Community discussions

MikroTik App
 
Parabellum
just joined
Topic Author
Posts: 6
Joined: Tue Jul 20, 2021 3:20 pm

CAPsMAN with VLAN on one device

Tue Jul 20, 2021 3:35 pm

Hello there. Please help me to setup CAPsMAN with VLAN locally one one device.

Initially i have RB4011 as main router and capsman controller as well + some CAP AC as access points. I had set up capsman controller with 2 vlans for 2 wifi netowrks and everything works well exept that i cant obtain ip address when connected to main router (it has wifi interfaces and i want to capsman it also).

For now i took hAP ac2 with default configuration and i setuped it similarly and i face exactly the same problem: i can connect to router from android, but i cant receive an ip address. Please tell me what setting am i missed?
# model = RBD52G-5HacD2HnD

/caps-man channel
add band=2ghz-b/g/n frequency=2447 name=2.4
add band=5ghz-a/n/ac frequency=5180 name=5

/interface bridge
add admin-mac=74:4D:28:E5:0B:FF auto-mac=no comment=defconf name=bridge
add name=bridge26

/interface wireless
# managed by CAPsMAN
# channel: 2447/20-eC/gn(17dBm), SSID: 332123, local forwarding
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
    disabled=no distance=indoors frequency=auto installation=indoor mode=\
    ap-bridge ssid=MikroTik-E50C03 wireless-protocol=802.11
# managed by CAPsMAN
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
    20/40/80mhz-XXXX distance=indoors frequency=auto installation=indoor \
    mode=ap-bridge ssid=MikroTik-E50C04 wireless-protocol=802.11

/caps-man datapath
add bridge=bridge26 client-to-client-forwarding=yes local-forwarding=yes \
    name=datapath26 vlan-id=26 vlan-mode=use-tag

/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm \
    name=security26 passphrase=123456788

/caps-man configuration
add channel=2.4 country=russia datapath=datapath26 datapath.vlan-id=26 \
    datapath.vlan-mode=use-tag mode=ap name=2.4 rx-chains=0,1,2 security=\
    security26 ssid=332123 tx-chains=0,1,2
add channel=2.4 country=russia datapath=datapath26 datapath.vlan-id=26 \
    datapath.vlan-mode=use-tag installation=indoor mode=ap name=5 rx-chains=\
    0,1,2 security=security26 ssid=332123 tx-chains=0,1,2

/caps-man interface
add configuration=2.4 configuration.mode=ap configuration.ssid=eer disabled=\
    no mac-address=00:00:00:00:00:00 master-interface=none name=cap26 \
    radio-mac=00:00:00:00:00:00 radio-name=""

/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN

/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik

/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
add name=pool26 ranges=192.168.26.10-192.168.26.50

/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge name=defconf
add address-pool=pool26 disabled=no interface=bridge26 name=dhcp26

/caps-man manager
set enabled=yes

/caps-man provisioning
add action=create-dynamic-enabled master-configuration=2.4 name-format=\
    prefix-identity name-prefix=2g
add action=create-dynamic-enabled master-configuration=5 name-format=\
    prefix-identity name-prefix=5g

/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2

/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=cap26 list=LAN

/interface wireless cap
# 
set bridge=bridge caps-man-addresses=127.0.0.1 enabled=yes interfaces=\
    wlan1,wlan2

/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=\
    192.168.88.0
add address=192.168.26.1/24 interface=bridge26 network=192.168.26.0

/ip dhcp-client
add comment=defconf disabled=no interface=ether1

/ip dhcp-server network
add address=192.168.26.0/24 dns-server=192.168.88.1 domain=rds.local gateway=\
    192.168.26.1 wins-server=192.168.88.1
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1

/ip dns
set allow-remote-requests=yes

/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan type=A

/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN

/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN

/tool mac-server
set allowed-interface-list=LAN

/tool mac-server mac-winbox
set allowed-interface-list=LAN
 
Parabellum
just joined
Topic Author
Posts: 6
Joined: Tue Jul 20, 2021 3:20 pm

Re: CAPsMAN with VLAN on one device

Thu Jul 29, 2021 3:33 pm

Found the solution.

Let's play.

Here what i had:
1. RB4011 - CAPSMAN Mangager + CAP client
2. CAP AC2 - CAP Client via L2 SWITCH
3. Some Ubiquity Access Point via L2 SWITCH

Image

Initially i had set up VLAN88 (WORK) + VLAN99 (GUEST) on ETH2 and on ETH3 RB4011. Then i had set up BRIDGE88 + BRIDGE99 with DHCP88 and DHCP99 each. Then i had set up ip address to BRIDGE88 + BRIDGE99. And it all works exept RB4011 CAP Client. When i had turned it on wireless clients could connect but doesnt apply ip address.

The solution is to set up new BRIDGE_CAP on RB4011 and set up VLAN88 + VLAN99 on it. Then i added theese vlans to BRIDGE88 + BRIDGE99 and it all works fine!

Who is online

Users browsing this forum: grusu, holvoetn, Vojta and 36 guests