Problem is: MikroTik with CAPsMAN can see wifi interfaces from CAPs but users who try to join to wifi network cannot obtain IP addresses from CAPsMAN device.
Hi,
I have very simple network with one MikroTik device and CAPsMAN on it and three other MikroTik devices with CAP setup on them.
MikroTik with CAPsMan has the following configuration
MikroTik’s with CAP on them has the following configuration
and nothing else.
Where I get wrong?
Were the CAP devices reset to CAPS mode ?
If that doesn’t help, you may want to provide config for both capsman manager and 1 of the caps devices.
This is my Network schema.
From that screenshot I can already see we NEED the exports of your config (controller and caps).
You also may have to clarify why you think 2 bridges are needed ? What are you trying to do there ?
From that screenshot I can already see we NEED the exports of your config (controller and caps).
You also may have to clarify why you think 2 bridges are needed ? What are you trying to do there ?
Hi, I will prepare export file for few minutes.
I want to separate WiFi users from LAN users.
################################################################################################
# 2024-06-26 12:44:18 by RouterOS 7.15.1
# model = CCR2004-16G-2S+
/interface bridge
add name=bridge2
add name=bridge1 port-cost-mode=short
/interface list
add comment=wan name=wan
add comment=lan name=lan
/interface wifi configuration
add disabled=no mode=ap name=cfg-cap security.authentication-types="" connect-priority=0 .ft=yes .ft-over-ds=yes ssid="PMF WiFi"
/interface wifi
add configuration=cfg-cap configuration.mode=ap disabled=no name=cap-wifi1 radio-mac=78:9A:18:5B:6B:D9
add configuration=cfg-cap configuration.mode=ap disabled=no name=cap-wifi2 radio-mac=78:9A:18:5B:6F:7D
add configuration=cfg-cap configuration.mode=ap disabled=no name=cap-wifi3 radio-mac=78:9A:18:5B:6F:51 security.connect-priority=0
add configuration=cfg-cap configuration.mode=ap disabled=no name=cap-wifi4 radio-mac=78:9A:18:5B:6A:D1 security.connect-priority=0
/ip pool
add name=dhcp_pool1 ranges=10.1.1.2-10.1.1.254
add name=dhcp_pool2 ranges=10.1.2.2-10.1.2.254
/ip dhcp-server
add address-pool=dhcp_pool1 interface=bridge1 lease-time=10m name=dhcp1
add address-pool=dhcp_pool2 interface=bridge2 lease-time=10m name=dhcp2
/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=ether6
add bridge=bridge1 interface=ether7
add bridge=bridge1 interface=ether8
add bridge=bridge1 interface=ether9
add bridge=bridge1 interface=ether10
add bridge=bridge1 interface=ether11
add bridge=bridge1 interface=ether12
add bridge=bridge1 interface=ether13
add bridge=bridge1 interface=ether14
add bridge=bridge1 interface=ether15
add bridge=bridge1 interface=ether16
add bridge=bridge2 interface=cap-wifi1
add bridge=bridge2 interface=cap-wifi2
add bridge=bridge2 interface=cap-wifi3
add bridge=bridge2 interface=cap-wifi4
/ip firewall connection tracking
set udp-timeout=10s
/interface list member
add comment=wan interface=ether1 list=wan
add interface=ether2 list=lan
add interface=ether3 list=lan
add interface=ether4 list=lan
add interface=ether5 list=lan
add interface=ether6 list=lan
add interface=ether7 list=lan
add interface=ether8 list=lan
add interface=ether9 list=lan
add interface=ether10 list=lan
add interface=ether11 list=lan
add interface=ether12 list=lan
add interface=ether13 list=lan
add interface=ether14 list=lan
add interface=ether15 list=lan
add interface=ether16 list=lan
add comment=lan interface=bridge1 list=lan
add comment=lan interface=bridge2 list=lan
add comment=lan interface=cap-wifi1 list=lan
add comment=lan interface=cap-wifi2 list=lan
add comment=lan interface=cap-wifi3 list=lan
/interface wifi capsman
set enabled=yes interfaces=lan package-path="" require-peer-certificate=no upgrade-policy=none
/interface wifi provisioning
add action=create-dynamic-enabled disabled=no master-configuration=cfg-cap radio-mac=00:00:00:00:00:00
/ip address
add address=10.1.1.1/24 interface=bridge1 network=10.1.1.0
add address=10.1.2.1/24 comment=CAPsMAN interface=bridge2 network=10.1.2.0
/ip dhcp-client
add interface=ether1
/ip dhcp-server lease
add address=10.1.1.15 client-id=1:78:9a:18:5b:6f:48 comment=MkTk-R-5 lease-time=30m mac-address=78:9A:18:5B:6F:48 server=dhcp1
add address=10.1.1.14 client-id=1:78:9a:18:5b:6f:74 comment=MkTk-R-4 lease-time=30m mac-address=78:9A:18:5B:6F:74 server=dhcp1
