Community discussions

MikroTik App
  4. RouterOS
  5. Wireless Networking

no connection to CAPsMAN, managed locally

Post Reply
 
Rhydu
just joined
Topic Author
Posts: 1
Joined: Mon May 22, 2023 12:42 am

no connection to CAPsMAN, managed locally

Sun Mar 03, 2024 9:00 pm

HI!
I started upgrading my home network and switching to MikroTik devices. RB5009 as router - great piece of hardware. Few days ago I bought first new AP - cAP ax to test and try new configurations before I buy another APs.
To the point - My problem is similar to his guy here: viewtopic.php?t=200391
I cant get rid of the message "no connection to CAPsMAN, managed locally" on my rb5009 which is CAPsMAN controller. cAP receives configuration form controller without any issues, wifi works as it should but I don't know what is the reason of that message.

What I tried to do:
  • resetting the cAP the way it is mentioned in linked thread but it didn't help
  • specifying controller IP in CAP settings
  • manual cAP configuration
  • resetting rb5009 to default conf and connecting cAP

Can you take a look at my configurations and tell me what's wrong?

Router conf:
Code: Select all
/interface bridge add admin-mac="**" auto-mac=no comment=defconf name=bridge port-cost-mode=short
/interface ethernet set [ find default-name=sfp-sfpplus1 ] auto-negotiation=no mac-address="**" rx-flow-control=on sfp-shutdown-temperature=85C speed=2.5G-baseT tx-flow-control=on
/interface list add comment=defconf name=WAN
/interface list add comment=defconf name=LAN
/interface wifi channel add band=2ghz-ax disabled=no frequency=2412,2437,2462 name=channel2.4G width=20mhz
/interface wifi channel add band=5ghz-ax disabled=no frequency=5745-5825 name=channel5G width=20/40/80mhz
/interface wifi datapath add bridge=bridge disabled=no name=datapath1
/interface wifi security add authentication-types=wpa2-psk,wpa3-psk disabled=no ft=yes ft-over-ds=yes name=sec1
/interface wifi steering add disabled=no name=steering1 neighbor-group="" rrm=yes wnm=yes
/interface wifi configuration add channel=channel2.4G country=Poland datapath=datapath1 disabled=no manager=capsman-or-local mode=ap name=cfg_2.4G security=sec1 ssid=MikroTik_2.4G steering=steering1
/interface wifi configuration add channel=channel5G country=Poland datapath=datapath1 disabled=no manager=capsman-or-local mode=ap name=cfg_5G security=sec1 ssid=MikroTik_5G steering=steering1
/ip pool add name=dhcp ranges=10.0.0.201-10.0.0.254
/ip dhcp-server add address-pool=dhcp interface=bridge lease-script="**" name=defconf
/ip smb users set [ find default=yes ] disabled=yes
/ppp profile add change-tcp-mss=yes name=default_reconnect on-up="**" use-encryption=yes
/interface pppoe-client add add-default-route=yes disabled=no interface=sfp-sfpplus1 name=pppoe-out1 profile=default_reconnect
/interface bridge port add bridge=bridge comment=defconf interface=ether2 internal-path-cost=10 path-cost=10
/interface bridge port add bridge=bridge comment=defconf interface=ether3 internal-path-cost=10 path-cost=10
/interface bridge port add bridge=bridge comment=defconf interface=ether4 internal-path-cost=10 path-cost=10
/interface bridge port add bridge=bridge comment=defconf interface=ether5 internal-path-cost=10 path-cost=10
/interface bridge port add bridge=bridge comment=defconf interface=ether6 internal-path-cost=10 path-cost=10
/interface bridge port add bridge=bridge comment=defconf interface=ether7 internal-path-cost=10 path-cost=10
/interface bridge port add bridge=bridge comment=defconf interface=ether8 internal-path-cost=10 path-cost=10
/interface bridge port add bridge=bridge comment=defconf disabled=yes interface=sfp-sfpplus1 internal-path-cost=10 path-cost=10
/interface bridge port add bridge=bridge interface=ether1 internal-path-cost=10 path-cost=10
/ip firewall connection tracking set udp-timeout=10s
/ip neighbor discovery-settings set discover-interface-list=none
/ipv6 settings set disable-ipv6=yes
/interface list member add comment=defconf interface=bridge list=LAN
/interface list member add interface=pppoe-out1 list=WAN
/interface wifi capsman set ca-certificate=auto enabled=yes interfaces=bridge package-path="" require-peer-certificate=no upgrade-policy=none
/interface wifi provisioning add action=create-dynamic-enabled disabled=no master-configuration=cfg_2.4G supported-bands=2ghz-ax
/interface wifi provisioning add action=create-dynamic-enabled disabled=no master-configuration=cfg_5G supported-bands=5ghz-ax
/ip address add address=10.0.0.1/24 comment=defconf interface=bridge network=10.0.0.0
/ip dhcp-server network add address=10.0.0.0/24 comment=defconf dns-server=10.0.0.5 gateway=10.0.0.1 netmask=24
/ip dns set allow-remote-requests=yes use-doh-server=https://1.1.1.1/dns-query verify-doh-cert=yes
/ip firewall filter add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
/ip firewall filter add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
/ip firewall filter add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
/ip firewall filter add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
/ip firewall filter add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
/ip firewall filter add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
/ip firewall filter add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
/ip firewall filter add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related hw-offload=yes
/ip firewall filter add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
/ip firewall filter add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
/ip firewall filter add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
/ip service set telnet disabled=yes
/ip service set ftp disabled=yes
/ip service set ssh disabled=yes
/ip service set api disabled=yes
/ip service set api-ssl disabled=yes
/ip smb shares set [ find default=yes ] directory=/pub
/ipv6 firewall address-list add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
/ipv6 firewall address-list add address=::1/128 comment="defconf: lo" list=bad_ipv6
/ipv6 firewall address-list add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
/ipv6 firewall address-list add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
/ipv6 firewall address-list add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
/ipv6 firewall address-list add address=100::/64 comment="defconf: discard only " list=bad_ipv6
/ipv6 firewall address-list add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
/ipv6 firewall address-list add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
/ipv6 firewall address-list add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
/ipv6 firewall filter add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
/ipv6 firewall filter add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
/ipv6 firewall filter add action=accept chain=input comment="defconf: accept ICMPv6" protocol=icmpv6
/ipv6 firewall filter add action=accept chain=input comment="defconf: accept UDP traceroute" port=33434-33534 protocol=udp
/ipv6 firewall filter add action=accept chain=input comment="defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp src-address=fe80::/10
/ipv6 firewall filter add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
/ipv6 firewall filter add action=accept chain=input comment="defconf: accept ipsec AH" protocol=ipsec-ah
/ipv6 firewall filter add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=ipsec-esp
/ipv6 firewall filter add action=accept chain=input comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
/ipv6 firewall filter add action=drop chain=input comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
/ipv6 firewall filter add action=accept chain=forward comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
/ipv6 firewall filter add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
/ipv6 firewall filter add action=drop chain=forward comment="defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
/ipv6 firewall filter add action=drop chain=forward comment="defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
/ipv6 firewall filter add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" hop-limit=equal:1 protocol=icmpv6
/ipv6 firewall filter add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=icmpv6
/ipv6 firewall filter add action=accept chain=forward comment="defconf: accept HIP" protocol=139
/ipv6 firewall filter add action=accept chain=forward comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
/ipv6 firewall filter add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=ipsec-ah
/ipv6 firewall filter add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=ipsec-esp
/ipv6 firewall filter add action=accept chain=forward comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
/ipv6 firewall filter add action=drop chain=forward comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
/system clock set time-zone-name=Europe/Warsaw
/system note set show-at-login=no
/system ntp client set enabled=yes
/system ntp client servers add address=ntp.task.gda.pl
/system routerboard settings set auto-upgrade=yes
/tool graphing interface add store-on-disk=no
/tool graphing queue add store-on-disk=no
/tool graphing resource add store-on-disk=no
/tool mac-server set allowed-interface-list=none
/tool mac-server mac-winbox set allowed-interface-list=none
/tool mac-server ping set enabled=no
1.jpg

