Join CAP ax XL into a capsman config

grutmic · December 18, 2023, 5:54pm

Hi, iam new to this forum and just want to ask my first question.

I just upgraded all my devices (CHR on VM System, 6x CAP ac, 1x WAP ac, 1x new CAP ax xl) to 7.13. I hoped i can insert the cap ax xl by capsman provisioning like all the other ap’s, but seems not to work. How can i manage the cap ax xl by centralized management from chr-system and capsman? I have read that with 7,12 it was not possible due to cap ac has too less memory, but what is with 7.13 and the seperate kits? I did not read any declines?

Thanks for information in advance

holvoetn · December 18, 2023, 6:19pm

What needs to be done:

Move everything to 7.13
Upgrade wifi on all arm-ac devices to wifi-qcom-ac (first remove wireless, then drop wifi-qcom-ac, enable caps mode)
Enjoy centralized capsman wave2-style in wifi menu-section

grutmic · December 18, 2023, 6:55pm

Thanks for the quick response, first of all, which is the menu for the centralized common management WIFI or Wireless (capsman or wireless)???

Let’s ask the first step, what do i have to do to get the CAP ax xl AP into the CAPSMAN environment as an Managed AP? (Reminder managed from CHR Host)

holvoetn · December 18, 2023, 8:12pm

Pre 7.13 everything capsman for wave 2 devices was under wifiwave2 menu.
With 7.13 that all changed to wifi.

To put your cap ax in caps mode, reset to caps mode using button, or go to main wifi tab, then caps button and enable ( out of the top of my head).

If you are referring to cap xl ac, that one first has to have qcom-ac driver.

grutmic · January 11, 2024, 2:10pm

Hi, i worked a little with the new version 7.13.1 and the cap ax xl, but did not really understand the new wifi setup.

What is the difference between CAP, CAPsMAN and CAPsMAN-Remote?
I thought CAP is the attached AP, right? CAPsMAN is the Management Program for the remote appached AP’s, right?

If setup the CAP ax xl as a remote AP i get on the WIFI Tab two devices (cap-wifi1, cap-wifi2) is that correct?
After doing the configuration setup i will see both interfaces with the message “no connection to CAPsMAN, managed locally”, is this correct?
Everything is working and i can connect to the WLAN Service

My config looks like this, do you see any mistakes or missing information?

[admin@MikroTik2] > interface/wifi/cap print
                enabled: no
   discovery-interfaces: home-bridge
  requested-certificate: CAP-D49D31594FFA
[admin@MikroTik2] >

[admin@MikroTik2] > interface/wifi/configuration print    
Flags: X - disabled 
 0   name="cfg1" mode=ap ssid="TestLan" country=Germany manager=capsman-or-local 
     security.authentication-types=wpa2-psk,wpa3-psk .passphrase="xxxxxxxx" 
     datapath.bridge=home-bridge .interface-list=all 
[admin@MikroTik2] > 

[admin@MikroTik2] > interface/wifi/provisioning/ print   
Columns: RADIO-MAC, ACTION, MASTER-CONFIGURATION
# RADIO-MAC          ACTION                  MASTER-CONFIGURATION
0 00:00:00:00:00:00  create-dynamic-enabled  cfg1                
[admin@MikroTik2] >

holvoetn · January 11, 2024, 2:12pm

Let’s first start with using the correct name for your device.

Cap XL AC
or
CAP AX

2 different things.

Cap AX XL does not exist.

grutmic · January 11, 2024, 2:14pm

Sorry, it’s a CAP ax, just looks “extra large”

holvoetn · January 11, 2024, 2:20pm

I understand but it’s a tad smaller then cAP XL AC. I’ve already seen them side by side.
Not much but visible.

About the difference:
cAP AX is purely wave2 radio.
Cap XL AC is “old” wifi but since 7.13 it can also use wave2 drivers (same for cap AC but also wAP AC, if it is the ARM version).

So …
When your cAP is in capsman mode, it will show in Interfaces as “managed by capsman”.

From terminal, export config
export file=anynameyouwish
Move file to PC, edit for any remaining sensitive info and post back here between [__code] quotes for easier readability.
Do this for both cAP AX and CHR acting as capsman controller.

grutmic · January 11, 2024, 2:41pm

Thanks, i really appreciate your help, here are the files

###########################################################
# This is the CHR Master Router, attached are 7 cap ac and 1 cap ax
###########################################################

