Community discussions

MikroTik App
 
openair030
just joined
Topic Author
Posts: 23
Joined: Thu Jul 14, 2022 3:35 pm
Location: Berlin

CAPsMan, local forwarding and dhcp

Sat Jul 16, 2022 10:04 am

A question of understanding about the roaming works:

I have some CAPs with local forwarding on. They're managed by capsman. Mainly of course because of roaming.

However (in Lab) I try to find out how dhcp is handled by capsman (or if).

In my understanding all CAPs with local forwarding will have their dhcp servers enabled and I'd give them all the same address space (x.x.x.x/16).

However if a client switches/roams to another cap is their IP kept free by capsman on the whole cap-network or does the client transparently get a new ip?

I wouldn't mind to set up a central dhcp server but I'd like to know before.
 
erlinden
Forum Guru
Forum Guru
Posts: 1921
Joined: Wed Jun 12, 2013 1:59 pm
Location: Netherlands

Re: CAPsMan, local forwarding and dhcp

Sat Jul 16, 2022 10:13 am

Roaming has no relation with CAPsMAN, except for the part that having SSID, security and passphrase identical. So no reason for using CAPsMAN in this use case.

Local forwarding has no relation with DHCP server. You need a DHCP server in your network (and CAPsMAN doesn't provide one, if that is what you are assuming?).

You might want to read this help page:
https://help.mikrotik.com/docs/pages/vi ... figuration
 
openair030
just joined
Topic Author
Posts: 23
Joined: Thu Jul 14, 2022 3:35 pm
Location: Berlin

Re: CAPsMan, local forwarding and dhcp

Sat Jul 16, 2022 11:55 am

What should I read to understand how wireless roaming is achieved/working and set up?
 
holvoetn
Forum Guru
Forum Guru
Posts: 5422
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: CAPsMan, local forwarding and dhcp

Sat Jul 16, 2022 12:49 pm

What should I read to understand how wireless roaming is achieved/working and set up?
Your question was about DHCP and CAPSMAN, which have no relation to each other.
As explained by erlinden: DHCP is handled by a DHCP server.

CAPSMAN is handled by a CAPSMAN controller.
Both can be located on the same device within the Mikrotik context but they have, I repeat, zero relation.

Roaming, as in 802.11r, is only recently added to RouterOS7 and only for those devices capable of using Wifiwave2 package AND (for the moment) only for LOCAL roaming between 2.4 and 5GHz antennas on the same AP.
True roaming as in moving from AP to AP, is not yet implemented (unless I missed something lately).

Having said that, if you do move from AP to AP with the same SSID/subnet and you have a central DHCP server, you will get the same IP since your device will provide the same MAC address so the lease continues.
During that hand-over, you may have a drop in connection as it is now.

I may have missed some parts on the technical details but conceptually I guess it is clear.
 
erlinden
Forum Guru
Forum Guru
Posts: 1921
Joined: Wed Jun 12, 2013 1:59 pm
Location: Netherlands

Re: CAPsMan, local forwarding and dhcp

Sat Jul 16, 2022 5:41 pm

Roaming is a client choice (and done by the client), indeed the handover can be shortened when using 802.11r. There are some really expensive solutions for true "server side roaming" and there are some tricks on kicking clients from an accesspoint (i.e. when rssi is above a specified threshold). In the latter, it is still up to the client to decide with which accesspoint it will connect to.

By adjusting transmission power, you can however get a great roaming experience with MiktoTik accesspoints.
 
openair030
just joined
Topic Author
Posts: 23
Joined: Thu Jul 14, 2022 3:35 pm
Location: Berlin

Re: CAPsMan, local forwarding and dhcp

Wed Jul 20, 2022 1:51 pm

Thank you guys.

However, I understand that my question was somewhat unprecise in wording. Since I'm still in the Lab my interests seem to be more conceptual.

My basic goal is to design a nice net of twenty APs where clients can "roam" (not technical, just the feeling of) on the whole property.

I understood that the mikrotik capsman has no relation to generic protocols like dhcp. However, your explanations were understood about the technical side.

I calculate with 20-40 clients on one AP.

What traffic does a capsman get with and without local forwarding on?
What is "the forwarding decision of the capsman" (when local forwarding is off) exactly?
I'm somewhat frightened about all traffic going through one cpu (hAPac3).
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11452
Joined: Thu Mar 03, 2016 10:23 pm

Re: CAPsMan, local forwarding and dhcp  [SOLVED]

Wed Jul 20, 2022 2:12 pm

With local forwarding, capsman only sees "management" traffic affecting provisioning of cap devices (if capsman becomes unavailable, cap devices disable capsman-provisioned radios). All "user traffic", caused by wireless clients, bypass capsman and hit router directly (or LAN servers if the network layout provides some).

