CAPsMAN with VLANs, "no connection to CAPsMAN"

spookymulder84 · Wed Mar 27, 2024 2:04 pm

Hi guys
I know many topics were already open with the same issue but I haven't managed to make it work trying multiple things
hAP ax2 wifi interfaces get's "logged in" to RB5009, but the RB5009 throws an error "no connection to CAPsMAN" on those interfaces

I've put CAPsMAN to listen on vlan10_MGMT and datapath to bridge_Trunk and VLAN ID to 100 (Guest), and I've put CAP to listen on the same vlan10_MGMT, datapath to bridge without VLAN ID... and it doesn't work

Here are the configurations

CAPsMAN (RB5009) (parts ommited for better clarity)

/interface bridge
add frame-types=admit-only-vlan-tagged name=bridge_Trunk protocol-mode=none vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] comment=MGMT
set [ find default-name=ether2 ] comment=WAN
set [ find default-name=ether3 ] comment=VoIP
set [ find default-name=ether4 ] comment=Hikvision
set [ find default-name=ether5 ] comment="Switch Arhiva (2. sprat)"
set [ find default-name=ether6 ] comment="Switch Ommited (Podrum)"
set [ find default-name=ether7 ] comment="Switch Ured (1. sprat)"
set [ find default-name=ether8 ] comment="Switch Portirnica (Prizemlje)"
set [ find default-name=sfp-sfpplus1 ] disabled=yes
/interface vlan
add interface=bridge_Trunk name=vlan10_MGMT vlan-id=10
add interface=bridge_Trunk name=vlan11_Servers vlan-id=11
add interface=bridge_Trunk name=vlan12_VoIP vlan-id=12
add interface=bridge_Trunk name=vlan13_Surveillance vlan-id=13
add interface=bridge_Trunk name=vlan14_IoT vlan-id=14
add interface=bridge_Trunk name=vlan99_ITech vlan-id=99
add interface=bridge_Trunk name=vlan100_Guest vlan-id=100
add interface=bridge_Trunk name=vlan101_Ommited vlan-id=101
add interface=bridge_Trunk name=vlan102_Mediji vlan-id=102
add interface=bridge_Trunk name=vlan103_Ommited vlan-id=103
add interface=bridge_Trunk name=vlan104_Skupstina vlan-id=104
add interface=bridge_Trunk name=vlan105_SalaZaSastanke vlan-id=105
add interface=bridge_Trunk name=vlan106_KulturnaRazmena vlan-id=106
add interface=bridge_Trunk name=vlan111_Ommited vlan-id=111
add interface=bridge_Trunk name=vlan112_Ommited vlan-id=112
add interface=bridge_Trunk name=vlan121_Ommited vlan-id=121
/interface wifi channel
add band=2ghz-ax disabled=no frequency=2412,2437,2462 name=2GHz width=20mhz
add band=5ghz-ax disabled=no frequency=5180,5220,5260,5300,5500,5540,5580,5620 name=5GHz width=20/40mhz
/interface wifi datapath
add bridge=bridge_Trunk disabled=no name=Guest vlan-id=100
/interface wifi security
add authentication-types=wpa2-psk disabled=no ft=yes ft-over-ds=yes name=Guest wps=disable
/interface wifi configuration
add channel=2GHz country=Croatia datapath=Guest disabled=no manager=capsman mode=ap name=Guest2 security=Guest ssid=\
    Internet
add channel=5GHz country=Croatia datapath=Guest disabled=no manager=capsman mode=ap name=Guest5 security=Guest ssid=\
    Internet
/interface bridge port
add bridge=bridge_Trunk frame-types=admit-only-untagged-and-priority-tagged interface=ether1 pvid=10
add bridge=bridge_Trunk frame-types=admit-only-untagged-and-priority-tagged interface=ether3 pvid=12
add bridge=bridge_Trunk frame-types=admit-only-untagged-and-priority-tagged interface=ether4 pvid=13
add bridge=bridge_Trunk frame-types=admit-only-vlan-tagged interface=ether5
add bridge=bridge_Trunk frame-types=admit-only-vlan-tagged interface=ether6
add bridge=bridge_Trunk frame-types=admit-only-vlan-tagged interface=ether7
add bridge=bridge_Trunk frame-types=admit-only-vlan-tagged interface=ether8
/interface bridge vlan
add bridge=bridge_Trunk comment="MGMT VLAN" tagged=bridge_Trunk,ether5,ether6,ether7,ether8 untagged=ether1,ether4 \
    vlan-ids=10
add bridge=bridge_Trunk comment="Servers VLAN" tagged=bridge_Trunk,ether7,ether8 vlan-ids=11
add bridge=bridge_Trunk comment="VoIP VLAN" tagged=bridge_Trunk,ether5,ether6,ether7,ether8 untagged=ether3 vlan-ids=12
add bridge=bridge_Trunk comment="Surveillance VLAN" tagged=bridge_Trunk untagged=ether4 vlan-ids=13
add bridge=bridge_Trunk comment="IoT VLAN" tagged=bridge_Trunk,ether5,ether6,ether7,ether8 vlan-ids=14
add bridge=bridge_Trunk comment="ITech VLAN" tagged=bridge_Trunk,ether7 vlan-ids=99
add bridge=bridge_Trunk comment="Guest VLAN" tagged=bridge_Trunk,ether5,ether6,ether7,ether8 vlan-ids=100
add bridge=bridge_Trunk comment="Ommited VLAN" tagged=bridge_Trunk,ether5,ether7,ether8 vlan-ids=101
add bridge=bridge_Trunk comment="Mediji VLAN" tagged=bridge_Trunk,ether8 vlan-ids=102
add bridge=bridge_Trunk comment="Ommited VLAN" tagged=bridge_Trunk,ether6,ether7 vlan-ids=103
add bridge=bridge_Trunk comment="Ommited VLAN" tagged=bridge_Trunk,ether5,ether7 vlan-ids=111
add bridge=bridge_Trunk comment="Ommited VLAN" tagged=bridge_Trunk,ether7 vlan-ids=112
add bridge=bridge_Trunk comment="Ommited VLAN" tagged=bridge_Trunk,ether8 vlan-ids=121
add bridge=bridge_Trunk comment="Skupstina VLAN" tagged=bridge_Trunk,ether8 vlan-ids=104
add bridge=bridge_Trunk comment="Sala za sastanke VLAN" tagged=bridge_Trunk,ether5 vlan-ids=105
add bridge=bridge_Trunk comment="Kulturna razmena VLAN" tagged=bridge_Trunk,ether6 vlan-ids=106
/interface wifi capsman
set ca-certificate=WiFi-CAPsMAN-CA-789A1884422D certificate=WiFi-CAPsMAN-789A1884422D enabled=yes interfaces=\
    vlan10_MGMT package-path="" require-peer-certificate=no upgrade-policy=none
/interface wifi provisioning
add action=create-dynamic-enabled comment="Guest 2GHz" disabled=no master-configuration=Guest2 supported-bands=2ghz-ax
add action=create-dynamic-enabled comment="Guest 5GHz" disabled=no master-configuration=Guest5 supported-bands=5ghz-ax

