Community discussions

MikroTik App
 
FIPTech
Member
Member
Topic Author
Posts: 494
Joined: Tue Dec 22, 2009 1:53 am

Capsman forwarding not compatible with IPv6

Mon Apr 10, 2017 1:11 pm

According to some tests i did, Capsman interfaces used in forwarding mode do not allow IPv6 on the client.

An ethernet client bridged to the wlan interface of a Mikrotik in stationpseudobridge mode do not work with IPv6 traffic.


Finally the only way to get IPv6 on an ethernet client was to add an EoIP tunnel from the Wifi client to the Wan router and bridge it with an ethernet port on this wifi client. Or better use a VPLS tunnel.

Another solution would have been to disable Capsman forwarding, and bridge the traffic locally on the station client.

All those three solutions ask for some work and some knowledge for configuration (specially for MTU setup for VPLS). This is in contradiction with the simplicity and effectiveness of Capsman management.

So, would it be possible to get Capsman in forwarding mode compatible with station bridge mode on the clients side ?
 
buraglio
Frequent Visitor
Frequent Visitor
Posts: 54
Joined: Mon Aug 10, 2015 5:59 pm
Location: +1 (217)
Contact:

Re: Capsman forwarding not compatible with IPv6

Sat Jul 01, 2017 3:42 am

Do you have an example config that isn't working? I've been using CAPSman with full dual stack for some time. I'm in the process of converting it all over to VPLS, but not forwarding IPv6 never popped up as an issue with me original config.

nb
ForwardingPlane, LLC
https://www.forwardingplane.net
 
FIPTech
Member
Member
Topic Author
Posts: 494
Joined: Tue Dec 22, 2009 1:53 am

Re: Capsman forwarding not compatible with IPv6

Sun Jul 02, 2017 4:52 pm

Do you have an example config that isn't working? I've been using CAPSman with full dual stack for some time. I'm in the process of converting it all over to VPLS, but not forwarding IPv6 never popped up as an issue with me original config.

nb
I don't have anymore this setup as i did add VPLS tunnels over Capsman forwarding for IPv6.

Are you using Capsman in forwarding mode ? Witch router OS version ?

If you are confirming that Capsman is working in forwarding mode with IPv6, i will make a new try. There are a few differences with IPv6 that could explain that it is not working in specific cases, the most notable one i think is that IPv6 manage fragmentation at the hosts, when IPv4 manage it at the routers. There is some differences as well between IPv4 ARP and IPv6 Neighbor solicitation. IPv4 use broadcast when IPv6 use multicast. Capsman is using a multicast helper that could have some problems with IPv6.

Some details here :

https://keepingitclassless.net/2011/10/ ... t-for-arp/

In the meantime i did upgrade the Ethernet path to Jumbo frame, this is to allow to use MPLS globally. Before i was limited by a 1504 level2 MTU, restricting MPLS / VPLS to a single VPLS tag. This was restricting VPLS tunnels on a single transport backbone. As soon as you are using a loopback router address instead of a transport address, LDP start to add tags for MPLS routing, rising the L2 MTU.

So i should be able now to use loopback addresses for the LDP transport address (enabling MPLS routing), and VPLS with control words enabled. (enabling control words rise again the MTU).
 
FIPTech
Member
Member
Topic Author
Posts: 494
Joined: Tue Dec 22, 2009 1:53 am

Re: Capsman forwarding not compatible with IPv6

Mon Jul 03, 2017 3:52 am

Do you have an example config that isn't working? I've been using CAPSman with full dual stack for some time. I'm in the process of converting it all over to VPLS, but not forwarding IPv6 never popped up as an issue with me original config.

nb
Another question :

Are you using station or station pseudobridge for wifi clients ?

I was using station pseudobridge, with a PC connected behind the wifi client router.

If i remember correctly, i was able to get IPv6 working using station mode on the client router himself, but IPv6 never worked on the PC connected to the wifi client router in pseudobridge mode.

This is why i did setup in the end a VPLS tunnel, bridged to the ether interface connected to the PC at the wifi client side. At the Capsman manager side, the VPLS tunnel end is bridged to the right LAN. So there is no more need for station pseudobridge mode. Station mode is sufficient.

Finally this is quite a complex setup for something simple.
 
