Mon Nov 12, 2018 6:02 pm
No worries Para, I recently setup my Cap ACs , and started with the two radios they provide attached to my LAN and now have
2ghz radio (smart devices) on a vlan
5ghz radio home lan
virtual 5ghz radio (guest wifi) on a vlan.
So the good news is that even someone like me can do it so I know you can!!
The default setup in the cap AC is great and works to basically attach it to a router via a wired cable and good to go with minimal fuss!!
The first thing to learn is to always use the SAFE MODE button at the top of WINBOX.
You do use WINBOX to manage and configure the capAC right???
To recap as per most mikrotik products BRIDGE is your friend.
Under interfaces you should see
radio1
radio2
bridge
ether1
ether2
(unless you use ether2 its pretty much useless, i disabled mine)
If you have any virtual APs created they fall under the applicable radio
radio1
--virtual radioA
--virtual radioB
radio2
bridge
ether1
ether2
I would go to wireless settings first and create the radios as you see fit or a least apply the settings you want.
The first step being going to the security profiles tab for each radio and selecting (normally for generic use) dynamic keys and the WPA2 PSK passwordm, using aes cyphers only and ensuring Disable PMKID is checked off at the bottom). Then go to the radio, and apply the security profile.
As far as radio settings, I ensure WPS is off, use 20/40/80Mhz Ceee for any 5ghz network (20Mhz for b/g) and at the WDS tab, ensure WDS is off.
Then go to the bridge settings and you should see the default bridge there.
Go to the ports Tab,
here you should see or have
ether1
ether2
radio1 (WLAN1)
radio2 (WLAN2)
If you had create Virtual APs then
ether1
ether2
radio1 (WLAN1)
virtualRadioA (WLANa)
virtualRadioB (WLANb)
radio2 (WLAN2)
Have a look now at your QUICKSET TAB and you should see that you are on the routers LAN (lan ip assigned etc).
The radios would be extensions of the LAN that your capAC is on.
If you want to select different LANS for the radios to function on use VLANS.
You will see on this page a tick box for Access List.
Right now the capAC forwards all wifi clients onto the LAN and your firewall rules on the router are what dictates traffic rules.
If for some reason at the Cap AC itself you wanted to limit only certain wifi clients to connect, you would add them to the ACL list and put a checkmark in the box.
(the Access List is in wireless settings). I dont use it for now, as I use VLANS to separate guest wifi and smart devices from the normal LAN anyway.