# 2024-01-11 15:23:43 by RouterOS 7.13.1
# software id = 
#
/interface bridge
add name=guest-bridge port-cost-mode=short
add name=home-bridge port-cost-mode=short
add name=test-bridge port-cost-mode=short
/interface ethernet
set [ find default-name=ether1 ] disable-running-check=no name=\
    "ether1 (HomeLAN)"
set [ find default-name=ether2 ] disable-running-check=no disabled=yes name=\
    "ether2 (GuestLAN)"
/disk
set sata1 type=hardware
set sata2 type=hardware
set sata3 type=hardware
add parent=sata3 partition-number=1 partition-offset=512 partition-size=\
    "10 737 417 728" type=partition
set slot1 type=hardware
set slot2 slot=slot2 type=hardware
set slot3 slot=slot3 type=hardware
set slot4 slot=slot4 type=hardware
set slot5 slot=slot5 type=hardware
set slot6 slot=slot6 type=hardware
set slot7 slot=slot7 type=hardware
set slot8 slot=slot8 type=hardware
set slot9 slot=slot9 type=hardware
set slot10 slot=slot10 type=hardware
set slot11 slot=slot11 type=hardware
set slot12 slot=slot12 type=hardware
set slot13 slot=slot13 type=hardware
set slot14 slot=slot14 type=hardware
set slot15 slot=slot15 type=hardware
set slot16 slot=slot16 type=hardware
set slot17 slot=slot17 type=hardware
set slot18 slot=slot18 type=hardware
set slot19 slot=slot19 type=hardware
set slot20 slot=slot20 type=hardware
set slot21 slot=slot21 type=hardware
set slot22 slot=slot22 type=hardware
set slot23 slot=slot23 type=hardware
set slot24 slot=slot24 type=hardware
set slot25 slot=slot25 type=hardware
set slot26 slot=slot26 type=hardware
set slot27 slot=slot27 type=hardware
set slot28 slot=slot28 type=hardware
set slot29 slot=slot29 type=hardware
set slot30 slot=slot30 type=hardware
set slot31 slot=slot31 type=hardware
set slot32 slot=slot32 type=hardware
set slot33 slot=slot33 type=hardware
set slot34 slot=slot34 type=hardware
set slot35 slot=slot35 type=hardware
set slot36 slot=slot36 type=hardware
set slot37 slot=slot37 type=hardware
set slot38 slot=slot38 type=hardware
set slot39 slot=slot39 type=hardware
set slot40 slot=slot40 type=hardware
set slot41 slot=slot41 type=hardware
set slot42 slot=slot42 type=hardware
set slot43 slot=slot43 type=hardware
set slot44 slot=slot44 type=hardware
set slot45 slot=slot45 type=hardware
set slot46 slot=slot46 type=hardware
set slot47 slot=slot47 type=hardware
set slot48 slot=slot48 type=hardware
set slot49 slot=slot49 type=hardware
set slot50 slot=slot50 type=hardware
set slot51 slot=slot51 type=hardware
set slot52 slot=slot52 type=hardware
set slot53 slot=slot53 type=hardware
set slot54 slot=slot54 type=hardware
set slot55 slot=slot55 type=hardware
set slot56 slot=slot56 type=hardware
set slot57 slot=slot57 type=hardware
set slot58 slot=slot58 type=hardware
set slot59 slot=slot59 type=hardware
set slot60 slot=slot60 type=hardware
set slot61 slot=slot61 type=hardware
set slot62 slot=slot62 type=hardware
set slot63 slot=slot63 type=hardware
set slot64 slot=slot64 type=hardware
set slot65 slot=slot65 type=hardware
set slot66 slot=slot66 type=hardware
set slot67 slot=slot67 type=hardware
/interface list
add name=WAN
add name=LAN
/caps-man configuration
add channel.skip-dfs-channels=yes country=germany datapath.bridge=home-bridge \
    .interface-list=all .vlan-mode=no-tag distance=indoors installation=\
    indoor mode=ap name="HomeNET Configuration" \
    security.authentication-types=wpa-psk,wpa2-psk .encryption=aes-ccm \
    .group-encryption=aes-ccm ssid=HomeNET
add channel.skip-dfs-channels=yes country=germany datapath.bridge=\
    guest-bridge .interface-list=all .vlan-mode=no-tag distance=indoors \
    installation=indoor mode=ap name="GuestLAN Configuration" \
    security.authentication-types=wpa-psk,wpa2-psk .encryption=aes-ccm \
    .group-encryption=aes-ccm ssid=GuestLAN
add country=germany datapath.bridge=test-bridge .interface-list=all \
    .vlan-mode=no-tag distance=indoors installation=indoor mode=ap name=Test \
    security.authentication-types=wpa-psk,wpa2-psk .encryption=aes-ccm ssid=\
    Test-AP
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wifi configuration
add country=Germany datapath.bridge=home-bridge .interface-list=all disabled=\
    no manager=capsman-or-local mode=ap name=cfg1 \
    security.authentication-types=wpa2-psk,wpa3-psk ssid=TestLan
/interface wifi
# no connection to CAPsMAN, managed locally
add configuration=cfg1 configuration.mode=ap disabled=no name=cap-wifi1 \
    radio-mac=48:A9:8A:9B:09:16
# no connection to CAPsMAN, managed locally
add configuration=cfg1 configuration.mode=ap disabled=no name=cap-wifi2 \
    radio-mac=48:A9:8A:9B:09:17
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip dhcp-server option
add code=66 name=DigiumPhones value="'http://192.168.1.103/phones/'"
/ip pool
add name=home_pool ranges=192.168.1.2-192.168.1.200
add name=guest_pool ranges=192.168.10.2-192.168.10.20
/ip dhcp-server
add address-pool=home_pool interface=home-bridge lease-time=2h name=home_dhcp
add address-pool=guest_pool interface=guest-bridge lease-time=2h name=\
    guest_dhcp
/port
set 0 name=serial0
/routing bgp template
set default disabled=yes output.network=bgp-networks
/caps-man manager
set ca-certificate=CAPsMAN-CA-7D0641D5B3AF certificate=CAPsMAN-7D0641D5B3AF \
    enabled=yes package-path=/ require-peer-certificate=yes upgrade-policy=\
    suggest-same-version
/caps-man provisioning
add action=create-dynamic-enabled master-configuration=\
    "HomeNET Configuration" name-format=identity slave-configurations=\
    "GuestLAN Configuration"
/dude
set data-directory=sata3-part1/dude
/interface bridge port
add bridge=home-bridge interface="ether1 (HomeLAN)" internal-path-cost=10 \
    path-cost=10
add bridge=test-bridge disabled=yes interface="ether2 (GuestLAN)" \
    internal-path-cost=10 path-cost=10
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface detect-internet
set detect-interface-list=all wan-interface-list=all
/interface list member
add interface="ether1 (HomeLAN)" list=WAN
add interface=guest-bridge list=LAN
add interface="ether2 (GuestLAN)" list=WAN
add interface=home-bridge list=LAN
/interface ovpn-server server
set auth=sha1,md5
/interface wifi cap
set discovery-interfaces=home-bridge
/interface wifi capsman
set ca-certificate=auto certificate=auto enabled=yes interfaces=all \
    package-path="\\" require-peer-certificate=no upgrade-policy=none
/interface wifi provisioning
add action=create-dynamic-enabled disabled=no master-configuration=cfg1 \
    name-format=prefix-identify radio-mac=00:00:00:00:00:00
/ip address
add address=192.168.1.3/24 interface=home-bridge network=192.168.1.0
add address=192.168.10.1/24 interface=guest-bridge network=192.168.10.0
/ip dhcp-client
add interface=test-bridge
/ip dhcp-server lease

