Community discussions

 
Pavel1973
just joined
Topic Author
Posts: 3
Joined: Wed Jan 11, 2017 10:05 pm
Location: Prague

wAP AC as CAP managed by CAPsMAN ?

Fri Aug 30, 2019 3:17 pm

Hello, I have in one building several cAPs (RBcAPGi-5acD2nD, RBcAPL-2nD) providing two SSIDs, managed by CAPsMAN on CCR1016, and everything is working fine.
But I had to cover the yard also, so I decided to put there wAP G-5HacT2HnD (because it is waterproof), but it simply does not work, even if I reset the configuration to the CAPs mode.
On the wAP in the wireless interfaces there looks everything OK and both wlans are managed by CAPsMan, providing the signal and SSID.
But any client connected to this wAP can not access internet, despite the fact that in Log and Registration Tables the client is well connected (good signal strenght). It simply does not transfer any data (client - wAP), ping from the wAP to WAN works, the bandwith test inside LAN is also OK.
Client devices rather connect to the other CAP, which is far away and on bad signal, than to this strange wAP.
Replacing this wAP by pure CAP solve this issue, but I would like to have outdoor wAP (or something similar) working as CAP?
Does anyone have any idea what to do?

Here is the full RSC from the wAP:

Code: Select all

/interface bridge
add admin-mac=CC:2D:E0:E7:BE:44 auto-mac=no comment=defconf name=bridgeLocal
/interface wireless
# managed by CAPsMAN
# channel: 2412/20-Ce/gn(20dBm), SSID: Slunecna_337, CAPsMAN forwarding
set [ find default-name=wlan1 ] ssid=MikroTik
# managed by CAPsMAN
# channel: 5640/20-eCee/ac(27dBm), SSID: Slunecna_337, CAPsMAN forwarding
set [ find default-name=wlan2 ] ssid=MikroTik
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface bridge port
add bridge=bridgeLocal comment=defconf interface=ether1
/interface wireless cap
#
set bridge=bridgeLocal discovery-interfaces=bridgeLocal enabled=yes \
interfaces=wlan1,wlan2
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=\
bridgeLocal
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote
/system clock
set time-zone-name=Europe/Prague
 
Pavel1973
just joined
Topic Author
Posts: 3
Joined: Wed Jan 11, 2017 10:05 pm
Location: Prague

Re: wAP AC as CAP managed by CAPsMAN ?

Sat Aug 31, 2019 11:12 pm

After another day of investigation, I did not find a way, how to do it.
I got another wAP, put it to other CAPsMAN controlled installation - the same problem... Could it be some HW issue?
Is there anyone who has the wAPG-5HacT2HnD sucesfully runing in CAP mode?
Or what model do you use to cover outdoor areas by wlan managed by CAPsMAN?
 
erlinden
Member Candidate
Member Candidate
Posts: 173
Joined: Wed Jun 12, 2013 1:59 pm

Re: wAP AC as CAP managed by CAPsMAN ?

Sun Sep 01, 2019 10:50 am

Do clients get a correct IP address (including gateway and DNS)?
Have you tried configuring the wAP manually instead of through CAPsMAN?
Could it be a regularity thing, because it is used outside (not all 5G channels are allowed to be used outside)?
 
LSan83
just joined
Posts: 16
Joined: Fri Aug 10, 2018 11:35 am
Location: Italy

Re: wAP AC as CAP managed by CAPsMAN ?

Sun Sep 01, 2019 12:43 pm

After another day of investigation, I did not find a way, how to do it.
I got another wAP, put it to other CAPsMAN controlled installation - the same problem... Could it be some HW issue?
Is there anyone who has the wAPG-5HacT2HnD sucesfully runing in CAP mode?
Or what model do you use to cover outdoor areas by wlan managed by CAPsMAN?
I'm running CAPsMAN on a HapAC2 and it's controlling 3 ssid on five WAP AC ( wAPG-5HacT2HnD ) in CAP mode. All works fine on 6.43.16 with channel auto reselect every 10 minute on both bands. In about 30 minutes all CAPs gets own best frequency. At the moment my five WAPs are using 4 different channel on 5 Ghz and 3 different channel on 2,4 Ghz.
 
mistry7
Forum Guru
Forum Guru
Posts: 1326
Joined: Tue Oct 13, 2009 11:57 am
Location: Germany

Re: wAP AC as CAP managed by CAPsMAN ?

