VLAN+CAPS-MAN Config

oe5nip · February 18, 2020, 11:55am

Hi!

I have now a config with CAPS-MAN with no VLAN, I am Looking for a sample with VLAN?

Like a Demo Config ….

I have found only with VLAN config or only with CAPS-MAN.

Thanks….

erlinden · February 18, 2020, 12:04pm

VLAN can be configured through datapaths:
https://wiki.mikrotik.com/wiki/Manual:CAPsMAN#Datapath_Configuration

Can you please share your current configuration so we can supply additional information?

oe5nip · February 23, 2020, 11:22am

Sorryj for my late reply.

Hi this is my config.

Config

Router 1
AP 1 APDACH
AP 2 APGAR
SWITCH SWZDAVID
SWITCH SZWJOHANNES
Printer Port LAN

Router 2 (in Switch Mode)
AP WZ
Switch Keller
Switch Garage
Switch TV

CAPS-MAN

is working.

I am looking now to add 5 x VLAN working on the config + Capsman,

Guest-Wlan and Member-WLAN have separate config.

Also I need 1 Port von Router 1 for Sharing Printer for Guest and Member.

Any Idea for simple Update of the Config.

feb/23/2020 12:15:32 by RouterOS 6.44.6

software id = G2XF-DMWN

model = CRS125-24G-1S-2HnD

serial number =

/caps-man channel
add band=2ghz-g/n control-channel-width=20mhz extension-channel=disabled
frequency=2412 name=“2.4 GHz”
add band=5ghz-n/ac control-channel-width=20mhz extension-channel=disabled
frequency=5180 name=“5 GHz”
add band=2ghz-g/n control-channel-width=20mhz extension-channel=disabled
frequency=2412 name=2412
add band=2ghz-g/n control-channel-width=20mhz extension-channel=disabled
frequency=2432 name=2432
add band=2ghz-g/n control-channel-width=20mhz extension-channel=disabled
frequency=2452 name=2452
add band=2ghz-g/n control-channel-width=20mhz extension-channel=disabled
frequency=2472 name=2472
add band=5ghz-n/ac control-channel-width=20mhz extension-channel=disabled
frequency=5180 name=5180
add band=5ghz-n/ac control-channel-width=20mhz extension-channel=disabled
frequency=5200 name=5200
add band=5ghz-n/ac control-channel-width=20mhz extension-channel=disabled
frequency=5220 name=5220
add band=5ghz-n/ac control-channel-width=20mhz extension-channel=disabled
frequency=5240 name=5240
/interface ethernet
set [ find default-name=sfp1 ] disabled=yes
/interface bridge
add name=Bridge_Vlan10AM
add admin-mac=64:D1:54:70:ED:98 auto-mac=no comment=defconf name=bridge
add name=bridge-g
/interface vlan
add interface=ether5 name=vlan10-AM5 vlan-id=10
add interface=ether6 name=vlan10-AM6 vlan-id=10
add interface=ether7 name=vlan10-AM7 vlan-id=10
/caps-man datapath
add bridge=bridge client-to-client-forwarding=yes local-forwarding=yes name=
BridgeDP
add bridge=bridge-g name=Bridge-Guest
/caps-man security
add authentication-types=wpa2-psk disable-pmkid=yes encryption=aes-ccm
group-encryption=aes-ccm group-key-update=1h name=SecurityM passphrase=\

add authentication-types=wpa2-psk disable-pmkid=yes encryption=aes-ccm
group-encryption=aes-ccm group-key-update=1h name=SecurityG passphrase=\

