Community discussions

MikroTik App
 
GiovanniG
Member
Member
Topic Author
Posts: 338
Joined: Sun Nov 15, 2015 4:12 pm

How to make CAPs with 2 SSID in different IP domains

Sat Aug 22, 2020 12:15 am

Hi, I've tried myself and spent many hours, but I'm a disaster.
I need to create 2 SSID, one for internal private network, the second for public/guests, with bandiwith limitation and that will not access to the private network.

For this purposes I setup a CAPs with two satellite routers connected directly by ethernet (eth3 and 4) to the main one, CAPSMAN, that also has its WiFi as CAP. The main router is not DHCP for the private network, it is connected by eth2 to the main internet router (also DHCP). The caps are working, then I created on the CAPSMAN a new bridge for public, assigned slave SSID to this bridge in any CAPS, and created on it a DHCP. Then I NAT the new bridge on the default one with IP firewall, all public IP are source natted in the private network, I filtered the private IP ad destination to avoid from public to access privates.. In the result public is working with roaming, but private SSID works only on CAPSMAN, on other routers private SSID goes up and down and when I try to connect it is not connecting. I think the problem is the new bridge become somehow the root one, the CAP can't send nothng to CAPSMAN, there are neither log of the attempts to connect. If I disable on that CAP the piblic SSID it works, teorically once worked also if I assign the public SSID to the default bridge.

Now, which is the correct way to work? Can you please briefly tell me the logic how to build up my idea? Should I use the VLANs? Please write me something like:
- Do the CAPS, create new bridge, assig to it.. bla bla. Please remember I need also to include a simple bandwith limitation to the public SSID.
Thanks a lot!!
 
GiovanniG
Member
Member
Topic Author
Posts: 338
Joined: Sun Nov 15, 2015 4:12 pm

Re: How to make CAPs with 2 SSID in different IP domains

Sat Aug 22, 2020 1:06 am

Is this 6.45.9 version working ok? I choose it because it is "long", the most stable, but I've experience already a couple of spontaneous reboot (log went out of order for the time usual it takes to reboot, I was busy to check logs and now the log is over).
After disable the public profile on caps (but not on the capsman, where with the same confifurazione seems working without killing the private ssid connections), it worked all evening, now I connected remotely, haven't see datas in the Winbox windows) and see in logs it's loosing caps. Just because I connected. Amazing.
www.jpeg
And why I see in CAPS 20/40MHz if I selected 20MZ only? b mode (I have only g/n) and auto channel (I specified). WHat is this virtual wlan4? Where it comes from??
www2.jpeg
Is it ok to have a mac change on bridge without any reason? I haven't opened bridge interface, I just remove the network channel into the slave SSID public on capsman, to clean the configuration, it is supposed that a slave config doesn't contain parameters that master declare.. no sense. But this little not significant change changed the bridge MAC, I don't understand
www3.jpeg
You do not have the required permissions to view the files attached to this post.
 
GiovanniG
Member
Member
Topic Author
Posts: 338
Joined: Sun Nov 15, 2015 4:12 pm

Re: How to make CAPs with 2 SSID in different IP domains

Wed Jul 28, 2021 4:17 pm

Hi, this post is almost dated one year, since this time my client was running with only the main Capsman serving the public WiFi, and APs servicing only the WiFi for staff, when I enabled public WiFi they don't let more clients connecting in both SSID.
I've lot many hours trying figure out, and after I solved a problem on Caps some days ago I've just tried to delete the caps from "CAP interface" list with minus button, disable and re enable capsman and all was ok!!! from MI(MB they start running on DRMB/DRSB) This is unbelievable bad bug that made me lost hours for nothing (on version 6.45.9, but also on recent ones), now I'm get used to it and always I delete caps manually if something goes wrong, but I can't imagine who doesn't know about it.

Probably, the error was caused from firewall blocking incoming UDP packets, the caps handshaking wasn't completed, but when removed the problem the caps stil not working.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: How to make CAPs with 2 SSID in different IP domains

Wed Jul 28, 2021 4:52 pm

I would never use a capac as a router, nor do I use capsman and have replaced all but one capac in my house with EAP 245 and now one EAP 660.
Not going back to MT wifi until after RoS7 comes out and will then see what wifi 6 MT offers.
 
GiovanniG
Member
Member
Topic Author
Posts: 338
Joined: Sun Nov 15, 2015 4:12 pm

Re: How to make CAPs with 2 SSID in different IP domains

Wed Jul 28, 2021 11:21 pm

Sorry, why? It works fine, cpu level still low and all resources are ok. It's just a small restaurant for about 30 persons max, and most of them won't need wifi
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: How to make CAPs with 2 SSID in different IP domains

Fri Jul 30, 2021 9:26 pm

If it works fine for you, super dont change a thing.
It has never worked satisfactorily for my family so I changed them out for others.
 
GiovanniG
Member
Member
Topic Author
Posts: 338
Joined: Sun Nov 15, 2015 4:12 pm

Re: How to make CAPs with 2 SSID in different IP domains  [SOLVED]

Fri Nov 12, 2021 1:15 pm

the new 6.48.5 / 6.49 seams solved problems of CPU lags and eventually unexpected reboots. On provisioning I've thanged the create dynamic enable to create enabled, that is probably a good move.
Also, a painful behaviour of Mikrotik configuring the first time Caps, if something went wrong and caps appearing MI/MIB in the capsman list, it's needed to remove the entry manually, disable and renable caps to let it register correctly, without this move it will forever shows MI even if the configuration is correct. From that time it will work even after reboot

Who is online

Users browsing this forum: normis and 24 guests