Sun Sep 01, 2019 4:21 pm

Do you use CAPs Man Forwarding or Local Forward?
 
LSan83
just joined
Posts: 16
Joined: Fri Aug 10, 2018 11:35 am
Location: Italy

Re: wAP AC as CAP managed by CAPsMAN ?

Mon Sep 02, 2019 5:52 pm

Do you use CAPs Man Forwarding or Local Forward?
I'm using Local Forwarding.
 
quackyo
Member Candidate
Member Candidate
Posts: 111
Joined: Mon Nov 16, 2015 10:14 am

Re: wAP AC as CAP managed by CAPsMAN ?

Tue Sep 03, 2019 4:42 pm

You will need to post an export of your CAPsMAN as well. And also it would be helpful if you post an export of a working CAP.
 
LSan83
just joined
Posts: 16
Joined: Fri Aug 10, 2018 11:35 am
Location: Italy

Re: wAP AC as CAP managed by CAPsMAN ?

Tue Sep 03, 2019 5:09 pm

You will need to post an export of your CAPsMAN as well. And also it would be helpful if you post an export of a working CAP.
This is my working config.

CAPSMAN on HAP AC2
# aug/28/2019 21:40:25 by RouterOS 6.43.16
# software id = V4ND-FL2U
#
# model = RBD52G-5HacD2HnD
# serial number = 8FDE09BFD2C8
/caps-man channel
add band=5ghz-n/ac extension-channel=XXXX name=5Ghz reselect-interval=10m \
    tx-power=25
add band=2ghz-b/g/n extension-channel=disabled frequency="" name=2.4Ghz \
    reselect-interval=10m tx-power=20
/interface bridge
add fast-forward=no name=bridgeGuest
add admin-mac=B8:69:F4:1B:FD:9E auto-mac=no comment=defconf name=bridge_local
/interface ethernet
set [ find default-name=ether1 ] name=ether1_ADSL speed=100Mbps
set [ find default-name=ether2 ] name=ether2_LTE speed=100Mbps
set [ find default-name=ether3 ] speed=100Mbps
set [ find default-name=ether4 ] speed=100Mbps
set [ find default-name=ether5 ] speed=100Mbps
/interface pppoe-client
add add-default-route=yes default-route-distance=2 disabled=no interface=\
    ether1_ADSL name=pppoe-3ADSL user=benvenuto
/interface wireless
set [ find default-name=wlan1 ] antenna-gain=3 band=2ghz-b/g/n channel-width=\
    20/40mhz-Ce country=italy distance=indoors frequency=auto frequency-mode=\
    regulatory-domain mode=ap-bridge ssid=MikroTik-1BFDA2 wireless-protocol=\
    802.11
set [ find default-name=wlan2 ] antenna-gain=3 band=5ghz-a/n/ac \
    channel-width=20/40/80mhz-Ceee country=italy distance=indoors frequency=\
    auto frequency-mode=regulatory-domain mode=ap-bridge ssid=MikroTik-1BFDA3 \
    wireless-protocol=802.11
/interface vlan
add interface=bridge_local name=GUEST_200 vlan-id=200
add interface=ether2_LTE name=LTE_WAN_30 vlan-id=30
add interface=bridge_local name=PRIVATE_100 vlan-id=100
/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm name=Private
add authentication-types=wpa2-psk encryption=aes-ccm name=Guest
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/caps-man datapath
add bridge=bridge_local bridge-horizon=1 client-to-client-forwarding=yes \
    interface-list=LAN local-forwarding=yes name=Private vlan-id=100 \
    vlan-mode=use-tag
add bridge=bridgeGuest bridge-horizon=1 client-to-client-forwarding=no \
    interface-list=LAN local-forwarding=yes name=datapathGuest vlan-id=200 \
    vlan-mode=use-tag
/caps-man configuration
add channel=2.4Ghz channel.tx-power=18 country=italy datapath=Private \
    installation=any mode=ap name=W-HOME security=Private ssid=W-HOME
add channel=5Ghz channel.band=5ghz-n/ac channel.tx-power=23 country=italy \
    datapath=Private installation=any mode=ap name=W-MEDIA security=Private \
    ssid=W-MEDIA
add country=italy datapath=datapathGuest installation=any mode=ap name=\
    W-GUEST security=Guest ssid=W-GUEST
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=\
    dynamic-keys supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=\
    aes-256-cbc,aes-192-cbc,aes-128-cbc,3des
/ip pool
add name=dhcp ranges=192.168.0.100-192.168.0.200
add name=vpn ranges=192.168.89.2-192.168.89.255
add name=dhcp_private ranges=192.168.100.100-192.168.100.200
add name=dhcp_guest ranges=192.168.200.100-192.168.200.200
/ip dhcp-server
add address-pool=dhcp interface=bridge_local name=defconf
add address-pool=dhcp_private disabled=no interface=PRIVATE_100 name=\
    serverPrivate
add address-pool=dhcp_guest disabled=no interface=bridgeGuest name=\
    serverGuest
/ppp profile
set *FFFFFFFE dns-server=8.8.8.8 local-address=192.168.89.1 remote-address=\
    vpn
/caps-man manager
set ca-certificate=auto certificate=auto enabled=yes upgrade-policy=\
    suggest-same-version
/caps-man manager interface
add disabled=no forbid=yes interface=wlan2
add disabled=no forbid=yes interface=wlan1
/caps-man provisioning
add action=create-dynamic-enabled hw-supported-modes=gn master-configuration=\
    W-HOME name-format=prefix-identity name-prefix=GN slave-configurations=\
    W-GUEST
add action=create-dynamic-enabled hw-supported-modes=ac master-configuration=\
    W-MEDIA name-format=prefix-identity name-prefix=AC slave-configurations=\
    W-GUEST
/interface bridge port
add bridge=bridge_local comment=defconf interface=ether3 pvid=100
add bridge=bridge_local comment=defconf interface=ether4 pvid=200
add bridge=bridge_local comment=defconf interface=ether5
add bridge=bridge_local comment=defconf interface=wlan1
add bridge=bridge_local comment=defconf interface=wlan2
add bridge=bridgeGuest interface=GUEST_200 pvid=200
add bridge=bridge_local interface=PRIVATE_100 pvid=100
add bridge=bridge_local interface=ether2_LTE pvid=100
/ip neighbor discovery-settings
set discover-interface-list=WAN
/interface detect-internet
set detect-interface-list=WAN internet-interface-list=WAN lan-interface-list=\
    LAN wan-interface-list=WAN
/interface ethernet switch vlan
add independent-learning=yes ports=ether3 switch=switch1 vlan-id=100
add independent-learning=yes ports=ether4 switch=switch1 vlan-id=200
/interface l2tp-server server
set enabled=yes use-ipsec=required
/interface list member
add comment=defconf interface=bridge_local list=LAN
add interface=PRIVATE_100 list=LAN
add list=LAN
add interface=pppoe-3ADSL list=WAN
add interface=LTE_WAN_30 list=WAN
/interface pptp-server server
set enabled=yes
/interface sstp-server server
set default-profile=default-encryption enabled=yes
/interface wireless cap
set bridge=bridge_local caps-man-addresses=127.0.0.1 discovery-interfaces=\
    bridge_local interfaces=wlan2
/ip address
add address=192.168.100.1/24 interface=PRIVATE_100 network=192.168.100.0
add address=192.168.200.1/24 interface=GUEST_200 network=192.168.200.0
add address=192.168.0.1/24 interface=bridge_local network=192.168.0.0
/ip cloud
set update-time=no
/ip dhcp-client
add add-default-route=no dhcp-options=hostname,clientid disabled=no \
    interface=ether1_ADSL
add dhcp-options=hostname,clientid disabled=no interface=LTE_WAN_30
/ip dhcp-server network
add address=192.168.0.0/24 comment=defconf dns-server=\
    208.67.222.222,208.67.220.220 gateway=192.168.0.1 netmask=24
add address=192.168.100.0/24 comment="Vlan Private" dns-server=\
    208.67.222.222,208.67.220.220 gateway=192.168.100.1 netmask=24
add address=192.168.200.0/24 comment="Vlan Guest" dns-server=\
    208.67.222.222,208.67.220.220 gateway=192.168.200.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=208.67.222.222,208.67.220.220
/ip dns static
add address=192.168.100.1 name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=accept chain=input comment="allow IPsec NAT" dst-port=4500 \
    protocol=udp
add action=accept chain=input comment="allow IKE" dst-port=500 protocol=udp
add action=accept chain=input comment="allow l2tp" dst-port=1701 protocol=udp
add action=accept chain=input comment="allow pptp" dst-port=1723 protocol=tcp
add action=accept chain=input comment="allow sstp" dst-port=443 protocol=tcp
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="accept local CAP in CAPSMAN" dst-port=\
    5246,5247 protocol=udp src-address=127.0.0.1
add action=accept chain=input comment="accept modem adsl" disabled=yes \
    in-interface=ether1_ADSL src-address=192.168.1.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat comment="masq. vpn traffic" src-address=\
    192.168.89.0/24
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=bridge_local type=internal
add interface=ether1_ADSL type=external
/ppp secret
add name=vpn profile=default-encryption service=l2tp
/system clock
set time-zone-name=Europe/Rome
/system identity
set name="HAP AC2"
/system package update
set channel=long-term
/tool bandwidth-server
set authenticate=no
/tool graphing
set store-every=hour
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
CAP on five WAP AC
# sep/03/2019 15:56:32 by RouterOS 6.43.16
# software id = 3BBH-ATBL
#
# model = RouterBOARD wAP G-5HacT2HnD
# serial number = 7DF1086C1E0C
/interface bridge
add admin-mac=CC:2D:E0:32:6E:61 auto-mac=no comment=defconf name=bridgeLocal
/interface wireless
# managed by CAPsMAN
# channel: 2462/20/gn(16dBm), SSID: W-HOME, local forwarding
set [ find default-name=wlan1 ] antenna-gain=2 band=2ghz-b/g/n channel-width=\
    20/40mhz-Ce country=italy disabled=no frequency=auto frequency-mode=\
    regulatory-domain name=W2-SALA ssid=W-HOME wmm-support=enabled
# managed by CAPsMAN
# channel: 5600/20-eeeC/ac(23dBm), SSID: W-MEDIA, local forwarding
set [ find default-name=wlan2 ] band=5ghz-n/ac channel-width=20/40/80mhz-eCee \
    disabled=no frequency=auto name=W5-SALA ssid=W-HOME5
/interface ethernet
set [ find default-name=ether1 ] speed=100Mbps
/interface vlan
add interface=bridgeLocal name="GUEST 200" vlan-id=200
add interface=bridgeLocal name="PRIVATE 100" vlan-id=100
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/interface bridge port
add auto-isolate=yes bridge=bridgeLocal comment=defconf interface=ether1 \
    pvid=100
add bridge=bridgeLocal interface=W2-SALA pvid=100
add bridge=bridgeLocal frame-types=admit-only-vlan-tagged interface=\
    "GUEST 200" pvid=200
add bridge=bridgeLocal frame-types=admit-only-vlan-tagged interface=\
    "PRIVATE 100" pvid=100
add bridge=bridgeLocal interface=W5-SALA pvid=100
/interface detect-internet
set detect-interface-list=all
/interface wireless cap
# 
set bridge=bridgeLocal caps-man-addresses=192.168.100.1 discovery-interfaces=\
    bridgeLocal enabled=yes interfaces=W2-SALA,W5-SALA
/ip address
add address=192.168.100.2/24 interface="PRIVATE 100" network=192.168.100.0
add address=192.168.200.2/24 interface="GUEST 200" network=192.168.200.0
add address=192.168.0.2/24 interface=bridgeLocal network=192.168.0.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid interface=bridgeLocal
/ip dns
set servers=192.168.100.1
/ip route
add check-gateway=ping distance=1 gateway=192.168.100.1
add distance=2 gateway=192.168.0.1
/system clock
set time-zone-name=Europe/Rome
/system identity
set name="WAP SALA"
/system package update
set channel=long-term
Between HAP AC2 and WAP AC there is a simple tp-link managed switch.
I know that on VLAN and WAN config, there is space for improvement and correction. I'm still studying and testing. This is my first "professional" gear, and i use it at home.

Who is online

Users browsing this forum: No registered users and 31 guests