Hi,
I have setup a test lab with 2 devices.
2 RB 951G-2HnD
1 as CAPsMAN and one as CAP.
If I connect a wireless device I will not get an IP address.
In the DHCP server on the CAPsMAN router I see it offers an IP but the device will not get it.
What is wrong in the config?
Both configs are here below.
CAPsMAN Config:
# jan/02/1970 20:35:35 by RouterOS 6.41.3
# software id = M8LD-6QCX
#
# model = 951G-2HnD
# serial number = 3E2D0135AE85
/caps-man channel
add band=5ghz-onlyac comment="Only 5GHZ AC" control-channel-width=20mhz \
extension-channel=eeeC name="5GHZ Only AC"
add band=2ghz-onlyn comment="Only 2GHZ N" control-channel-width=20mhz \
extension-channel=eC name="2GHZ Only N"
/interface bridge
add name=BRIDGE vlan-filtering=yes
/interface wireless
set [ find default-name=wlan1 ] ssid=MikroTik
/interface vlan
add interface=BRIDGE name=VLAN_LAN_CAMERA vlan-id=17
add interface=BRIDGE name=VLAN_LAN_DATA vlan-id=10
add interface=BRIDGE name=VLAN_LAN_MGMT vlan-id=9
add interface=BRIDGE name=VLAN_LAN_SERVER vlan-id=900
add interface=BRIDGE name=VLAN_WLAN_DATA vlan-id=12
add interface=BRIDGE name=VLAN_WLAN_GUEST vlan-id=14
add interface=BRIDGE name=VLAN_WLAN_IOT vlan-id=15
add interface=BRIDGE name=VLAN_WLAN_SP vlan-id=19
/caps-man datapath
add bridge=BRIDGE local-forwarding=yes name=datapath_WLAN_DATA vlan-id=12 \
vlan-mode=use-tag
add bridge=BRIDGE local-forwarding=yes name=datapath_WLAN_GUEST vlan-id=14 \
vlan-mode=use-tag
add bridge=BRIDGE local-forwarding=yes name=datapath_WLAN_IOT vlan-id=15 \
vlan-mode=use-tag
add bridge=BRIDGE local-forwarding=yes name=datapath_WLAN_SP vlan-id=19 \
vlan-mode=use-tag
/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm \
name=sec_WLAN_DATA
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm \
name=sec_WLAN_GUEST
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm \
name=sec_WLAN_IOT
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm \
name=sec_WLAN_SP
/caps-man configuration
add channel="5GHZ Only AC" country=netherlands datapath=datapath_WLAN_DATA \
mode=ap name="conf WLAN_DATA 5GHZ AC" security=sec_WLAN_DATA ssid=\
WLAN_DATA
add channel="5GHZ Only AC" country=netherlands datapath=datapath_WLAN_GUEST \
mode=ap name="conf WLAN_GUEST 5GHZ AC" security=sec_WLAN_GUEST ssid=\
WLAN_GUEST
add channel="5GHZ Only AC" country=netherlands datapath=datapath_WLAN_IOT \
mode=ap name="conf WLAN_IOT 5GHZ AC" security=sec_WLAN_IOT ssid=WLAN_IOT
add channel="5GHZ Only AC" country=netherlands datapath=datapath_WLAN_SP \
mode=ap name="conf WLAN_SP 5GHZ AC" security=sec_WLAN_SP ssid=WLAN_SP1
add channel="2GHZ Only N" country=netherlands datapath=datapath_WLAN_DATA \
mode=ap name="conf WLAN_DATA 2GHZ N" security=sec_WLAN_DATA ssid=\
WLAN_DATA
add channel="2GHZ Only N" country=netherlands datapath=datapath_WLAN_GUEST \
mode=ap name="conf WLAN_GUEST 2GHZ N" security=sec_WLAN_GUEST ssid=\
WLAN_GUEST
add channel="2GHZ Only N" country=netherlands datapath=datapath_WLAN_IOT \
mode=ap name="conf WLAN_IOT 2GHZ N" security=sec_WLAN_IOT ssid=LAN_IOT
add channel="2GHZ Only N" country=netherlands datapath=datapath_WLAN_SP mode=\
