Page 1 of 1

Capsman and Virtual AP - how to setup?

Posted: Tue Feb 20, 2018 10:19 pm
by nradu
Hello everybody,

I'm a beginner in Mikrotik devices and I need your help how to setup Virtual AP (Guest WiFi) in the following setup: 1 hEX router (with DHCP server, firewall, NAT etc running) and 2 wAPs connected via Ethernet to the hEX, both CAPs controlled by CAPsMAN running on hEX (local forwarding on).
I want to setup a Guest WiFi with separate IP network from the main WiFi network, with no access between them - Guest should have access only to internet via hEX & no access to WiFi clients connected to main WiFi and LAN devices connected via Ethernet to hEX.

I don't know how to create Datapath and how / where (in CAP, CAPsMAN etc) to create Bridge for the Guest WiFi, so it can get DHCP address from a different pool of addresses. All my tries end up in having Guest clients getting IP from the same network as main clients.
All tutorials I've seen have the WiFi running on the router, not on separate APs, so I cannot fully replicate them.

Any advice/tutorial/hint on my particular setup is more than welcome.

Thanks,
Radu

Re: Capsman and Virtual AP - how to setup?

Posted: Sat Feb 24, 2018 4:28 pm
by poizzon
small example for start:
/caps-man channel
add band=2ghz-b/g/n control-channel-width=20mhz frequency=2412 name=channel01
add band=2ghz-b/g/n control-channel-width=20mhz frequency=2417 name=channel02
add band=2ghz-b/g/n control-channel-width=20mhz frequency=2422 name=channel03
add band=2ghz-b/g/n control-channel-width=20mhz frequency=2427 name=channel04
add band=2ghz-b/g/n control-channel-width=20mhz frequency=2432 name=channel05
add band=2ghz-b/g/n control-channel-width=20mhz frequency=2437 name=channel06
add band=2ghz-b/g/n control-channel-width=20mhz frequency=2442 name=channel07
add band=2ghz-b/g/n control-channel-width=20mhz frequency=2447 name=channel08
add band=2ghz-b/g/n control-channel-width=20mhz frequency=2452 name=channel09
add band=2ghz-b/g/n control-channel-width=20mhz frequency=2457 name=channel10
add band=2ghz-b/g/n control-channel-width=20mhz frequency=2462 name=channel11
add band=2ghz-b/g/n control-channel-width=20mhz frequency=2467 name=channel12
add band=2ghz-b/g/n control-channel-width=20mhz frequency=2472 name=channel13
add band=2ghz-b/g/n control-channel-width=20mhz frequency=2484 name=channel14
/caps-man datapath
add bridge=br-Cap1 name=datapath1
add bridge=br-Cap2 name=datapath2
add bridge=br-Cap3 name=datapath3
add bridge=br-Cap4 name=datapath4
add bridge=br-Cap0 name=datapath0
/caps-man configuration
add country=argentina datapath=datapath4 datapath.bridge=br-Cap4 mode=ap name=cfg04 ssid="Configured by CAPsMAN 04"
/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm name=security1 passphrase=passphrase
add authentication-types=wpa2-psk encryption=aes-ccm name=security2 passphrase=passphrase
add authentication-types=wpa2-psk encryption=aes-ccm name=security3 passphrase=passphrase
add authentication-types=wpa2-psk encryption=aes-ccm name=security4 passphrase=passphrase
add authentication-types=wpa2-psk encryption=aes-ccm name=security0 passphrase=passphrase
/caps-man configuration
add country=argentina datapath=datapath0 datapath.bridge=br-Cap0 mode=ap name=cfg00 security=security0 ssid="Configured by CAPsMAN 00"
add country=argentina datapath=datapath1 datapath.bridge=br-Cap1 mode=ap name=cfg01 security=security1 ssid="Configured by CAPsMAN 01"
add country=argentina datapath=datapath2 datapath.bridge=br-Cap2 mode=ap name=cfg02 security=security2 ssid="Configured by CAPsMAN 02"
add country=argentina datapath=datapath3 datapath.bridge=br-Cap3 mode=ap name=cfg03 security=security3 ssid="Configured by CAPsMAN 03"
/caps-man access-list
add action=accept disabled=no interface=any signal-range=-95..120 ssid-regexp=""
add action=reject disabled=no interface=any signal-range=-120..-96 ssid-regexp=""
/caps-man manager
set enabled=yes
/caps-man provisioning
add action=create-dynamic-enabled master-configuration=cfg00 slave-configurations=cfg01,cfg02,cfg03,cfg04