CAP (hAP ax2)

/interface bridge
add name=bridge protocol-mode=none
/interface vlan
add interface=bridge name=vlan10_MGMT vlan-id=10
add interface=bridge name=vlan100_Guest vlan-id=100
/interface wifi datapath
add bridge=bridge disabled=no name=datapath
/interface wifi
# managed by CAPsMAN
set [ find default-name=wifi1 ] configuration.manager=capsman .mode=ap datapath=datapath
# managed by CAPsMAN
set [ find default-name=wifi2 ] configuration.manager=capsman .mode=ap datapath=datapath
/interface bridge port
add bridge=bridge interface=ether1
add bridge=bridge interface=ether2
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4
/interface wifi cap
set caps-man-addresses=10.1.10.1 certificate=CAP-48A98A663ECA discovery-interfaces=vlan10_MGMT enabled=yes \
    slaves-datapath=datapath
/ip dhcp-client
add interface=vlan10_MGMT
/system identity
set name=MT-TEST
/system note
set show-at-login=no

spookymulder84 · Thu Mar 28, 2024 11:56 am

I'm glad that the person here managed to make everything work: viewtopic.php?t=206073

My guess is being that the listening interface has to be a bridge where an untagged traffic is the basis for the CAPsMAN communication or something.
I give up for now, I'll set the APs manually without CAPsMAN and I'll wait for either someone responding to this, or for an update with CAPsMAN improvements or better documentation of the new CAPsMAN

neki · Thu Mar 28, 2024 3:22 pm

I have exactly same issue, cap reports "managed by capsman" and capsman reports "no connection to capsman". I feel like this will be something really stupid... I have my config bloated by try and fail method, so I will start over, let's see if we will manage...

