Stenly
August 2, 2023, 10:03am
1
Hi, please does the guest wifi and custom DHCP+pool function work for anyone in hAP ax² (Capsman, 7.10.2) and 3xcAP ax (as CAP, 7.10.2)?
Edit: ax2
Your basic problem here is that you have 2 different wifi-environments.
hAP AC2 uses legacy wifi.
Both can not be controlled with the same capsman controller. So you would need a separate capsman controller for the wifiwave2 devices (can be one of the cAP AX devices).
Stenly
August 2, 2023, 11:00am
3
Sorry, it’s my fault. I have hAP ax² (https://mikrotik.com/product/hap_ax2 ). All devices are AX.
OK, that’s already a step in the right direction then.
There have been quite some fixes w.r.t. VLAN handling for Wifiwave2 caps devices.
And then we also would need export of your config of AX2 device
Stenly
August 2, 2023, 1:03pm
5
Hallo, thank you for your help.
I updated to 7.11rc1 hap and cap.
Here is export for ax2
# 2023-08-02 14:39:45 by RouterOS 7.11rc1
# software id = 8P1N-M8N9
#
# model = C52iG-5HaxD2HaxD
/interface bridge
add comment=host name=bridge-host
add auto-mac=no comment=defconf name=bridge-main
/interface ethernet
set [ find default-name=ether1 ] name=ether1-gateway
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wifiwave2 channel
add disabled=no name=channel skip-dfs-channels=all
add band=2ghz-ax disabled=yes name=channel2g skip-dfs-channels=all
/interface wifiwave2 datapath
add bridge=bridge-main disabled=no name=datapath-main
add bridge=bridge-host disabled=no name=datapath-host
/interface wifiwave2 security
add authentication-types=wpa2-psk disabled=no ft=yes name=security-main wps=\
disable
add authentication-types=wpa2-psk disabled=no ft=yes name=security-host wps=\
disable
/interface wifiwave2 configuration
add channel=channel channel.skip-dfs-channels=all country=Czech datapath=\
datapath-main datapath.bridge=bridge-main disabled=no hide-ssid=yes mode=\
ap name=cfg-main security=security-main security.authentication-types=\
wpa2-psk .ft=yes ssid=Privat
add channel=channel channel.skip-dfs-channels=all country=Czech datapath=\
datapath-host datapath.bridge=bridge-host disabled=no mode=ap name=\
cfg-host security=security-host security.authentication-types=wpa2-psk \
.ft=yes ssid=Host
/interface wifiwave2
set [ find default-name=wifi2 ] channel=channel configuration=cfg-main \
configuration.mode=ap datapath=datapath-main datapath.bridge=bridge-main \
disabled=no name=wifi2gmain security=security-main \
security.authentication-types=wpa2-psk
set [ find default-name=wifi1 ] channel=channel configuration=cfg-main \
configuration.mode=ap datapath=datapath-main datapath.bridge=bridge-main \
disabled=no name=wifi5gmain security=security-main \
security.authentication-types=wpa2-psk
add configuration=cfg-host configuration.mode=ap datapath=datapath-host \
datapath.bridge=bridge-host disabled=no interworking.network-type=\
public-free master-interface=wifi2gmain \
name=wifi2ghost security=security-host security.authentication-types=\
wpa2-psk
add configuration=cfg-host configuration.mode=ap datapath=datapath-host \
datapath.bridge=bridge-host disabled=no interworking.network-type=\
public-free master-interface=wifi5gmain \
name=wifi5ghost security=security-host security.authentication-types=\
wpa2-psk
/ip pool
add name=dhcp-main ranges=192.168.11.50-192.168.11.254
add name=dhcp-pool-host3 ranges=192.168.14.10-192.168.14.254
/ip dhcp-server
add address-pool=dhcp-main interface=bridge-main lease-time=5m name=dhcp-main
/ip pool
add name=dhcp-pool-host2 next-pool=dhcp-pool-host3 ranges=\
192.168.13.10-192.168.13.254
add name=dhcp-pool-host next-pool=dhcp-pool-host2 ranges=\
192.168.12.10-192.168.12.254
/ip dhcp-server
add address-pool=dhcp-pool-host interface=bridge-host lease-time=5m name=\
dhcp-host
/interface bridge port
add bridge=bridge-main comment=defconf interface=ether2
add bridge=bridge-main comment=defconf interface=ether3
add bridge=bridge-main comment=defconf interface=ether4
add bridge=bridge-main comment=defconf interface=ether5
add bridge=bridge-main comment=defconf interface=wifi5gmain
add bridge=bridge-main comment=defconf interface=wifi2gmain
add bridge=bridge-host interface=wifi2ghost
add bridge=bridge-host interface=wifi5ghost
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface detect-internet
set detect-interface-list=all
/interface list member
add comment=defconf interface=bridge-main list=LAN
add comment=defconf interface=ether1-gateway list=WAN
/interface wifiwave2 capsman
set ca-certificate=auto enabled=yes package-path="" require-peer-certificate=\
no upgrade-policy=none
/interface wifiwave2 provisioning
add action=create-dynamic-enabled disabled=no master-configuration=cfg-main \
slave-configurations=cfg-host
add action=create-dynamic-enabled disabled=no master-configuration=cfg-host
/ip address
add address=192.168.11.1/24 comment=defconf interface=bridge-main network=\
192.168.11.0
add address=192.168.12.1/24 interface=bridge-host network=192.168.12.0
add address=192.168.13.1/24 interface=bridge-host network=192.168.13.0
add address=192.168.14.1/24 interface=bridge-host network=192.168.14.0
/ip dhcp-client
add comment=defconf interface=ether1-gateway
/ip dhcp-server network
add address=192.168.11.0/24 gateway=192.168.11.1 netmask=24
add address=192.168.12.0/24 gateway=192.168.12.1 netmask=24
add address=192.168.13.0/24 gateway=192.168.13.1 netmask=24
add address=192.168.14.0/24 gateway=192.168.14.1 netmask=24
/ip dns
set allow-remote-requests=yes
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
and from cAP
# 2023-08-02 14:58:57 by RouterOS 7.11rc1
# software id = 5VIF-ZEPA
#
# model = cAPGi-5HaxD2HaxD
/interface bridge
add auto-mac=no comment=defconf name=bridgeLocal
/interface wifiwave2 datapath
add bridge=bridgeLocal comment=defconf disabled=no name=capdp
/interface wifiwave2
# managed by CAPsMAN
# mode: AP, SSID: Host, channel: 5745/ax/Ceee
set [ find default-name=wifi1 ] configuration.manager=capsman datapath=capdp \
disabled=no
# managed by CAPsMAN
# mode: AP, SSID: Host, channel: 2457/ax/eC
set [ find default-name=wifi2 ] configuration.manager=capsman datapath=capdp \
disabled=no
add configuration.mode=ap datapath=capdp disabled=no mac-address=\
4A:A9:8A:BA:20:BD master-interface=wifi2 name=wifi19
add configuration.mode=ap datapath=capdp disabled=no mac-address=\
4A:A9:8A:BA:20:BC master-interface=wifi1 name=wifi20
/interface bridge port
add bridge=bridgeLocal comment=defconf interface=ether1
add bridge=bridgeLocal comment=defconf interface=ether2
/interface wifiwave2 cap
set discovery-interfaces=bridgeLocal enabled=yes slaves-datapath=capdp \
slaves-static=no
/ip address
add address=192.168.11.3/24 interface=ether1 network=192.168.11.0
/ip dhcp-client
add comment=defconf interface=bridgeLocal
Cap looks ok (didn’t inspect in detail but at first sight ok, there is not that much which can be done wrong there
Capsman controller / AX2:
You did not define vlans ? How are you going to keep both separated then ?
Use this guide as direction:https://help.mikrotik.com/docs/display/ROS/WifiWave2#WifiWave2-CAPsMAN-CAPVLANconfigurationexample:
Stenly
August 4, 2023, 8:21am
7
Hello, I changed it to one bridge and vlan according to the logic of the example and it works.
Stenly
August 17, 2023, 7:42pm
8
Hello, still not working. I use only clear config from https://help.mikrotik.com/docs/display/ROS/WifiWave2#WifiWave2-CAPsMAN-CAPVLANconfigurationexample: or from post http://forum.mikrotik.com/t/vlans-not-working-properly/168504/1 (down is fro 7.8 routerswitch) and it doesn’t work as expected. I have still the same pool for lan and vlan privat. All wifi is still tagging as bridge/ports/ethernet4 pvid.
I have 1 ax2, ethernet1 is wan (ISP internet) and ethernet4 is for 16ports switch. In poe switch i have 5pc cap ax with capsman. All device is 7.11.
Have someone please working config?
Thank you.
).