/interface bridge
add name=Loopback
add fast-forward=no name=br-Cap0
add fast-forward=no name=br-Cap1
add fast-forward=no name=br-Cap2
add fast-forward=no name=br-Cap3
add fast-forward=no name=br-Cap4
add admin-mac=00:00:00:53:00:01 auto-mac=no comment=defconf name=bridge
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=sfp1



Re: Capsman and Virtual AP - how to setup?

Posted: Sat Feb 24, 2018 10:15 pm
by nradu
Thank you! It's clear now.

Radu

Re: Capsman and Virtual AP - how to setup?

Posted: Sat Aug 18, 2018 11:17 am
by Caci99
Did you guys managed to get this done?
When I set Virtual AP to CAP they will cause the real wireless interfaces to be excluded and deactivated. I am trying this on Ceiling AC with Hex as Caps manager.
Basically by adding any virtual AP none of the interfaces will join Caps Manager

Re: Capsman and Virtual AP - how to setup?

Posted: Sat Aug 18, 2018 11:19 am
by poizzon
Post your config
Did you guys managed to get this done?
When I set Virtual AP to CAP they will cause the real wireless interfaces to be excluded and deactivated. I am trying this on Ceiling AC with Hex as Caps manager.
Basically by adding any virtual AP none of the interfaces will join Caps Manager

Re: Capsman and Virtual AP - how to setup?

Posted: Sat Aug 18, 2018 3:28 pm
by Caci99
Config on CapsMan:
/interface bridge
add name=bridgeCAPS auto-mac=yes
add name=bridgeGuest auto-mac=yes

/interface bridge port
add bridge=bridgeCAPS interface=ether2
add bridge=bridgeCAPS interface=ether3
add bridge=bridgeCAPS interface=ether4
add bridge=bridgeCAPS interface=ether5

/caps-man datapath
add name="datapath1" client-to-client-forwarding=no bridge=bridgeCAPS local-forwarding=no
add name="guest_path" bridge=bridgeGuest

/caps-man configuration
add name="cfg1" mode=ap ssid="MD-H" tx-chains=0,1,2 rx-chains=0,1,2 security=security1 datapath=datapath1 datapath.bridge=bridgeCAPS channel=2.4
add name="cfg2" mode=ap ssid="MD-H" tx-chains=0,1,2 rx-chains=0,1,2 security=security1 datapath=datapath1 datapath.bridge=bridgeCAPS channel=5
add name="cfg3" mode=ap ssid="MD-G" tx-chains=0,1,2 rx-chains=0,1,2 guard-interval=any security=security2 datapath=guest_path datapath.bridge=bridgeGuest channel=2.4guest

/caps-man provisioning
add radio-mac=00:00:00:00:00:00 action=create-dynamic-enabled master-configuration=cfg1 slave-configurations=cfg2,cfg3
On CAP I just add a virtual wireless interface as slave of wlan1. Whenever I try to add this virtual interface to the CAP it will disconnect from Caps-man

Re: Capsman and Virtual AP - how to setup?

Posted: Mon Aug 20, 2018 4:55 pm
by Caci99
I think I got it guys. Started a new CAPsMAN from scratch for testing.
I think I had it wrong on defining slaves on provisioning configuration. Will test a bit more and let you know how things go.