cAP ax, CRS112-8P-4S and CAPsMAN

gb276s452367g4b · August 9, 2024, 1:40pm

Since the CRS is Layer2 only, ik have no VLAN interfaces to use.
(EDIT: Sorry, my bad, I have one VLAN available, VLAN1 in which all management traffic is handled. I tried that also, no luck)

I configured a monitor port on the CRS so that I kan use Wireshark to have a look at traffic coming from and going to one of the cAP’s. I see CAPWAP traffic originating from my CRS, and CAPWAP traffic originating from the cAP, but there seems to be no connection of any CAPWAP kind between the to. Wireshark report malformed packets, that could well be a Wireshark issue.

No clue what to do from here.

neki · August 9, 2024, 1:47pm

…its in your conifg? vlan interface named LAN ?

/interface vlan
add interface=br0 name=LAN vlan-id=1

gb276s452367g4b · August 9, 2024, 1:54pm

yes, sorry, you are spot on. Ik just tried that one also, it didn’t do anything.

neki · August 9, 2024, 1:58pm

Do you see them in neighbor tab? Each other?

Did you try to set up exact IP of CAPsMAN on CAP? …and not use discovery

gb276s452367g4b · August 9, 2024, 2:00pm

[admin@MikroTik-Switch-1] > /interface/wifi/capsman/print
;;; failed to create CA certificate: name must be unique! (6)
enabled: yes
interfaces: LAN
ca-certificate: auto
certificate: auto
require-peer-certificate: no
package-path:
upgrade-policy: none
generated-ca-certificate: WiFi-CAPsMAN-CA-488F5A1606EA
generated-certificate: WiFi-CAPsMAN-488F5A1606EA

what? what kind of error is that? it clearly shows two generated certificates. What name is it referring to?

holvoetn · August 9, 2024, 2:20pm

Clear certificates on controller.

Personally I don’t use certificates for capsman.

gb276s452367g4b · August 9, 2024, 3:04pm

Tried it without certificates. No cigar again. I’m getting to the point where I’m ready to throw my towel.

neki · August 9, 2024, 3:12pm

is there any existing CA cert?

gb276s452367g4b · August 9, 2024, 3:20pm

Not anymore. But if I set CA-certificate to “auto” it will generate a new CA cert and a new cert. But with above error. I’m completely lost. It shouldn’t be that difficult

neki · August 9, 2024, 4:22pm

What about storage space?

infabo · August 9, 2024, 5:41pm

Pretty sure there is another CA cert already to find under /certificates. Just remove that one.

gb276s452367g4b · August 9, 2024, 8:22pm

For some mysterious reason I can’t explain, the cAp’s and CAPsMAN have decided to join their forces. The “Remote CAP” shows now my two cAP’s. It doesn’t give me much confidence but it is what it is. Thanks you all for helping me.

infabo · August 9, 2024, 9:36pm

Mikrotik should create a wifi Capsman troubleshooting guide. I am wondering what can possibly go wrong on setup Capsman. A lot. It was a near fluid experience for me, just a few months ago. I would not say as intuitive as using Unifi Network Server, but that’s because of the Mikrotik philosophy. E.g. a Unifi AP is a dumb disc with flashing LED when you power it on first time. It stays dumb until you hit a provision button on the Unifi management software. A Mikrotik wireless device (even the ones named CAP as e.g. the CAP AC) on the other hand starts up and applys some default configuration and from this point on it can get dirty and tricky. Joining a cap manually with existing default configuration (or even quickset applied) is somehow a field of mines. You can cross it alive maybe with luck, likely as you win the lottery jackpot. You’d better find a safe way around it.

So two tips for first time configuration of a wifi Capsman setup:

setup a most simple wifi Capsman and ensure it is running
add/join caps only by resetting them to capsman-mode. That’s either holding reset button for 5sec or use system configuration reset with caps-mode flag. On boot they now join automatically the first capsman they find on the network.