I am currently trying to setup a small test network as follows:
1) Main router as internet gateway and caps manager with trunk port to the first cAP in the daisy chain (i know.. not good practice to daisy chain network devices, but it's a lab)
2) cAP with vlan settings on switch chip, trunk port to main router and second trunk port (to another cAP further down the line), and Ethernet ports configured as access ports for wired devices.
All devices are running the latest stable with firmware updated as well.
All the wired ports are working as expected ( the proper IPs are assigned via dhcp depending on which access port the devices are plugged, wire-speed transfer with low cpu load on mips cAPs).
The problem is with the wireless connections. The cAPs are connecting to the manager and they get the config, they start the interfaces with proper SSIDs and proper security but there is no data passed. I can associate to an SSID but can't get even an IP assigned via dhcp. This behavior is on all cAPs interfaces, even the ones on the main router (I manage the main router wifi via capsman as well).
I am certain I am doing something wrong (in datapaths probably) and I am missing something obvious...
The configs for the main router and the first cAP
Code: Select all
# may/06/2021 02:33:23 by RouterOS 6.48.2
# software id = UG1E-6W58
#
# model = RBD52G-5HacD2HnD
# serial number =
/caps-man channel
add band=2ghz-onlyn extension-channel=XX frequency=2412 name=channel1
/interface bridge
add admin-mac=74:4D:28:60:1E:7D auto-mac=no comment="main lan" name=bridge_vlan2
add comment="guest lan" name=bridge_vlan3
add comment="mgmt lan" name=bridge_vlan4
/interface ethernet
set [ find default-name=ether1 ] comment=WAN
set [ find default-name=ether2 ] comment=Trunk
set [ find default-name=ether3 ] comment="access port vlan 2"
set [ find default-name=ether4 ] comment="access port vlan 4"
set [ find default-name=ether5 ] comment="local mgmt"
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX distance=indoors frequency=auto installation=indoor mode=ap-bridge ssid=MikroTik-601E81 wireless-protocol=802.11
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-XXXX distance=indoors frequency=auto installation=indoor mode=ap-bridge ssid=MikroTik-601E82 wireless-protocol=802.11
/interface vlan
add interface=ether2 name=vlan2-eth2 vlan-id=2
add interface=ether2 name=vlan3-eth2 vlan-id=3
add interface=ether2 name=vlan4-eth2 vlan-id=4
/caps-man datapath
add bridge=bridge_vlan2 local-forwarding=yes name=datapath2_vlan2 vlan-id=2 vlan-mode=use-tag
add bridge=bridge_vlan3 local-forwarding=yes name=datapath3_vlan3 vlan-id=3 vlan-mode=use-tag
add bridge=bridge_vlan4 local-forwarding=yes name=datapath4_vlan4 vlan-id=4 vlan-mode=use-tag
/caps-man security
add authentication-types=wpa-psk,wpa2-psk encryption=aes-ccm,tkip name=security2_vlan2 passphrase=1234567890
add authentication-types=wpa-psk,wpa2-psk encryption=aes-ccm,tkip name=security3_vlan3 passphrase=1234567890
add authentication-types=wpa-psk,wpa2-psk encryption=aes-ccm,tkip name=security4_vlan4 passphrase=1234567890
/caps-man configuration
add channel=channel1 country=romania datapath=datapath2_vlan2 name=cfg2_vlan2 security=security2_vlan2 ssid=mainlan_test
add channel=channel1 country=romania datapath=datapath3_vlan3 name=cfg3_vlan3 security=security3_vlan3 ssid=guestlan_test
add channel=channel1 country=romania datapath=datapath4_vlan4 name=cfg4_vlan4 security=security4_vlan4 ssid=mngmlan_test
/caps-man interface
add configuration=cfg2_vlan2 disabled=no mac-address=74:4D:28:60:1E:81 master-interface=none name=main_TEST-1 radio-mac=74:4D:28:60:1E:81 radio-name=744D28601E81
add configuration=cfg3_vlan3 disabled=no mac-address=76:4D:28:60:1E:81 master-interface=main_TEST-1 name=main_TEST-1-1 radio-mac=00:00:00:00:00:00 radio-name=764D28601E81
add configuration=cfg4_vlan4 disabled=no mac-address=76:4D:28:60:1E:82 master-interface=main_TEST-1 name=main_TEST-1-2 radio-mac=00:00:00:00:00:00 radio-name=764D28601E82
add configuration=cfg2_vlan2 disabled=no l2mtu=1600 mac-address=4C:5E:0C:A9:DE:FD master-interface=none name=middle_TEST-1 radio-mac=4C:5E:0C:A9:DE:FD radio-name=4C5E0CA9DEFD
add configuration=cfg3_vlan3 disabled=no l2mtu=1600 mac-address=4E:5E:0C:A9:DE:FD master-interface=middle_TEST-1 name=middle_TEST-1-1 radio-mac=00:00:00:00:00:00 radio-name=4E5E0CA9DEFD