ap name="conf WLAN_SP 2GHZ N" security=sec_WLAN_SP ssid=WLAN_SP1
add channel="5GHZ Only AC" country=netherlands datapath=datapath_WLAN_DATA \
mode=ap name="conf WLAN_DATA 5GHZ AC" security=sec_WLAN_DATA ssid=\
WLAN_DATA
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip dhcp-server
add disabled=no interface=VLAN_LAN_MGMT lease-time=1w name=DHCP_LAN_MGMT
add disabled=no interface=VLAN_LAN_SERVER lease-time=1w name=DHCP_LAN_SERVER
/ip hotspot profile
add hotspot-address=172.16.3.1 name=WLAN_GUEST use-radius=yes
/ip pool
add name=POOL_LAN_DATA ranges=172.16.1.100-172.16.1.200
add name=POOL_WLAN_DATA ranges=172.16.2.100-172.16.2.200
add name=POOL_WLAN_GUEST ranges=172.16.3.100-172.16.3.200
add name=POOL_WLAN_IOT ranges=172.16.4.10-172.16.4.60
add name=POOL_LAN_CAMERA ranges=172.16.5.10-172.16.5.120
add name=POOL_WLAN_SP ranges=172.16.6.100-172.16.6.200
add name=POOL_LAN_SERVER ranges=172.16.0.130-172.16.0.157
add name=POOL_LAN_VPN ranges=172.16.0.161-172.16.0.190
/ip dhcp-server
add address-pool=POOL_LAN_DATA disabled=no interface=VLAN_LAN_DATA \
lease-time=1w name=DHCP_LAN_DATA
add address-pool=POOL_WLAN_DATA disabled=no interface=VLAN_WLAN_DATA name=\
DHCP_WLAN_DATA
add address-pool=POOL_WLAN_GUEST disabled=no interface=VLAN_WLAN_GUEST name=\
DHCP_WLAN_GUEST
add address-pool=POOL_WLAN_IOT disabled=no interface=VLAN_WLAN_IOT \
lease-time=1w name=DHCP_WLAN_IOT
add address-pool=POOL_LAN_CAMERA disabled=no interface=VLAN_LAN_CAMERA \
lease-time=1w name=DHCP_LAN_CAMERA
add address-pool=POOL_WLAN_SP disabled=no interface=VLAN_WLAN_SP lease-time=\
1w name=DHCP_WLAN_SP
/ip hotspot
add address-pool=POOL_WLAN_GUEST disabled=no interface=VLAN_WLAN_GUEST name=\
HOTSPOT-WLAN_GUEST profile=WLAN_GUEST
/snmp community
set [ find default=yes ] addresses=172.16.0.60/32 read-access=no
add addresses=172.16.0.60/32 authentication-protocol=SHA1 \
encryption-protocol=AES name=SNMPuser1 security=private
/system logging action
set 3 remote=172.16.0.60
/caps-man access-list
add action=accept comment="Allow all connections on WLAN_GUEST" signal-range=\
-80..80 ssid-regexp=WLAN_GUEST
add comment="PC030 Ronald Verheij" mac-address=A0:88:B4:13:14:7C \
signal-range=-80..80 ssid-regexp=WLAN_DATA
add comment="PC030 Ronald Verheij WiFi AC" mac-address=D4:6E:0E:04:7C:A3 \
signal-range=-80..80 ssid-regexp=WLAN_DATA
add comment="PC036 Henk Verheij" mac-address=00:26:C7:25:4B:B0 signal-range=\
-80..80 ssid-regexp=WLAN_DATA
add comment="PC040 Siska Verheij" mac-address=18:3D:A2:49:31:E0 signal-range=\
-80..80 ssid-regexp=WLAN_DATA
add comment="PC042 Dirk Vlot Dell Latutude E5510" mac-address=\
C0:CB:38:44:B2:0E signal-range=-80..80 ssid-regexp=WLAN_DATA
add comment="PC044 Dirk Vlot Desktop" mac-address=C0:4A:00:1A:85:DE \
signal-range=-80..80 ssid-regexp=WLAN_DATA
add comment="PC050 Jacqueline Verheij" mac-address=C0:CB:38:7C:82:60 \
signal-range=-80..80 ssid-regexp=WLAN_DATA
add comment="PC053 Arno Meijboom" mac-address=20:10:7A:21:8C:81 signal-range=\
-80..80 ssid-regexp=WLAN_DATA
add comment="MACBOOK Pro Angela" mac-address=B8:8D:12:34:AC:9C signal-range=\
