The caps-man is assigned to this BR1 bridge:
Code: Select all
/interface bridge
add frame-types=admit-only-vlan-tagged ingress-filtering=yes name=BR1 vlan-filtering=yes
/caps-man manager interface
set [ find default=yes ] forbid=yes
add disabled=no interface=BR1
Code: Select all
/interface wireless cap
set bridge=BR1 certificate=request discovery-interfaces=BR1 enabled=yes interfaces=wlan1,wlan2
But they can't find each other. I see these in the logs repeating over and over:
Code: Select all
19:09:24 caps,debug CAP Sulking->Discover
19:09:24 caps,debug CAP discovery target list:
19:09:27 caps,debug CAP discovery over, no results
19:09:27 caps,debug CAP Discover->Select
19:09:27 caps,debug CAP did not find suitable CAPsMAN
19:09:27 caps,debug CAP Select->Sulking
19:09:32 caps,debug CAP Sulking->Discover
19:09:32 caps,debug CAP discovery target list:
19:09:34 caps,debug CAP discovery over, no results
19:09:34 caps,debug CAP Discover->Select
19:09:34 caps,debug CAP did not find suitable CAPsMAN
19:09:34 caps,debug CAP Select->Sulking
In that wiki, there is a note:
I suspect that the problem lies there. This note foreshadows that there might be a way to let them communicate with tagged traffic. But I don't see how. I don't see a way to configure /interface wireless cap to use a specific vlan tag, and also nothing about vlans under /caps-man manager interface menuIn this example untagged traffic is going to be used to communicate between CAPs and CAPsMAN Router.
I'm also posting most of the config below, for reference.
Code: Select all
# model = RBD52G-5HacD2HnD
/caps-man channel
add band=2ghz-onlyn extension-channel=XX frequency=2412,2432,2462 name=channels-2.4 secondary-frequency=\
2412,2432,2462 tx-power=-10
add band=5ghz-onlyac extension-channel=XXXX frequency=5170,5190,5210,5230,5755,5775,5795 name=channels-5 \
secondary-frequency=5170,5190,5210,5230,5755,5775,5795
/caps-man datapath
add local-forwarding=yes name=datapath-blue vlan-id=10 vlan-mode=use-tag
add local-forwarding=yes name=datapath-green vlan-id=20 vlan-mode=use-tag
add local-forwarding=yes name=datapath-green vlan-id=30 vlan-mode=use-tag
/interface bridge
add frame-types=admit-only-vlan-tagged ingress-filtering=yes name=BR1 vlan-filtering=yes
add name=ipsec protocol-mode=none
/interface ethernet
set [ find default-name=ether1 ] name=ether1-trunk
set [ find default-name=ether2 ] name=ether2-blue
set [ find default-name=ether3 ] name=ether3-blue
set [ find default-name=ether4 ] name=ether4-blue
set [ find default-name=ether5 ] name=ether5-wan
/interface wireless
# managed by CAPsMAN
set [ find default-name=wlan1 ] ssid=MikroTik
# managed by CAPsMAN
set [ find default-name=wlan2 ] ssid=MikroTik
/interface vlan
add interface=BR1 name=BASE_VLAN vlan-id=99
add interface=BR1 name=BLUE_VLAN vlan-id=10
add interface=BR1 name=GREEN_VLAN vlan-id=20
add interface=BR1 name=RED_VLAN vlan-id=30
/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm name=security-blue passphrase=********
add authentication-types=wpa2-psk encryption=aes-ccm name=security-green passphrase=********
add authentication-types=wpa2-psk encryption=aes-ccm name=security-red passphrase=********
/caps-man configuration
add channel.band=5ghz-onlyac channel.extension-channel=XXXX country=hungary installation=indoor name=caps-blue-5 \
security=security-blue ssid=blue_fast
add channel=channels-2.4 channel.band=2ghz-onlyn channel.extension-channel=XX country=hungary datapath=datapath-blue \
