Community discussions

 
rsalmar
just joined
Topic Author
Posts: 5
Joined: Mon Oct 23, 2017 6:22 am

Capsman without second address network

Mon Oct 23, 2017 9:36 am

Hi - I have successfully set up capsman using it's own set of addresses, bridge, DHCP, etc., and it all works.

However I have two issues.

1. I'd like the capsman network to have the same addresses as the physical network, and use the same DHCP range, etc. I've looked everywhere but I can't seem to find an example that handles this. I've been using Mikrotik for years, but I'm at the novice level (this is a home network).

2. I'm also unable to access any device on the physical network from a device on the wireless network. Each device can see each other, but they cannot cross networks. I've checked the firewall and I don't have any blocking that would affect it (and disabling drops - as a test - did nothing).

Any suggestions or areas to look at would be appreciated.
 
User avatar
matiaszon
Member
Member
Posts: 305
Joined: Mon Jul 09, 2012 9:26 am

Re: Capsman without second address network

Fri Oct 27, 2017 3:27 pm

Hi - I have successfully set up capsman using it's own set of addresses, bridge, DHCP, etc., and it all works.

However I have two issues.

1. I'd like the capsman network to have the same addresses as the physical network, and use the same DHCP range, etc. I've looked everywhere but I can't seem to find an example that handles this. I've been using Mikrotik for years, but I'm at the novice level (this is a home network).

2. I'm also unable to access any device on the physical network from a device on the wireless network. Each device can see each other, but they cannot cross networks. I've checked the firewall and I don't have any blocking that would affect it (and disabling drops - as a test - did nothing).

Any suggestions or areas to look at would be appreciated.
If you want devices connected to CAPs have the same IP range, than you don't need to create any additional bridge on your router with CAPs Manager. What you need to do is just to create proper configs. This config is based on WinBox which should be easier for you.

1. First of all create certificate in CAP Manager (CAPsMAN). I believe you already did that.
2. Again, in CAPsMAN click on Channels card. Click on "+" to add new config. Put any name you want, set up frequency (don't touch it if you want to have it automatic), choose the band type (be sure it will match your CAPs specs), choose extension channel, and that should be enough. Click Apply and OK.
3. Click on "Datapaths" card, add new config. Now, the two most important things: i) be sure you use the proper bridge (the same as for other devices connected to the router); ii) check "Client to Client forwarding" which will allow to communicate between devices connected to your CAPs. Apply and OK.
4. Click on "Security Cfg." card and configure the desired level of security (WPA, WPA2, AES, etc.). Apply, OK.
5. Click on "Configurations" card and add new config. Name it as you want, and then:
Wireless card
Mode: ap
SSID: choose SSID you want to use
Distance: if it's inside the house choose indoors
Country: choose your country
I have also set up HT Tx/Rx Chains (checked 0 and 1 in both fields to MIMO antennas)
Channel card
Channel: choose the channel cfg you created
Datapath card
Datapath: choose the datapath cfg you created
Security card
Security: choose the security cfg you created
6. Click on "Provisioning" card and add new config. As a radio MAC put 00:00:00:00:00:00. In "Action field" choose "create dynamic enabled". In "Master configuration" choose the config you created. In "Name Format" field you can choose "identity" to have better view on names of your CAPs. However this requires setting up identities on each of your CAP (System > Indetity in WinBox).

On your CAP devices you need to do the following
1. Be sure that wlan1 interface is not bridged with anything else.
2. Wireless > CAP button and:
Interfaces: wlan1
Certificate: request
Discovery interfaces: ether1 (or bridge if it's a device with bridged ether ports)
CAPsMAN Address: put your CAPsMAN IP address
Brdige: none
Apply > OK
Sometimes it doesn't connect so you have to uncheck "Enabled", click Apply, re-check "Enabled" again and click Apply.

Why provisioning? It gives you the opportunity to describe which radio (CAP) will work under which config. It means that in CAPsMAN you can add other configs that other radios (CAPs) will broadcast different SSID, work in different bands, etc. All you need to do is to put that CAP's MAC above the 00:00:00:00:00:00, which refers to ANY radio MAC.

In the beginning I have used this tutorial to configure CAPsMAN
https://www.youtube.com/watch?v=xVTsa59ijD4&t=13s
 
rsalmar
just joined
Topic Author
Posts: 5
Joined: Mon Oct 23, 2017 6:22 am

Re: Capsman without second address network

Sat Oct 28, 2017 6:22 am

Hi - thank you for the response, I think I am losing you at the bridge.

My objective is to have only one set of addresses, and one DHCP server, for both LAN and WiFi clients. To set up Capsman, I had to create a Bridge to assign the addresses, etc., and this is selected in the Datapath. It is the only bridge that shows up as selectable. The LAN of course does not have a bridge, therefore the LAN and the WiFi clients get a different set of addresses.

I think that this is the part I'm not understanding, how to have the data path just use the default addresses assigned to the LAN1 interface?
 
User avatar
matiaszon
Member
Member
Posts: 305
Joined: Mon Jul 09, 2012 9:26 am

Re: Capsman without second address network

Sat Oct 28, 2017 7:44 pm

You don't have to create special bridge, just add CAPs to your existing bridge. Or, if you already created bridge for CAPs, just add LAN ports to the same bridge, and you will have 1 DHCP for all your network.
 
rsalmar
just joined
Topic Author
Posts: 5
Joined: Mon Oct 23, 2017 6:22 am

Re: Capsman without second address network

Sun Oct 29, 2017 3:17 am

OK that's my confusion. Starting with a default configuration, there is no bridge. The LAN ports are just slaves to the master port, which has the DHCP server. I tried adding the LAN1 port to the CAPs bridge and that just locked me out and stopped everything working (had to reset). Any points on how to add that first bridge?
 
rsalmar
just joined
Topic Author
Posts: 5
Joined: Mon Oct 23, 2017 6:22 am

Re: Capsman without second address network

Sun Oct 29, 2017 10:53 am

Ok, I’d did it. It took me 4 tries clearing the configuration to zero but I now have the LAN1(ether2) interface on a bridge, and this bridge assigned to CAPsMAN through which the APs are accessed. I did it by using ether5 as a master interface and configuring over and over until the bridge worked. I must say, to me it was not obvious and there certainly wasn’t any easily available tutorials. I should write one, but I’m not a pro and it will end up sounding rubbish. I’m now going to add a guest network, given that this was my starting position I’m not concerned. I do think Mikrotik would clean up the market if they SIGNIFICANTLY improved their interface (and I’m a 7 year customer).
 
User avatar
matiaszon
Member
Member
Posts: 305
Joined: Mon Jul 09, 2012 9:26 am

Re: Capsman without second address network

Sun Oct 29, 2017 4:12 pm

Ok, I’d did it. It took me 4 tries clearing the configuration to zero but I now have the LAN1(ether2) interface on a bridge, and this bridge assigned to CAPsMAN through which the APs are accessed. I did it by using ether5 as a master interface and configuring over and over until the bridge worked. I must say, to me it was not obvious and there certainly wasn’t any easily available tutorials. I should write one, but I’m not a pro and it will end up sounding rubbish. I’m now going to add a guest network, given that this was my starting position I’m not concerned. I do think Mikrotik would clean up the market if they SIGNIFICANTLY improved their interface (and I’m a 7 year customer).
It is very easy. It must be something else you probably were doing wrong.
Happy to hear it works anyway.

Who is online

Users browsing this forum: MSN [Bot] and 41 guests