hofi76
October 11, 2023, 10:59am
1
I Configured a WifiWave2 with Capsman
/interface wifiwave2 provisioning
add action=create-dynamic-enabled disabled=no identity-regexp=^AX-N master-configuration=CH24_1 radio-mac=00:00:00:00:00:00 supported-bands=2ghz-n
add action=create-dynamic-enabled disabled=no identity-regexp=^AX-N master-configuration=CH50_36 radio-mac=00:00:00:00:00:00 supported-bands=5ghz-n
add action=create-dynamic-enabled disabled=no identity-regexp=^AX-H master-configuration=CH24_11 radio-mac=00:00:00:00:00:00 supported-bands=2ghz-n
add action=create-dynamic-enabled disabled=no identity-regexp=^AX-H master-configuration=CH50_44 radio-mac=00:00:00:00:00:00 supported-bands=5ghz-n
I realised the Devices appear in “CapsMan server” interfaces pane so I did a try and I configured them in this pane This worked as expected
/interface wifiwave2
add configuration=CH50_44 configuration.mode=ap disabled=no name=AX-Halo-5G
add configuration=CH24_11 configuration.mode=ap disabled=no name=AX-Halo2G
add configuration=CH24_1 configuration.mode=ap disabled=no name=AX-Nappali-2G
add configuration=CH50_36 configuration.mode=ap disabled=no name=AX-Nappali-5G
What could be the reason of provisioning not apprear on CAP-s.
What’s in between cap and controller ?
Also, what interface is controller listening to ?
hofi76
October 15, 2023, 8:36am
3
Hi holvoetn,
Capsman (RB4011) provide POE for CAPs directly on eth8 so no extra device, only the two Caps are joined one after the other via their ethernet ports.
The Capsman config:
/interface ethernet
set [ find default-name=ether1 ] loop-protect=on loop-protect-disable-time=1m name=WAN
/interface wifiwave2 channel
add band=2ghz-n disabled=no frequency=2412 name=CH24_1 skip-dfs-channels=all width=20mhz
add band=2ghz-n disabled=no frequency=2437 name=CH24_6 skip-dfs-channels=all width=20mhz
add band=2ghz-n disabled=no frequency=2462 name=CH24_11 skip-dfs-channels=all width=20mhz
add band=5ghz-ax disabled=no frequency=5180 name=CH50_36 skip-dfs-channels=all width=20/40mhz
add band=5ghz-ax disabled=no frequency=5200 name=CH50_40 skip-dfs-channels=all width=20/40mhz
add band=5ghz-ax disabled=no frequency=5220 name=CH50_44 skip-dfs-channels=all width=20/40mhz
/interface wifiwave2 datapath
add bridge=LAN disabled=no name=datapath1
/interface wifiwave2 security
add authentication-types=wpa2-psk,wpa3-psk disable-pmkid=yes disabled=no ft=yes group-encryption=ccmp group-key-update=1h name=HofiSec passphrase=XXXXX
/interface wifiwave2 configuration
add channel=CH24_1 country=Hungary datapath=datapath1 disabled=no mode=ap name=CH24_1 security=HofiSec ssid=Hoffman24 tx-power=8
add channel=CH24_6 country=Hungary datapath=datapath1 disabled=no mode=ap name=CH24_6 security=HofiSec ssid=Hoffman24 tx-power=10
add channel=CH24_11 country=Hungary datapath=datapath1 disabled=no mode=ap name=CH24_11 security=HofiSec ssid=Hoffman24 tx-power=8
add channel=CH50_36 country=Hungary datapath=datapath1 disabled=no mode=ap name=CH50_36 security=HofiSec security.ft=yes ssid=Hoffman tx-power=18
add channel=CH50_40 country=Hungary datapath=datapath1 disabled=no mode=ap name=CH50_40 security=HofiSec security.ft=yes ssid=Hoffman tx-power=16
add channel=CH50_44 country=Hungary datapath=datapath1 disabled=no mode=ap name=CH50_44 security=HofiSec security.ft=yes ssid=Hoffman tx-power=18
/interface wifiwave2
add configuration=CH50_44 configuration.mode=ap disabled=no name=AX-Halo-5G
add configuration=CH24_11 configuration.mode=ap disabled=no name=AX-Halo2G
add configuration=CH24_1 configuration.mode=ap disabled=no name=AX-Nappali-2G
add configuration=CH50_36 configuration.mode=ap disabled=no name=AX-Nappali-5G
/ip pool
add name=dhcp-pool ranges=192.168.76.1-192.168.76.80
add name=vpn_pool ranges=192.168.76.81-192.168.76.100
/ip dhcp-server
add address-pool=dhcp-pool interface=LAN lease-time=8h name=DHCP_server
/interface bridge port
add bridge=LAN ingress-filtering=no interface=ether2
.......