FIPTech
Member
Member
Topic Author
Posts: 494
Joined: Tue Dec 22, 2009 1:53 am

Re: Capsman forwarding not compatible with IPv6

Mon Jul 03, 2017 12:58 pm

I've just redo an IPv6 check.

IPv6 seems to work behind Capsman forwarding. The router OS wifi client can connect to a global IPv6 address with this setup.

But IPv6 does not work behind station pseudobridge. This mode is mandatory to bridge a device behind the wifi client. It does work with IPv4 only.

Neither station bridge neither WDS can work with Capsman, so the only remaining possibilities are IPv6 routing (complex setup, needing available prefixes < /64 for routing), or Eoip or VPLS tunnels.

The simpler solution would be to have station bridge mode working with Capsman.
 
buraglio
Frequent Visitor
Frequent Visitor
Posts: 54
Joined: Mon Aug 10, 2015 5:59 pm
Location: +1 (217)
Contact:

Re: Capsman forwarding not compatible with IPv6

Wed Jul 05, 2017 4:26 pm

Yes, I'm very, very familiar with IPv6 (but very much a novice when it comes to CAPsMAN). However, I think we're talking about two different things. My configuration is far more rudimentary than yours. I use CAPsMAN to manage a handful of last mile APs that hosts directly connect to, not that are CPE. I'm likely going to tear this out since I can't seem to make it work with VPLS as opposed to VLAN bridging. My management system can't get client host information from CAPs, either, but it can from the individual AP if I disable it.
/caps-man channel
add band=5ghz-onlyac name=5Ghz-onlyac width=20
add band=2ghz-onlyn name=2Ghz-onlyn width=20
add band=5ghz-a/n/ac name=5Ghz-a-n-ac width=20
add band=2ghz-onlyn frequency=2412 name=2Ghz-onlyn-ch1 width=20
add band=2ghz-onlyn frequency=2462 name=2Ghz-onlyn-ch11 width=20
/caps-man datapath
add bridge=bridge.809 client-to-client-forwarding=yes comment=809-Wireless name=809 vlan-id=809
/caps-man security
add authentication-types=xxxxxxxx eap-methods=xxxxxxx encryption=xxxxxx group-encryption=xxxxxx name=xxxxx passphrase=xxxxxxxxx tls-certificate=xxxxxx tls-mode=xxxxxxxxxxxx
/caps-man configuration
add channel=5Ghz-a-n-ac datapath=809 datapath.bridge=bridge.809 datapath.vlan-id=809 mode=ap name=two09-5 security=wpa2 ssid=Client-5ghz
add channel=2Ghz-onlyn datapath=809 datapath.bridge=bridge.809 datapath.vlan-id=809 mode=ap name=two09-24 security=wpa2 ssid=Client-24ghz
/caps-man access-list
add action=accept disabled=yes interface=all signal-range=-80..120
add action=reject disabled=yes interface=all signal-range=-120..-81
add action=accept signal-range=90..120
add action=accept signal-range=90..120
add action=accept signal-range=80..90
add action=accept signal-range=80..90
add action=reject signal-range=120..-91
add action=reject signal-range=120..-91
add action=reject signal-range=120..-91
add action=reject signal-range=120..-91
/caps-man manager
set enabled=yes
ForwardingPlane, LLC
https://www.forwardingplane.net
 
TomSF
newbie
Posts: 45
Joined: Tue Jun 27, 2017 2:12 am

Re: Capsman forwarding not compatible with IPv6

Mon Aug 06, 2018 11:02 pm

This may be a stale thread but hopefully not. I am new at Mikrotik APs and CAPsMAN. I just bought a dual band AP to learn. This is a home network with an 8 port Microtik router, some non-Mikrotik APs and my new AP. I manually got the AP configured mostly functional and then reset it to be a CAP so I could learn Capsman.

With the exception of the WAN port of the router, all ports are on a single bridge. I now have the AP successfully provisioned with its ethernet ports and master wireless interfaces as part of the router bridge. IPV6 works fine for clients connected to the AP master interfaces. I also have successfully set up a virtual AP on each AP wireless interface on a separate bridge for use as a guest network. IPV4 works fine but no client gets an IPV6 address or IPV6 DNS address.

