Capsman manager on CAP AX ?

RouterOS Wireless Networking
1

Hello everyone,

A month ago I bought 3 CAP AX and crs326-24g-2s router. I wanted to make a capsman manager from the router. Unfortunately, I didn’t read that it is impossible to install the wifi wave2 package … (not enough space) I updated all devices to ROS 7.10, configured CRS as the main router, separated networks on vlans and decided to install/configure the manager on one of the accesspoints. As you can already guess since I’m writing - I couldn’t cope :frowning:
Is it at all possible to configure Capsman so that one accesspoint is the manager and accesspoint and controls the next two?

Supposedly this can be done from the CLI, but I haven’t found any information.

Is anyone able to help? :frowning:

CAP AX as CAPsMAN
2

Running CAPsMAN Manager on CAP ax is no problem at all, especially since it already comes with wifiwave2 package installed.

Keep in mind, however, that (new) wifiwave2 CAPsMAN is slightly different from “old” CAPsMAN, so make sure you’re not trying to apply CAPsMAN instructions to wifiwave2 CAPsMAN.

3

Actually, conceptually new capsman is a lot more alike old capsman then old wifi is different from wifiwave2.

Security settings
Channel settings
Configurations
And apply to radio…

4

I have done my own configuration in several ways, both on the forum and on the wiki. Even doing the simplest configuration without vlans. I was getting to the end, I had the information “interface managed by capsman” but no SSID was displayed.

I really don’t know what I’m doing wrong.

5

Without a crystal ball nobody is going to know what you did or did not do in your config …

terminal
/export file=anynameyouwish
Remove sensitive info like serial number, public wan ip, …
Post between code quotes for readability (5th option from the left)

6

Thank you for your response

I found one of the configs I was making.
At the moment, one AP is connected and it works on its own.
In this configuration I had information “no connection to CAPsMAN, managed locally”



