Community discussions

 
SurfkingHH
just joined
Topic Author
Posts: 5
Joined: Wed Sep 20, 2017 9:37 pm

Integrated WLAN with Capsman

Wed Sep 20, 2017 9:54 pm

Hello,

i hope you can help. I am very new to Mikrotic Routers.

I want to change my single router for a HAP AC + WAP AC.
I want to control the networks and users via CAPSMAN on the HAP AC.
I have managed to get CAPSMAN running and the WAP AC integrated.
But i struggle to get the HAP AC integrated WLAN running with CAPSMAN.
When i add them to CAPSMAN, they grey out and say "configured by CAPSMAN" but they dont activate and dont show up in the CAPSMAN interfaces.

I have searched and tried a lot with no success.
I have also reset the HAP AC and tried to only get the local interfaces running with CAPSMAN with no success.

Maybe its just something small.
Thanks for the help

Rene
 
User avatar
pcunite
Forum Veteran
Forum Veteran
Posts: 945
Joined: Sat May 25, 2013 5:13 am
Location: USA

Re: Integrated WLAN with Capsman

Thu Sep 21, 2017 12:55 am

Provide the configuration via /export compact file=MyFile.rsc and post here wrapped in forum code tag.
 
SurfkingHH
just joined
Topic Author
Posts: 5
Joined: Wed Sep 20, 2017 9:37 pm

Re: Integrated WLAN with Capsman

Mon Sep 25, 2017 10:42 pm

What is forum code tag?
 
SurfkingHH
just joined
Topic Author
Posts: 5
Joined: Wed Sep 20, 2017 9:37 pm

Re: Integrated WLAN with Capsman

Mon Sep 25, 2017 10:44 pm

# sep/23/2017 20:00:02 by RouterOS 6.40.1
# software id = Q1PZ-5VLY
#
# model = RouterBOARD 962UiGS-5HacT2HnT
# serial number = 
/interface bridge
add name=HomeNet
add admin-mac=64:D1:54:6D:1C:19 auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=ether2 ] name=ether2-master
set [ find default-name=ether3 ] master-port=ether2-master
set [ find default-name=ether4 ] master-port=ether2-master
set [ find default-name=ether5 ] master-port=ether2-master
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \
    disabled=no distance=indoors frequency=auto mode=ap-bridge ssid=\
    MikroTik-6D1C1F wireless-protocol=802.11
# managed by CAPsMAN
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
    20/40/80mhz-Ceee distance=indoors frequency=auto mode=ap-bridge ssid=\
    MikroTik-6D1C1E wireless-protocol=802.11
/ip neighbor discovery
set ether1 discover=no
/caps-man configuration
add country=germany datapath.bridge=HomeNet name=HomeNet \
    security.authentication-types=wpa2-psk security.encryption=aes-ccm \
    security.group-encryption=aes-ccm security.passphrase=guest ssid=\
    ResHome2
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
add name=dhcp_pool1 ranges=192.168.89.10-192.168.89.35
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge name=defconf
add address-pool=dhcp_pool1 disabled=no interface=HomeNet name=dhcp1
/caps-man manager
set enabled=yes
/caps-man provisioning
add master-configuration=HomeNet name-prefix=RESAP
/interface bridge port
add bridge=bridge comment=defconf interface=ether2-master
add bridge=bridge comment=defconf interface=sfp1
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/interface wireless cap
# 
set caps-man-addresses=127.0.0.1 enabled=yes interfaces=wlan2
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=\
    192.168.88.0
add address=192.168.89.1/24 interface=HomeNet network=192.168.89.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=\
    ether1
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
add address=192.168.89.0/24 gateway=192.168.89.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat src-address=192.168.89.0/24
/system clock
set time-zone-name=Europe/Berlin
#error exporting /system routerboard mode-button
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=bridge
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=bridge
 
SurfkingHH
just joined
Topic Author
Posts: 5
Joined: Wed Sep 20, 2017 9:37 pm

Re: Integrated WLAN with Capsman

Thu Oct 05, 2017 10:49 pm

Hello,

does someone have an Idea what could be wrong?

thanks

Rene
 
User avatar
matamouros
just joined
Posts: 17
Joined: Tue Oct 31, 2017 7:40 pm

Re: Integrated WLAN with Capsman

Wed Nov 08, 2017 4:38 pm

Mate I have the exact same problem, I posted at viewtopic.php?f=7&t=127517. Getting a bit desperate now to be honest. Did you figure out how to enable the local wlan of the cap manager?
 