/ip dhcp-server network
add address=192.168.1.0/24 dhcp-option=DigiumPhones dns-server=192.168.1.1 \
    domain=fritz.box gateway=192.168.1.1 netmask=24
add address=192.168.10.0/24 dns-server=192.168.1.1 domain=guest.net gateway=\
    192.168.10.1
/ip dns
set allow-remote-requests=yes servers=192.168.1.1
/ip firewall address-list
add address=192.168.1.2-192.168.1.255 list=DropList
/ip firewall filter
add action=reject chain=forward dst-address=66.254.114.41 log=yes log-prefix=\
    PornHub reject-with=icmp-host-prohibited
add action=reject chain=forward in-interface=home-bridge log-prefix=in \
    out-interface=guest-bridge reject-with=icmp-network-unreachable \
    src-address-list=DropList
add action=reject chain=forward dst-address-list=DropList in-interface=\
    guest-bridge log-prefix=out out-interface=home-bridge reject-with=\
    icmp-network-unreachable
add action=accept chain=forward dst-address-list=DropList in-interface=\
    guest-bridge out-interface=home-bridge
/system clock
set time-zone-name=Europe/Berlin
/system identity
set name=MikroTik2
/system note
set note="\r\
    \n\r\
    \n\r\
    \n\r\
    \n\r\
    \n          Unauthorized login is prohibited"
/system ntp client
set enabled=yes
/system ntp client servers
add address=192.168.1.1
/tool e-mail
set from="<MikroTik Virtual Router>" port=465 server=mail.o2mail.de tls=\
    starttls user=xxxx.yyy

#############################################################
# This i the cap ax with no manual changes, just the capsman reboot
#############################################################