/caps-man configuration
add channel=2412 country=austria datapath=BridgeDP installation=indoor mode=
ap name=“2.4 GHz-M” rx-chains=0,1 security=SecurityM ssid=
“HackM(2.4 GHz)” tx-chains=0,1
add channel=5180 country=austria datapath=BridgeDP installation=indoor mode=
ap name=“5 GHz-M” rx-chains=0,1 security=SecurityM ssid=“HackM(5 Ghz)”
tx-chains=0,1
add channel=2412 country=austria datapath=Bridge-Guest installation=indoor
mode=ap name=“2.4 GHz-G” rx-chains=0,1 security=SecurityG ssid=
“HackG(2.4 GHz)” tx-chains=0,1
add channel=5180 country=austria datapath=Bridge-Guest installation=indoor
mode=ap name=“5 GHz-G” rx-chains=0,1 security=SecurityG ssid=
“HackG(5 Ghz)” tx-chains=0,1
/caps-man interface
add channel=2412 configuration=“2.4 GHz-M” disabled=no l2mtu=1600
mac-address=74:4D:28:A4:AD:EF master-interface=none name=2.4GHz-APDACH-1
radio-mac=74:4D:28:A4:AD:EF radio-name=744D28A4ADEF
add configuration=“2.4 GHz-G” disabled=no l2mtu=1600 mac-address=
76:4D:28:A4:AD:EF master-interface=2.4GHz-APDACH-1 name=2.4GHz-APDACH-1-1
radio-mac=00:00:00:00:00:00 radio-name=764D28A4ADEF
add channel=2432 configuration=“2.4 GHz-M” disabled=no l2mtu=1600
mac-address=74:4D:28:A4:37:81 master-interface=none name=2.4GHz-APGAR-1
radio-mac=74:4D:28:A4:37:81 radio-name=744D28A43781
add configuration=“2.4 GHz-G” disabled=no l2mtu=1600 mac-address=
76:4D:28:A4:37:81 master-interface=2.4GHz-APGAR-1 name=2.4GHz-APGAR-1-1
radio-mac=00:00:00:00:00:00 radio-name=764D28A43781
add channel=2452 configuration=“2.4 GHz-M” disabled=no l2mtu=1600
mac-address=74:4D:28:2E:9A:4B master-interface=none name=2.4GHz-APKELL-1
radio-mac=74:4D:28:2E:9A:4B radio-name=744D282E9A4B
add configuration=“2.4 GHz-G” disabled=no l2mtu=1600 mac-address=
76:4D:28:2E:9A:4B master-interface=2.4GHz-APKELL-1 name=2.4GHz-APKELL-1-1
radio-mac=00:00:00:00:00:00 radio-name=764D282E9A4B
add channel=2472 configuration=“2.4 GHz-M” disabled=no l2mtu=1600
mac-address=74:4D:28:A4:09:FF master-interface=none name=2.4GHz-APWZ-1
radio-mac=74:4D:28:A4:09:FF radio-name=744D28A409FF
add configuration=“2.4 GHz-G” disabled=no l2mtu=1600 mac-address=
76:4D:28:A4:09:FF master-interface=2.4GHz-APWZ-1 name=2.4GHz-APWZ-1-1
radio-mac=00:00:00:00:00:00 radio-name=764D28A409FF
add channel=5180 configuration=“5 GHz-M” disabled=no l2mtu=1600 mac-address=
74:4D:28:A4:AD:F0 master-interface=none name=5.0GHz-APDACH-1 radio-mac=
74:4D:28:A4:AD:F0 radio-name=744D28A4ADF0
add configuration=“5 GHz-G” disabled=no l2mtu=1600 mac-address=
76:4D:28:A4:AD:F0 master-interface=5.0GHz-APDACH-1 name=5.0GHz-APDACH-1-1
radio-mac=00:00:00:00:00:00 radio-name=764D28A4ADF0
add channel=5200 configuration=“5 GHz-M” disabled=no l2mtu=1600 mac-address=
74:4D:28:A4:37:82 master-interface=none name=5.0GHz-APGAR-1 radio-mac=
74:4D:28:A4:37:82 radio-name=744D28A43782
add configuration=“5 GHz-G” disabled=no l2mtu=1600 mac-address=
76:4D:28:A4:37:82 master-interface=5.0GHz-APGAR-1 name=5.0GHz-APGAR-1-1
radio-mac=00:00:00:00:00:00 radio-name=764D28A43782
add channel=5220 configuration=“5 GHz-M” disabled=no l2mtu=1600 mac-address=
74:4D:28:2E:9A:4C master-interface=none name=5.0GHz-APKELL-1 radio-mac=
74:4D:28:2E:9A:4C radio-name=744D282E9A4C
add configuration=“5 GHz-G” disabled=no l2mtu=1600 mac-address=
76:4D:28:2E:9A:4C master-interface=5.0GHz-APKELL-1 name=5.0GHz-APKELL-1-1
radio-mac=00:00:00:00:00:00 radio-name=764D282E9A4C
add channel=5240 configuration=“5 GHz-M” disabled=no l2mtu=1600 mac-address=
74:4D:28:A4:0A:00 master-interface=none name=5.0GHz-APWZ-1 radio-mac=
74:4D:28:A4:0A:00 radio-name=744D28A40A00
add configuration=“5 GHz-G” disabled=no l2mtu=1600 mac-address=
76:4D:28:A4:0A:00 master-interface=5.0GHz-APWZ-1 name=5.0GHz-APWZ-1-1
radio-mac=00:00:00:00:00:00 radio-name=764D28A40A00
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk eap-methods=“” group-ciphers=tkip,aes-ccm
management-protection=allowed mode=dynamic-keys name=Hack2M
supplicant-identity=“” unicast-ciphers=tkip,aes-ccm wpa2-pre-shared-key=
!Wlanhacker19
add authentication-types=wpa2-psk eap-methods=“” group-ciphers=tkip,aes-ccm
management-protection=allowed mode=dynamic-keys name=Hack2G
supplicant-identity=“” unicast-ciphers=tkip,aes-ccm wpa2-pre-shared-key=
!Wlangast
/interface wireless