SurfkingHH
just joined
Topic Author
Posts: 5
Joined: Wed Sep 20, 2017 9:37 pm

Re: Integrated WLAN with Capsman

Wed Nov 08, 2017 10:35 pm

No unfortunatly not.
 
User avatar
matamouros
just joined
Posts: 17
Joined: Tue Oct 31, 2017 7:40 pm

Re: Integrated WLAN with Capsman

Thu Nov 09, 2017 12:13 am

It's actually quite unbelievable that no one in this forum was able to move a finger to help, now that I've just happened to stumble upon the problem and managed to fix it a few hours ago. I'm sure this would've been dead easy for any hardcore routerOS person on here.

Go to IP > Firewall and disable the default rule commented as "drop all not coming from LAN". That should immediately add the local wlan interface(s) to CAPsMAN. Not sure why this comes like this by default, as obviously it prevents you from CAP-ing the local wifi interfaces on that same CAPsMAN device.

This needs to be disabled because obviously traffic from the local wlan interfaces is not coming from the LAN interface...

There you go, hope that sorts you, it did me. :-)
 
User avatar
matiaszon
Member
Member
Posts: 305
Joined: Mon Jul 09, 2012 9:26 am

Re: Integrated WLAN with Capsman

Thu Nov 09, 2017 11:02 am

It's actually quite unbelievable that no one in this forum was able to move a finger to help, now that I've just happened to stumble upon the problem and managed to fix it a few hours ago. I'm sure this would've been dead easy for any hardcore routerOS person on here.

Go to IP > Firewall and disable the default rule commented as "drop all not coming from LAN". That should immediately add the local wlan interface(s) to CAPsMAN. Not sure why this comes like this by default, as obviously it prevents you from CAP-ing the local wifi interfaces on that same CAPsMAN device.

This needs to be disabled because obviously traffic from the local wlan interfaces is not coming from the LAN interface...

There you go, hope that sorts you, it did me. :-)
It's quite unbelieveable, that new users have problems with using serach option on forum or google...

CAP does have nothing to do with standard firewall rules, unless you messed them up.

I would go through CAPsMAN config again, as this is most probably wrong. I have described how to do it in this post viewtopic.php?f=13&t=126943&p=625423#p625186
 
User avatar
matamouros
just joined
Posts: 17
Joined: Tue Oct 31, 2017 7:40 pm

Re: Integrated WLAN with Capsman

Thu Dec 14, 2017 6:04 pm

Would've preferred you actually helped when I needed, rather than arriving late to the party and pooping all over it.

Turns out you're wrong, and I'm only correcting you for the sake of future reference and people actually not becoming misinformed because of your reply on here. You do need to open up :5246 and :5247 for discovery, even if you are only using Layer 2. viewtopic.php?t=83389#p592779

Also, hope you don't have to actually use the search on this forum to find something you quite desperately need, otherwise you'd realise the huge foot in your mouth you'd have to remove.
 
tiktiker
just joined
Posts: 1
Joined: Thu Apr 05, 2018 6:33 pm

Re: Integrated WLAN with Capsman

Thu Apr 05, 2018 6:43 pm

I tried to connect the integrated wlan to capsman with a RB2011, a CRS109 and a map Lite. It only worked with the map Lite which I just did for testing purpose. I also went through a lot of tutorials and of course the advices from the forum here including firewall rules etc.

So finally I'm stuck and can not get any further because I lost every ideas what to check furthermore. It seems that the provisioning of the integrated caps is a problem...

Does someone has an additonal input?

Who is online

Users browsing this forum: No registered users and 25 guests