I currently have a MikroTik RB 1100, and couple of 52ac metal Access Points. All the APs has been wired connected to the RB1100. I manage these APs from the RB1100 using the CAPsMAN. And I configured them based on following guide:
https://wiki.mikrotik.com/wiki/Manual:S ... sMAN_setup
Now, all CAPs/APs controlled by one CAPsMAN profile, due to some reason, I need to change the frequency channel to a different one on some of the APs. I am wondering can I create 2 CAPsMAN profile on the RB1100, and configure the CAPs/APs to choose which CAPsMAN profile to follow?
Thanks,
Weiqi
Re: 2 CAPsMAn profiles on LAN
You can. After you created several CAPsMAN profiles, bind particular profile to particular CAP in /capsman profile ... use radio-mac= property. It seems that when CAP wants to bind, profiles get searched from top to bottom and first match wins. Meaning that the general profile definition (without radio-mac set) should be the last in the list.
Re: 2 CAPsMAn profiles on LAN
Thanks for your reply, I just tried this configuration. I moved the general Provisioning profile(which radio-mac=00:00:00:00:00:00) to the bottom, and add one on top of it with Radio A's MAC address. But the radio A seems still took the general profile.You can. After you created several CAPsMAN profiles, bind particular profile to particular CAP in /capsman profile ... use radio-mac= property. It seems that when CAP wants to bind, profiles get searched from top to bottom and first match wins. Meaning that the general profile definition (without radio-mac set) should be the last in the list.
Is there any special interface configuration requirement for this to work? I currently have all APs configured only ether1 into the bridge, and configured this bridge as the CAP discovery interfaces.
Re: 2 CAPsMAn profiles on LAN
In my case it's MAC address of CAPs interface talking to CAPsMAN that needs to be configured in special profile ... in particular it's CAP's bridge MAC address, not the wireless interface's one ...... and add one on top of it with Radio A's MAC address.
It's not necessary to configure anything else to make a particular CAP take custom profile settings.
Re: 2 CAPsMAn profiles on LAN
In my scenario, the CAP got config from CAPsMAN if I put 00:00:00:00:00:00 as the Radio MAC in CAPsMAn provisioning. However, if I change the 00 MAC address to the bridge MAC address of the CAP radio. The CAP radio will get some random config I don't know where from.In my case it's MAC address of CAPs interface talking to CAPsMAN that needs to be configured in special profile ... in particular it's CAP's bridge MAC address, not the wireless interface's one ...... and add one on top of it with Radio A's MAC address.
It's not necessary to configure anything else to make a particular CAP take custom profile settings.
Re: 2 CAPsMAn profiles on LAN
Can you share capsman config (output of /capsman export hide-sensitive)?
Re: 2 CAPsMAn profiles on LAN
Sure, please see below:Can you share capsman config (output of /capsman export hide-sensitive)?
Code: Select all
/caps-man security
add authentication-types=wpa2-eap eap-methods=passthrough \
eap-radius-accounting=yes encryption=aes-ccm group-encryption=aes-ccm \
group-key-update=5m name=EAP tls-certificate=none tls-mode=no-certificates
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm \
name=pre-share-key
/caps-man configuration
add channel.band=2ghz-b/g/n channel.control-channel-width=20mhz \
channel.frequency=2437 country="united states3" datapath.bridge=\
"lab.hq local" hide-ssid=yes mode=ap name=radius security=EAP \
security.authentication-types=wpa2-eap security.eap-methods=passthrough \
security.eap-radius-accounting=yes security.encryption=aes-ccm \
security.group-encryption=aes-ccm security.tls-certificate=none \
security.tls-mode=no-certificates ssid=radius
add channel.band=2ghz-b/g/n channel.control-channel-width=20mhz \
channel.frequency=2422 country="united states3" datapath.bridge=\
"lab.hq local" mode=ap name=Fortest security=pre-share-key \
security.authentication-types=wpa2-psk security.encryption=aes-ccm \
security.group-encryption=aes-ccm ssid=ForTest
/caps-man access-list
add action=accept disabled=no mac-address=C8:3C:85:99:F3:7B ssid-regexp=""
add action=accept disabled=no mac-address=C0:EE:FB:E7:EA:7C ssid-regexp=""
add action=accept disabled=no mac-address=90:09:17:67:5B:6F ssid-regexp=""
add action=reject client-to-client-forwarding=no disabled=no radius-accounting=\
yes ssid-regexp=""
/caps-man manager
set enabled=yes
/caps-man manager interface
set [ find default=yes ] forbid=yes
add disabled=no interface="lab.hq local"
/caps-man provisioning
add action=create-dynamic-enabled master-configuration=Fortest name-format=\
identity
Re: 2 CAPsMAn profiles on LAN
And how in particular did you configure certain CAP for dual-SSID operation? That config stanza is not in posted export.
Re: 2 CAPsMAn profiles on LAN
I am only using that Fortest configuration. Here is the output after I change the 00:00... MAC address to the CAP radio's bridge MAC, and delete the other CAPsMAN configuration:And how in particular did you configure certain CAP for dual-SSID operation? That config stanza is not in posted export.
