MikroTik

I'm totally confused with CAPsMAN2 setup for wAP-ac 2-band access point.
Controller router: RB2011 or RB3011, ROS 6.35.2 and wireless-cm2 installed.

There will be several newest wAP-ac's that I want to control by RB2011 (or RB3011)

Both 2GHz and 5 GHz wlan modules in wAP-ac must have the same SSID/security setting.
Optionally I would like to add virtual AP with VLAN for guests.
But I start without virtual AP for simplifying process.
Also RB2011's own wlan is disabled in my configuration because RB2011 is in metal box in basement and Wi-Fi from RB2011 will not be used)

The first step: I made bridge-lan1 at wAP-ac and place ether1, wlan1 (2GHz) and wlan2 (5GHz) into bridge.
So here is first question: should I make bridge at AP if wlans would be controlled by CAPsMAN?
This wAP-ac Identity is AP-5.

Next I activated CAP at wAP-ac:
Interfaces: wlan1
Interfaces: wlan2
Certificate: none
Discovery Interface: bridge-lan1 (Or I should set to ether1 ? or else?)
Bridge: bridge-lan1 (confusing settings, for what this bridge?)


AT RB2011:
==========================
I created 2 channels in CAPsMAN:

channel1-2GHz
Frequency 2412
Width: 20
Band: 2ghz-b/g/n
Extension: Ce
Tx.Power: Should I set this setting or better leave blank? I set 20 so far.

channel2-5GHz
Frequency 5745
Width: 20
Band: 5ghz-a/n/ac
Extension: Ceee
Tx.Power: Should I set this setting or better leave blank? I set 10 so far.

Next I created datapath1-lan1 with bridge-local (sfp, ether2-ether5). Local forwarding is unchecked.
Next I created 2 configurations: cfg-2GHz and cfg-5GHz. Both have same SSID/security and Datapath and differs only by Channel.

In Provisioning I added two items:
First:
Radio MAC: 00:00:00:00:00:00
Action: create dynamic enabled
Master Configuration: cfg-2GHz
Slave Configuration: none
Name Format: Identity

Second:
Radio MAC: 00:00:00:00:00:00
Action: create dynamic enabled
Master Configuration: cfg-5GHz
Slave Configuration: none
Name Format: Identity
And here I'm confused too: Should I create separate Provisionings for 2Ghz and 5Ghz or set cfg-5GHz as Slave Configuration in the only Provisioning?


What I have at CAPsMAN in result if I have two Provisionings:
TAB Interfaces:
DSMB AP5-1 (it is 2GHz wlan and it's working good and Frequency shows as 2412MHz)
- no supported band
DMBI AP-5-2 (it is 5GHz wlan and it's NOT working and Frequency shows as 2412MHz too)


What I have at CAPsMAN in result if I have the only Provisionings with cfg-2GHz as Master and cfg-5GHz as Slave Configuration):

I have 4 interfaces in CAPsMAN (see screenshot enclosed). And again, 5GHz is not working, marked "- no supported band") At wAP-ac in this case I have some weird situation with "virtual AP" that I not created. (see next screenshot) Where I was wrong? How to use wAP-ac with CAPsMAN correctly?

The problem is solved. Now I have working AP's as at 2GHz as at 5GHz. Additionally I made 2 Virtual APs on both hardware wlan. Each virtual AP connects to it's own VLAN.
CAPsMAN is real very cool feature!
Thanks, @MIKROTIK!
I can explain in details who has interest to it.

I'm interested i'm the setup.

I want to make the same config. Rb3011 and wapac.

Two wlans on main network (2.4+5 ghz) and a virtual ap on a vlan.

Can you post how you managed to do it.

Thanks for your support

At wAP-ac:
1. Reset device by button or reset in winbox. Resetting by button has option for capsman ready config. But only wlan1 2GHz is included in CAP by hardware reset, so you should add 5GHz manually
2. Check your bridge tab - the only bridge (e.g "bridgeLocal") must be there. Don't add any interface to this bridge.
3. Don't create any virtual AP or VLAN at wAP-ac
4. I recommend to change SYSTEM->Identity for your numerical plan of Wi-Fi APs, e.g. "AP-5" for device #5. Later it would be easy to monitor client registration and roaming in capsman.
5. Enable and setup CAP in Wireless->Interfaces:
Now your wAP-ac is ready to be controlled by CAPsMAN


At RB3011:
1. Install package wireless-cm2 if there is no CAPsMAN tab at left bar.
Next steps in CAPsMAN menu
2. Security Cfg TAB: Create 2 security configs: 1st for MAIN access points and 2nd for Virtual APs:
3. Datapaths TAB: Create 2 datapaths: one for main APs and second for Virtual AP
>>>>>> TO BE CONTINUED IN THE NEXT POST

Thanks a lot. I will try it. It was exactly what i was loiking for.

