Hi All,
I'm pretty new with CAPsMAN, I followed this guide for configure a new AP on my office: https://mum.mikrotik.com/presentations/ ... 122809.pdf
The scope is to create an internal Wifi network that can access the LAN and a guest network with hotspot and captive portal.
You can see my configurations in attachments.
I have only one AP with 2 wlan (2Ghz and 5Ghz) and I'm using CAPsMAN manager from our firewall that is a VM on VMWare.
The problem is that if I set the wifi config in the cap configuration on the wireless tab everything works fine but with the provisioning not. I tried different configurations and none worked.
I want to use provisioning because I wish to handle multiple SSID on the same CAP.
Thanks in advance.
CAPsMAN Provisioning Issue
You do not have the required permissions to view the files attached to this post.
Re: CAPsMAN Provisioning Issue
UPDATE:
I did a few more tries without success. It seems that there is something deeply wrong with my configuration.
What I want to do (just to be clear) is use my AP with both the wlan (2Ghz and 5Ghz) for create a "normal" wifi network and a guest network.
The first one is accessible using a simple WPA key and can have full access to the LAN, the second must use a captive portal and can only access the internet.
SSID must be different (Inoptim-WIFI and Inoptim-GUEST).
Another mandatory thing is to use CAPsMAN, how can I do this?
I did a few more tries without success. It seems that there is something deeply wrong with my configuration.
What I want to do (just to be clear) is use my AP with both the wlan (2Ghz and 5Ghz) for create a "normal" wifi network and a guest network.
The first one is accessible using a simple WPA key and can have full access to the LAN, the second must use a captive portal and can only access the internet.
SSID must be different (Inoptim-WIFI and Inoptim-GUEST).
Another mandatory thing is to use CAPsMAN, how can I do this?
Re: CAPsMAN Provisioning Issue
Can you please post your full capsman configuration as well as the caps client configurations?
On your capsmanager device:
On the Client:
On your capsmanager device:
Code: Select all
/cap export hide-sensitiveCode: Select all
/export hide-sensitiveRe: CAPsMAN Provisioning Issue
Sure:
Caps manager
Client
Caps manager
Code: Select all
# apr/16/2019 16:26:46 by RouterOS 6.44.2
# software id =
#
#
#
/caps-man channel
add band=2ghz-b/g/n control-channel-width=20mhz frequency=2412 name=CH1
/caps-man datapath
add client-to-client-forwarding=yes comment=Inoptim-WIFI local-forwarding=yes name=VLAN1 vlan-id=1 vlan-mode=use-tag
add comment=Inoptim-GUEST local-forwarding=yes name=VLAN2 vlan-id=2 vlan-mode=use-tag
/caps-man configuration
add country=italy datapath=VLAN2 mode=ap name=VLAN2 ssid=Inoptim-GUEST
/caps-man interface
add comment=2Ghz disabled=no l2mtu=1600 mac-address=74:4D:28:12:9D:22 master-interface=none name=InoptimAP1 radio-mac=74:4D:28:12:9D:22 radio-name=744D28129D22
add comment=5Ghz disabled=no l2mtu=1600 mac-address=74:4D:28:12:9D:23 master-interface=none name=InoptimAP2 radio-mac=74:4D:28:12:9D:23 radio-name=744D28129D23
/caps-man security
add authentication-types=wpa-psk,wpa2-psk comment=Inoptim-WIFI encryption=aes-ccm group-encryption=aes-ccm name=VLAN1
/caps-man configuration
add country=italy datapath=VLAN1 mode=ap name=VLAN1 security=VLAN1 ssid=Inoptim-WIFI
/caps-man manager
set ca-certificate=auto certificate=auto enabled=yes require-peer-certificate=yes
/caps-man provisioning
add action=create-dynamic-enabled master-configuration=VLAN1 name-format=prefix name-prefix=InoptimAP radio-mac=74:4D:28:12:9D:23 slave-configurations=VLAN2
add action=create-dynamic-enabled master-configuration=VLAN1 name-format=prefix name-prefix=InoptimAP radio-mac=74:4D:28:12:9D:22 slave-configurations=VLAN2
add action=create-dynamic-enabled disabled=yes identity-regexp=InoptimAP* master-configuration=VLAN1
Client
Code: Select all
# apr/16/2019 16:28:48 by RouterOS 6.42.10
#
# model = RouterBOARD cAP Gi-5acD2nD
/interface bridge
add admin-mac=74:4D:28:12:9D:20 auto-mac=no comment=defconf name=bridge
/interface wireless
# managed by CAPsMAN
# channel: 2442/20-Ce/gn(30dBm), SSID: , CAPsMAN forwarding
set [ find default-name=wlan1 ] mode=bridge name=Inoptim-WIFI ssid=NamaWifi
# managed by CAPsMAN
# channel: 5180/20-Ceee/ac(17dBm), SSID: , CAPsMAN forwarding
set [ find default-name=wlan2 ] name="Inoptim-WIFI 5GHz" ssid=NamaWifi
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp_pool0 ranges=10.2.10.2-10.2.10.254
