If I were dealing with several sites...
I would have the sites call the Main router over L2TP +IPsec VPNs. So the devices that are behind carrier grade NAT are the "dialer".
My CCR is also about that old... but it has been kept current.I have a CCR1009 which is almost 5 years old and it has been updating fine - I keep it current, so at one point was on 6.33 or earlier.
I get that.It's not L2TP that I'm an trying to get to work. It's an ipsec site to site vpn between firewalls. I can get L2TP to work ok.
nobody has 40 locations liar
If you don't mind slowing your throughput to a crawl... Go right ahead and do this.The easiest way is to use capsman forwarding mode, by defining the bridge in capsman datapath configuration and not enabling local forwarding traffic for the new ssid will be sent to the bridge without vlans.
HahahaOLD issue/topic. No fix.
Move it to trash (where the crs354-48G/P should be also).
AudienceIt doesn't make sense to use CAPsMAN on the (single) device it is managing. So, no...just config the hAP ac2 as preferred.
I use CAPsMAN if there are three or more accesspoints involved.
Aside from all the mikrotik WiFi glitches... lowering power level like this has worked for me too.I am (and it is working perfectly)So in caps-man we are supposed to lower transmit power.
So in caps-man we are supposed to lower transmit power.From the Wiki:
https://wiki.mikrotik.com/wiki/Manual:C ... e_TX_power
Changing vendors would be "more stable".I meant: would a CRS326 running RouterOS be a more stable solution?
EOIP... Its like stretching a long cable between 2 tiks. EVERYTHING goes across it.From my limited knowledge its a really cool and easy way to add two separate locations and make one of them 'part of the others LAN'.
It means that it's POE was still active despite the fact that the switch seemed completely locked up.What does this mean ?During lockup...
It still provided POE to a hAP AC2 and to a 5 port 260
/IP firewall filter exportOn RB I have PPTP VPN server, open ports for applications.....everything works OK except outgoing connection to remote PPTP VPN server from PC behind RB.
Does anybody know why?
Local Forwarding... always local forwarding... Covered again and again in this thread.@gotsprings
You are using local mode forwarding or caps man forward mode?
Sent from my Moto Z3 Play using Tapatalk
That's what I was typing... Add the second WLAN to your bridge.Thanks for the comments, checked the provided doc, couldn't see anything that I hadn't already done.
I'm not using separate VLANs, I just want the new SSID in the existing single VLAN set up.
I don't think I have ever had to do that.I'm afraid you may have to set arp=proxy-arp on the WAN interface if the all the public addresses are from the same subnet attached to the WAN interface.
Yup... That right there. If no switch is layer 3 or a router... You are not getting from one subnet to the others.
In fact, in such a setup you need a router to allow communication between the VLANs, not to block it.
Which Bugs exactly in caps-man?RouterOS v6.46beta59 has fixes for wireless. Do they fix your performance problems with hap ac2?
(Not with CAPSMAN, this is full of bugs)
And i am the top one.
2 months??? wAP ACs took nearly a year to get stable numbers.take it with a grain of salt
new devices comes with their own issues, and take some time to be resolved
i recommend to wait at least 2 months after introduction to market, to include a new device in a serious project
/caps-man access-list add action=accept interface=any signal-range=-87..120 add action=reject interface=any signal-range=-120..-88