My goal is to completely configure the AP with Capsman. I might be able to log onto the CAP and configure a DHCPV6 client to talk to a DHCPV6 server on the router but am trying to avoid that. Is there any advice about how to do it all with Capsman?
 
FIPTech
Member
Member
Topic Author
Posts: 494
Joined: Tue Dec 22, 2009 1:53 am

Re: Capsman forwarding not compatible with IPv6

Tue Aug 07, 2018 12:04 pm

I think that some glue code is missing to get IPv6 multicast working with Capsman interfaces. Probably the multicast helper is IPv4 only. It has not been updated to work with IPv6.

This explain why in your case IPv6 clients does not get an IPv6 address with auto-configuration.

In my case i wanted to connect a PC behind a CAP Wifi client and get IPv6 with this setup. This asked for station pseudo-bridge mode on the router OS CAP wifi client. But this mode does not allow IPv6 to pass through the pseudo-bridge. Station bridge would solve the problem but this mode unfortunately does not work with Capsman.

So finally i did setup VPLS tunnels for each CAP Wifi client i did use in station mode, and bridge the VPLS tunnel with the ethernet port for the PC.With this setup i can get IPv6 on PC clients connected to those CAP Wifi clients.

EoIP tunnels should work as well.

I did use single port MAP lite Mikrotik routers for Wifi CAP clients, where i connect a single PC or phone. This is a quite powerful and low cost setup, except for IPv6 where tunnels are needed.

This is finally a complex setup with needed manual configuration that finally bypass the usefulness of Capsman auto configuration.

So if you want a full working IPv6 with Capsman, i think that there is no other alternative than Ethernet or VPLS tunnels.
 
TomSF
newbie
Posts: 45
Joined: Tue Jun 27, 2017 2:12 am

Re: Capsman forwarding not compatible with IPv6

Wed Aug 08, 2018 2:12 am

I have it sort of working through only router configurations; both guests and non-guests seem to have IPV6 connectivity. Basically, the capsmon configuration will add the guest wifi's to a guest bridge. Then the guest and non-guest bridges need to get the prefix delegated from my ISP. I am struggling with how to get different prefixes on each bridge. I had it working but I had tried so many things that I am not sure just what made it work. There are still a lot of mysteries but I am traveling for a week so investigation and details will have to wait until I return.
 
TomSF
newbie
Posts: 45
Joined: Tue Jun 27, 2017 2:12 am

Re: Capsman forwarding not compatible with IPv6

Sun Aug 19, 2018 8:43 pm

It is working now. Leaving out the 90% of things I tried that did not work, here is a summary of everything.

Background:
A simple home network with guest Wi-Fi clients isolated from non-guests for IPV4 and IPV6. The router is a MikroTik CCR1009-7G-1C, MikroTik AP is a RB962UiGS-5HacT2HnT (dual band). There are three Engenius AP’s on the network, and two older Netgear AP/switches. The MikroTik AP is being considered as a replacement for some of the non-MikroTik equipment. Currently, it is being used for educational purposes.

Goals:
• All clients to use the DNS server on the MikroTik router rather than accessing external DNS servers directly. This was accomplished by following advice in some other forum threads and not described here.
• Perform all configuration of the MikroTik AP with CAPsMAN.

Solution, issues and questions:
Router configuration:
My ISP (Comcast) gives a /64 prefix by default. I set the DHCPV6 client to request a prefix of length /60 (prefix hint ::/60), an address, and a prefix pool length of 64 and “add default route”. This created a pool (IPv6 Prefix) of addresses of length /64 with the last 4 bits of the addresses available to generate unique prefixes for clients.
All the router ports other than ether1 were already part of a bridge (bridge1). I created a new bridge for wireless guests (guestAPbridge).
I created two IPV6 address (::/64, from “IPv6 Prefix”, advertise=yes). One address was on bridge1 and the other on guestAPbridge. This resulted in unique prefixes being advertised to clients using router advertisements. ND was configured for all interfaces and the prefixes just created were automatically added. IPV6 routes were automatically created for these prefix/bridge combinations.

