Community discussions

Search found 18 matches

by yaomacbt
Fri Oct 18, 2019 4:52 pm
Forum: General
Topic: 2 CAPsMAn profiles on LAN [SOLVED]
Replies: 13
Views: 711

Re: 2 CAPsMAn profiles on LAN [SOLVED]

Finally figure it out, I had to physically enable the CAP mode on the metal to make it willing to choose the right MAC radio CAPsMAN config.

There is a reset button on the metal AP, while boot up, press and hold it for about 10 seconds, then it will go to the CAP mode.
by yaomacbt
Wed Oct 16, 2019 11:15 pm
Forum: General
Topic: 2 CAPsMAn profiles on LAN [SOLVED]
Replies: 13
Views: 711

Re: 2 CAPsMAn profiles on LAN [SOLVED]

I don't have any experience with Metal ... so I'm only guessing ... this device is peculiar because it has single dual-band radio. How does one select the band to operate (if setting up directly, not through capsman)? Simply by setting desired frequency band? Yes, it has a list contains all availab...
by yaomacbt
Wed Oct 16, 2019 10:01 pm
Forum: General
Topic: 2 CAPsMAn profiles on LAN [SOLVED]
Replies: 13
Views: 711

Re: 2 CAPsMAn profiles on LAN [SOLVED]

And E4:8D:8C:F8:72:7F is MAC address of CAP's bridge1?
Yes
BTW, CAPsMAN config has channel.band=2ghz-b/g/n (and matching frequency), while CAP's wireless interface is 5GHz??
Yes, I don't know where does this CAP radio's wireless config come from. It shows 5GHz, no SSID and managed by CAPsMAN.
by yaomacbt
Wed Oct 16, 2019 7:59 pm
Forum: General
Topic: 2 CAPsMAn profiles on LAN [SOLVED]
Replies: 13
Views: 711

Re: 2 CAPsMAn profiles on LAN [SOLVED]

And how in particular did you configure certain CAP for dual-SSID operation? That config stanza is not in posted export. I am only using that Fortest configuration. Here is the output after I change the 00:00... MAC address to the CAP radio's bridge MAC, and delete the other CAPsMAN configuration: ...
by yaomacbt
Wed Oct 16, 2019 7:24 pm
Forum: General
Topic: 2 CAPsMAn profiles on LAN [SOLVED]
Replies: 13
Views: 711

Re: 2 CAPsMAn profiles on LAN [SOLVED]

Can you share capsman config (output of /capsman export hide-sensitive )? Sure, please see below: /caps-man security add authentication-types=wpa2-eap eap-methods=passthrough \ eap-radius-accounting=yes encryption=aes-ccm group-encryption=aes-ccm \ group-key-update=5m name=EAP tls-certificate=none ...
by yaomacbt
Wed Oct 16, 2019 6:38 pm
Forum: General
Topic: 2 CAPsMAn profiles on LAN [SOLVED]
Replies: 13
Views: 711

Re: 2 CAPsMAn profiles on LAN [SOLVED]

... and add one on top of it with Radio A's MAC address. In my case it's MAC address of CAPs interface talking to CAPsMAN that needs to be configured in special profile ... in particular it's CAP's bridge MAC address, not the wireless interface's one ... It's not necessary to configure anything els...
by yaomacbt
Mon Oct 14, 2019 9:13 pm
Forum: General
Topic: 2 CAPsMAn profiles on LAN [SOLVED]
Replies: 13
Views: 711

Re: 2 CAPsMAn profiles on LAN [SOLVED]

You can. After you created several CAPsMAN profiles, bind particular profile to particular CAP in /capsman profile ... use radio-mac= property. It seems that when CAP wants to bind, profiles get searched from top to bottom and first match wins. Meaning that the general profile definition (without r...
by yaomacbt
Mon Oct 14, 2019 8:20 pm
Forum: General
Topic: 2 CAPsMAn profiles on LAN [SOLVED]
Replies: 13
Views: 711

2 CAPsMAn profiles on LAN [SOLVED]

I currently have a MikroTik RB 1100, and couple of 52ac metal Access Points. All the APs has been wired connected to the RB1100. I manage these APs from the RB1100 using the CAPsMAN. And I configured them based on following guide: https://wiki.mikrotik.com/wiki/Manual:Simple_CAPsMAN_setup Now, all C...
by yaomacbt
Mon Oct 14, 2019 5:28 pm
Forum: General
Topic: MikroTik CHR on AWS with IPSec [SOLVED]
Replies: 15
Views: 1695

Re: MikroTik CHR on AWS with IPSec [SOLVED]

Thank you guys all, just want to give an update on the CHR IPsec, it is established now, I had to: 1. allow the IPsec port and ESP potocol on my CHR instance in AWS security group. 2. Then figured as what MiktoTik suggests, and enable NAT-T, the SA-srouce address I put my CHR's private IP, not the p...
by yaomacbt
Tue Sep 17, 2019 8:28 pm
Forum: Wireless Networking
Topic: LTE modem meshed APs
Replies: 4
Views: 569

Re: LTE modem meshed APs

Just one question, what you mentioned:
wireless PtP link (if you have both 2.4Hz and 5Ghz on the AP - one used for wireless bridge between AP, other band used for clients),
Is this Nstreme Dual in MikroTik?