# model = cAPGi-5HaxD2HaxD
/interface bridge
add name=bridge1 protocol-mode=none
add name=bridge_test_vlans protocol-mode=none
/interface vlan
add interface=ether1 name=vlan111_test vlan-id=111
add interface=bridge1 name=vlan200_DATA vlan-id=200
add interface=bridge1 name=vlan201_WORK vlan-id=201
add interface=bridge1 name=vlan202_WIFI_DATA vlan-id=202
add interface=bridge1 name=vlan203_WIFI_WORK vlan-id=203
add interface=bridge1 name=vlan204_WIFI_GUEST vlan-id=204
add interface=bridge1 name=vlan205_WIFI_VIP vlan-id=205
add interface=bridge1 name=vlan208_OLD vlan-id=208
add interface=bridge1 name=vlan209_VIDEO vlan-id=209
add interface=bridge1 name=vlan210_MGMT vlan-id=210
/interface wifiwave2 channel
add band=2ghz-ax disabled=no name=channel2g skip-dfs-channels=10min-cac \
    width=20/40mhz
add band=5ghz-ax disabled=no name=channel5g skip-dfs-channels=10min-cac \
    width=20/40/80mhz
/interface wifiwave2 datapath
add bridge=bridge1 disabled=no name=datapath_GUEST vlan-id=204
add bridge=bridge1 disabled=no name=datapath_WIFI_WORK vlan-id=203
/interface wifiwave2 security
add authentication-types=wpa2-psk,wpa3-psk disabled=no name=WORK
add authentication-types=wpa2-psk,wpa3-psk disabled=no name=GUEST
/interface wifiwave2 configuration
add channel=channel2g country=Poland datapath=datapath_GUEST disabled=no \
    hide-ssid=no manager=capsman-or-local mode=ap name=cfg_GUEST_2G \
    security=GUEST security.authentication-types="" ssid=GUEST
add channel=channel5g country=Poland datapath=datapath_GUEST disabled=no \
    hide-ssid=no manager=capsman-or-local mode=ap name=cfg_GUEST_5G \
    security=GUEST ssid=GUEST
add channel=channel2g country=Poland datapath=datapath_WIFI_WORK disabled=no \
    hide-ssid=no manager=capsman-or-local mode=ap name=cfg_WORK_2G security=\
    WORK security.authentication-types="" ssid=WORK
add channel=channel5g country=Poland datapath=datapath_WIFI_WORK disabled=no \
    hide-ssid=no manager=capsman-or-local mode=ap name=cfg_WORK_5G security=\
    WORK security.authentication-types="" ssid=WORK
/interface wifiwave2
# no connection to CAPsMAN, managed locally
set [ find default-name=wifi1 ] configuration=cfg_WORK_5G configuration.mode=\
    ap datapath=datapath_GUEST name=wifi1-WIFI_WORK_5G \
    security.authentication-types=""
# no connection to CAPsMAN, managed locally
set [ find default-name=wifi2 ] channel=channel2g configuration=cfg_WORK_2G \
    configuration.mode=ap datapath=datapath_GUEST name=wifi2-WORK_2G \
    security.authentication-types=""
/ip pool
add name=dhcp_pool_DATA ranges=10.140.0.2-10.140.0.254
add name=dhcp_pool_WORK ranges=10.140.1.2-10.140.1.254
add name=dhcp_pool_WIFI_WORK ranges=10.140.3.2-10.140.3.254
add name=dhcp_VIP ranges=10.140.4.2-10.140.4.254
add name=dhcp_GUEST ranges=10.140.5.2-10.140.5.254
/ip dhcp-server
add address-pool=dhcp_pool_DATA interface=vlan200_DATA name=dhcp200_DATA
add address-pool=dhcp_pool_WORK interface=vlan201_WORK name=dhcp201_WORK
add address-pool=dhcp_pool_WIFI_WORK interface=vlan203_WIFI_WORK name=\
    dhcp203_WIFI_WORK
add address-pool=dhcp_VIP interface=vlan204_WIFI_GUEST name=dhcp204_GUEST
add address-pool=dhcp_GUEST interface=vlan205_WIFI_VIP name=dhcp205_VIP
/interface bridge port
add bridge=bridge_test_vlans interface=wifi1-WIFI_WORK_5G
add bridge=bridge_test_vlans interface=wifi2-WORK_2G
add bridge=bridge1 interface=ether1
add bridge=bridge_test_vlans interface=ether2
/interface wifiwave2 cap
set caps-man-addresses=10.140.0.1 discovery-interfaces=\
    wifi1-WIFI_WORK_5G,wifi2-WORK_2G,dynamic enabled=yes
/interface wifiwave2 capsman
set enabled=yes interfaces=bridge_test_vlans package-path="" \
    require-peer-certificate=no upgrade-policy=none
/interface wifiwave2 provisioning
add action=create-disabled disabled=no master-configuration=cfg_WORK_5G \
    radio-mac=00:00:00:00:00:00 slave-configurations=cfg_WORK_2G
/ip address
add address=10.150.11.7/24 interface=vlan111_test network=10.150.11.0
add address=10.140.0.1/24 interface=vlan200_DATA network=10.140.0.0
add address=10.140.1.1/24 interface=vlan201_WORK network=10.140.1.0
add address=10.140.2.1/24 interface=vlan202_WIFI_DATA network=10.140.2.0
add address=10.140.3.1/24 interface=vlan203_WIFI_WORK network=10.140.3.0
add address=10.140.4.1/24 interface=vlan204_WIFI_GUEST network=10.140.4.0
add address=10.140.5.1/24 interface=vlan205_WIFI_VIP network=10.140.5.0
/ip dhcp-server network
add address=10.140.0.0/24 dns-server=8.8.8.8 gateway=10.140.0.1
add address=10.140.1.0/24 dns-server=8.8.8.8 gateway=10.140.1.1
add address=10.140.3.0/24 dns-server=8.8.8.8 gateway=10.140.3.1
add address=10.140.4.0/24 dns-server=8.8.8.8 gateway=10.140.4.1
add address=10.140.5.0/24
7

I have to look back where it was stated by MT staff but it could be (for now ?) local radios can not be managed by capsman on wifiwave2.
You have to configure those locally (which is not that difficult since it will be more or less the same settings as for caps-radios).

Are the other caps connecting ?

PS 10 VLANs ? You may want to start a bit simpler to iron out the wrinkles.

8

I dont get it. Setting up a capax as an access point/switch is dirt simple while using capsman is a dogs breakfast especially for beginners.
If you cannot handle the simple, then attempting capsman is not a good plan.

(1) The CRS is NOT A ROUTER, its a switch with some routing power. Be advised if you have a 1 gig connection you got the wrong device.
I would say its a decent 300/300 ISP device…

(2) Your mistake is treating a cap like a router vice an ap/switch. No networks or even vlans are identified on the caps, only the management or trusted vlan is identified, aka the vlan from which the cap gets its IP address from!!