-80..80 ssid-regexp=WLAN_DATA
add comment="PR001Epson Expression Premium XP720" mac-address=\
64:EB:8C:14:35:3A signal-range=-80..80 ssid-regexp=LAN_MFP
add comment="GC002 Wii002 Jacqueline Verheij" mac-address=E8:4E:CE:60:05:AF \
signal-range=-80..80 ssid-regexp=LAN_GAME
add comment="MMB001 TV001 Ring 393" mac-address=5C:DA:D4:3A:39:EC \
signal-range=-80..80 ssid-regexp=LAN_TVMM
add comment="MMB002 XBMC001 Zotax Ring 393 Beneden" mac-address=\
00:01:2E:40:25:6C signal-range=-80..80 ssid-regexp=LAN_TVMM
add comment="MMB003XBMC002 Ring 393 Boven" mac-address=00:0F:60:00:D6:75 \
signal-range=-80..80 ssid-regexp=LAN_TVMM
add comment="MMB004 P1 Monitor" mac-address=00:0F:60:00:D6:75 signal-range=\
-80..80 ssid-regexp=LAN_TVMM
add comment="MMB005 Raspberry Pi3" mac-address=B8:27:EB:0E:46:C1 \
signal-range=-80..80 ssid-regexp=LAN_TVMM
add comment="SPK01 Philips SW700m/12" mac-address=00:22:61:D6:BF:44 \
signal-range=-80..80 ssid-regexp=LAN_TVMM
add comment="MOB002 Ronald Verheij Samsung S3" mac-address=34:23:BA:4A:2A:8D \
signal-range=-80..80 ssid-regexp=WLAN_SP
add comment="MOB004 Henk Verheij BB" mac-address=3C:73:37:7A:38:49 \
signal-range=-80..80 ssid-regexp=WLAN_SP
add comment="MOB009 Arno Meijboom" mac-address=88:E8:7F:A1:1A:83 \
signal-range=-80..80 ssid-regexp=WLAN_SP
add comment="MOB014 Ronald Verheij Huawei p9 Lite" mac-address=\
E0:A3:AC:18:79:D0 signal-range=-80..80 ssid-regexp=WLAN_SP
add comment="MOB016 Angela" mac-address=78:D7:5F:DD:55:E2 signal-range=\
-80..80 ssid-regexp=WLAN_SP
add comment="MOB017 Elly Vlot Samsung A5 2017" mac-address=E0:AA:96:D8:A9:DE \
signal-range=-80..80 ssid-regexp=WLAN_SP
add comment="MOB018 Siska Verheij Huawei P9 lite" mac-address=\
A4:71:74:AB:44:8A signal-range=-80..80 ssid-regexp=WLAN_SP
add comment="MOB019 Dirk Vlot Wiko" mac-address=BC:44:34:48:4D:03 \
signal-range=-80..80 ssid-regexp=WLAN_SP
add comment="TAB001 Jacqueline Verheij Samsung" mac-address=8C:77:12:5D:78:86 \
signal-range=-80..80 ssid-regexp=WLAN_SP
add comment="TAB005 Dirk Vlot Samsung" mac-address=34:AA:8B:02:74:31 \
signal-range=-80..80 ssid-regexp=WLAN_SP
add comment="TAB006 Siska Verheij Kinder tab" mac-address=18:FE:34:80:95:87 \
signal-range=-80..80 ssid-regexp=WLAN_SP
add comment="TAB009 Siska Verheij" mac-address=A8:9F:BA:9A:9B:E7 \
signal-range=-80..80 ssid-regexp=WLAN_SP
add comment="TAB010 Ronald Verheij Shield K1" mac-address=00:04:4B:60:F7:70 \
signal-range=-80..80 ssid-regexp=WLAN_SP
add comment="TAB011 Jacqueline Verheij Samsung S2" mac-address=\
F4:42:8F:BB:8C:DC signal-range=-80..80 ssid-regexp=WLAN_SP
add comment="TOON001 Arno Meijboom" mac-address=28:C2:DD:E4:30:AB \
signal-range=-80..80 ssid-regexp=WLAN_SP
add comment="TOON002 Fam Vlot" mac-address=74:C6:3B:9F:77:BF signal-range=\
-80..80 ssid-regexp=WLAN_SP
add action=accept comment="Ronald Verheij Huawei P10 lite" disabled=no \
mac-address=0C:8F:FF:FB:11:1E signal-range=-120..120 ssid-regexp=WLAN_SP
add action=reject comment="Block all other requests" interface=all
/caps-man manager
set ca-certificate=auto certificate=auto enabled=yes
/caps-man provisioning
