1,2,3
/interface list
add name=WAN
add name=LAN
/interface wifi configuration
add channel.band=2ghz-n .frequency=2412,2437,2462 .skip-dfs-channels=all \
    .width=20mhz country=Poland datapath.bridge=bridge-domWew disabled=no \
    mode=ap name=NaszDom2 security.authentication-types=wpa2-psk,wpa3-psk \
    .wps=disable ssid=NaszDom2
add channel.band=2ghz-n .frequency=2412,2437,2462 .skip-dfs-channels=all \
    .width=20mhz country=Poland datapath.bridge=bridge-port7-guest disabled=\
    no mode=ap name=NaszGuest security.authentication-types=wpa2-psk,wpa3-psk \
    .wps=disable ssid=NaszGuest
add channel.band=5ghz-ac .frequency=5180,5220,5260,5300 .skip-dfs-channels=\
    all .width=20/40mhz-Ce country=Poland datapath.bridge=bridge-domWew \
    disabled=no mode=ap name=NaszDom5 security.authentication-types=\
    wpa2-psk,wpa3-psk .wps=disable ssid=NaszDom5
/interface wifi
add channel.frequency=2412,2437,2462 configuration=NaszDom2 \
    configuration.mode=ap disabled=no name=AP-dol radio-mac=xx:xx:xx:xx:xx:xx
add configuration=NaszDom5 configuration.mode=ap disabled=no name=AP-dol-5 \
    radio-mac=xx:xx:xx:xx:xx:xx
add configuration=NaszDom2 configuration.mode=ap disabled=no name=AP-gora \
    radio-mac=xx:xx:xx:xx:xx:xx
add configuration=NaszDom5 configuration.mode=ap disabled=no name=AP-gora-5 \
    radio-mac=xx:xx:xx:xx:xx:xx
add channel.frequency=2412,2437,2462 configuration=NaszGuest \
    configuration.mode=ap mac-address=xx:xx:xx:xx:xx:xx master-interface=\
    AP-gora name=AP-gora-g
/interface wifi datapath
add bridge=bridge-domWew disabled=no name=Dom
add bridge=bridge-port7-guest disabled=no name=guest
/interface wifi security
add authentication-types=wpa2-psk,wpa3-psk disabled=no encryption="" name=Dom \
    wps=disable
add authentication-types=wpa2-psk,wpa3-psk disabled=no encryption="" name=\
    guest wps=disable
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=Dom ranges=192.168.70.150-192.168.70.200
add name=Guest ranges=10.0.0.20-10.0.0.200
add name=Piotrek ranges=10.0.1.20-10.0.1.200
add name=Vlan-110 ranges=172.16.110.100-172.16.110.200
/ip dhcp-server
add address-pool=Dom interface=bridge-domWew lease-time=6h name=dhcp-DomLan
add address-pool=Guest interface=bridge-port7-guest lease-time=6h name=\
    dhcp-Guest
add address-pool=Piotrek interface=bridge-port8-piotrek lease-time=6h name=\
    dhcp-Piotrek
add address-pool=Vlan-110 interface=Vlan110-PVE-Wojtek lease-time=6h name=\
    dhcp-VlanPve
/caps-man access-list
add action=accept allow-signal-out-of-range=30s disabled=no signal-range=\
    -85..120 ssid-regexp=""
add action=reject allow-signal-out-of-range=30s disabled=no signal-range=\
    -120..-86 ssid-regexp=""
/caps-man manager
set ca-certificate=auto certificate=auto enabled=yes
/caps-man manager interface
set [ find default=yes ] forbid=yes
add disabled=no interface=bridge-domWew
/caps-man provisioning
add action=create-dynamic-enabled disabled=yes hw-supported-modes=g \
    master-configuration="Dom 2ghz" name-format=identity \
    slave-configurations="Guest 2ghz"
add action=create-dynamic-enabled disabled=yes hw-supported-modes=ac \
    master-configuration="Dom 5ghz" name-format=identity
/interface bridge port
add bridge=bridge-domWew interface=ether2 internal-path-cost=10 path-cost=10
add bridge=bridge-domWew interface=ether3 internal-path-cost=10 path-cost=10
add bridge=bridge-domWew interface=ether4 internal-path-cost=10 path-cost=10
add bridge=bridge-domWew interface=ether5 internal-path-cost=10 path-cost=10
add bridge=bridge-domWew interface=ether6 internal-path-cost=10 path-cost=10
add bridge=bridge-port7-guest interface=ether7 internal-path-cost=10 \
    path-cost=10
add bridge=bridge-port8-piotrek interface=ether8 internal-path-cost=10 \
    path-cost=10
add bridge=bridge-port7-guest interface=Guest-Vlan-100 internal-path-cost=10 \
    path-cost=10
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface bridge vlan
add bridge=bridge-domWew tagged=ether2,ether6,ether7,bridge-domWew vlan-ids=100
/interface list member
add interface=bridge-domWew list=LAN
add interface=wg-VPN-dom-BB list=LAN
add interface=wg-VPN-dom-WB list=LAN
add interface=ether1-WAN list=WAN
add interface=Vlan110-PVE-Wojtek list=LAN
/interface wifi access-list
add action=accept allow-signal-out-of-range=30s disabled=no signal-range=\
    -85..120
add action=reject disabled=no signal-range=-120..-86
/interface wifi capsman
set enabled=yes package-path="" require-peer-certificate=no upgrade-policy=none
/ip address
add address=192.168.70.1/24 interface=bridge-domWew network=192.168.70.0
add address=10.0.0.1/24 interface=bridge-port7-guest network=10.0.0.0