managed by CAPsMAN

channel: 2412/20/gn(16dBm), SSID: HackM(2.4 GHz), local forwarding

set [ find default-name=wlan1 ] antenna-gain=4 band=2ghz-g/n country=austria
disabled=no distance=indoors frequency=auto frequency-mode=
regulatory-domain installation=indoor mode=ap-bridge name=Wlan1
security-profile=Hack2M ssid=Hack2M wireless-protocol=802.11 wmm-support=
enabled wps-mode=disabled
add disabled=no keepalive-frames=disabled mac-address=66:D1:54:70:ED:B0
master-interface=Wlan1 multicast-buffering=disabled name=Wlan2
security-profile=Hack2G ssid=Hack2G wds-cost-range=0 wds-default-cost=0
wps-mode=disabled
/ip pool
add name=default-dhcp ranges=10.0.1.0-10.0.1.100
add name=dhcp_pool1 ranges=10.0.20.1-10.0.20.50
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge name=defconf
add address-pool=dhcp_pool1 disabled=no interface=bridge-g name=dhcp1
/queue simple
add dst=ether1 max-limit=1M/5M name=BandbreiteG target=bridge-g
add name=BandbreiteL target=bridge
/caps-man manager
set ca-certificate=auto certificate=auto enabled=yes
/caps-man provisioning
add action=create-dynamic-enabled hw-supported-modes=g master-configuration=
“2.4 GHz-M” name-format=prefix-identity name-prefix=2.4GHz
slave-configurations=“2.4 GHz-G”
add action=create-dynamic-enabled hw-supported-modes=ac master-configuration=
“5 GHz-M” name-format=prefix-identity name-prefix=5.0GHz
slave-configurations=“5 GHz-G”
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=ether9
add bridge=bridge comment=defconf interface=ether10
add bridge=bridge comment=defconf interface=ether11
add bridge=bridge comment=defconf interface=ether12
add bridge=bridge comment=defconf interface=ether13
add bridge=bridge comment=defconf interface=ether14
add bridge=bridge comment=defconf interface=ether15
add bridge=bridge comment=defconf interface=ether16
add bridge=bridge comment=defconf interface=ether17
add bridge=bridge comment=defconf interface=ether18
add bridge=bridge comment=defconf interface=ether19
add bridge=bridge comment=defconf interface=ether20
add bridge=bridge comment=defconf interface=ether21
add bridge=bridge comment=defconf interface=ether22
add bridge=bridge comment=defconf interface=ether23
add bridge=bridge comment=defconf interface=ether24
add bridge=bridge comment=defconf disabled=yes interface=sfp1
add bridge=bridge comment=defconf interface=Wlan1
add bridge=bridge-g interface=Wlan2
add bridge=Bridge_Vlan10AM interface=vlan10-AM5
add bridge=Bridge_Vlan10AM interface=vlan10-AM6
add bridge=Bridge_Vlan10AM interface=vlan10-AM7
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/interface wireless cap