.......
add bridge=LAN ingress-filtering=no interface=ether10
/interface wifiwave2 access-list
add action=accept allow-signal-out-of-range=10s disabled=no interface=all signal-range=-80..120 ssid-regexp=""
add action=reject allow-signal-out-of-range=always disabled=no interface=all signal-range=-120..-81 ssid-regexp=""
/interface wifiwave2 capsman
# failed to create CA certificate: name must be unique! (6)
set ca-certificate=CAPsMAN-CA-48A98A377747 certificate=CAPsMAN-48A98A377747 enabled=yes interfaces=LAN package-path="" require-peer-certificate=yes upgrade-policy=none
/interface wifiwave2 provisioning
add action=create-dynamic-enabled disabled=no identity-regexp=^AX-N master-configuration=CH24_1 radio-mac=00:00:00:00:00:00 supported-bands=2ghz-n
add action=create-dynamic-enabled disabled=no identity-regexp=^AX-N master-configuration=CH50_36 radio-mac=00:00:00:00:00:00 supported-bands=5ghz-n
add action=create-dynamic-enabled disabled=no identity-regexp=^AX-H master-configuration=CH24_11 radio-mac=00:00:00:00:00:00 supported-bands=2ghz-n
add action=create-dynamic-enabled disabled=no identity-regexp=^AX-H master-configuration=CH50_44 radio-mac=00:00:00:00:00:00 supported-bands=5ghz-n
/ip address
add address=192.168.76.254/24 interface=LAN network=192.168.76.0
/ip firewall filter
add action=drop chain=input connection-state=invalid log-prefix=elsosor
add action=drop chain=input connection-state=new in-interface=WAN log-prefix= tamadas src-address-list=!CountryIPAllows
add action=accept chain=input src-address=192.168.76.0/24
add action=accept chain=input protocol=icmp
add action=accept chain=input dst-port=22 in-interface=LAN protocol=tcp src-address=192.168.76.0/24
add action=accept chain=input dst-port=67-68 in-interface=LAN protocol=udp
add action=accept chain=input dst-port=500 protocol=udp
add action=accept chain=input dst-port=1701 protocol=udp
add action=accept chain=input dst-port=4500 protocol=udp
add action=accept chain=input protocol=ipsec-esp
add action=drop chain=input connection-state=new,untracked in-interface=WAN
add action=drop chain=input connection-state=new,untracked in-interface=LAN log=yes log-prefix=input
add action=accept chain=forward connection-state=established,related
add action=drop chain=forward connection-state=invalid
add action=drop chain=forward dst-port=25 protocol=tcp
add action=drop chain=forward src-address=!192.168.76.0/24
CAP config
/interface bridge
add admin-mac=CA:D7:EC:B6:EC:B2 auto-mac=no name=AP_Bridge
/interface wifiwave2
# managed by CAPsMAN
# mode: AP, SSID: Hoffman24, channel: 2462/n
set [ find default-name=wifi2 ] configuration.manager=capsman .mode=ap disabled=no name=Halo2G
# managed by CAPsMAN
# mode: AP, SSID: Hoffman, channel: 5220/ax/Ce
set [ find default-name=wifi1 ] configuration.manager=capsman .mode=ap disabled=no name=Halo5G
/interface bridge port
add bridge=AP_Bridge interface=ether1 trusted=yes
add bridge=AP_Bridge interface=ether2 trusted=yes
add bridge=AP_Bridge interface=Halo5G
add bridge=AP_Bridge interface=Halo2G
/interface wifiwave2 cap
set caps-man-addresses=192.168.76.254 caps-man-names=Hofi4011 certificate=request discovery-interfaces=AP_Bridge enabled=yes lock-to-caps-man=yes
/ip firewall filter
add action=accept chain=input protocol=icmp
add action=accept chain=input dst-port=8291 protocol=tcp src-port=""
add action=accept chain=input log-prefix=CapsMan src-address=192.168.76.254
add action=accept chain=input dst-port=5678 protocol=udp src-port=5678
add action=drop chain=input log-prefix=eldob
Still not full config…
What ROS versions are both running ?
hofi76
October 15, 2023, 10:39am
5
The router OS on all devices are RouterOS 7.11.2
These are the full congifs, I Just shortened the address list
Capsman
# 2023-10-15 09:58:30 by RouterOS 7.11.2
# model = RB4011iGS+
/interface bridge
add arp=proxy-arp name=LAN protocol-mode=none
/interface ethernet
set [ find default-name=ether1 ] loop-protect=on loop-protect-disable-time=1m name=WAN
set [ find default-name=ether2 ] loop-protect=on loop-protect-disable-time=1m
set [ find default-name=ether3 ] loop-protect=on loop-protect-disable-time=1m
set [ find default-name=ether4 ] loop-protect=on loop-protect-disable-time=1m
set [ find default-name=ether5 ] loop-protect=on loop-protect-disable-time=1m
set [ find default-name=ether6 ] loop-protect=on loop-protect-disable-time=1m
set [ find default-name=ether7 ] loop-protect=on loop-protect-disable-time=1m
set [ find default-name=ether8 ] loop-protect=on loop-protect-disable-time=1m
set [ find default-name=ether9 ] loop-protect=on loop-protect-disable-time=1m
set [ find default-name=ether10 ] loop-protect=on loop-protect-disable-time=1m
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wifiwave2 channel
add band=2ghz-n disabled=no frequency=2412 name=CH24_1 skip-dfs-channels=all width=20mhz
add band=2ghz-n disabled=no frequency=2437 name=CH24_6 skip-dfs-channels=all width=20mhz
add band=2ghz-n disabled=no frequency=2462 name=CH24_11 skip-dfs-channels=all width=20mhz
add band=5ghz-ax disabled=no frequency=5180 name=CH50_36 skip-dfs-channels=all width=20/40mhz
add band=5ghz-ax disabled=no frequency=5200 name=CH50_40 skip-dfs-channels=all width=20/40mhz
add band=5ghz-ax disabled=no frequency=5220 name=CH50_44 skip-dfs-channels=all width=20/40mhz
/interface wifiwave2 datapath
add bridge=LAN disabled=no name=datapath1
/interface wifiwave2 security
add authentication-types=wpa2-psk,wpa3-psk disable-pmkid=yes disabled=no ft=yes group-encryption=ccmp group-key-update=1h name=HofiSec passphrase=XXXXXXX
/interface wifiwave2 configuration
add channel=CH24_1 country=Hungary datapath=datapath1 disabled=no mode=ap name=CH24_1 security=HofiSec ssid=Hoffman24 tx-power=8
add channel=CH24_6 country=Hungary datapath=datapath1 disabled=no mode=ap name=CH24_6 security=HofiSec ssid=Hoffman24 tx-power=10
add channel=CH24_11 country=Hungary datapath=datapath1 disabled=no mode=ap name=CH24_11 security=HofiSec ssid=Hoffman24 tx-power=8
add channel=CH50_36 country=Hungary datapath=datapath1 disabled=no mode=ap name=CH50_36 security=HofiSec security.ft=yes ssid=Hoffman tx-power=18
add channel=CH50_40 country=Hungary datapath=datapath1 disabled=no mode=ap name=CH50_40 security=HofiSec security.ft=yes ssid=Hoffman tx-power=16
add channel=CH50_44 country=Hungary datapath=datapath1 disabled=no mode=ap name=CH50_44 security=HofiSec security.ft=yes ssid=Hoffman tx-power=18
/interface wifiwave2
add configuration=CH50_44 configuration.mode=ap disabled=no name=AX-Halo-5G
add configuration=CH24_11 configuration.mode=ap disabled=no name=AX-Halo2G
add configuration=CH24_1 configuration.mode=ap disabled=no name=AX-Nappali-2G
add configuration=CH50_36 configuration.mode=ap disabled=no name=AX-Nappali-5G
/ip pool
add name=dhcp-pool ranges=192.168.76.1-192.168.76.80
add name=vpn_pool ranges=192.168.76.81-192.168.76.100
/ip dhcp-server
add address-pool=dhcp-pool interface=LAN lease-time=8h name=DHCP_server
/port
set 0 name=serial0
set 1 name=serial1
/ppp profile
add change-tcp-mss=yes local-address=192.168.76.254 name=PPTP_profile remote-address=vpn_pool use-encryption=yes
/routing bgp template
set default disabled=no output.network=bgp-networks
/routing ospf instance
add disabled=no name=default-v2
/routing ospf area
add disabled=yes instance=default-v2 name=backbone-v2
/interface bridge port
add bridge=LAN ingress-filtering=no interface=ether2
add bridge=LAN ingress-filtering=no interface=ether3
add bridge=LAN ingress-filtering=no interface=ether4
add bridge=LAN ingress-filtering=no interface=ether5
add bridge=LAN ingress-filtering=no interface=ether6
add bridge=LAN ingress-filtering=no interface=ether7
add bridge=LAN ingress-filtering=no interface=ether8
add bridge=LAN ingress-filtering=no interface=ether9
add bridge=LAN ingress-filtering=no interface=ether10
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface detect-internet
set detect-interface-list=all
/interface l2tp-server server
set authentication=mschap2 default-profile=PPTP_profile enabled=yes ipsec-secret=XXXXXXX use-ipsec=yes
/interface ovpn-server server
set auth=sha1,md5
/interface wifiwave2 access-list
add action=accept allow-signal-out-of-range=10s disabled=no interface=all signal-range=-80..120 ssid-regexp=""
add action=reject allow-signal-out-of-range=always disabled=no interface=all signal-range=-120..-81 ssid-regexp=""
/interface wifiwave2 capsman
# failed to create CA certificate: name must be unique! (6)
set ca-certificate=CAPsMAN-CA-48A98A377747 certificate=CAPsMAN-48A98A377747 enabled=yes interfaces=LAN package-path="" require-peer-certificate=yes \
upgrade-policy=none
/interface wifiwave2 provisioning
add action=create-dynamic-enabled disabled=no identity-regexp=^AX-N master-configuration=CH24_1 radio-mac=00:00:00:00:00:00 supported-bands=2ghz-n
add action=create-dynamic-enabled disabled=no identity-regexp=^AX-N master-configuration=CH50_36 radio-mac=00:00:00:00:00:00 supported-bands=5ghz-n
add action=create-dynamic-enabled disabled=no identity-regexp=^AX-H master-configuration=CH24_11 radio-mac=00:00:00:00:00:00 supported-bands=2ghz-n
add action=create-dynamic-enabled disabled=no identity-regexp=^AX-H master-configuration=CH50_44 radio-mac=00:00:00:00:00:00 supported-bands=5ghz-n
/ip address
add address=192.168.76.254/24 interface=LAN network=192.168.76.0
/ip cloud
set ddns-enabled=yes ddns-update-interval=12h
/ip dhcp-client
add interface=WAN
/ip dhcp-server lease
add address=192.168.76.201 client-id=1:f4:92:bf:10:18:73 mac-address=F4:92:BF:10:18:73 server=DHCP_server
add address=192.168.76.202 client-id=1:0:84:ed:b4:6a:ba mac-address=00:84:ED:B4:6A:BA server=DHCP_server
add address=192.168.76.203 mac-address=02:58:04:C0:F1:1D server=DHCP_server
add address=192.168.76.204 client-id=1:70:a7:41:92:cd:b5 mac-address=70:A7:41:92:CD:B5 server=DHCP_server
add address=192.168.76.205 client-id=1:dc:2c:6e:b8:6d:da mac-address=DC:2C:6E:B8:6D:DA server=DHCP_server
add address=192.168.76.206 client-id=1:dc:2c:6e:b8:6d:b6 mac-address=DC:2C:6E:B8:6D:B6 server=DHCP_server
add address=192.168.76.207 client-id=1:48:a9:8a:c5:3b:c1 mac-address=48:A9:8A:C5:3B:C1 server=DHCP_server
add address=192.168.76.208 client-id=1:ca:d7:ec:b6:ec:b2 mac-address=CA:D7:EC:B6:EC:B2 server=DHCP_server
/ip dhcp-server network
add address=192.168.76.0/24 caps-manager=192.168.76.254 dns-server=192.168.76.254 gateway=192.168.76.254 netmask=24
/ip dns
set allow-remote-requests=yes servers=1.1.1.1,8.8.8.8,8.8.4.4
/ip dns static
add address=192.168.76.201 name=wifi.hp
add address=192.168.76.203 name=cubietruck
add address=192.168.76.203 name=fileserver.hp
add address=192.168.76.202 name=konica.hp
add address=192.168.76.254 name=mikrotik.hp
/ip firewall address-list
add address=2.58.168.0/22 comment=HUNGARY list=CountryIPAllows
add address=2.59.196.0/22 comment=HUNGARY list=CountryIPAllows
add address=195.250.39.0/24 comment=HUNGARY list=CountryIPAllows
/ip firewall filter
add action=drop chain=input connection-state=invalid log-prefix=elsosor
add action=drop chain=input connection-state=new in-interface=WAN log-prefix=tamadas src-address-list=!CountryIPAllows
add action=accept chain=input src-address=192.168.76.0/24
add action=accept chain=input protocol=icmp
add action=accept chain=input dst-port=22 in-interface=LAN protocol=tcp src-address=192.168.76.0/24
add action=accept chain=input dst-port=67-68 in-interface=LAN protocol=udp
add action=accept chain=input dst-port=500 protocol=udp
add action=accept chain=input dst-port=1701 protocol=udp
add action=accept chain=input dst-port=4500 protocol=udp
add action=accept chain=input protocol=ipsec-esp
add action=drop chain=input connection-state=new,untracked in-interface=WAN
add action=drop chain=input connection-state=new,untracked in-interface=LAN log=yes log-prefix=input
add action=accept chain=forward connection-state=established,related
add action=drop chain=forward connection-state=invalid
add action=drop chain=forward dst-port=25 protocol=tcp
add action=drop chain=forward src-address=!192.168.76.0/24
/ip firewall nat
add action=masquerade chain=srcnat out-interface=WAN src-address=192.168.76.0/24
/ip service
set telnet disabled=yes
set ftp address=192.168.76.0/24 disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip smb
set domain=WORKGROUP interfaces=LAN
/ppp secret
add name=hofi password=XXXXXXXXX profile=PPTP_profile
/system clock
set time-zone-name=Europe/Budapest
/system identity
set name=Hofi4011
/system note
set show-at-login=no
/system ntp client
set enabled=yes
/system ntp client servers
add address=hu.pool.ntp.org
/system routerboard settings
set enter-setup-on=delete-key
CAP
# 2023-10-15 05:18:30 by RouterOS 7.11.2
# model = cAPGi-5HaxD2HaxD
/interface bridge
add admin-mac=CA:D7:EC:B6:EC:B2 auto-mac=no name=AP_Bridge
/interface wifiwave2
# managed by CAPsMAN
# mode: AP, SSID: Hoffman24, channel: 2462/n
set [ find default-name=wifi2 ] configuration.manager=capsman .mode=ap disabled=no name=Halo2G
# managed by CAPsMAN
# mode: AP, SSID: Hoffman, channel: 5220/ax/Ce
set [ find default-name=wifi1 ] configuration.manager=capsman .mode=ap disabled=no name=Halo5G
/interface bridge port
add bridge=AP_Bridge interface=ether1 trusted=yes
add bridge=AP_Bridge interface=ether2 trusted=yes
add bridge=AP_Bridge interface=Halo5G
add bridge=AP_Bridge interface=Halo2G
/interface wifiwave2 cap
set caps-man-addresses=192.168.76.254 caps-man-names=Hofi4011 certificate=\
request discovery-interfaces=AP_Bridge enabled=yes lock-to-caps-man=yes
/ip dhcp-client
add interface=AP_Bridge
/ip firewall filter
add action=accept chain=input protocol=icmp
add action=accept chain=input dst-port=8291 protocol=tcp src-port=""
add action=accept chain=input log-prefix=CapsMan src-address=192.168.76.254
add action=accept chain=input dst-port=5678 protocol=udp src-port=5678
add action=drop chain=input log-prefix=eldob
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/system identity
set name=AX-Halo
/system leds settings
set all-leds-off=after-1min
/system note
set show-at-login=no
/system ntp client
set enabled=yes
/system ntp client servers
add address=hu.pool.ntp.org
/tool mac-server
set allowed-interface-list=none