>>>>>>>>> PART 2.
4. Channels TAB: Create 2 channels: one for 2GHz device and second for 5GHz one.
5. Configurations TAB: I created 3 configuration:
1st: cfg-2GHz-lan1 with SSID "Service" for main 2GHz APs that would be in the same network with bridge-local of RB3011 (ether2-ether5, sfp, network 192.168.1.x)
2nd: cfg-2GHz-vlan200 with SSID "Office" for Virtual 2GHz APs that would be in VLAN200 network with bridge-vlan200 of RB3011 (network 10.0.200.x)
3rd: cfg-5GHz-lan1 with SSID "Service" for main 5GHz APs that would be in the same network with bridge-local of RB3011 (ether2-ether5, sfp, network 192.168.1.x)
If you want you may add Virtual APs to 5GHz APs too
Don't forget to set corresponding CHANNEL, DATAPATH, SECURITY that we created in previous steps for each configuration.
6. And now the last step and there is one tip here. Provisioning TAB: create 2 provisioning:
1st for MAIN and VIRTUAL APs for 2GHz
2nd for MAIN APs for 2GHz
If you decided to have virtual APs at 5GHz too, just add corresponding config at Slave configuration. You may have up to 32 Slave configurations!
Take attention at Hw.Supported modes field: for 2Ghz device I choose gn (802.11 g/n protocol) and "ac" for 5Ghz device.
If you will not fill this value, 5GHz device will not work because it will receive 2GHz config and you get error "- NO SUPPORTED BAND".
Name format "identity": see step 4 for wAP-ac setup.
And finally enable CAPsMAN in Interfaces->Manager

I guess than you know how to setup VLAN at RB3011, but if you don't - let me know...

On wich interface have you create your vlan 200? On the on connected to the wapac?

On which interface have you created your vlan 200? On the on connected to the wapac?

vlan200 is added at bridge-lan1 of the RB3011. But it is no member among bridge-lan1 ports. Just added to interface.

But vlan200 is a member port of bridge-vlan200.
I have dhcp-vlan200 server that is connected to bridge-vlan200.
So all my wAP-ac's are getting main address from dhcp-lan1 (192.168.1.x) and virtual AP's are getting addresses from dhcp-vlan200 (10.0.200.x)
Privileged wi-fi clients are in main company network, other clients are in VLAN

Thanks a lot again

It's working great and easier to manage than previously.

I can manage everything from the RB3011 now.

You rocks !!!!!!

Hi

We are using several wAP ac and other devices controlled by CAPsMAN. The setup is working just fine (most of the time).
I experienced, that the wAP ac devices have some issues with certain frequencies on 2.4GHz module and all 3 chains enabled!
After many tests, my results are like fallowing:

CAPsMAN config: settings
Frequency: blank (auto frequency selection)
With: blank (auto)
Band: 2ghz-b/g/n
Extension Channel: disabled
Tx. Power: blank

Result:
Depending what frequency CAPsMAN selects for the wAP ac 2.4ghz module, it is not possible to connect to the Wifi even the SSID is visible.
So, I tested all 13 channels for 2.4ghz band manually with all 3 chains enabled (chain 0/1/2). After CAP is provisioned, I entered the frequency directly in the interface on CAPsMAN. So with channels 2432/2437/2442/2447 I could not connect to Wifi.

After this, I did the same with only chain 0. Now I could connect to Wifi in all 13 channels.
It seems, that the 3 chains for the 2.4ghz module interfer to each other in certain frequencies!!

The wAP ac is really a handy and useful device. But with such Issues not really funcionable.

To verify my doupt, I also experienced some strange behaviour when I did a "Frequency Usage Test" on the devices 2.4ghz Modul. It shows, that the frequencies 2432 to 2447 seem to have high usage levels, like more than 60%. Even there is no device around sending in theese channels!!! When I do the same frequency test with another device (not wAP ac), these frequencies have almost 0% usage!!!

Has someone made the same experience like me, or am I the only poor Fellow?

Cheers

I am really lost since you added the Vlan 200. Why did you do this? I have a RB2011 with builtin 2ghz AP and a wAP ac with both 2ghz and 5ghz radios. I want to manage with capman in the same single vlan1. I can manage the 2ghz on the 2011 and the 2ghz on the wAP ac but never the 5 ghz.

I have "main" office network 192.168.1.x
This is WIRED network. And all desktops and laptops are connected to this network. But all my APs are connected to this network too.
I have main SERVICE ssid at AP that is in 192.168.1.x address space. I use this SSID for service purpose.
But all office people use VIRTUAL AP that is in VLAN200. They have no access to main AP. And finally guests can use VIRTUAL AP that is in VLAN100. Both VLAN200 and VLAN100 is working "over" main office network.
In my manual I did not mention VLAN100 to simplify my scheme