set certificate=CAP-64D15470ED97 discovery-interfaces=bridge enabled=yes
interfaces=Wlan1 lock-to-caps-man=yes
/ip address
add address=10.0.1.254/24 comment=defconf interface=bridge network=10.0.1.0
add address=10.0.20.254/24 interface=bridge-g network=10.0.20.0
add address=10.0.10.254/24 interface=Bridge_Vlan10AM network=10.0.10.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=
ether1
/ip dhcp-server network
add address=10.0.1.0/24 comment=defconf gateway=10.0.1.254
add address=10.0.20.0/24 gateway=10.0.20.254
/ip dns
set allow-remote-requests=yes cache-max-ttl=50w4d
/ip dns static
add address=10.0.1.254 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=
“defconf: accept established,related,untracked” connection-state=
established,related,untracked
add action=accept chain=input comment=
“defconf: accept established,related,untracked” connection-state=
established,related,untracked in-interface=bridge-g
add action=accept chain=forward comment=
“defconf: accept established,related,untracked” connection-state=
established,related,untracked in-interface=bridge-g out-interface=ether1
add action=drop chain=input comment=
“defconf: accept established,related,untracked” connection-state=“”
in-interface=bridge-g
add action=drop chain=input comment=“defconf: drop invalid” connection-state=
invalid
add action=accept chain=input comment=“defconf: accept ICMP” protocol=icmp
add action=accept chain=input comment=
“defconf: accept to local loopback (for CAPsMAN)” dst-address=127.0.0.1
add action=accept chain=input dst-address-type=local src-address-type=local
add action=accept chain=input dst-address-type=local src-address-type=local
add action=drop chain=input comment=“defconf: drop all not coming from LAN”
in-interface-list=!LAN
add action=accept chain=forward comment=“defconf: accept in ipsec policy”
ipsec-policy=in,ipsec
add action=accept chain=forward comment=“defconf: accept out ipsec policy”
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment=“defconf: fasttrack”
connection-state=established,related disabled=yes
add action=accept chain=forward comment=
“defconf: accept established,related, untracked” connection-state=
established,related,untracked
add action=drop chain=forward comment=“defconf: drop invalid”
connection-state=invalid
add action=drop chain=forward comment=
“defconf: drop all from WAN not DSTNATed” connection-nat-state=!dstnat
connection-state=new in-interface-list=WAN
add action=accept chain=input port=53 protocol=udp
add action=accept chain=input protocol=st
/ip firewall nat
add action=masquerade chain=srcnat comment=“defconf: masquerade”
ipsec-policy=out,none out-interface-list=WAN
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/lcd interface pages
set 0 interfaces=Wlan1
/system clock
set time-zone-name=Europe/Vienna
/system identity
set name=RSFB
/system ntp client
set enabled=yes primary-ntp=178.189.127.148 secondary-ntp=212.69.166.153
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN