Page 1 of 1

CAPsMAN provisioning - what am I missing?

Posted: Sat Sep 26, 2015 12:46 am
by FunkyBunny
I'm trying to test how useful this capsman thing is, but so far, I can't seem to find any way to make it so that when an access point joins the capsman for the first time, it automatically pulls the default configuration.

I have the configuration set up, and it works totally fine if i go into the capsman, select the CAP interface and manually assign the config through the dialogue.

But the entire provisioning tab seems to do nothing. I've tried creating catch all rules with the mac address as all 0's and the action as "create dynamic enabled" and the master config as my config and it does nothing. I've also tried explicitly setting the radio mac to the radio mac of a connected access point, and even that still does nothing.

How can I get a CAP to connect for the first time and automatically just pull a config?


EDIT:
I've done an export compact on the router and this is the rsc (there may be the odd random junk as I've been playing around with settings, this is a non production test router, so the set up is rather sparse, pretty much just a dhcp server and client with the capsman):

The router is a CCR-1009-8G-1S for what it's worth, and the AP im using is a CAP2n
# sep/25/2015 17:48:59 by RouterOS 6.32.2
# software id = 1WNG-DWPN
#
/caps-man channel
add band=2ghz-b/g/n extension-channel=Ce frequency=2412 name=channel-private \
    width=20
/interface bridge
add name=bridge-private
/interface ethernet
set [ find default-name=ether8 ] name=ether8-wan-dhcp
/caps-man interface
# 
add arp=enabled disabled=no l2mtu=1600 mac-address=E4:8D:8C:F0:EF:53 \
    master-interface=none mtu=1500 name=cap1 radio-mac=E4:8D:8C:F0:EF:53
/caps-man datapath
add bridge=bridge-private name=datapath-private
/caps-man security
add authentication-types=wpa-psk,wpa2-psk encryption=aes-ccm \
    group-encryption=aes-ccm name=security-private passphrase=testwifi123
/caps-man configuration
add channel=channel-private country=canada datapath=datapath-private mode=ap \
    name=cfg-private security=security-private ssid=test-wifi
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=pool-private ranges=192.168.1.100-192.168.1.250
/ip dhcp-server
add add-arp=yes address-pool=pool-private always-broadcast=yes disabled=no \
    interface=bridge-private lease-time=1d name=server-private
/tool user-manager customer
set admin access=\
    own-routers,own-users,own-profiles,own-limits,config-payment-gw
/caps-man manager
set ca-certificate=auto certificate=auto enabled=yes
/caps-man provisioning
add action=create-dynamic-enabled master-configuration=cfg-private
add action=create-dynamic-enabled disabled=yes master-configuration=\
    cfg-private radio-mac=E4:8D:8C:F0:EF:53
/interface bridge port
add bridge=bridge-private interface=ether1
add bridge=bridge-private interface=ether2
/ip address
add address=192.168.1.1/24 interface=bridge-private network=192.168.1.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether8-wan-dhcp
/ip dhcp-server network
add address=192.168.1.0/24 caps-manager=192.168.1.1 dns-server=192.168.1.1 \
    gateway=192.168.1.1
/ip dns
set allow-remote-requests=yes
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether8-wan-dhcp
/system clock
set time-zone-name=America/Toronto
/system identity
set name=test-router
/system routerboard settings
set cpu-frequency=1200MHz memory-frequency=1066DDR
/tool user-manager database
set db-path=user-manager

Re: CAPsMAN provisioning - what am I missing?

Posted: Sat Sep 26, 2015 12:58 am
by FunkyBunny
I've found the issue. Because I connected the CAP the first time before making the provisioning rule, it would not apply retroactively.

I had to delete all the "remembered" interfaces and CAPs in the remote cap, then when it checked in again for the "first time", it pulled the provisioning settings.

Re: CAPsMAN provisioning - what am I missing?

Posted: Sat Sep 26, 2015 11:07 pm
by marrold
Interesting, I may well of had the same issue. I tried adding a new SSID to an existing Cap, and I couldn't get it to work.

If it's not possible to update settings, I am a sad panda...

Re: CAPsMAN provisioning - what am I missing?

Posted: Sun Sep 27, 2015 6:37 am
by FunkyBunny
I think my issue was actually that the first time it was set up, I believe I had it on "create-enabled" instead of "create-dynamic-enabled" as I was still playing with all the settings.

Because of this, when the AP checked in, it pulled it's settings once and was done. When I unplugged the AP, it disappeared from the CAP list, but the interface from the AP stayed on the capsman interface list. When the CAP was plugged back in, it would reappear on the CAP list, but would use the existing interface created from the previous time, which meant it wouldn't pull any new settings.

What fixed my issue was unplugging the AP, deleting all the interfaces it had in the capsman (I deleted all traces of it in the capsman just to make sure), and then making sure my provisioning was on create-dynamic-enabled.

Now when it checks in, it pulls the proper config, i can change the config on the fly and settings are reflected immediately, and if I unplug it, the interface disappears like i expected.

Basically, my issue was the interface was saved because the initial setting was most likely wrong.

Re: CAPsMAN provisioning - what am I missing?

Posted: Fri May 03, 2019 5:06 am
by LaKing
Provisioning seems to be really bugged.

I have the same issue. I have already disabled my primary rule, but whatever i do, I still get that rule and ONLY that rule and the wrong provisioning, nothing else.

Another bug I guess.

Re: CAPsMAN provisioning - what am I missing?

Posted: Fri May 03, 2019 10:23 am
by GuJack20
Hi LaKing

I use CAPsMAN everyday and never had an issue. Can you please explain what is not working with your setup? Also RouterOS version etc?