Hi, guys!
Yesterday I started configuring a small network for my office and I have troubles with CAPsMAN configuration.
There are RB2011 and cAP in a network as represented below:
My main trouble now is that there are unpredictable speed jumps up and down for clients who is connected to cAP.
For e.g.:
first speed test showed dl - 19.93MB, up - 4.91MB
second speed test that was made in 3 sec after first one showed dl - 3.28MB, up - 3.91MB
Here are “/export compact” output for both devices
RB2011
# jun/29/2017 12:59:46 by RouterOS 6.39
# software id = 37XX-0ZSC
#
/caps-man channel
add band=2ghz-g/n control-channel-width=20mhz extension-channel=Ce frequency=\
2437 name=channel6 tx-power=30
add band=2ghz-g/n control-channel-width=20mhz extension-channel=Ce frequency=\
2422 name=channel3 tx-power=20
/interface bridge
add name=bridge-guest
add name=bridge-internal
/interface ethernet
set [ find default-name=ether1 ] comment="ISP - 1"
set [ find default-name=ether2 ] name=ether2-master
set [ find default-name=ether3 ] master-port=ether2-master name=ether3-slave
set [ find default-name=ether4 ] master-port=ether2-master name=ether4-slave
set [ find default-name=ether5 ] master-port=ether2-master name=ether5-slave
set [ find default-name=ether6 ] comment="ISP - 2"
set [ find default-name=ether7 ] name=ether7-master
set [ find default-name=ether8 ] master-port=ether7-master name=ether8-slave
set [ find default-name=ether9 ] comment="Inner cAP" master-port=\
ether7-master name=ether9-slave
set [ find default-name=ether10 ] master-port=ether7-master name=\
ether10-slave
set [ find default-name=sfp1 ] disabled=yes
/interface wireless
# managed by CAPsMAN
# channel: 2437/20-Ce/gn(30dBm), SSID: Office - Guest, CAPsMAN forwarding
set [ find default-name=wlan1 ] ssid=MikroTik
/interface pppoe-client
add add-default-route=yes comment="PPPoE - ISP2" disabled=no interface=\
ether6 name=pppoe-out1 password=xxxxxxxx use-peer-dns=yes user=xxxxxxxx
/caps-man datapath
add bridge=bridge-guest client-to-client-forwarding=yes name=datapath-guest
/caps-man security
add name=security-guest
/caps-man configuration
add country="united states" datapath=datapath-guest mode=ap name=cfg-guest \
rx-chains=0,1,2 security=security-guest ssid="Office - Guest" \
tx-chains=0,1,2
/caps-man interface
add channel=channel6 configuration=cfg-guest disabled=no l2mtu=1600 \
mac-address=XX:XX:XX:XX:XX:XX master-interface=none name=cap1 radio-mac=\
XX:XX:XX:XX:XX:XX
add channel=channel3 configuration=cfg-guest disabled=no l2mtu=1600 \
mac-address=YY:YY:YY:YY:YY:YY master-interface=none name=cap2 radio-mac=\
YY:YY:YY:YY:YY:YY
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool1 ranges=10.17.16.100-10.17.16.254
add name=dhcp_pool2 ranges=192.168.0.100-192.168.0.254
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=bridge-internal lease-time=\
1d name=dhcp1
add address-pool=dhcp_pool2 disabled=no interface=bridge-guest lease-time=1h \
name=dhcp2
/ppp profile
set *0 dns-server=80.91.161.75,80.91.160.5
/tool user-manager customer
set admin access=\
own-routers,own-users,own-profiles,own-limits,config-payment-gw
/caps-man manager
set ca-certificate=auto certificate=auto enabled=yes \
require-peer-certificate=yes
/caps-man provisioning
add action=create-dynamic-enabled master-configuration=cfg-guest
/interface bridge port
add bridge=bridge-internal interface=ether2-master
add bridge=bridge-internal interface=ether7-master
add bridge=bridge-guest interface=cap2
/interface l2tp-server server
set caller-id-type=ip-address
/interface wireless cap
#
set bridge=bridge-internal caps-man-certificate-common-names=\
CAPsMAN-XXXXXXXXXXXX certificate=CAP-XXXXXXXXXXXX discovery-interfaces=\
bridge-internal enabled=yes interfaces=wlan1 lock-to-caps-man=yes
/ip address
add address=192.168.0.1/24 interface=bridge-guest network=192.168.0.0
add address=10.17.16.1/24 interface=bridge-internal network=10.17.16.0
/ip dhcp-client
add add-default-route=no dhcp-options=hostname,clientid interface=ether1
