Hi - I have successfully set up capsman using it's own set of addresses, bridge, DHCP, etc., and it all works.
However I have two issues.
1. I'd like the capsman network to have the same addresses as the physical network, and use the same DHCP range, etc. I've looked everywhere but I can't seem to find an example that handles this. I've been using Mikrotik for years, but I'm at the novice level (this is a home network).
2. I'm also unable to access any device on the physical network from a device on the wireless network. Each device can see each other, but they cannot cross networks. I've checked the firewall and I don't have any blocking that would affect it (and disabling drops - as a test - did nothing).
Any suggestions or areas to look at would be appreciated.
If you want devices connected to CAPs have the same IP range, than you don't need to create any additional bridge on your router with CAPs Manager. What you need to do is just to create proper configs. This config is based on WinBox which should be easier for you.
1. First of all create certificate in CAP Manager (CAPsMAN). I believe you already did that.
2. Again, in CAPsMAN click on Channels card. Click on "+" to add new config. Put any name you want, set up frequency (don't touch it if you want to have it automatic), choose the band type (be sure it will match your CAPs specs), choose extension channel, and that should be enough. Click Apply and OK.
3. Click on "Datapaths" card, add new config. Now, the two most important things: i) be sure you use the proper bridge (the same as for other devices connected to the router); ii) check "Client to Client forwarding" which will allow to communicate between devices connected to your CAPs. Apply and OK.
4. Click on "Security Cfg." card and configure the desired level of security (WPA, WPA2, AES, etc.). Apply, OK.
5. Click on "Configurations" card and add new config. Name it as you want, and then:
SSID: choose SSID you want to use
Distance: if it's inside the house choose indoors
Country: choose your country
I have also set up HT Tx/Rx Chains (checked 0 and 1 in both fields to MIMO antennas)
Channel: choose the channel cfg you created
Datapath: choose the datapath cfg you created
Security: choose the security cfg you created
6. Click on "Provisioning" card and add new config. As a radio MAC put 00:00:00:00:00:00. In "Action field" choose "create dynamic enabled". In "Master configuration" choose the config you created. In "Name Format" field you can choose "identity" to have better view on names of your CAPs. However this requires setting up identities on each of your CAP (System > Indetity in WinBox).
On your CAP devices you need to do the following
1. Be sure that wlan1 interface is not bridged with anything else.
2. Wireless > CAP button and:
Discovery interfaces: ether1 (or bridge if it's a device with bridged ether ports)
CAPsMAN Address: put your CAPsMAN IP address
Apply > OK
Sometimes it doesn't connect so you have to uncheck "Enabled", click Apply, re-check "Enabled" again and click Apply.
Why provisioning? It gives you the opportunity to describe which radio (CAP) will work under which config. It means that in CAPsMAN you can add other configs that other radios (CAPs) will broadcast different SSID, work in different bands, etc. All you need to do is to put that CAP's MAC above the 00:00:00:00:00:00, which refers to ANY radio MAC.
In the beginning I have used this tutorial to configure CAPsMAN