Thanks!
by yaomacbt
Tue Sep 17, 2019 8:14 pm
Forum: Wireless Networking
Topic: LTE modem meshed APs
Replies: 4
Views: 569

Re: LTE modem meshed APs

A "mesh" is pretty overloaded term... Guessing you have 4 different Layer3 networks, one per AP. Your current config can work, except it's like always using "client isolation" since which AP a Wi-Fi client was using determine what other Wi-Fi client it could see (assuming your using the same SSID/p...
by yaomacbt
Tue Sep 17, 2019 6:43 pm
Forum: Wireless Networking
Topic: LTE modem meshed APs
Replies: 4
Views: 569

LTE modem meshed APs

MikroTik have some LTE modem APs, which allow using the LTE as the gateway to the Internet. I am wondering could we use couple of these LTE modem to created a meshed network under the same subnet? For example, I have 4 Mikrotik LTE modem, with a SIM card and getting LTE Internet connection from the ...
by yaomacbt
Mon Sep 16, 2019 6:00 pm
Forum: General
Topic: MikroTik CHR on AWS with IPSec [SOLVED]
Replies: 15
Views: 1695

Re: MikroTik CHR on AWS with IPSec [SOLVED]

This is all I have in mine. No need for anything else as I have a decent firewall on the CHR itself.
Capture.PNG
Thanks!
My current issue seems like on the other peer, will do more troubleshoot and update later.
by yaomacbt
Fri Sep 13, 2019 7:06 pm
Forum: General
Topic: MikroTik CHR on AWS with IPSec [SOLVED]
Replies: 15
Views: 1695

Re: MikroTik CHR on AWS with IPSec [SOLVED]

Why poke holes in a firewall you have little control over when you can forward all traffic to a firewall you have full control over? The option is easily accessible through MikroTik. If AWS don't give you option for it, make your life easier by putting a decent firewall on your CHR and pass everyth...
by yaomacbt
Fri Sep 13, 2019 6:04 pm
Forum: General
Topic: MikroTik CHR on AWS with IPSec [SOLVED]
Replies: 15
Views: 1695

Re: MikroTik CHR on AWS with IPSec [SOLVED]

Here is a good tutorial on how to open ports in AWS. And I do not agree that you should just open all ports. Unless you are an ISP or Hosting Data Center that has other security appliances deployed, You should only allow the ports that you need and deny the rest. AWS Has great security appliances t...
by yaomacbt
Fri Sep 13, 2019 4:36 pm
Forum: General
Topic: MikroTik CHR on AWS with IPSec [SOLVED]
Replies: 15
Views: 1695

Re: MikroTik CHR on AWS with IPSec [SOLVED]

I literally finished setting this up myself this morning. Absolutely as above. You get a private LAN which is 1:1 NAT with a real public IP. You need NAT traversal and the key for me was IPSEC-ESP being open in the firewall. My CHR at home connects no problem as well as parents RB750 but I had to d...
by yaomacbt
Fri Sep 13, 2019 4:28 pm
Forum: General
Topic: MikroTik CHR on AWS with IPSec [SOLVED]
Replies: 15
Views: 1695

Re: MikroTik CHR on AWS with IPSec [SOLVED]

I literally finished setting this up myself this morning. Absolutely as above. You get a private LAN which is 1:1 NAT with a real public IP. You need NAT traversal and the key for me was IPSEC-ESP being open in the firewall. My CHR at home connects no problem as well as parents RB750 but I had to d...
by yaomacbt
Wed Sep 11, 2019 12:07 am
Forum: General
Topic: MikroTik CHR on AWS with IPSec [SOLVED]
Replies: 15
Views: 1695

MikroTik CHR on AWS with IPSec [SOLVED]

Hi Everyone, We have a Mikrotik virtual CHR hosted on AWS working as the VPN gateway between our office and AWS cloud(using SSTP tunnel), which works perfect. Recently one of our partner needs to build an IPsec tunnel to us, and we'd like to use this CHR as the peer on our side. However, the IPsec t...