Hi. I’m migrating from old cAPsman to new one with wifi-qcom and wifi-qcom-ac packages…
In the old one I used the option CAPS FORWARDING whick is not available anymore. Any suggestions about a good practice to forward all traffic to CAPSMANAGER using new packages??
You could create EOIP tunnels from CAPs to CAPsMAN and bridge wifi interfaces with those tunnels.
Or merely VLANs as designed - what kind of network is between your CAPsMAN machine and the cAPs that you ask for alternatives?
i’m an ISP… cAPs are installed into clients shops behind NAT. I have no direct access to cAPs. But cAPs can reach my cAPsManager.
I was thinking about have a L2TP tunnel from cAP to cAPsManager… and then a EoIP Tunnel through the L2TP and then bridge wifi interfaces and EoIP interface in cAPs. But thats requires a lot of configurarion, ip reservation, etc… with old cAPsManager it was just a tick in cAPsMan Forwarding and thats all!!
I agree with you here, but this complaint has to go to Mikrotik product management, other users of the forum can just console you, not help.
well… EoIP over L2TP (over IPsec I suppose) is a bit too many layers in my opinion - either direct encryption of EoIP using IPsec or direct L2 tunneling using L2TP (BCP) would be my choice. I will not speculate further as I don’t know your use case, but maybe there are simpler solutions that do not require L2 tunneling at all?
No need for all layers using L2tp / IPSEC / EOIP, simple EOIP alone should be enough then, no ?
Because you do have direct connection (upstream from cap to capsman).
Just a question: WHY the need for capsman forwarding then if it’s your ISP network anyhow ? How else would your clients be able to go out if not using your network ?
And… since you are the ISP, why not use VLAN as already suggested above ? Much easier.
Or is the setup a bit more complex then we may think (and you’re not telling us) ?
a little console from other users is fine too … jaja
ISP#1-----------MAIN ROUTER------|
ISP#2----cAPsManager -------- switch ------ FTTH Network ------ ClientRouter (w/NAT) ------ cAP
cAP can reach cAPsManager… but cAPsManaer can’t reach cAP because it’s behind a NAT
I want to make a cAPsMan Forwarding because I want cAP traffic to go out through ISP#2. Client router internet service is through MAIN ROUTER (ISP#1)
Do I get the diagram right that the path is L2 transparent between the WAN of the client router and your (?) switch, i.e. that the addresses of the “MAIN ROUTER” and “cAPsManager” on their interfaces connected to the switch are in the same IP subnet?
between the client router and switch there is L2. Different subnets, but there is layer2
MAIN ROUTER and cAPsManager, both are routers… NAT to ISP#1 and ISP#2
I do not have access to client router. it’s a tplink, cisco or any other the client chooses.
I don’t get it…
You’re the isp.
You do control cap and capsman but not the router in between ?
I don’t control the client router. It his property.
EOIP it is then …
But I would regard this as a missed business opportunity.
I would still think L2TP or even bare IPsec without any inner tunneling protocol would be sufficient, there is no need for L2 tunneling in this setup. The default route on the cAP goes to the tunnel, a /32 route towards CAPsMAN’s customer-facing IP goes via the local GW (the LAN side of the customer’s “TP-Link or similar”), and that’s it.
The advantage of L2TP as compared to bare IPsec is that you can provide a MTU of 1500 bytes if you activate MLPPP (for the price of slightly larger overhead) and, of course, easier routing.