Hello there,
i am new to mikrotik and having setup of couple CAP lites connected to hEX PoE and it works sort of well.
hex role is bridge, capsman and POE
then i have a L009UiGS-2HaxD eth3 connected to hex eth1 and I am trying to get the l009 wifi1 to be managed by capsman
plea help me as i cant see the radio of l007 in the capsman in hex
configs attached
thanks in advance
hex.txt.rsc (2.18 KB)
l009.txt.rsc (8.38 KB)
You are mixing two radio versions so two different parts of menu to be used.
Hex should be on at least ros 7.13.
Then use wifi menu for config of L009.
Wireless for cap lite.
Thanks for the verison difference, i thought I was on the latest then I noticed there is a upgrade option in the package menu
Now Have the 7.16 on both the devices, unfortunately cant see the radio of l009 in any of the menu of the hex which should be the capsman" for all wifi.
please can you advise?
Without seeing config of both devices, that might be problematic for anyone.
Terminal
export file=anynameyouwish
Move file to PC
Edit file and obfuscate any private info (serial, WANip, passwds, …)
Then post back between [__code] [/__code] quotes for easier readability.
Here is the L009
# 2024-10-29 15:43:52 by RouterOS 7.16.1
# software id = YIXI-4KKY
#
# model = L009UiGS-2HaxD
/interface bridge
add admin-mac=78:9A:18:FC:88:71 auto-mac=no comment=defconf name=bridge \
vlan-filtering=yes
/interface ethernet
set [ find default-name=sfp1 ] disabled=yes
/interface wifi
set [ find default-name=wifi1 ] channel.skip-dfs-channels=10min-cac \
configuration.mode=ap .ssid=green2 disabled=no \
security.authentication-types=wpa2-psk,wpa3-psk .ft=yes .ft-over-ds=yes
/interface vlan
add interface=bridge name=vlan10-standard vlan-id=10
add interface=bridge name=vlan20-guest vlan-id=20
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/ip pool
add name=pool-mgmt ranges=10.10.10.10-10.10.10.254
add name=pool-standard ranges=10.10.30.10-10.10.30.254
add name=pool-guest ranges=10.10.20.10-10.10.20.254
/ip dhcp-server
add address-pool=pool-mgmt interface=bridge name=dhcp-mgmgt
add address-pool=pool-standard interface=vlan10-standard name=dhcp-standard
add address-pool=pool-guest interface=vlan20-guest name=dhcp-guest
/port
set 0 name=serial0
/routing table
add disabled=no fib name=inetek
add disabled=no fib name=o2
/disk settings
set auto-media-interface=bridge auto-media-sharing=yes auto-smb-sharing=yes
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=wifi1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface bridge vlan
add bridge=bridge tagged=ether3 vlan-ids=10
add bridge=bridge tagged=ether3 vlan-ids=20
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=sfp1 list=WAN
/interface wifi cap
set caps-man-addresses=10.10.10.250 caps-man-names=capp discovery-interfaces=\
bridge enabled=yes
/ip address
add address=10.10.10.1/24 comment=defconf interface=bridge network=10.10.10.0
add address=10.10.20.1/24 interface=vlan20-guest network=10.10.20.0
add address=10.10.30.1/24 interface=vlan10-standard network=10.10.30.0
add address=10.0.97.198/27 interface=ether1 network=10.0.97.192
/ip dhcp-client
# Interface not active
add comment=defconf interface=sfp1
/ip dhcp-server lease
add address=10.10.10.253 client-id=1:78:9a:18:fb:87:70 mac-address=\
78:9A:18:FB:87:70 server=dhcp-mgmgt
add address=10.10.10.250 client-id=1:78:9a:18:ac:10:28 mac-address=\
78:9A:18:AC:10:28 server=dhcp-mgmgt
add address=10.10.10.251 client-id=1:d4:1:c3:d6:5:55 mac-address=\
D4:01:C3:D6:05:55 server=dhcp-mgmgt
add address=10.10.10.252 client-id=1:78:9a:18:fb:85:ed mac-address=\
78:9A:18:FB:85:ED server=dhcp-mgmgt
add address=10.10.10.179 client-id=1:9c:93:4e:40:ce:41 mac-address=\
9C:93:4E:40:CE:41 server=dhcp-mgmgt
add address=10.10.10.10 client-id=1:8c:1d:96:c6:4b:75 mac-address=\
8C:1D:96:C6:4B:75 server=dhcp-mgmgt
add address=10.10.10.7 client-id=\
ff:56:50:4d:98:0:2:0:0:ab:11:4:6b:fe:e4:56:6b:a8:6e mac-address=\
40:8D:5C:A4:56:6A server=dhcp-mgmgt
/ip dhcp-server network
add address=10.10.10.0/24 comment=defconf dns-server=10.10.10.1 domain=local \
gateway=10.10.10.1
add address=10.10.20.0/24 dns-server=10.10.20.1 domain=local gateway=\
10.10.20.1
add address=10.10.30.0/24 dns-server=10.10.30.1 domain=guest gateway=\
10.10.30.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip dns static
add address=10.10.40.1 comment=defconf name=router.lan type=A
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
add action=accept chain=input dst-port=5246,5247 protocol=udp
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=\
icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" \
dst-port=33434-33534 protocol=udp
add action=accept chain=input comment=\
"defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\
udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \
protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=\
ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\
ipsec-esp
add action=accept chain=input comment=\
"defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment=\
"defconf: drop everything else not coming from LAN" in-interface-list=\
!LAN
add action=accept chain=forward comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment=\
"defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \
hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\
icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=\
500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\
ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\
ipsec-esp
add action=accept chain=forward comment=\
"defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment=\
"defconf: drop everything else not coming from LAN" in-interface-list=\
!LAN
/system clock
set time-zone-name=Europe/Prague
/system identity
set name=RouteR
/system note
set show-at-login=no
/system routerboard settings
set enter-setup-on=delete-key
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
here for the hex
# 2024-10-29 15:44:34 by RouterOS 7.16.1
# software id = U0W4-NS6J
#
# model = RB750UPr2
/interface bridge
add ingress-filtering=no name=bridge-vlans port-cost-mode=short \
vlan-filtering=yes
/interface vlan
add interface=bridge-vlans name=vlan10-standard vlan-id=10
add interface=bridge-vlans name=vlan20-guest vlan-id=20
/caps-man security
add authentication-types=wpa-psk,wpa2-psk encryption=aes-ccm name=sec-guest
add authentication-types=wpa-psk,wpa2-psk encryption=aes-ccm name=\
sec-standard
/caps-man configuration
add datapath.bridge=bridge-vlans .vlan-id=10 .vlan-mode=use-tag name=\
cfg-standard-wifi security=sec-standard ssid=green2
add datapath.bridge=bridge-vlans .vlan-id=20 .vlan-mode=use-tag name=\
cfg-guest-wifi security=sec-guest ssid=green2hosty
/interface list
add name=WAN
add name=LAN
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MiroTik
/ip smb users
set [ find default=yes ] disabled=yes
/routing bgp template
set default disabled=no output.network=bgp-networks
/routing ospf instance
add disabled=no name=default-v2
/routing ospf area
add disabled=yes instance=default-v2 name=backbone-v2
/caps-man manager
set enabled=yes
/caps-man provisioning
add action=create-dynamic-enabled master-configuration=cfg-standard-wifi \
slave-configurations=cfg-guest-wifi
/interface bridge port
add bridge=bridge-vlans ingress-filtering=no interface=ether1 \
internal-path-cost=10 path-cost=10
add bridge=bridge-vlans ingress-filtering=no interface=ether2 \
internal-path-cost=10 path-cost=10
add bridge=bridge-vlans ingress-filtering=no interface=ether3 \
internal-path-cost=10 path-cost=10
add bridge=bridge-vlans ingress-filtering=no interface=ether4 \
internal-path-cost=10 path-cost=10
add bridge=bridge-vlans ingress-filtering=no interface=ether5 \
internal-path-cost=10 path-cost=10
/ip firewall connection tracking
set udp-timeout=10s
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface bridge vlan
add bridge=bridge-vlans tagged=ether1 vlan-ids=10
add bridge=bridge-vlans tagged=ether1 vlan-ids=20
/interface list member
add interface=ether1 list=WAN
add interface=ether2 list=LAN
add interface=ether3 list=LAN
add interface=ether4 list=LAN
add interface=ether5 list=LAN
/interface ovpn-server server
set auth=sha1,md5
/ip dhcp-client
add interface=bridge-vlans
/ip dhcp-relay
add dhcp-server=10.10.30.1 disabled=no interface=vlan10-standard name=relay10
add dhcp-server=10.10.20.1 disabled=no interface=vlan20-guest name=relay20
/ip firewall filter
add action=drop chain=forward disabled=yes dst-address=10.10.30.0/24 \
src-address=10.10.20.0/24
add action=accept chain=input dst-port=5246,5247 protocol=udp
/ip ipsec profile
set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5
/ip smb shares
set [ find default=yes ] directory=/flash/pub
/routing bfd configuration
add disabled=no interfaces=all min-rx=200ms min-tx=200ms multiplier=5
/system clock
set time-zone-name=Europe/Prague
/system identity
set name=PowerBridge
/system note
set show-at-login=no
On Hex side nothing is setup for capsman for AX devices ?
You’re missing things like:
/interface wifi channel
<channel definitions>
/interface wifi security
<security deinitions>
/interface wifi capsman
set enabled=yes interfaces=<whatever>
/interface wifi configuration
<Configuration settings>
/interface wifi datapath
<Datapath settings>
/interface wifi provisioning
<provisioning>
Side remark:
if L009 is the only AX-radio in your network, why bother with capsman for it ?
Set it up standalone and look into it again when you have multiple AX devices in your setup.