installation=indoor name=caps-blue-2.4 security=security-blue ssid=blue
add channel=channels-2.4 channel.band=2ghz-onlyn channel.extension-channel=XX country=hungary datapath=datapath-green \
installation=indoor name=caps-green-2.4 security=security-green ssid=green
add channel.band=5ghz-onlyac channel.extension-channel=XXXX country=hungary installation=indoor name=caps-green-5 \
security=security-green ssid=green_fast
/interface list
add name=WAN
add name=VLAN
add name=BASE
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=BLUE_POOL ranges=10.19.10.100-10.19.10.200
add name=GREEN_POOL ranges=10.19.20.100-10.19.20.200
add name=RED_POOL ranges=10.19.30.100-10.19.30.200
add name=BASE_POOL ranges=192.168.19.100-192.168.19.200
/ip dhcp-server
add address-pool=BLUE_POOL disabled=no interface=BLUE_VLAN lease-script=onDhcpLease name=BLUE_DHCP
add address-pool=GREEN_POOL disabled=no interface=GREEN_VLAN name=GREEN_DHCP
add address-pool=RED_POOL disabled=no interface=RED_VLAN name=RED_DHCP
add address-pool=BASE_POOL disabled=no interface=BASE_VLAN name=BASE_DHCP
/caps-man manager
set ca-certificate=auto certificate=auto enabled=yes upgrade-policy=suggest-same-version
/caps-man manager interface
set [ find default=yes ] forbid=yes
add disabled=no interface=BR1
/caps-man provisioning
add action=create-dynamic-enabled hw-supported-modes=ac master-configuration=caps-blue-5 name-format=identity \
slave-configurations=caps-green-5
add action=create-dynamic-enabled master-configuration=caps-blue-2.4 name-format=identity slave-configurations=\
caps-green-2.4
/interface bridge port
add bridge=BR1 frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=ether1-trunk
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether2-blue pvid=\
10
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether3-blue pvid=\
10
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether4-blue pvid=\
10
add bridge=BR1 interface=wlan1
add bridge=BR1 interface=wlan2
/ip neighbor discovery-settings
set discover-interface-list=BASE
/interface bridge vlan
add bridge=BR1 tagged=BR1,ether1-trunk vlan-ids=20,30,99
add bridge=BR1 tagged=BR1,ether1-trunk untagged=ether2-blue,ether3-blue,ether4-blue vlan-ids=10
/interface list member
add interface=ether5-wan list=WAN
add interface=BASE_VLAN list=VLAN
add interface=BLUE_VLAN list=VLAN
add interface=GREEN_VLAN list=VLAN
add interface=RED_VLAN list=VLAN
add interface=BASE_VLAN list=BASE
/interface wireless cap
set bridge=BR1 certificate=request discovery-interfaces=BR1 enabled=yes interfaces=wlan1,wlan2
/ip address
add address=192.168.19.254/24 interface=BASE_VLAN network=192.168.19.0
add address=10.19.10.1/24 interface=BLUE_VLAN network=10.19.10.0
add address=10.19.20.1/24 interface=GREEN_VLAN network=10.19.20.0
add address=10.19.30.1/24 interface=RED_VLAN network=10.19.30.0
/ip dhcp-client
add disabled=no interface=ether5-wan use-peer-dns=no
/ip dhcp-server network
add address=10.19.10.0/24 dns-server=192.168.19.254 domain=magnet. gateway=10.19.10.1
add address=10.19.20.0/24 dns-server=192.168.19.254 domain=magnetpub. gateway=10.19.20.1
add address=10.19.30.0/24 dns-server=192.168.19.254 gateway=10.19.30.1
add address=192.168.19.0/24 dns-server=192.168.19.254 gateway=192.168.19.254
/ip dns
set allow-remote-requests=yes servers=1.1.1.3,1.0.0.3
/ip firewall nat
add action=masquerade chain=srcnat comment="Default masquerade" out-interface-list=WAN
/system logging
add topics=caps