Capsman with branch offices

RouterOS Wireless Networking
1

Hello everyone,

grafik
grafik1075×748 43.3 KB

The image is meant to reflect the idea I want to implement. But I have some questions.
The CHR is installed in the main office. I have several branch offices. These are connected to the main office via “dark fiber.” At each branch office, a MikroTik switch and several Cap AX access points are to be put into operation. There are two VLANs (employees and guests) that are to be broadcast via the access points. Each branch office has different IP address ranges for the employee and guest VLANs.Each branch office should connect to the Internet via the main office.
Where do I configure the different IP address ranges and VLANs for the remote locations? On the CHR, with a separate configuration for each VLAN that is then provisioned to the respective access point?
Is this even possible in this way?
Thank you in advance…

2

Everything is possible...

Please consider using a management VLAN for management (duh...), also CAPsMAN-CAP communication can be handled.

In regards to your question:
In datapath you can set the VLAN, your site requires (at least) 2 configurations: 1 for the branch office and 1 for guest.
You should create at least 1 provision rule per office to properly provision the CAPS.

VLAN's should be created on the main office, as well as all the DHCP pools.

Are you the one responsible for the network?
Is the dark fiber L2 or L3?

3

And finally, the provisioning.

grafik
grafik920×650 84.5 KB

I won’t be able to test the entire configuration until next week. But that should be the way to do it.

4

Actually…you should use radio Mac addresses instead of the 00:00:00… which is the legacy way of working.

5

I then created a configuration based on that.

grafik
grafik945×366 83.2 KB

6

Hello,
Thank you for your reply.
The dark fiber is Layer 3 and there is a management VLAN.
If I understand correctly, since the Capsman isn't on the same network, I need to configure the CAPs so that all network traffic is processed on the CAPs.

I've configured it as follows:

First, I created a datapath for both the employee and guest Wi-Fi network. The key setting here is “Traffic Processing.” With this setting, I configure the system so that all network traffic is processed on the CAP. Did I understand that correctly?

grafik
grafik655×418 33.9 KB

1 Like
7

Next, I configured the security settings:

grafik
grafik945×553 74.1 KB

1 Like
8

Better use Winbox 4 instead of 3, there are some quirks with the older version.
Also, when sharing settings, please use export (i.e. /interface/wifi/security export)

When you want documentation, please have a look here:

Also, the YouTube channel is a great way to achieve knowledge:
https://www.youtube.com/@mikrotik