add configuration=cfg4_vlan4 disabled=no l2mtu=1600 mac-address=4E:5E:0C:A9:DE:FE master-interface=middle_TEST-1 name=middle_TEST-1-2 radio-mac=00:00:00:00:00:00 radio-name=4E5E0CA9DEFE
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
add name=dhcp_pool4 ranges=192.168.3.20-192.168.3.200
add name=dhcp_pool5 ranges=192.168.4.20-192.168.4.200
add name=dhcp_pool6 ranges=192.168.2.2-192.168.2.254
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=ether5 name=defconf
add address-pool=dhcp_pool4 disabled=no interface=bridge_vlan3 name=dhcp2
add address-pool=dhcp_pool5 disabled=no interface=bridge_vlan4 name=dhcp3
add address-pool=dhcp_pool6 disabled=no interface=bridge_vlan2 name=dhcp1
/caps-man manager
set enabled=yes
/caps-man provisioning
add action=create-enabled master-configuration=cfg2_vlan2 name-format=identity slave-configurations=cfg3_vlan3,cfg4_vlan4
/interface bridge port
add bridge=bridge_vlan2 interface=ether3
add bridge=bridge_vlan4 interface=ether4
add bridge=bridge_vlan2 interface=vlan2-eth2 multicast-router=disabled
add bridge=bridge_vlan3 interface=vlan3-eth2 multicast-router=disabled
add bridge=bridge_vlan4 interface=vlan4-eth2 multicast-router=disabled
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge_vlan2 list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=ether5 list=LAN
add interface=bridge_vlan3 list=LAN
add interface=bridge_vlan4 list=LAN
/interface wireless cap
set caps-man-addresses=127.0.0.1 interfaces=wlan1
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether5 network=192.168.88.0
add address=192.168.2.1/24 interface=bridge_vlan2 network=192.168.2.0
add address=192.168.3.1/24 interface=bridge_vlan3 network=192.168.3.0
add address=192.168.4.1/24 interface=bridge_vlan4 network=192.168.4.0
/ip dhcp-client
add comment=defconf disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.2.0/24 dns-server=192.168.2.1 gateway=192.168.2.1
add address=192.168.3.0/24 dns-server=192.168.3.1 gateway=192.168.3.1
add address=192.168.4.0/24 dns-server=192.168.4.1 gateway=192.168.4.1
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
/system clock
set time-zone-name=Europe/Bucharest
/system identity
set name=main_TEST
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
Code: Select all
# may/06/2021 02:39:20 by RouterOS 6.48.2
# software id = YGDI-3KEV
#
# model = 951Ui-2HnD
# serial number =
/interface bridge
add name=bridge1
/interface ethernet
set [ find default-name=ether1 ] comment="trunk to main Caps-Man"
set [ find default-name=ether2 ] comment="trunk port to other cAPs"
set [ find default-name=ether3 ] comment="Access vlan 2"
set [ find default-name=ether4 ] comment="Access vlan 4"
set [ find default-name=ether5 ] comment="outside bridge "
/interface wireless
# managed by CAPsMAN
# channel: 2412/20-Ce/gn(17dBm), SSID: mainlan_test, local forwarding
set [ find default-name=wlan1 ] disabled=no ssid=MikroTik
/interface vlan
add interface=bridge1 name=mgmt_int_vlan4 vlan-id=4
/interface ethernet switch port
set 0 vlan-header=add-if-missing vlan-mode=secure
set 1 vlan-header=add-if-missing vlan-mode=secure
set 2 default-vlan-id=2 vlan-header=always-strip vlan-mode=secure
set 3 default-vlan-id=4 vlan-header=always-strip vlan-mode=secure
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface bridge port
add bridge=bridge1 comment="trunk to main" interface=ether1 multicast-router=disabled
add bridge=bridge1 comment="trunk to cap" interface=ether2 multicast-router=disabled
add bridge=bridge1 interface=ether3 multicast-router=disabled pvid=2
add bridge=bridge1 interface=ether4 multicast-router=disabled pvid=3
/interface bridge vlan
add bridge=bridge1 tagged=ether1,ether2 untagged=ether3 vlan-ids=2
add bridge=bridge1 tagged=ether1,ether2 vlan-ids=3
add bridge=bridge1 tagged=ether1,ether2 untagged=ether4 vlan-ids=4
/interface ethernet switch vlan
add ports=ether1,ether2,ether3,switch1-cpu switch=switch1 vlan-id=2
add ports=ether1,ether2,switch1-cpu switch=switch1 vlan-id=3
add ports=ether1,ether2,ether4,switch1-cpu switch=switch1 vlan-id=4
/interface wireless cap
#
set discovery-interfaces=mgmt_int_vlan4 enabled=yes interfaces=wlan1
/ip address
add address=192.168.4.2/24 interface=mgmt_int_vlan4 network=192.168.4.0
/ip dns
set servers=192.168.4.1
/ip route
add distance=1 gateway=192.168.4.1
/system clock
set time-zone-name=Europe/Bucharest
/system identity
set name=middle_TEST
Any help is greatly appreciated !! (it kinda drive's me nuts at this point... :) )
Thank you