# 2024-01-11 15:24:24 by RouterOS 7.13.1
# software id = NYAP-3PWD
#
# model = cAPGi-5HaxD2HaxD
# serial number = xxxxxxxxx
/interface bridge
add admin-mac=48:A9:8A:9B:09:14 auto-mac=no comment=defconf name=bridgeLocal
/interface wifi datapath
add bridge=bridgeLocal comment=defconf disabled=no name=capdp
/interface wifi
# managed by CAPsMAN
# mode: AP, SSID: TestLan, channel: 5680/ax/eCee
set [ find default-name=wifi1 ] configuration.manager=capsman datapath=capdp \
    disabled=no
# managed by CAPsMAN
# mode: AP, SSID: TestLan, channel: 2412/ax/Ce
set [ find default-name=wifi2 ] configuration.manager=capsman datapath=capdp \
    disabled=no
/interface bridge port
add bridge=bridgeLocal comment=defconf interface=ether1
add bridge=bridgeLocal comment=defconf interface=ether2
/interface wifi cap
set discovery-interfaces=bridgeLocal enabled=yes slaves-datapath=capdp
/ip dhcp-client
add comment=defconf interface=bridgeLocal
/system clock
set time-zone-name=Europe/Berlin
/system identity
set name=HomeLAN-DG1
/system note
set show-at-login=no

grutmic · January 11, 2024, 2:46pm

CHR View.jpg

holvoetn · January 11, 2024, 2:58pm

Your CHR has legacy ánd wave2 capsman config. That’s possible.

But why does it have local wifi interfaces configured ? Is there a wifi card on that machine ?

/interface wifi
# no connection to CAPsMAN, managed locally
add configuration=cfg1 configuration.mode=ap disabled=no name=cap-wifi1 \
    radio-mac=48:A9:8A:9B:09:16
# no connection to CAPsMAN, managed locally
add configuration=cfg1 configuration.mode=ap disabled=no name=cap-wifi2 \
    radio-mac=48:A9:8A:9B:09:17

Your CHR is used as capsman controller and nothing else, correct ?
Then it should not have local wifi interfaces.

grutmic · January 11, 2024, 3:04pm

The CHR is only used to manage the CAP ac and the new CAP ax.

The cap-wifi1 and cap-wifi2 interfaces came up after booting the CAP ax. I thought, this is the new way how things will appear with the new software?

holvoetn · January 11, 2024, 5:42pm

Local interfaces should not be there on CHR.

Does everything work for the rest ?

grutmic · January 11, 2024, 6:05pm

On the old CAPsMAN AP (CAP ac) i will see the Interfaces as “CAP Interface”, with the new CAP ax i see them as “WiFi”, but i tried to make the setup as i understood from the WIKI.

Where is my mistake, how should it be? Do you have some hints and tips for me?

The old CAP ac work since more than a year.

With the current setup i see the announcement of the new “TestLAN” which comes from the CAP ax.
The docu is really worth and need more examples and may be some block diagrams how it should interact like on the old configuration of RouterOS 6.

holvoetn · January 11, 2024, 6:44pm

Naming convention has changed, yes.
If you have both legacy and wave2 wifi, it will be like that.

Can you connect to testlan ?

I’ll rephrase my question: what does not work which you expect that should ?

Those local interfaces on CHR: maybe some leftover from conversion script towards 7.13.
Make a binary backup to be sure, then delete those 2 interfaces. They are not needed there.

I may have to pull out my hex, a map and a spare ax2 to make a test setup so I can play… errrm, test with that combination of both capsman environments too

grutmic · January 11, 2024, 7:09pm

Can you connect to testlan ?

Yes

I’ll rephrase my question: what does not work which you expect that should ?

The counters does not see any movements, always on “0”
I’am not sure about the “CAP” setups on “WIFI” Tabon my CHR Router, should there any setup or just disabled?
And i am confused about the “no connection to CAPSMAN” of the Interfaces?

Those local interfaces on CHR: maybe some leftover from conversion script towards 7.13.
Make a binary backup to be sure, then delete those 2 interfaces. They are not needed there.

Which local Interfaces you mean, the cap-wifi?

I may have to pull out my hex, a map and a spare ax2 to make a test setup so I can play… errrm, test with that combination of both capsman environments too

Thanks for your support

grutmic · January 16, 2024, 6:49pm

Hi holvoetn,
could you find any informations about the counters on the wifi interfaces?

erlinden · January 16, 2024, 7:46pm

Just checked on my CAPsMAN, don’t see any counter on both /interface and /interface/wifi.
Running 7.13.2 together with wifi-qcom-ac driver and cAP XL ac and wAP ac.

holvoetn · January 16, 2024, 8:17pm

For one reason or the other I did not see notification on that post from Thu Jan 11, 2024 8:09 pm

Same observation here as erlinden.
No counters on capsman.
On local device they are being shown.
However, this does make sense with wave2 capsman and the absence of capsman forwarding. Traffic is not passing through capsman. So no counters.

grutmic · January 16, 2024, 9:31pm

I found another problem, after selecting “Remote CAP” and asking for provisioning my cap-wifi interfaces are disabled and do not have any configuration, i must maually set the configuration and have to reenable them? Any idea?