/interface bridge port
add bridge=bridge comment=defconf interface=ether1
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=Inoptim-WIFI
add bridge=bridge comment=defconf interface="Inoptim-WIFI 5GHz"
/interface list member
add interface=ether1 list=WAN
add interface=ether2 list=LAN
add interface="Inoptim-WIFI 5GHz" list=LAN
add interface=Inoptim-WIFI list=LAN
/interface wireless cap
#
set bridge=bridge caps-man-certificate-common-names=CAPsMAN-000C298C1D06 certificate=CAP-7F36728D1D5E discovery-interfaces=bridge enabled=yes interfaces="Inoptim-WIFI,Inoptim-WIFI 5GHz" lock-to-caps-man=yes
/ip address
add address=10.2.25.241/24 interface=ether1 network=10.2.25.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid interface=bridge
/ip dhcp-server network
add address=10.2.10.0/24 dns-server=10.2.10.1 gateway=10.2.10.1
/ip dns
set servers=10.2.25.250
/ip route
add distance=1 gateway=10.2.25.254
/system clock
set time-zone-name=Europe/Rome
/system identity
set name=NamaWifi
/system routerboard settings
set silent-boot=no
/system routerboard mode-button
set enabled=yes on-event=dark-mode
/system script
add comment=defconf name=dark-mode owner=*sys policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\
"\r\
\n :if ([system leds settings get all-leds-off] = \"never\") do={\r\
\n /system leds settings set all-leds-off=immediate \r\
\n } else={\r\
\n /system leds settings set all-leds-off=never \r\
\n }\r\
\n "
Re: CAPsMAN Provisioning Issue
Okay, there are a few things which are odd in my opinion..
First: You specify the slave-configurations in your provisioning rule:
but there is no "VLAN2" configuration in your capsman config, just "VLAN1":
Secondly the datapath options on your capsmanager are normally not needed when using "local-forwarding" (see: https://wiki.mikrotik.com/wiki/Manual:C ... figuration).
You should set the bridge where your wifi-interfaces should be added to on your clients under /int wire cap, for example: "/int wire cap set bridge=bridge". Additionally you should not add the wifi-interfaces manually to your bridge on your clients:
Please delete those two interfaces from that bridge since they will get added dynamically when the client connects to capsman and the configuration has implemented the "bridge-setting" under /int wire cap.
I need to mention that im not sure if the VLAN configuration will work with local forwarding! Maybe you will need to use capsman-forwarding. Not sure since we dont use client-forwarding with VLAN in our setups.
After you have made the changes please reconnect the client to your capsmanager and try it again
Edit: One more thing: I would suggest you to use the same software version (manager has 6.44.2, client has 6.42.10 in your case)
First: You specify the slave-configurations in your provisioning rule:
Code: Select all
/caps-man provisioning
add action=create-dynamic-enabled master-configuration=VLAN1 name-format=prefix name-prefix=InoptimAP radio-mac=74:4D:28:12:9D:23 slave-configurations=VLAN2
add action=create-dynamic-enabled master-configuration=VLAN1 name-format=prefix name-prefix=InoptimAP radio-mac=74:4D:28:12:9D:22 slave-configurations=VLAN2
Code: Select all
/caps-man configuration
add country=italy datapath=VLAN1 mode=ap name=VLAN1 security=VLAN1 ssid=Inoptim-WIFI
Secondly the datapath options on your capsmanager are normally not needed when using "local-forwarding" (see: https://wiki.mikrotik.com/wiki/Manual:C ... figuration).
You should set the bridge where your wifi-interfaces should be added to on your clients under /int wire cap, for example: "/int wire cap set bridge=bridge". Additionally you should not add the wifi-interfaces manually to your bridge on your clients:
Code: Select all
/interface bridge port
add bridge=bridge comment=defconf interface=ether1
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=Inoptim-WIFI
add bridge=bridge comment=defconf interface="Inoptim-WIFI 5GHz"
I need to mention that im not sure if the VLAN configuration will work with local forwarding! Maybe you will need to use capsman-forwarding. Not sure since we dont use client-forwarding with VLAN in our setups.
After you have made the changes please reconnect the client to your capsmanager and try it again
Edit: One more thing: I would suggest you to use the same software version (manager has 6.44.2, client has 6.42.10 in your case)
Who is online
Users browsing this forum: Amazon [Bot], hasmidzul and 51 guests