With capsman forwarding, all traffic to/from wireless clients connected to capsman-provisioned radios pass the capsman device. It's not easy on cap devices either as traffic between cap and capsman gets encryped.

Re roaming: from wireless network point of view, all radios should be configured with same set of parameters (SSID, security algorithms, preshared keys) and should join same L2 subnet (same LAN/VLAN in case of local forwarding, same capsman bridge in case of capsman forwarding).
 
openair030
just joined
Topic Author
Posts: 23
Joined: Thu Jul 14, 2022 3:35 pm
Location: Berlin

Re: CAPsMan, local forwarding and dhcp

Thu Jul 21, 2022 12:24 am

Thx.
And do I understand right that the hotspot always runs local?

Which means I can have the radios controlled by capsman, turn local forwarding on and then I have to setup some hotspot on each device and because of the centralized dhcp server they all use people log in once, the dhcp knows their mac and they can "roam" though the property?

Or does a Hotspot need a local dhcp server on the device? Or is this a situation where I turn off masquerade on the hotspot?
 
holvoetn
Forum Guru
Forum Guru
Posts: 5422
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: CAPsMan, local forwarding and dhcp

Thu Jul 21, 2022 10:19 am

Where does hotspot come from all of a sudden ?
That's something else, to display a captive portal for all clients connecting to your Wifi network. With or without billing, with or without bandwidth control, ...
Hotspot runs centrally. Mostly on the same device as capsman controller but it can be another one.

I assume what you mean using this term is this:
- 1 active DHCP controller in your network (there can be multiple but that would complicate things)
- setup capsman controller
- setup your access points (AP) to be controlled by capsman, little further config to be done on those devices since all will be handled by capsman and router
- clients connect to first AP (that's your hotspot how you mean it ?), get their DHCP lease from DHCP controller
- clients move, connect to another AP when things get too worse to stay on the first one
- clients request a lease, DHCP controller will see it already knows it so gives the same IP
- clients continue with their business on the new AP (brief disconnect can occur)
Something like that ?
(technically maybe not 100% correct but high-level that's what should happen, as far as I understood)
 
openair030
just joined
Topic Author
Posts: 23
Joined: Thu Jul 14, 2022 3:35 pm
Location: Berlin

Re: CAPsMan, local forwarding and dhcp

Mon Jul 25, 2022 4:26 pm

thx. Informatoric: I'm more form automation and serial stuff. However in "favor" I agreed to set up someone else' network.
I'm still learning the correct vocabulary for wireless and networking. However, I know not to know all conceptual ties between bridges, switches, routes et.al. ...

I didn't spec my whole idea for dhcp. But the dhcp question rose for me when I wanted to set up the hotspot.

We have to cover 2500sqm with little houses and std. metal containers. So I decided to go for the outside with 5Ghz only and the insides all with 2.4GHz. Offices get both. That's 15 caps at all. So I'm happy about any centralized management.

The wireless is quite usual with internal, friends, av streams, public.
I can set this up on one device completely as I need with vlans and a hotspot on public.

From here I have two problems I'm figuring out setting up a cap in local forwarding with a centralized dhcp:
I've set a dhcp relay to the dhcp server.
Since we're a huge place I open wan input to the bridge (for now in lab. I know about the settings for this and opening just one port in the firewall)
Since the radios are going to the local bridge of a cap (vlan tagged) the dhcp request goes out on wan routed to the server.

The dhcp server receives this packet and routes it properly to the dhcp server and I get a correct address for that vlan.
In my understanding this a requirement for users/devices to fast switch access points (the roaming experience).

However, apparently all the "user traffic" to the router goes out as well vlan tagged (trunk port) and is not received there.

So I want to know if and how I set up the switch chip, bridge vlan filter (e.g.) to strip off vlan ids.
I'm also fine with using the cap like a switch not as a router and omitting nat because this happens in the gateway anyway. I just need that except internal ssid no one egt's into my backbone for usual reasons. I intend to do this with routes from vlans to the internal ip range or directly on the chip.
otoh I cloud just add a vlan ip to the outside (I have from the ip pools for the vlans ips for every cap if necessary). The the switch should do the work alone.(?)

But my main question is after I got an address from the dhcp server on a cap vlan I do not manage to "get to the internet".
Probably because of stripping the vlan id.
I don't even get the captive portal from my own network (the hotspot is on the same device and vlan bridge port as the dhcp server).

Who is online

Users browsing this forum: GoogleOther [Bot] and 12 guests