add address=10.1.1.13 client-id=1:78:9a:18:5b:6b:d0 comment=MkTk-R-3 lease-time=30m mac-address=78:9A:18:5B:6B:D0 server=dhcp1
add address=10.1.1.11 client-id=1:4c:5e:c:e0:e1:9d comment=MkTk-R-2 lease-time=30m mac-address=4C:5E:0C:E0:E1:9D server=dhcp1
add address=10.1.1.2 client-id=ff:58:fb:b4:aa:0:2 comment=SRV-AAAA lease-time=30m mac-address=00:24:81:E4:8D:36 server=dhcp1
add address=10.1.1.12 client-id=1:78:9a:18:5b:6a:c8 comment=MkTk-R-6 lease-time=30m mac-address=78:9A:18:5B:6A:C8 server=dhcp1
/ip dhcp-server network
add address=10.1.1.0/24 dns-server=185.228.168.10,185.228.169.11 gateway=10.1.1.1
add address=10.1.2.0/24 dns-server=185.228.168.10,185.228.169.11 gateway=10.1.2.1
/ip dns
set allow-remote-requests=yes servers=185.228.168.10,185.228.169.11
/ip firewall filter
add action=drop chain=input dst-port=53 in-interface=ether1 protocol=tcp
add action=drop chain=input dst-port=53 in-interface=ether1 protocol=udp
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
/ip route
add disabled=no dst-address=0.0.0.0/0 gateway=ether1 routing-table=main suppress-hw-offload=no
/system identity
set name=MkTk-R-1
/system note
set show-at-login=no
/system routerboard settings
set enter-setup-on=delete-key
################################################################################################
# 2024-06-26 12:44:39 by RouterOS 7.15.1
# model = L009UiGS-2HaxD
/interface bridge
add name=bridge1
/interface wifi
# managed by CAPsMAN
# mode: AP, SSID: PMF WiFi, channel: 2467/ax/eC
set [ find default-name=wifi1 ] configuration.manager=capsman .mode=ap .ssid=MkTk-AP-2/5G-R-3 disabled=no security.connect-priority=0
/interface list
add name=wan
add name=lan
add comment=cap-wifi name=cap-wifi
/ip pool
add name=dhcp_pool_bridge1 ranges=10.3.1.2-10.3.1.254
/ip dhcp-server
add address-pool=dhcp_pool_bridge1 interface=bridge1 name=dhcp_bridge1
/port
set 0 name=serial0
/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=ether6
add bridge=bridge1 interface=ether7
add bridge=bridge1 interface=ether8
/interface list member
add interface=ether1 list=wan
add interface=bridge1 list=lan
add interface=ether2 list=lan
add interface=ether3 list=lan
add interface=ether4 list=lan
add interface=ether5 list=lan
add interface=ether6 list=lan
add interface=ether7 list=lan
add interface=ether8 list=lan
add interface=wifi1 list=lan
/interface wifi cap
set caps-man-addresses=10.1.1.1 discovery-interfaces=ether1 enabled=yes
/ip address
add address=10.3.1.1/24 interface=bridge1 network=10.3.1.0
/ip dhcp-client
add interface=ether1 use-peer-dns=no
/ip dhcp-server lease
add address=10.3.1.250 client-id=1:94:57:a5:16:9e:76 mac-address=94:57:A5:16:9E:76 server=dhcp_bridge1
/ip dhcp-server network
add address=10.3.1.0/24 gateway=10.3.1.1
/ip dns
set allow-remote-requests=yes servers=185.228.168.10,185.228.169.11
/ip firewall filter
add action=drop chain=input dst-port=53 protocol=tcp
add action=drop chain=input dst-port=53 protocol=udp
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
/system identity
set name=MkTk-R-3
/system note
set show-at-login=no
/system routerboard settings
set enter-setup-on=delete-key
Added code quotes, makes it much easier to read.
Your cap device is L009 ? Are they all the same ?
Again:
Basic problem you have:
Also, you may want to read this tutorial, looks to me you may have to implement VLANs.https://help.mikrotik.com/docs/display/ROS/WiFi#WiFi-CAPsMAN-CAPVLANconfigurationexample:
Hi,
This is original config file but I deleted some part of code which is not important for this kind of problem such as l2tp service and similar but everything else is original.
Yes, all CAPs devices are the same.
2 bridges on capsman controller? Because I want separate wifi users from lan users. As you can see, my CAPsMAN has 16 lan interfaces but only 4 were singled out for CAPs.
Added code quotes, makes it much easier to read.
Your cap device is L009 ? Are they all the same ?
Again:
Basic problem you have:
Also, you may want to read this tutorial, looks to me you may have to implement VLANs.https://help.mikrotik.com/docs/display/ROS/WiFi#WiFi-CAPsMAN-CAPVLANconfigurationexample:
Use VLAN.
Hi, can you explain me what you mean by that? Not to explain me how to create vlan but how to organize network in this scenario.
I’M HAVING A SIMILAR ISSUE TO YOU, SINCE UPDATING TO 7.12 OR LATER, MY CAP CAN’T GET DHCP ADDRESSES FROM CAPSMAN
