Hi there, I came into an environment that has MANY existing configured CAP AC units(around 44 total) that use SSIDs on 2 different vlans, so my goal is to centrally manage them via CAPSMAN. I read many how to articles, videos before I even started.
This environment does not have any RouterOS devices besides all the CAP AC’s. Rather than using one of the existing CAP AC’s for CAPsMAN, i deployed a virtual Router OS v.7.15.3 and got it licensed. I put that Virtual Router on the same Vlan as all the other CAP AC’s management vlan so can reach them without issue. Essentially it’s operating as a switch. I created a bridge, added the connected ethernet interface to it.
I realized I needed the wireless package as the CAP AC’s wouldn’t show up in the new CAPSMAN that comes with the 7.15 system package, so i installed it.
Configured CAPSMAN fairly minimally, just created security, datapath, configuration, and provisioning profiles. I’m using two vlans total( 1 per SSID) so that is in my config.
Added the CAPACs to CAPSMAN and they show up nicely in CAPSMAN.
The issue is that no clients seem to connect, and the registration table is blank. I have a test machine with wifi right by the CAPAC’s and it will just connect to a far away one that hasn’t been added to CAPSMAN yet lol…so i’m a bit puzzled why no clients will connect.
I probably should share my config:
/interface bridge
add name=Bridge
/interface ethernet
set [ find default-name=ether1 ] disable-running-check=no
/caps-man datapath
add bridge=Bridge name=datapath_vlan850 vlan-id=850 vlan-mode=use-tag
add bridge=Bridge name=datapath_vlan851 vlan-id=851 vlan-mode=use-tag
/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm \
group-key-update=5m name=security_vlan850
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm \
group-key-update=5m name=security_vlan851
/caps-man configuration
add country="united states" datapath=datapath_vlan851 mode=ap name=\
Staff_vlan851 security=security_vlan851 ssid=Staff
add country="united states" datapath=datapath_vlan850 mode=ap name=\
Public_vlan850 security=security_vlan850 security.authentication-types="" \
.encryption="" ssid=Public
/disk
set slot1 media-interface=none media-sharing=no slot=slot1
set slot2 media-interface=none media-sharing=no slot=slot2
/interface wifi datapath
add bridge=Bridge disabled=no name=datapath_vlan850 vlan-id=850
add bridge=Bridge disabled=no name=datapath_vlan851 vlan-id=851
/interface wifi security
add authentication-types=wpa2-psk disabled=no group-encryption=ccmp \
group-key-update=5m name=security_vlan850
add authentication-types=wpa2-psk disabled=no group-encryption=ccmp \
group-key-update=5m name=security_vlan851
/interface wifi configuration
add country="United States" datapath=datapath_vlan850 disabled=no mode=ap name=\
Public_vlan850 security=security_vlan850 ssid=Public
add country="United States" datapath=datapath_vlan851 disabled=no mode=ap name=\
Staff_vlan851 security=security_vlan851 ssid=Staff
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/port
set 0 name=serial0
set 1 name=serial1
/caps-man manager
set ca-certificate=auto certificate=auto enabled=yes
/caps-man provisioning
add action=create-dynamic-enabled master-configuration=Staff_vlan851 \
name-format=identity slave-configurations=Public_vlan850
/interface bridge port
add bridge=Bridge interface=ether1
/interface bridge vlan
add bridge=Bridge tagged=ether1 vlan-ids=850
add bridge=Bridge tagged=ether1 vlan-ids=851
/interface wifi capsman
set interfaces=all package-path="" require-peer-certificate=no upgrade-policy=\
none
/ip address
add address=x.x.x.x/24 interface=ether1 network=x.x.x.0
/ip dhcp-client
add disabled=yes interface=ether1
/ip dns
set servers=8.8.8.8,1.1.1.1
/ip route
add gateway=x.x.x.x
/system clock
set time-zone-name=America/Los_Angeles
/system identity
set name=Nyigma-CapsMan