Page 1 of 1

Using hAP as CAPsMAN managing wAP LTE AP

Posted: Fri Dec 25, 2020 8:13 pm
by kasparsd
What would be the easiest configuration for a network where the internet comes in through a wAP LTE which also serves as a CAP managed by a hAP which also serves as a CAPsMAN and is connected to the internet through the same wAP?

Image

Design considerations:
  • hAP is physically accessible from the ground so it should serve as the main device in case it needs a Netinstall or a manual reset.
  • wAP is placed on a pole above the ground and preferably never needs to be serviced.
  • All network devices powered through PoE for simplicity.
Questions:
  • Can wAP do LTE passthrough to hAP and serve as a CAP at the same time? Will it work with a vlan interface for the passthrough?
  • Is is a significant bottleneck when wireless clients connected to the wAP AP reach out to the internet through the hAP which in turn connects to wAP?
  • Is it possible to use hAP as the DHCP server for the network and make it use wAP as the gateway to the internet? How to configure that?
Please let me know if I'm overcomplicating this and if there is a simple configuration for this kind of a setup. Thanks!

Re: Using hAP as CAPsMAN managing wAP LTE AP

Posted: Sat Jan 02, 2021 9:45 pm
by kasparsd
Posting the setup I ended up using in case anyone wants a similar setup.

Hardware configuration:
  • RB260GSP switch powering all devices over PoE on eth2 and eth3 because eth1 doesn't have PoE out.
  • wAP R LTE eth1 connected to RB260GSP eth2.
  • hAP AC2 eth1 connected to RB260GSP eth3.

And the following RouterOS configuration after a clean reset of both devices:

wAP R LTE configuration:
  • Quick set as a CAP which disables the local NAT and firewall.
  • Add new VLAN_LTE (ID 100) interface to send the LTE WAN to hAP directly for processing and forwarding. Configure VLAN_LTE as the destination for the LTE passthrough.
    /interface vlan
    add interface=bridgeLocal name=vlan_lte vlan-id=100
    
    /interface lte apn
    set [ find default=yes ] passthrough-interface=vlan_lte

hAP AC2 configuration:
  • Quick set as a "Home Mesh" which makes it a CAPs manager.
  • Enable CAP for the local access-points to be configured through the CAPsMAN running on the same device. Set 127.0.0.1 as the caps-man-addresses to make the CAPs traffic pass through the firewall and not be blocked by the default firewall rules. Enable CAPs discovery on the bridge interface and lock access-points to CAPsMAN for configuration:
    /interface wireless cap 
    set bridge=bridge caps-man-addresses=127.0.0.1 certificate=request discovery-interfaces=bridge enabled=yes interfaces=wlan2,wlan1 lock-to-caps-man=yes
    
  • Add new VLAN_LTE (ID 100) interface. Add it to the WAN interface list.
    /interface vlan
    add interface=bridge name=vlan_lte vlan-id=100
    
    /interface list member
    add interface=vlan_lte list=WAN
  • Add eth1 to the default Bridge interface since wAP is attached to this port and is providing both internet over VLAN 100 and serving as a local access point.
    /interface bridge port
    add bridge=bridge interface=ether1
  • Enable the DHCP client on the vlan_lte interface since that is where the internet comes in now:
    /ip dhcp-client
    add disabled=no interface=vlan_lte
This setup makes all traffic from the wireless devices connected to the wAP access point pass through to hAP and then back to the LTE interface on wAP but that's a valid compromise considering the simplified management on hAP.

I'm wondering if it is easier to use the VLAN between wAP and hAP for the access-point traffic instead of the LTE connection?