add action=create-dynamic-enabled comment="2 GHZ Only N" hw-supported-modes=\
gn master-configuration="conf WLAN_DATA 2GHZ N" name-format=identity \
slave-configurations=\
"conf WLAN_GUEST 2GHZ N,conf WLAN_IOT 2GHZ N,conf WLAN_SP 2GHZ N"
add action=create-dynamic-enabled comment="2 GHZ Only AC" hw-supported-modes=\
ac master-configuration="conf WLAN_DATA 5GHZ AC" name-format=identity \
slave-configurations=\
"conf WLAN_GUEST 5GHZ AC,conf WLAN_IOT 5GHZ AC,conf WLAN_SP 5GHZ AC"
/interface bridge port
add bridge=BRIDGE interface=ether1
add bridge=BRIDGE interface=ether5
/interface bridge vlan
add bridge=BRIDGE tagged=ether1,ether5,BRIDGE vlan-ids=9,10,12,14,15,19,900
/ip address
add address=172.16.0.1/25 interface=VLAN_LAN_MGMT network=172.16.0.0
add address=172.16.1.1/24 interface=VLAN_LAN_DATA network=172.16.1.0
add address=172.16.2.1/24 interface=VLAN_WLAN_DATA network=172.16.2.0
add address=172.16.4.1/26 interface=VLAN_WLAN_IOT network=172.16.4.0
add address=172.16.6.1/24 interface=VLAN_WLAN_SP network=172.16.6.0
add address=172.16.0.129/27 interface=VLAN_LAN_SERVER network=172.16.0.128
add address=172.16.3.1/24 interface=VLAN_WLAN_GUEST network=172.16.3.0
add address=172.16.5.1/25 interface=VLAN_LAN_CAMERA network=172.16.5.0
/ip dhcp-server network
add address=172.16.0.0/25 dns-server=172.16.0.130,172.16.0.131 gateway=\
172.16.0.1 netmask=25
add address=172.16.0.128/27 dns-server=172.16.0.130,172.16.0.131 gateway=\
172.16.0.129 netmask=27
add address=172.16.1.0/24 dns-server=172.16.0.130,172.16.0.131 gateway=\
172.16.1.1 netmask=24
add address=172.16.2.0/24 dns-server=172.16.0.130,172.16.0.131 gateway=\
172.16.2.1 netmask=24
add address=172.16.3.0/24 dns-server=8.8.8.8 gateway=172.16.3.1 netmask=24
add address=172.16.4.0/25 dns-server=172.16.0.130,172.16.0.131 gateway=\
172.16.4.1 netmask=25
add address=172.16.5.0/25 dns-server=172.16.0.130,172.16.0.131 gateway=\
172.16.1.1 netmask=25
add address=172.16.6.0/24 dns-server=172.16.0.130,172.16.0.131 gateway=\
172.16.6.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=172.16.0.130,172.16.0.131
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
/ip hotspot user
add name=admin
/ip route
add comment="Sonicwall TZ215 Ring 393" distance=1 gateway=172.16.0.125
add comment="R02 Mikrotik x86 Ring 225" distance=2 gateway=172.16.0.126
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www address=172.16.0.0/21
set api disabled=yes
set api-ssl disabled=yes
/snmp
set contact=ronald.verheij@skiffkick.nl.nl enabled=yes engine-id=SNMPuser1 \
location="Ring 393, Pernis, The Netherlands" trap-community=SNMPuser1 \
trap-generators=interfaces trap-interfaces=all trap-target=172.16.0.60 \
trap-version=3
/system clock
set time-zone-name=Europe/Amsterdam
/system identity
set name=R01
/system logging
add action=remote topics=warning
add action=remote topics=info
add action=remote topics=critical
add action=remote topics=error
add action=remote topics=wireless
add action=remote topics=hotspot
/system ntp client
set enabled=yes primary-ntp=172.16.0.130 secondary-ntp=172.16.0.131
CAP Config:
