Page 1 of 1

CAPsMan with VLANs

Posted: Tue Sep 25, 2018 6:17 am
by davidreaton
I've tried to use CAPsMAn for several years, but with limited success. My wireless network uses 2 VAPs in addition to the main network. My problem turned out to be the existing VLANs on the APs. I needed to disable these for the CAPsMan provisioning to work. My procedure is in the attached file, showing WinBox configuration steps. Hope others may be helped.

Re: CAPsMan with VLANs

Posted: Thu Sep 27, 2018 12:17 am
by davidreaton
Here's the CAPsMan export of this configuration. 2 VLANs. Used to provisioned 14 APs, several models, both single and dual band.


/caps-man configuration
add channel.band=2ghz-onlyn channel.control-channel-width=20mhz \
channel.extension-channel=disabled channel.save-selected=yes country=\
"united states3" datapath.bridge=bridge1 datapath.local-forwarding=yes \
max-sta-count=30 name=cfg24Main security.authentication-types=wpa2-psk \
security.passphrase=XXYYZXXYYZ ssid=Main
add country="united states3" datapath.bridge=bridge1 \
datapath.local-forwarding=yes datapath.vlan-id=10 datapath.vlan-mode=\
use-tag name=cfg24Guest security.authentication-types=wpa2-psk \
security.passphrase=GUESTPWHERE ssid=Guest
add country="united states3" datapath.bridge=bridge1 \
datapath.local-forwarding=yes datapath.vlan-id=20 datapath.vlan-mode=\
use-tag name=cfg24Phish ssid="Phish"
add channel.band=5ghz-onlyac channel.control-channel-width=20mhz \
channel.extension-channel=disabled channel.save-selected=yes country=\
"united states3" datapath.bridge=bridge1 datapath.local-forwarding=yes \
max-sta-count=30 name=cfg5Main security.authentication-types=wpa2-psk \
security.passphrase=XXYYZXXYYZ ssid=Main
add country="united states3" datapath.bridge=bridge1 \
datapath.local-forwarding=yes datapath.vlan-id=10 datapath.vlan-mode=\
use-tag name=cfg5Guest security.authentication-types=wpa2-psk \
security.passphrase=GUESTPWHERE ssid=Guest
add country="united states3" datapath.bridge=bridge1 \
datapath.local-forwarding=yes datapath.vlan-id=20 datapath.vlan-mode=\
use-tag name=cfg5Phish ssid="Phish"
/caps-man access-list
add action=accept allow-signal-out-of-range=10s disabled=no interface=any \
signal-range=-80..120 ssid-regexp=""
add action=reject allow-signal-out-of-range=10s disabled=no interface=any \
signal-range=-120..-81 ssid-regexp=""
/caps-man manager
set enabled=yes
/caps-man provisioning
add action=create-dynamic-enabled hw-supported-modes=gn master-configuration=\
cfg24Main name-format=prefix-identity name-prefix=2.4 \
slave-configurations=cfg24Guest,cfg24Phish
add action=create-dynamic-enabled hw-supported-modes=ac master-configuration=\
cfg5Main name-format=prefix-identity name-prefix=5 slave-configurations=\
cfg5Guest,cfg5Phish