neki · Thu Mar 28, 2024 5:07 pm

Ok, I think that I found it

On CAPsMAN remove manager=capsman from /interface wifi configuration

This is working for me..
CAPsMAN:

# 2024-03-28 15:45:29 by RouterOS 7.14.1
# model = RB5009UG+S+

/interface bridge
add admin-mac=78:9A:18:C3:18:7F auto-mac=no name=bridge1 vlan-filtering=yes
/interface wifi
add name=cap-wifi1 radio-mac=78:9A:18:CE:19:FF
add name=cap-wifi2 radio-mac=78:9A:18:CE:1A:00
/interface vlan
add interface=bridge1 name=vlan10 vlan-id=10
add interface=bridge1 name=vlan20 vlan-id=20
add interface=bridge1 name=vlan30 vlan-id=30
add interface=bridge1 name=vlan40 vlan-id=40
/interface list
add name=LAN
add name=WAN
/ip pool
add name=pool10 ranges=10.50.10.200-10.50.10.210
add name=pool20 ranges=10.50.20.100-10.50.20.200
add name=pool30 ranges=10.50.30.100-10.50.30.200
add name=pool40 ranges=10.50.40.100-10.50.40.200
/ip dhcp-server
add address-pool=pool10 interface=vlan10 name=server10
add address-pool=pool20 interface=vlan20 name=server20
add address-pool=pool30 interface=vlan30 name=server30
add address-pool=pool40 interface=vlan40 name=server40
/interface bridge port
add bridge=bridge1 frame-types=admit-only-vlan-tagged interface=ether3
add bridge=bridge1 frame-types=admit-only-vlan-tagged interface=ether4
add bridge=bridge1 frame-types=admit-only-vlan-tagged interface=ether5
add bridge=bridge1 frame-types=admit-only-vlan-tagged interface=ether6
add bridge=bridge1 frame-types=admit-only-vlan-tagged interface=ether7
add bridge=bridge1 frame-types=admit-only-vlan-tagged interface=ether8
/ipv6 settings
set disable-ipv6=yes
/interface bridge vlan
add bridge=bridge1 tagged=bridge1,ether3,ether4,ether5,ether6,ether7,ether8 \
    vlan-ids=10
add bridge=bridge1 tagged=bridge1,ether3,ether4,ether5,ether6,ether7,ether8 \
    vlan-ids=20
add bridge=bridge1 tagged=bridge1,ether3,ether4,ether5,ether6,ether7,ether8 \
    vlan-ids=30
add bridge=bridge1 tagged=bridge1,ether3,ether4,ether5,ether6,ether7,ether8 \
    vlan-ids=40
/interface list member
add interface=ether1 list=WAN
add interface=vlan10 list=LAN
add interface=vlan20 list=LAN
add interface=vlan30 list=LAN
add interface=vlan40 list=LAN
/interface wifi capsman
set enabled=yes interfaces=vlan10 package-path="" require-peer-certificate=no \
    upgrade-policy=none
/ip address
add address=10.50.10.1/24 interface=vlan10 network=10.50.10.0
add address=10.50.20.1/24 interface=vlan20 network=10.50.20.0
add address=10.50.30.1/24 interface=vlan30 network=10.50.30.0
add address=10.50.40.1/24 interface=vlan40 network=10.50.40.0
/ip dhcp-client
add interface=ether1 use-peer-dns=no use-peer-ntp=no
/ip dhcp-server network
add address=10.50.10.0/24 dns-server=1.1.1.1 gateway=10.50.10.1 ntp-server=\
    10.50.10.1
add address=10.50.20.0/24 dns-server=1.1.1.1 gateway=10.50.20.1 ntp-server=\
    10.50.20.1
add address=10.50.30.0/24 dns-server=1.1.1.1 gateway=10.50.30.1 ntp-server=\
    10.50.30.1
add address=10.50.40.0/24 dns-server=1.1.1.1 gateway=10.50.40.1 ntp-server=\
    10.50.40.1
/ip dns
set servers=1.1.1.1
/ip firewall filter
add action=accept chain=input
add action=accept chain=forward
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
/system clock
set time-zone-name=Europe/Prague
/system identity
set name=router
/system note
set show-at-login=no
/system ntp client
set enabled=yes
/system ntp server
set enabled=yes
/system ntp client servers
add address=cz.pool.ntp.org
/tool romon
set enabled=yes