CAPsMAN configuration:
The AP was connected to one of the router ports (on bridge1). I booted the AP in CAP mode. This put all the AP ports on bridge1. I then used CAPsMAN to configure the AP.
• I added two CAP interfaces, each a slave of the interfaces for each band.
• I put the slaves in guestAPbridge using data paths.
• I created separate security configurations for guests and non-guests.
• I created separate radio configurations for each radio band.
• I created 4 configurations; guest and non-guest for each band. Guests have a unique SSID and refer to their unique security configuration.
• I created 2 provisioning rules, one for each band. Each rule referenced the master and slave configurations.
Issue:
There are some AP configuration settings that CAPsMAN doesn’t seem to provide. IMO, it should.
• Login credentials.
• LED settings.
 
heindelange
just joined
Posts: 2
Joined: Sun Dec 08, 2019 10:04 pm

Re: Capsman forwarding not compatible with IPv6

Wed Jan 13, 2021 9:03 pm

I know this is very late to the party, but I had this issue driving me nuts as well. My setup gets an IPv6 prefix from my ISP and SLAAC works when I connect a PC via an ethernet cable, but not when I connect using a CAPSMAN managed AP.

The solution for me was to set the multicast helper to full on CAPSMAN and it started working instantaneously.

multicast-helper (default | disabled | full; Default: default) When set to full multicast packets will be sent with unicast destination MAC address, resolving multicast problem on a wireless link. This option should be enabled only on the access point, clients should be configured in station-bridge mode. Available starting from v5.15.
disabled - disables the helper and sends multicast packets with multicast destination MAC addresses
full - all multicast packet mac address are changed to unicast mac addresses prior sending them out
default - default choice that currently is set to disabled. Value can be changed in future releases.
 
FIPTech
Member
Member
Topic Author
Posts: 494
Joined: Tue Dec 22, 2009 1:53 am

Re: Capsman forwarding not compatible with IPv6

Thu Jan 14, 2021 12:05 pm

I know this is very late to the party, but I had this issue driving me nuts as well. My setup gets an IPv6 prefix from my ISP and SLAAC works when I connect a PC via an ethernet cable, but not when I connect using a CAPSMAN managed AP.

The solution for me was to set the multicast helper to full on CAPSMAN and it started working instantaneously.

multicast-helper (default | disabled | full; Default: default) When set to full multicast packets will be sent with unicast destination MAC address, resolving multicast problem on a wireless link. This option should be enabled only on the access point, clients should be configured in station-bridge mode. Available starting from v5.15.
disabled - disables the helper and sends multicast packets with multicast destination MAC addresses
full - all multicast packet mac address are changed to unicast mac addresses prior sending them out
default - default choice that currently is set to disabled. Value can be changed in future releases.
Do you have it working with non Mikrotik clients ? I mean laptop computers or smartphone clients ?

I remember i tried multicast helper without success for IPv6. Perhaps the helper has been updated to work with IPv6 since.

I'm still using VPLS tunnels.
 
heindelange
just joined
Posts: 2
Joined: Sun Dec 08, 2019 10:04 pm

Re: Capsman forwarding not compatible with IPv6

Thu Jan 14, 2021 12:10 pm

I know this is very late to the party, but I had this issue driving me nuts as well. My setup gets an IPv6 prefix from my ISP and SLAAC works when I connect a PC via an ethernet cable, but not when I connect using a CAPSMAN managed AP.

The solution for me was to set the multicast helper to full on CAPSMAN and it started working instantaneously.

multicast-helper (default | disabled | full; Default: default) When set to full multicast packets will be sent with unicast destination MAC address, resolving multicast problem on a wireless link. This option should be enabled only on the access point, clients should be configured in station-bridge mode. Available starting from v5.15.
disabled - disables the helper and sends multicast packets with multicast destination MAC addresses
full - all multicast packet mac address are changed to unicast mac addresses prior sending them out
default - default choice that currently is set to disabled. Value can be changed in future releases.
Do you have it working with non Mikrotik clients ? I mean laptop computers or smartphone clients ?

I remember i tried multicast helper without success for IPv6. Perhaps the helper has been updated to work with IPv6 since.

I'm still using VPLS tunnels.
Yep, I've tested a Windows box and a few cellphones.

Who is online

Users browsing this forum: 0ldy0ne, Bing [Bot], Google [Bot], maniraj4143 and 194 guests