cant make identity-regexp & common-name-regexp working
@rextended, i really need your input here
I’m not the only user on this forum.
I want help you, but you must wait, I’m on anoter time zone and now I must go to bed.
But do not forget to explain what exactly is the problem, routeros version used and on what devices.
Better if you provide some /export to understand
if i explore my config would be irelevant.
Whenever i fill that part for entity-regexp & common-name-regexp, and then when i do provisioning, i’m not getting any result according to what i have filled there
Show me the complete provisioning rules including the exact regexps that don’t work and the exact names and MAC addresses (or certificate common names if you use them) of the cAPs that should match these regexps but don’t.
Do you realize that the caps-man provisioning rules are processed the same way like firewall rules, routing rules etc., i.e. top to bottom until first match, therefore some rules may shadow other ones?
i got this one for testing purposes
/caps-man provisioning
add action=create-enabled hw-supported-modes=gn identity-regexp=GP-AP-.* master-configuration=test radio-mac=6C:3B:6B:xx:xx:xx slave-configurations=
test
What i’m expecting is, once i’ll click on provisioning i should be saying on /caps-man interface> to be GP-AP for that particular rule.
Maybe i’m wrong, but that is what i’m expecting.
Correctme what do you want me to correct to see that its working, once i click provisioning
I’m not sure I understand your expectation properly, but if you assume that the regexp is used to control what name will be assigned to the interface created according to the rule, it is a wrong assumption. All the regexp fields are match fields, i.e. they are used to select cAPs to which the rule will apply. So identity-regexp=“n.sto” makes the rule apply only on cAPs whose /system identity name item contains n.sto - e.g. nesto-odlicno, tuka-nema-nisto etc.
To affect the name of the created interface, use name-format and name-prefix items.
that make a lot of sane. so my assumption is wrong.
In this case im not sure what this does.
Much appreciated if you can explain here, or advice me how can i make it works the way you suggesting
You mean how you can automate the creation of the interface names?
i mean if you can give me some tip how properly can i use identity-regexp & common-name-regexp working.
i have spend lot of time with our result
The identity-regexp and common-name-regexp are useful in large networks with tens or even hundreds of cAPs where some groups of cAPs need specific configurations not due to their technical parameters (support of various frequency bands and Modulation and Coding Schemes) but e.g. due to “geographical” area they cover. So you want some SSIDs to be provisioned only on some groups of cAPs, or you centrally control cAPs in different regulatory domains, which is a very bad idea from networking point of view, as WAN between cAP and CAPsMAN is a source of headache, but a good example.
To facilitate this, you can use the name of the group as part of the individual name of eac cAP. So you prepare the provisioning rules for the groups, using the name of each group as identity-regexp for the provisioning rule corresponding to that group, and whenever you add a new cAP to the network, the only thing you have to do is to rename it accordingly (using the [Set Identity] button in Winbox->CAPsMAN->Remote CAP). So you end up with cAP names skopje-1 … skopje-N and melbourne-1 … melbourne-M, and two provisioning rules, one with identity-regexp=skopje and the other one with identity-regexp=melbourne.
And these two rules may be set with name-format=identity, which will make the interface names be generated as the cAP identity suffixed with the order number, rather than the default cap suffixed with the order number.
Exactly, I wouldnt bother assisting such an obtuse fellow probably doing something illegal because he refuses to provide the clear requirements (use cases what users should or should not be able to do and without any mention of config) and only wants info on some specific bit of config code.
(let alone not wanting to show the config or network diagram). So that forces you to come up with attempting to find plausible scenarios.
Thanks sindy, that makes a lot of sense.
hvala puno,najbolji si!
Now is it clear or do you still need help?
I hope you have solved
tx @rextended, solved
could anyone explain the purpose of common-name-regexp?
I don’t find any explanation.
Sounds like matching on the CN (common name) field of the CAP certificate.
and that is most likely the case, the old documentation is a bit confusing in the first place:
AP Controller (CAPsMAN) - RouterOS - MikroTik Documentation
common-name-regexp (string; Default: ) Regular expression to match radios by common name
but that could mean anything
Manual:CAPsMAN - MikroTik Wiki
common-name-regexp (string; Default: ) Regular expression to match radios by common name. Each CAP’s common name identifier can be found under “/caps-man radio” as value “REMOTE-CAP-NAME”
but that is the same identity as system/identity on the CAP tough only if you do not use certificates…
but both documentations state the following:
CAPsMAN distinguishes between CAPs based on an identifier. The identifier is generated based on the following rules:
if CAP provided a certificate, identifier is set to the Common Name field in the certificate
otherwise identifier is based on Base-MAC provided by CAP in the form: ‘[XX:XX:XX:XX:XX:XX]’.
so it is the common name of the certificate, the same when you do
[admin@...] > certificate/print
Flags: L - CRL; T - TRUSTED
Columns: NAME, COMMON-NAME, FINGERPRINT
# NAME COMMON-NAME FINGERPRINT
here is a tutorial using certificates for CAPsMAN, which could make the above stated easier understandable: https://www.gonscak.sk/?p=575