Hello,
I need URGENT help. I have assignment due in 2 days and I've been trying to solve this for days and can't figure it out. My problem is: I'm creating a lab network using hAP ac as CAP and routerboard RB3011 UIAS-RM as CAPSMAN with RADIUS authentification. When I try to connect RADIUS doesn't allow my device (i forgot the real message), and while trying to connect usermanager registration page doesn't show. PLEASE someone help me!!! Configurations of both CAP and CAPSMAN are below.
sep/07/2020 19:27:01 by RouterOS 6.45.9
software id = 6SAG-271F
model = RouterBOARD 962UiGS-5HacT2HnT
serial number = 8A77090F0C90
/interface bridge
add disabled=yes name=bridge1 protocol-mode=none
/interface wireless
set [ find default-name=wlan1 ] ssid=MikroTik
managed by CAPsMAN
channel: 5220/20-eeCe/ac(15dBm), SSID: ZAVRSNI, CAPsMAN forwarding
set [ find default-name=wlan2 ] ssid=MikroTik
/interface wireless security-profiles
set [ find default=yes ] eap-methods="" supplicant-identity=MikroTik
/tool user-manager customer
set admin access=
own-routers,own-users,own-profiles,own-limits,config-payment-gw
/interface bridge port
add bridge=bridge1 interface=wlan2
add bridge=bridge1 interface=ether2
/interface wireless cap
set bridge=bridge1 certificate=request discovery-interfaces=ether2 enabled=
yes interfaces=wlan2
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether2
/tool user-manager database
set db-path=flash/user-manager
//////////
sep/07/2020 19:25:12 by RouterOS 6.42.12
software id = NEA1-ZG3A
model = RouterBOARD 3011UiAS
serial number = B88D0ACC7D49
/interface bridge
add name=bridge1
/caps-man configuration
add channel.band=5ghz-a/n/ac channel.control-channel-width=20mhz
channel.frequency=5220 country=croatia datapath.bridge=bridge1
datapath.client-to-client-forwarding=no datapath.local-forwarding=no
mode=ap name=cfg1 ssid=ZAVRSNI
/caps-man interface
add configuration=cfg1 disabled=no l2mtu=1600 mac-address=B8:69:F4:F4:CD:F4
master-interface=none name=cap1 radio-mac=B8:69:F4:F4:CD:F4
/caps-man security
add authentication-types=wpa2-eap eap-methods=passthrough
eap-radius-accounting=yes encryption=aes-ccm,tkip group-encryption=
aes-ccm name=security1
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=bridge1 name=dhcp1
/tool user-manager customer
set admin access=
own-routers,own-users,own-profiles,own-limits,config-payment-gw
/tool user-manager profile
add name=FREE name-for-users=Free override-shared-users=off owner=admin
price=0 starts-at=logon validity=0s
add name=STANDARD name-for-users=Standard override-shared-users=off owner=
admin price=10 starts-at=logon validity=0s
add name=GOLD name-for-users=GOLD override-shared-users=off owner=admin
price=20 starts-at=logon validity=0s
/tool user-manager profile limitation
add address-list="" download-limit=524288000B group-name="" ip-pool="" name=
FREE owner=admin rate-limit-min-rx=2097152B rate-limit-min-tx=5242880B
rate-limit-rx=2097152B rate-limit-tx=5242880B transfer-limit=0B
upload-limit=209715200B uptime-limit=0s
add address-list="" download-limit=2147483648B group-name="" ip-pool="" name=
STANDARD owner=admin rate-limit-min-rx=1073741824B rate-limit-min-tx=
2147483648B rate-limit-rx=1073741824B rate-limit-tx=2147483648B
transfer-limit=0B upload-limit=1073741824B uptime-limit=0s
add address-list="" download-limit=0B group-name="" ip-pool="" name=GOLD
owner=admin rate-limit-min-rx=20971520B rate-limit-min-tx=52428800B
rate-limit-rx=20971520B rate-limit-tx=52428800B transfer-limit=0B
upload-limit=0B uptime-limit=0s
/caps-man aaa
set interim-update=59s mac-mode=as-username-and-password
/caps-man access-list
add action=query-radius allow-signal-out-of-range=10s disabled=no
private-passphrase="" radius-accounting=yes ssid-regexp=""
/caps-man manager
set ca-certificate=auto certificate=auto enabled=yes
/caps-man provisioning
add action=create-dynamic-enabled master-configuration=cfg1
/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
/ip address
add address=192.168.88.1/24 interface=bridge1 network=192.168.88.0
/ip dhcp-server network
add address=192.168.88.0/24 dns-server=8.8.8.8 gateway=192.168.88.1
/ip firewall nat
add action=masquerade chain=srcnat ipsec-policy=out,none out-interface=ether1
/radius
add address=127.0.0.1 disabled=yes secret=12345678 service=wireless
add address=192.168.88.1 secret=12345678 service=login,wireless timeout=2s
/tool user-manager database
set db-path=user-manager
/tool user-manager profile profile-limitation
add from-time=0s limitation=FREE profile=FREE till-time=23h59m59s weekdays=
sunday,monday,tuesday,wednesday,thursday,friday,saturday
add from-time=0s limitation=STANDARD profile=STANDARD till-time=23h59m59s
weekdays=sunday,monday,tuesday,wednesday,thursday,friday,saturday
add from-time=0s limitation=GOLD profile=GOLD till-time=23h59m59s weekdays=
sunday,monday,tuesday,wednesday,thursday,friday,saturday
/tool user-manager router
add coa-port=1700 customer=admin disabled=no ip-address=192.168.88.254 log=
auth-ok,auth-fail,acct-ok,acct-fail name=cap1 shared-secret=12345678
use-coa=no
/tool user-manager user
add customer=admin disabled=no password=zb33bk shared-users=10 username=
xu7wn4 wireless-enc-algo=none wireless-enc-key="" wireless-psk=12345678
add customer=admin disabled=no password=12345 shared-users=1 username=gold
wireless-enc-algo=none wireless-enc-key="" wireless-psk=""
add customer=admin disabled=no password=12345678 shared-users=1 username=FREE
wireless-enc-algo=tkip wireless-enc-key="" wireless-psk=12345678