CAPsMAN side:
Code: Select all
/caps-man interface
add disabled=no l2mtu=1600 mac-address=E4:8D:8C:F8:72:80 master-interface=none name=cap2 radio-mac=E4:8D:8C:F8:72:80 radio-name=E48D8CF87280
/caps-man security
add authentication-types=wpa2-eap eap-methods=passthrough eap-radius-accounting=yes encryption=aes-ccm group-encryption=aes-ccm group-key-update=5m name=EAP tls-certificate=none tls-mode=no-certificates
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm name=pre-share-key
/caps-man configuration
add channel.band=2ghz-b/g/n channel.control-channel-width=20mhz channel.frequency=2422 country="united states3" datapath.bridge="lab.hq local" mode=ap name=Fortest security=pre-share-key security.authentication-types=wpa2-psk security.encryption=\
aes-ccm security.group-encryption=aes-ccm ssid=ForTest
/caps-man access-list
add action=accept disabled=no mac-address=C8:3C:85:99:F3:7B ssid-regexp=""
add action=accept disabled=no mac-address=C0:EE:FB:E7:EA:7C ssid-regexp=""
add action=accept disabled=no mac-address=90:09:17:67:5B:6F ssid-regexp=""
add action=reject client-to-client-forwarding=no disabled=no radius-accounting=yes ssid-regexp=""
/caps-man manager
set enabled=yes
/caps-man manager interface
set [ find default=yes ] forbid=yes
add disabled=no interface="lab.hq local"
/caps-man provisioning
add action=create-dynamic-enabled master-configuration=Fortest name-format=identity radio-mac=E4:8D:8C:F8:72:7F
CAP radio side:
Code: Select all
[admin@MikroTik] > interface wireless cap export
# oct/16/2019 12:59:13 by RouterOS 6.45.3
# software id = RNI1-BF41
#
# model = Metal G-52SHPacn
# serial number = 669605C4C28E
/interface wireless cap
#
set bridge=bridge1 discovery-interfaces=bridge1 enabled=yes interfaces=wlan1
[admin@MikroTik] > interface wireless export
# oct/16/2019 12:59:16 by RouterOS 6.45.3
# software id = RNI1-BF41
#
# model = Metal G-52SHPacn
# serial number = 669605C4C28E
/interface wireless
# managed by CAPsMAN
# channel: 5300/20-eeCe/ac(23dBm), SSID: , CAPsMAN forwarding
set [ find default-name=wlan1 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-XXXX frequency=auto installation=\
outdoor ssid=MikroTik
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface wireless cap
#
set bridge=bridge1 discovery-interfaces=bridge1 enabled=yes interfaces=wlan1Re: 2 CAPsMAn profiles on LAN
And E4:8D:8C:F8:72:7F is MAC address of CAP's bridge1?
BTW, CAPsMAN config has channel.band=2ghz-b/g/n (and matching frequency), while CAP's wireless interface is 5GHz??
BTW, CAPsMAN config has channel.band=2ghz-b/g/n (and matching frequency), while CAP's wireless interface is 5GHz??
Re: 2 CAPsMAn profiles on LAN
YesAnd E4:8D:8C:F8:72:7F is MAC address of CAP's bridge1?
Yes, I don't know where does this CAP radio's wireless config come from. It shows 5GHz, no SSID and managed by CAPsMAN.BTW, CAPsMAN config has channel.band=2ghz-b/g/n (and matching frequency), while CAP's wireless interface is 5GHz??
Re: 2 CAPsMAn profiles on LAN
I don't have any experience with Metal ... so I'm only guessing ... this device is peculiar because it has single dual-band radio. How does one select the band to operate (if setting up directly, not through capsman)? Simply by setting desired frequency band?
There are some slight differences in how certain things are configured. For example 40MHz channel is selected by setting channel-width=20/40mhz-XX for standalone device and by setting control-channel-width=20mhz extension-channel=XX for a CAP (extension-channel on standalone has different meaning). So it might happen that there's some peculiarity when configuring Metal 52 as CAP?
There are some slight differences in how certain things are configured. For example 40MHz channel is selected by setting channel-width=20/40mhz-XX for standalone device and by setting control-channel-width=20mhz extension-channel=XX for a CAP (extension-channel on standalone has different meaning). So it might happen that there's some peculiarity when configuring Metal 52 as CAP?
Re: 2 CAPsMAn profiles on LAN
Yes, it has a list contains all available band for you to choose from.I don't have any experience with Metal ... so I'm only guessing ... this device is peculiar because it has single dual-band radio. How does one select the band to operate (if setting up directly, not through capsman)? Simply by setting desired frequency band?
Might be, but everything works fine with 00:00:00:00:00:00 MAC address. If I leave all config as the same only change the 00 MAC to CAP radio's bridge MAC, things stop working. This make me think could be something related to the connection?There are some slight differences in how certain things are configured. For example 40MHz channel is selected by setting channel-width=20/40mhz-XX for standalone device and by setting control-channel-width=20mhz extension-channel=XX for a CAP (extension-channel on standalone has different meaning). So it might happen that there's some peculiarity when configuring Metal 52 as CAP?
Re: 2 CAPsMAn profiles on LAN [SOLVED]
Finally figure it out, I had to physically enable the CAP mode on the metal to make it willing to choose the right MAC radio CAPsMAN config.
There is a reset button on the metal AP, while boot up, press and hold it for about 10 seconds, then it will go to the CAP mode.
There is a reset button on the metal AP, while boot up, press and hold it for about 10 seconds, then it will go to the CAP mode.
Who is online
Users browsing this forum: stef70 and 105 guests