General Concept ( one bridge )
Do not identify any vlans in wifi settings!!!
Use ether2, as an OFF Bridge access to actually do the bulk of configuration safely prior to attaching the cap to the network at location.
In fact, if the cap is not readily accessible to remove/access to reprogram, ensure you run an ethernet cable from ether2 to a location where you can plug in a laptop to make changes.
https://forum.mikrotik.com/viewtopic.php?t=181718


/interface bridge
add name=bridge1 protocol-mode=none vlan-filtering=yes { last entry on config }
/interface ethernet
set [ find default-name=ether2 ] name=offbridge
/interface vlan
add interface=bridge1 name=vlan210_MGMT vlan-id=210
/interface list
add name=management
/ip neighbor discovery-settings
set discover-interface-list=management
/interface list member
add interface=vlan210_MGMT list=management
add interface=offbridge list=management
/interface bridge port
add bridge=bridge1 ingress-filtering=yes frame-types=admit-only-vlan-tagged interface=ether1
add bridge=bridge1 ingress-filtering=yes frame-types=admit-priority-and-untagged interface=nameofwifi1 pvid=202
add bridge=bridge1 ingress-filtering=yes frame-types=admit-priority-and-untagged interface=nameofwifi2 pvid=203
add bridge=bridge1 ingress-filtering=yes frame-types=admit-priority-and-untagged interface=nameofwifi3 pvid=204
add bridge=bridge1 ingress-filtering=yes frame-types=admit-priority-and-untagged interface=nameofwifi4 pvid=205
/interface bridge vlan
add bridge=bridge1 tagged=bridge1,ether1 vlan-ids=210
add bridge=bridge1 tagged=ether1 untagged=nameofwifi1 vlan-ids=202
add bridge=bridge1 tagged=ether1 untagged=nameofwifi2 vlan-ids=203
add bridge=bridge1 tagged=ether1 untagged=nameofwifi3 vlan-ids=204
add bridge=bridge1 tagged=ether1 untagged=nameofwifi4 vlan-ids=205
/ip address
add address=X.X.X.Y/24 interface=vlan210_MGMT network=X.X.X.0 { IP address of cap on Management network - static DCHP lease on Router }
add address=192.168.55.1/24 interface=offbridge network=192.168.55.0 { address of off bridge access }
/ip dns
set allow-remote-requests=yes servers=X.X.X.1 { Note: Done so all dns requests use trusted subnet }
/ip route
add dst-address=0.0.0.0/0 gateway=X.X.X.1 comment=“ensures route avail through trusted subnet gateway”
/tool mac-server
set allowed-interface-list=none
/tool mac-server mac-winbox
set allowed-interface-list=management

As you can see once you get this down and working, configuration of the other two caps is clean and fast.
The only thing that really changes is the IP address of the cap itself and of course any other changes to the wifi each cap puts out.

9

Ok, I understand that this is practically the most common configuration omitting capsman.

I don’t have a problem with the above, although I mostly made bridges.

I have a problem as I wrote with capsman on ROS 7 and cap ax accesspoints


Maybe I’ll start from the beginning.

I have a CRS router and 3 CAP AX access points connected to it.
The wifiwave2 package is required to control the CAP AX. Unfortunately, I can’t install it on my router because the router doesn’t have enough memory.
I would like to run capsman on one of the accesspoints and connect the rest to it. I need to create several networks operating in the 2GHZ/5GHZ band ( SSID2G:WORK, SSID5G:WORK, SSI2G:GUEST, SSID5G:GUEST)
I want to use capsman to manage channels and roaming like in ROS6
All devices updated to ROS 7.10


Router configuration

eth1-ISP
eth2-vlans
-200-DATE - 10.140.0.1/24
-201-WORK - 10.140.1.1/24
-202-WIFI_DATA - 10.140.2.1/24
-203-WIFI_WORK - 10.140.3.1/24
-204-WIFI-GUEST - 10.140.4.1/24
-210-MGMT - 10.140.5.1/24

On each vlan running dhcp-sever
To the eth2 port - a managed switch is connected, and ax accesspoints are connected to it (tagged switch ports)



CAP AX configuration
eth1, eth2 ( bridge_vlan) - link to the switch/router
bridge_vlan - added vlans 200,201,202,203,204,210

CAP1 CAPSMAN MANAGER IP: 10.140.5.5
CAP2IP: 10.140.5.6
CAP3IP: 10.140.5.7