I have hAP ac router (962UiGAS-5HacT2HnT what ever the hell it means!) as main router and cAP ac access point (RBcAPGi-5acD2nD) currently configured as wifi AP (bridge). Home network, nothing super special, wifi is a mix of 2.4 and 5 GHz devices, android phones and tablets, windows laptops, apple devices are very rare… I am planning to use both mikrotik devices to make CAPsMAN configuration (main router as a master, access point as a slave) to extend coverage with the same SSID. May be later will add another device as extra slave. I have never play with CAPsMAN so I need some inspired kicks from experienced people.
Is this worthful to create such configuration with these devices?
Are these devices suitable to work together in CAPsMAN?
What are advantages/disadvantages?
Other recommendations?
You can keep SSID the same for all.
Device will select the strongest signal so general advice is to lower transmission power with 7dB for 2.4 to “help” devices to favor 5gHz above 2.4gHz.
And set your frequencies on each cap/band so they do not overlap.
E.g. 1/6/11 are usually the only ones to use on 2.4gHz to have no overlap. Unless these are already used by surrounding transmitters…
Do a scan first to see which channel is the least congested at the spot where you want to put your device.
No use standard wifi settings with vlans. Its what I do at home with
one mt router
one capac (used to be three)
two TP LINK APs (one eap245 and one eap 660hD)
One additional note not covered in that article.
I have untrusted subnets which I make into vlans lets say for example on my capac.
5ghz HOME USERS (trusted)
5ghz Virtual - Guest USERS (untrusted but not really)
2ghz Smart Devices untrusted 1 ( different media boxes ) UNTRUSTED
2ghz Virtual Smart devices untrusted 2 (smoke alarms) UNTRUSTED
2 ghz Virtual Smart devices untrusted 3 (thermostats - anything cooling/heating related) UNTRUSTEd
a. UNTRUSTED = box with software firmware with unknown code.
b. UNTRUSTED = cloud connection could be hacked at the provider end or hacked into by another device on the same wlan see a.
So I use vlans to separate the above groups of devices and users.
Clearly i dont want my smoke alarm devices to have any chance to being discovered talked to by my media boxes.
Similarly I dont want my xbox, to talk to my appletV, or to my Android movie box etc… and I dont want my ecobee thermostat discovering my nest thermostat or hvac equipment etc..(
(you could use examples of indoor and outdoor videocameras, door locks et… lots of fun.
However the more virtual WLANS I add to either the capac or TPLINK at some point I degrade the functionality for all the 2ghz equipment and eventually the AP and the 5ghz performance.
Thus I really have to decide for myself what are the critical UNTRUSTED devices I really want on a separate vlan, as I want to minimize the number of virtrual wlans used to two, three max.
smoke/fire alarms yup dont want those hacked
-video cameras yup dont want those hacked.
Thus in my examples above, in the capac under wireless settings apart from firewall rules and the setup in the link provided, one simply UNCHECKS the forward box, which isolates wifi clients from each other. So this is close to the same thing as putting them on separate WLANs/vlans…
from experienced people.