cAP conf:
Code: Select all
/interface bridge add admin-mac="**" auto-mac=no comment=defconf name=bridgeLocal
/interface wifi datapath add bridge=bridgeLocal comment=defconf disabled=no name=capdp
/interface wifi
# managed by CAPsMAN
# mode: AP, SSID: MikroTik_5G, channel: 5745/ax/Ceee
set [ find default-name=wifi1 ] configuration.manager=capsman datapath=capdp disabled=no
/interface wifi
# managed by CAPsMAN
# mode: AP, SSID: MikroTik_2.4G, channel: 2412/ax
set [ find default-name=wifi2 ] configuration.manager=capsman datapath=capdp disabled=no
/interface bridge port add bridge=bridgeLocal comment=defconf interface=ether1
/interface bridge port add bridge=bridgeLocal comment=defconf interface=ether2
/interface wifi cap set discovery-interfaces=bridgeLocal enabled=yes slaves-datapath=capdp
/ip dhcp-client add comment=defconf interface=bridgeLocal
/system clock set time-zone-name=Europe/Warsaw
/system note set show-at-login=no
/system routerboard settings set auto-upgrade=yes
2.jpg
You do not have the required permissions to view the files attached to this post.
Top
 
kovacspro
just joined
Posts: 17
Joined: Wed Jun 14, 2023 8:57 pm

Re: no connection to CAPsMAN, managed locally

Fri Mar 08, 2024 10:08 pm

You missed configuring the local wifi on RB5009 as a CAP.
/interface wifi cap set ....
Top
 
User avatar
grusu
Member Candidate
Member Candidate
Posts: 129
Joined: Tue Aug 13, 2013 7:35 am
Location: Bucharest, Romania

Re: no connection to CAPsMAN, managed locally

Sat Mar 09, 2024 6:11 am

You don't have to set manager in the router's configurations. Only on cap.
Top
 
holvoetn
Forum Guru
Forum Guru
Posts: 5500
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: no connection to CAPsMAN, managed locally

Sat Mar 09, 2024 10:19 am

OP:
you did not show it but I'm guessing you are using 7.13 or higher on that RB5009 ?
You do NOT need wifi-qcom package on RB5009. