CAPsMAN v2 wifi-qcom-ac with CAPs in different IP network don't work

dlamo · August 1, 2024, 6:44am

Hello Forum,

I have CAPsMAN for WAVE2 running (wifi-qcom-ac). On my default location the APs finding it’s manager on layer 2 by discovery-interfaces=… Now I need to attach some APs from a distance IP network. For this I planed to use caps-man-addresses=192.168.89.1 on the remote CAPs to use layer 3 for caps. On CAPsMAN I can see reaching udp port 5246 packets coming from the remote CAPs, but the CAPsMAN does not answer these requests.

cAP

/interface wifi cap
set caps-man-addresses=192.168.89.1 certificate=request discovery-interfaces=bridge1 enabled=yes \
    slaves-datapath=capdp slaves-static=yes

There is no firewall on CAPsMAN master. CAP can reach IP 192.168.89.1 by ping and any other services and twice versa.
Any hints about why the master does not respond to the caps on its caps-man-addresses=192.168.89.1 ?
Regards,
David

holvoetn · August 1, 2024, 9:02am

Are you sure the master is receiving those requests at all ?
No incoming firewall rules blocking some things ?

m4rk3J · August 1, 2024, 9:55am

Config on capsman controller?

For me it is working fine.

dlamo · August 1, 2024, 9:55am

Hi, yes I am sure. Verified twice
1st by /tool/sniffer/quick interface=all ip-address=192.168.200.84 ip-protocol=udp port=5246

/tool/sniff pack pr det
 0 time=8.223 num=1 direction=rx src-mac=F8:6B:D9:43:19:F4 dst-mac=B8:69:F4:88:19:07
   interface=ether6-wan src-address=192.168.200.84:49080 dst-address=192.168.89.1:5246 protocol=ip
   ip-protocol=udp size=52 cpu=0 ip-packet-size=38 ip-header-size=20 dscp=0 identification=19766
   fragment-offset=0 ttl=64
 1 time=9.225 num=2 direction=rx src-mac=F8:6B:D9:43:19:F4 dst-mac=B8:69:F4:88:19:07
   interface=ether6-wan src-address=192.168.200.84:49080 dst-address=192.168.89.1:5246 protocol=ip
   ip-protocol=udp size=52 cpu=0 ip-packet-size=38 ip-header-size=20 dscp=0 identification=19786
   fragment-offset=0 ttl=64
 2 time=10.227 num=3 direction=rx src-mac=F8:6B:D9:43:19:F4 dst-mac=B8:69:F4:88:19:07
   interface=ether6-wan src-address=192.168.200.84:49080 dst-address=192.168.89.1:5246 protocol=ip
   ip-protocol=udp size=52 cpu=0 ip-packet-size=38 ip-header-size=20 dscp=0 identification=19873
   fragment-offset=0 ttl=64

I can only see rx packets non tx in my trace.

2nd I am able to reach IP services on caps master initiated from AP, here for example DNS using UDP:

:put [:resolve server=192.168.89.1 mikrotik.com]
159.148.172.205

Regards,
David

dlamo · August 1, 2024, 10:01am

In my CAPsMAN config I have selected an interface. This is the only difference.

/interface wifi capsman
set enabled=yes interfaces=vlan1001 upgrade-policy=suggest-same-version

ckleea · August 1, 2024, 10:06am

I tried this before via internet but found the same result.

Hope this can be fixed.

ckleea · August 1, 2024, 10:08am

Sorry, I read incorrectly

dlamo · August 2, 2024, 7:26am

SOLUTION was to unset interfaces in /interface/wifi/capsman. Having

/interface/wifi/capsman set interfaces=""

it works.