doubt about CAPsMan configuration

alverman · October 11, 2023, 12:20pm

Good morning, I need some information.
My net is like the attached diagram.
I would like to implement CAPsMAN but I don’t know where I need to configure it.
On the 760 I have WifiWave2 while on the 952 I have CAPsMAN.
Can I configure it on the 760 router or do I have to configure it on the 952 ?
Thanks
LuciApp_RETE PS.png

alverman · October 11, 2023, 6:27pm

Okay, I started configuring CAPsMAN on the 952 and it works perfectly with internal Wlan.
But now, since I also have a MAP, I wanted to implement it.
CAPsMan server address is on the router 192.168.88.12.
In its configuration it points to itself, 127.0.0.1.
If it is as I think, or rather hope, is that the usefulness of CAPsMan is to have the same configuration even when connected to any MT router on the network. Am I wrong ?
Trying to connect it to the same router that generates CAPsMAN is not detected. Of course MAP starts in CAP mode but no luck.

Any advice ?
Thanks

Is the schematic helpful ?
Is the schematic theoretically as far as my general configuration is correct ?
Functioning it all works as I thought but if you also give me an opinion I would be more comfortable
LucidApp_RETE PS.png

gigabyte091 · October 11, 2023, 6:42pm

CAPsMAN v1 is not compatible with wifiwave2 CAPsMAN so you can’t control devices with different versions of capsman.

alverman · October 11, 2023, 7:44pm

OK, but I’m not mixing versions.
On the 952 there is CAPsMAN configured AND on the MAP there is the same version but it is not seen by the server.
And the further question is if Hho everything with the same version CAPsMAN passes from the various routers in the network ?

holvoetn · October 11, 2023, 7:49pm

Is vlan30 defined as port for bridge on 952 ? Otherwise it will not work.
It might also be helpful to specify IP address of capsman controller in AP to “help” discovery a bit.

alverman · October 11, 2023, 8:31pm

Si
Screenshot 2023-10-11 222713.png

alverman · October 11, 2023, 8:39pm

What I can’t figure out is how does MAP find CAPsMan if it is on VL30 while the CAP server is on 192.168.88.0

gigabyte091 · October 12, 2023, 2:44am

Sorry I thought because of this that you are mixing versions.

holvoetn · October 12, 2023, 3:32am

Not seeing it.
Please show config of 952.
Terminal
/export file=anynamyouwish
Move file to your PC
Remove serial, edit other private info
Put contents of file back here between [code] [/code] quotes for easier readability.

alverman · October 13, 2023, 4:48pm

# 2023-10-13 18:38:26 by RouterOS 7.11.2
# software id = 6RGL-6M8P
#
# model = RB952Ui-5ac2nD
# serial number = *********
/interface bridge
add name=bridge1 vlan-filtering=yes
/interface ethernet
set [ find default-name=ether4 ] comment=VL10
set [ find default-name=ether5 ] comment=VL30
/interface wireless
# managed by CAPsMAN
# channel: 2447/20-Ce/gn(18dBm), SSID: PROService-GO_MAP, CAPsMAN forwarding
set [ find default-name=wlan1 ] ssid=MikroTik
# managed by CAPsMAN
# channel: 5300/20-eeCe/ac/DP(18dBm), SSID: PROService-GO_MAP, CAPsMAN forwarding
set [ find default-name=wlan2 ] mode=station-bridge ssid=MikroTik
/interface list
add name=WAN
add name=LAN
/caps-man configuration
add country=italy datapath.bridge=bridge1 .interface-list=LAN .vlan-id=30 \
    .vlan-mode=use-tag distance=indoors installation=indoor mode=ap name=cfg1 \
    security.authentication-types=wpa2-psk .encryption=aes-ccm ssid=\
    PROService-GO_MAP
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/iot lora servers
add address=eu.mikrotik.thethings.industries down-port=1700 name=TTN-EU \
    up-port=1700
add address=us.mikrotik.thethings.industries down-port=1700 name=TTN-US \
    up-port=1700
add address=eu1.cloud.thethings.industries down-port=1700 name=\
    "TTS Cloud (eu1)" up-port=1700
add address=nam1.cloud.thethings.industries down-port=1700 name=\
    "TTS Cloud (nam1)" up-port=1700
add address=au1.cloud.thethings.industries down-port=1700 name=\
    "TTS Cloud (au1)" up-port=1700
add address=eu1.cloud.thethings.network down-port=1700 name="TTN V3 (eu1)" \
    up-port=1700
add address=nam1.cloud.thethings.network down-port=1700 name="TTN V3 (nam1)" \
    up-port=1700
add address=au1.cloud.thethings.network down-port=1700 name="TTN V3 (au1)" \
    up-port=1700
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/caps-man manager
set enabled=yes
/caps-man provisioning
add action=create-dynamic-enabled master-configuration=cfg1 name-format=\
    prefix-identity
/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 comment=VL10 frame-types=\
    admit-only-untagged-and-priority-tagged interface=ether4 pvid=10
add bridge=bridge1 comment=VL30 frame-types=\
    admit-only-untagged-and-priority-tagged interface=ether5 pvid=30
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \
    interface=wlan2 pvid=30
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \
    interface=wlan1 pvid=30
/interface bridge vlan
add bridge=bridge1 tagged=ether1 untagged=ether4 vlan-ids=10
add bridge=bridge1 tagged=ether1 untagged=ether5,wlan1,wlan2 vlan-ids=30
/interface list member
add interface=ether2 list=LAN
add interface=ether3 list=LAN
add interface=ether4 list=LAN
add interface=ether5 list=LAN
add interface=wlan1 list=LAN
add interface=wlan2 list=LAN
add interface=ether1 list=WAN
/interface wireless cap
# 
set bridge=bridge1 discovery-interfaces=bridge1,ether1 enabled=yes \
    interfaces=wlan1,wlan2
/ip dhcp-client
add interface=bridge1
/ip dns
set servers=192.168.88.10
/system clock
set time-zone-name=Europe/Rome
/system gps
set set-system-time=yes
/system identity
set name=RB952Ui-Repeter1
/system note
set show-at-login=no

holvoetn · October 13, 2023, 6:27pm

What device is providing router functions for vlans ?
I assume RB760.

Does map get an IP address in VLAN30-subnet when being connected to ether5 ?
I assume yes, if DHCP client is present on that device.

Since you want to reach capsman controller which is running on RB952 from a device on VLAN30, there should be a path from VLAN30 to RB952.
But right now, you excluded bridge from being a part of that VLAN, so it can not be found on that VLAN.

/interface bridge vlan
add bridge=bridge1 tagged=ether1 untagged=ether4 vlan-ids=10
add bridge=bridge1 tagged=ether1 untagged=ether5,wlan1,wlan2 vlan-ids=30

It will pass VLAN traffic across ports being part of that VLAN but it will not look at it.

Can you add bridge as tagged to VLAN30 on RB952 ?
What also may help, is to specify explicitly the IP address of RB952 as capsman controller on mAP. That way the flow will go first to your router (RB760) and then back to RB952 (again assuming that your router does allow that communication).