# jan/02/1970 19:37:49 by RouterOS 6.41.3
# software id = R9VT-LA3C
#
# model = 951G-2HnD
# serial number = 642E051FF569
/interface bridge
add name=BRIDGE vlan-filtering=yes
/interface wireless
# managed by CAPsMAN
# channel: 2447/20-eC/gn(20dBm), SSID: WLAN_DATA, local forwarding
set [ find default-name=wlan1 ] disabled=no ssid=MikroTik
add mac-address=E6:8D:8C:E6:F9:BB master-interface=wlan1 mode=station name=\
wlan8
add mac-address=E6:8D:8C:E6:F9:BC master-interface=wlan1 mode=station name=\
wlan9
add mac-address=E6:8D:8C:E6:F9:BD master-interface=wlan1 mode=station name=\
wlan10
/interface vlan
add interface=BRIDGE name=VLAN_LAN_DATA vlan-id=10
add interface=BRIDGE name=VLAN_LAN_MGMT vlan-id=9
add interface=BRIDGE name=VLAN_WLAN_DATA vlan-id=12
add interface=BRIDGE name=VLAN_WLAN_GUEST vlan-id=14
add interface=BRIDGE name=VLAN_WLAN_IOT vlan-id=15
add interface=BRIDGE name=VLAN_WLAN_SP vlan-id=19
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/snmp community
set [ find default=yes ] addresses=172.16.0.60/32 read-access=no
add addresses=172.16.0.60/32 authentication-protocol=SHA1 \
encryption-protocol=AES name=SNMPuser1 security=private
/system logging action
set 3 remote=172.16.0.20
/interface bridge port
add bridge=BRIDGE interface=ether1
/interface bridge vlan
add bridge=BRIDGE tagged=ether1,BRIDGE vlan-ids=9,10,12,14,15,19
/interface wireless cap
#
set bridge=BRIDGE caps-man-addresses=172.16.0.1 certificate=request \
discovery-interfaces=ether1 enabled=yes interfaces=wlan1
/ip address
add address=172.16.0.13/25 interface=VLAN_LAN_MGMT network=172.16.0.0
/ip dns
set servers=172.16.0.130,172.16.0.131
/ip route
add distance=1 dst-address=172.16.0.0/21 gateway=172.16.0.1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www address=172.16.0.0/21 disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/snmp
set contact=ronald.verheij@skiffkick.nl.nl enabled=yes engine-id=SNMPuser1 \
location="Ring 393, Pernis, Zolder" trap-community=SNMPuser1 \
trap-generators=interfaces trap-interfaces=all trap-target=172.16.0.60 \
trap-version=3
/system clock
set time-zone-name=Europe/Amsterdam
/system identity
set name="SW12 - Ring 227"
/system logging
add action=remote topics=warning
add action=remote topics=info
add action=remote topics=critical
add action=remote topics=error
add action=remote topics=wireless
/system ntp client
set enabled=yes primary-ntp=172.16.0.130 secondary-ntp=172.16.0.131
CAPsMAN and no IP from DHCP server
You do not have the required permissions to view the files attached to this post.
Last edited by 49er on Sat Mar 24, 2018 3:14 pm, edited 1 time in total.
Re: CAPsMAN and no IP from DHCP server
Hope there is someone with knowledge.
-
-
reidavidinho
Frequent Visitor
- Posts: 80
- Joined:
- Location: Ibadan, Nigeria
- Contact:
Re: CAPsMAN and no IP from DHCP server
Do all devices have the same Router OS?
Re: CAPsMAN and no IP from DHCP server
Sure,
And now in this lab I only use 2 routers.
Both run 6.41.3
And now in this lab I only use 2 routers.
Both run 6.41.3
Who is online
Users browsing this forum: fallenull and 105 guests