CAP:

# 2024-03-28 15:45:52 by RouterOS 7.14.1
# model = cAPGi-5HaxD2HaxD
/interface bridge
add admin-mac=78:9A:18:CE:19:FD auto-mac=no name=bridge1 vlan-filtering=yes
/interface wifi
# managed by CAPsMAN
set [ find default-name=wifi1 ] configuration.manager=capsman .mode=ap \
    datapath.bridge=bridge1 disabled=no
# managed by CAPsMAN
set [ find default-name=wifi2 ] configuration.manager=capsman .mode=ap \
    datapath.bridge=bridge1 disabled=no
/interface vlan
add interface=bridge1 name=vlan10 vlan-id=10
/interface bridge port
add bridge=bridge1 frame-types=admit-only-vlan-tagged interface=ether1
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \
    interface=ether2 pvid=10
/interface bridge vlan
add bridge=bridge1 tagged=bridge1,ether1 untagged=ether2 vlan-ids=10
add bridge=bridge1 tagged=bridge1,ether1 vlan-ids=20
add bridge=bridge1 tagged=bridge1,ether1 vlan-ids=30
add bridge=bridge1 tagged=bridge1,ether1 vlan-ids=40
/interface wifi cap
set certificate=request discovery-interfaces=vlan10 enabled=yes
/ip address
add address=10.50.10.51/24 interface=vlan10 network=10.50.10.0
/ip dns
set servers=1.1.1.1
/ip firewall filter
add action=accept chain=input
add action=accept chain=forward
/ip route
add disabled=no dst-address=0.0.0.0/0 gateway=10.50.10.1 routing-table=main \
    suppress-hw-offload=no
/system clock
set time-zone-name=Europe/Prague
/system identity
set name=cAP-ax-1
/system note
set show-at-login=no
/system ntp client
set enabled=yes
/system ntp client servers
add address=cz.pool.ntp.org
/tool romon
set enabled=yes

spookymulder84 · Thu Mar 28, 2024 5:28 pm

Ok, I think that I found it

...........DID I WASTE A WHOLE DAY ON THAT???

It's actually working now... Jesus Christ...
Thank you so much! I'm glad you haven't gave up... I mean now I understand why this happened, but I just can't believe it was something this dumb

I'll try and figure out VLANs later

Edit: everything works great! CAPsMAN is listening on the VLAN interface, datapath is set for each VLAN on the CAPsMAN side within configurations, while on the CAP side only bridge where the VLAN is located is selected, and VLANs are then dynamically assigned to their appropriate interfaces.
I'm just not sure whether VLAN filtering on the CAP side affects something or not... it seems to me as if it didn't work without it, but works with it

maxslug · Sat Mar 30, 2024 12:10 am

OH FFS!!!! I've wasted days on this too. Thank you. CAPsMANv2 with VLANs and WiFi 5 Wave 2 is a total and complete f***** nightmare.
And I've done a *lot* to try to understand and give back here : viewtopic.php?t=166330 . I'll update my thread to RouterOS 17 if I can ever get it all working again, sigh.

Mikrotik: Please, oh please, update https://help.mikrotik.com/docs/display/ ... %22package and add a case for the following:

cAPac (WiFi 5 Wave 2) using wifi-qualcom-ac firmware
3 VLANs going to 3 SSIDs
CAPsMANv2 running on another device
Everything going over a management VLAN

I don't care how static or how dynamic it is, I just want to get back to where I was before my router died and I decided to move to the latest and greatest.

CAPsMAN with VLANs, "no connection to CAPsMAN" [SOLVED]

CAPsMAN with VLANs, "no connection to CAPsMAN"

Re: CAPsMAN with VLANs, "no connection to CAPsMAN"

Re: CAPsMAN with VLANs, "no connection to CAPsMAN"

Re: CAPsMAN with VLANs, "no connection to CAPsMAN" [SOLVED]

Re: CAPsMAN with VLANs, "no connection to CAPsMAN"

Re: CAPsMAN with VLANs, "no connection to CAPsMAN"

Who is online