add address=10.0.1.1/24 interface=bridge-port8-piotrek network=10.0.1.0
add address=172.16.110.254/24 interface=Vlan110-PVE-Wojtek network=\
    172.16.110.0
/ip dhcp-client
add interface=ether1-WAN use-peer-dns=no
/ip dhcp-server network
add address=10.0.0.0/24 gateway=10.0.0.1
add address=10.0.1.0/24 gateway=10.0.1.1
add address=172.16.110.0/24 gateway=172.16.110.254
add address=192.168.70.0/24 gateway=192.168.70.1
/ip dns
set servers=9.9.9.9,149.112.112.112
/ip firewall address-list
add address=192.168.70.0/24 list=Home
add address=192.168.220.0/24 list=Home
add address=172.16.220.0/24 list=Home
add address=172.16.110.0/24 list=Home
add address=10.0.1.2 list=AP-Piotrek
add address=10.0.1.3 list=AP-Piotrek
/ip firewall filter
add action=add-src-to-address-list address-list=black-list \
    address-list-timeout=none-static chain=input comment=\
    "add port scan to black list" in-interface-list=WAN log=yes log-prefix=\
    Blacklist_ protocol=tcp psd=21,3s,5,3
add action=drop src-address-list=black-list in-interface=ether1-WAN
add action=accept chain=input dst-port=9876 protocol=tcp
add action=accept chain=forward comment=Piotrek-Przekierowanie dst-address=\
    10.0.1.5 dst-port=8123 out-interface=bridge-port8-piotrek protocol=tcp
add action=accept chain=forward comment=AP-Piotrek dst-address-list=Home \
    src-address-list=AP-Piotrek
add action=drop chain=forward comment=Pioterk dst-address-list=Home \
    log-prefix=Piotrek_ src-address=10.0.1.0/24
add action=drop chain=forward comment=Pioterk dst-address=10.0.0.0/24 \
    src-address=10.0.1.0/24
add action=drop chain=forward comment=guest dst-address-list=Home \
    src-address=10.0.0.0/24
add action=drop chain=forward comment=guest dst-address=10.0.1.0/24 \
    src-address=10.0.0.0/24
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    disabled=yes ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    disabled=yes ipsec-policy=out,ipsec
add action=accept chain=input comment="defconf: accept established,related" \
    connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop input invalid" \
    connection-state=invalid
add action=accept chain=input comment="defconf: allow ICMP" limit=2,2:packet \
    protocol=icmp
add action=drop chain=input comment="limit ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=drop chain=input comment="defconf: block everything else" \
    in-interface=ether1-WAN
add action=fasttrack-connection chain=forward comment=\
    "defconf: fast-track for established,related" connection-state=\
    established,related hw-offload=yes
add action=accept chain=forward comment=\
    "defconf: accept established,related foward" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: Drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop access to clients behind NAT from WAN" \
    connection-nat-state=!dstnat connection-state=new in-interface=ether1-WAN
add action=drop chain=forward comment="defconf: block everything else" \
    in-interface=ether1-WAN log=yes
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set h323 disabled=yes
set sip disabled=yes
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set winbox port=9876
set api-ssl disabled=yes
/system clock
set time-zone-autodetect=no time-zone-name=Europe/Warsaw
one of caps second is identical conf but different identity:
Code: Select all
# 2023-12-16 23:00:45 by RouterOS 7.13
# model = RBcAPGi-5acD2nD
/interface bridge
add admin-mac=xx:xx:xx:xx:xx:xx auto-mac=no comment=defconf name=bridgeLocal
/interface wifi datapath
add bridge=bridgeLocal comment=defconf disabled=no name=capdp
add bridge=bridgeLocal disabled=no name=guest vlan-id=100
/interface wifi
# managed by CAPsMAN
# mode: AP, SSID: NaszDom2, channel: 2412/n
# managed by CAPsMAN
# mode: AP, SSID: NaszDom5, channel: 5180/ac/Ce
/interface bridge port
add bridge=bridgeLocal comment=defconf interface=ether1
add bridge=bridgeLocal comment=defconf interface=ether2
/interface wifi cap
set caps-man-addresses=192.168.70.1 discovery-interfaces=bridgeLocal enabled=yes
/ip dhcp-client
add comment=defconf interface=bridgeLocal
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set winbox port=9876
set api-ssl disabled=yes
/system clock
set time-zone-name=Europe/Warsaw
/system identity
set name=AP-gora
/system note
set show-at-login=no
/tool bandwidth-server
set enabled=no
Top
 
User avatar
robtor
newbie
Posts: 45
Joined: Sat Dec 09, 2023 3:27 pm
Location: Germany, Hessen
Contact:
Contact robtor

Re: CAPsMAN on v7.13 and cAP ac datapath not working correctly

Fri Mar 01, 2024 5:59 pm

Maybe this can help you
viewtopic.php?t=202476
Top
Post Reply

Who is online

Users browsing this forum: vgarbov and 8 guests
  4. RouterOS
  5. Wireless Networking