No CAPsMan forwarding on new CAPsMan?

RouterOS Wireless Networking
1

Capsman forwarding seems not to be implemented on new Capsman, and I am kind of puzzled what do now in regard to this.

I have already configured datapath on Capsman controller, but doesn’t seem to do anything… IPs given by DHCP and data traffic seems to be the same whatever I do, as traffic is not directed.

How do I set and split traffic now to achieve the functionality on old Capsman?

Thansk!!

2

Whatever datapath settings from capsman config are enforced on CAP side. E.g. bridge name …

How to split traffic? Most straight forward using VLANs (if not using wifi-qcom**-ac** driver on CAP) or some L2 tunneling (e.g. EoIP) if VLANs absolutely aren’t possible.

3

I supposed capsman should make stuff easier? Do I understand correctly I will have to set CAP by CAP? What purpose is then datapath?

ALso - I have qcom-ac drivers, what now?

(Thanks!)

4

Using AX material, there is little to nothing to be done on the caps.
So yes, capsman does make it easy.

About wifi-qcom-ac, normally this was NOT foreseen but MT made it available for AC HW capable using that driver.
They didn’t have to. But they did.
It does come with some quirks, yes.
But you still have choices in your own hands !
The alternative ? Don’t use it. Simple, no ?

Your best alternative if you want to proceed is to use VLAN but for wifi-qcom-ac HW, that also means quite some things indeed need to be done on each cap.
It is what it is.
Again, you can also consider the alternative …

These Help pages should provide a good guide.
https://help.mikrotik.com/docs/spaces/ROS/pages/224559120/WiFi#WiFi-CAPusing"wifi-qcom-ac"package:

5

You are right.

I made an initial error in ordering older model APs… It is what it is. If I will have a deadline approach, I will just get it on on old capsman.

If understand correctly, I need to configure each AP as a static VLAN device. Will the config hold long term? Meaning, if there will be update, will it crash?

6

Yes.
Yes.
Normally not :laughing: (depends on how MT will proceed with memory requirements for ROS7 and wifi-qcom-ac package because on those AC-devices, storage is rather limit with only 16Mb).

FWIW even with AX material, if you have a complete VLANified network (read: also management VLAN separate), something needs to be done anyhow.
So while you’re at it, you can also do the 2 or 3 extra steps to be taken for wifi-com-ac gear.
My view.

7

That was my thinking too.
It is better long term, although I which they made it more simple. This is a very hard configuration.

8

Have you maybe had an issue where CAPs create a new interfaces, even if everything is setup correctly? In my testing it happens from time to time that a CAP gets new interfaces created, and I can’t find out why. I have 50 devices, and all are configured identically. After some restarts, deleting wlans and vlans, sometimes it work, but in a few occasions I had to manually rename appropriate newly created virtual interfaces to make things work.

9

I think this is kind of tied to what I’d like to accomplish as well. On my Capsman manager rb5009, I have different wireguard and ike2 tunnels active for different bridges/networks. How can I create a slave WIFi interface on some CAP and have all that traffic go through a certain bridge which is bridged to a certain vpn tunnel?

10

VLAN

11

can you please explain the steps on how to exactly?

12

Just follow the official documentation on this:
https://help.mikrotik.com/docs/spaces/ROS/pages/224559120/WiFi#WiFi-CAPsMAN-CAPVLANconfigurationexample:

And in regards to basic VLAN information, there is a great topic:
http://forum.mikrotik.com/t/using-routeros-to-vlan-your-network/126489/1

13

do you set VLAN ID in Datapath in capsman

14

You could have found the information in the supplied links. Just to help you out, AX: yes and AC: no.

15

I do not know why people on this forum always respond with half-answers and vague references to articles which are outdated and use ros6 and are more useful for a network engineer. If you are not willing to explain with an example, simply skip the topic.

16

Hello, to acchieve this kind of functionality, you would need to VLAN you LANs. This is a two (or three if you have a poe switch or other switches) step process, where you need:

  1. Set up your router to use VLANned network - this encompasses using one bridge, WAN on port (or bridge if failover) and creating trunk and untagged ports to direct communication. CAPs set in this way need trunks to them.
  2. Do kind of the same on the CAP, where you will have only base VLAN for management for the device itself and then VLAN paths for each SSID / WAN slave.

To achieve a VLAN setup there is really no way to skip reading the documentation, and yes, it is confusing and frustrating. In essence, you will have to:

  1. Create VLAN networks on Interfaces
  2. Add all of the interfaces, sans WAN ones to as ports to Bridge and define VLAN ids
  3. Define tagged / untagged ports on VLANs on Bridge (tagged/untagged)

If done correctly, this should work on router level.

Then you have a CAP. I will skip switch, as it is similar to bridge.

  1. Add just the base VLAN that you will use to access the CAP in interfaces
  2. Add slave WLAN interfaces that you will use for SSIDs and set them to static + settings from Mikrotik guide (it is important to follow it correctly)
  3. Add those WLAN interfaces to bridge ports and set VLAN id
  4. Define VLANSv in VLANs under bridge with trunks untagged ports

Honestly, this is really not a walk in the park, not because of the sheer complexity, but because you need to be very careful not to make mistakes. You really do need to read documentation, because this is on another level. If it is too hard, you can use old CapsMan if you have old devices, but your performance will suffer tremendously. From my measurements you will get about 50% of the speed as on Wave2 + very hight CPU load on router.

On AX CAPs you can set VLAN paths on CApsman directly, but the router should still be VLANned.

The samples on MikroTik site re CAPSMAN are good, but limited in nature. Still, they are enough to make it work. What I did is I printed rules and read them very carefully to fully grasp it.

This guide was very helpful to me: http://forum.mikrotik.com/t/guide-capsman-configuration-with-management-vlan-routeros-7-14-3/176344/16

And don’t fool yourself thinking this is easy to do. It is not. I design networks for a living and still often pull what is left of my hair out when I encounter a problem.

17

Thank you for the detailed write-up.

I don’t use VLANs in my router, I only use bridges and I have various bridges which have ports in them and EOIP or WG tunnels. I am not really sure what you mean by VLANing my router and how to achieve that. I have 2 HAP AX2s and 1 CAP AX. I did try following some guides earlier and I put the slave WiFi in the bridge with the VLAN I created, as soon as I set the VLAN ID in DataPath, I cannot connect to the slave WiFi. If I remote the Datapath VLAN ID, then it is still just as if it’s on the same eth port going through that same bridge. I assume this may be because my whole router is not setup to use VLANs.

18

Well, with VLANs you really need to know what you are doing. Bridged configuration is easy to do, and you can combine the two. However, you need to really dig into the documentation to understand VLANs to do it effectively.

There is really no silver bullet solution.