/ip dhcp-server network
add address=10.17.16.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=10.17.16.1
add address=192.168.0.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.0.1
/ip dns
set allow-remote-requests=yes
/ip firewall address-list
add address=10.17.16.0/24 disabled=yes list=LocalNet
add address=192.168.0.0/24 disabled=yes list=LocalNet
/ip firewall filter
add action=drop chain=input dst-port=53 in-interface=ether1 log=yes \
log-prefix=53_drop_ether1 protocol=udp
add action=drop chain=input dst-port=53 in-interface=ether6 log=yes \
log-prefix=53_drop_ether6 protocol=udp
/ip firewall mangle
add action=mark-connection chain=input disabled=yes dst-address=10.17.16.5 \
in-interface=ether1 new-connection-mark="ISP1 -> Input" \
passthrough=no
add action=mark-routing chain=output connection-mark="ISP1 -> Input" \
disabled=yes new-routing-mark="ISP - 1" passthrough=no
add action=mark-connection chain=input disabled=yes dst-address=94.232.77.199 \
in-interface=pppoe-out1 new-connection-mark="ISP2 -> Input" \
passthrough=no
add action=mark-routing chain=output connection-mark="ISP2 -> Input" \
disabled=yes new-routing-mark="ISP - 2" passthrough=no
add action=mark-routing chain=prerouting disabled=yes dst-address-list=\
!LocalNet new-routing-mark="Inner network" passthrough=no src-address=\
10.17.16.0/24
/ip firewall nat
add action=masquerade chain=srcnat comment="ISP - 1" disabled=yes \
out-interface=ether1
add action=masquerade chain=srcnat comment="ISP - 2" out-interface=\
pppoe-out1
/ip route
add disabled=yes distance=1 gateway=10.17.16.1 routing-mark=\
"ISP - 1"
add disabled=yes distance=1 gateway=195.114.143.0 routing-mark=\
"ISP - 2"
add check-gateway=arp disabled=yes distance=10 gateway=195.114.143.0 \
routing-mark="Inner network"
add check-gateway=arp disabled=yes distance=11 gateway=10.17.16.1 \
routing-mark="Inner network"
/ip route rule
add action=unreachable dst-address=10.17.16.0/24 src-address=192.168.0.0/24
add action=unreachable dst-address=192.168.0.0/24 src-address=10.17.16.0/24
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh address=10.17.16.0/24
set api disabled=yes
set winbox address=10.17.16.0/24
set api-ssl disabled=yes
/system clock
set time-zone-name=Europe/Kiev
/system identity
set name="Main router"
cAP:
# jun/29/2017 13:09:54 by RouterOS 6.39
# software id = ULE6-YZHP
#
/interface wireless
# managed by CAPsMAN
# channel: 2422/20-Ce/gn(20dBm), SSID: Office - Guest, CAPsMAN forwarding
set [ find default-name=wlan1 ] band=2ghz-g/n channel-width=20/40mhz-Ce \
country="united states" frequency=2422 frequency-mode=superchannel \
guard-interval=long hw-protection-mode=rts-cts hw-retries=15 mode=\
ap-bridge rx-chains=0,1 ssid="Office - Guest" tx-chains=0,1 \
wireless-protocol=802.11 wps-mode=disabled
/interface wireless nstreme
# managed by CAPsMAN
# channel: 2422/20-Ce/gn(20dBm), SSID: Office - Guest, CAPsMAN forwarding
set wlan1 enable-polling=no
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" \
supplicant-identity=MikroTik wpa2-pre-shared-key=1234567890
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/tool user-manager customer
set admin access=\
own-routers,own-users,own-profiles,own-limits,config-payment-gw
/interface l2tp-server server
set caller-id-type=ip-address
/interface wireless cap
#
set caps-man-certificate-common-names=CAPsMAN-6C3B6BF9BFCC certificate=\
CAP-6C3B6B8BC56E discovery-interfaces=ether1 enabled=yes interfaces=wlan1 \
lock-to-caps-man=yes
/ip address
add address=10.17.16.99/24 disabled=yes interface=ether1 network=10.17.16.0
add address=192.168.1.1/24 network=192.168.1.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
/system clock
set time-zone-name=Europe/Kiev
/system identity
set name=AP-inside
Networks:
10.17.16.0/24 - for internal usage
192.168.0.0/24 - for guest usage
Any thoughts what I did wrong?..
The one more question that I have: can cAP broadcast two wireless networks simultaneously?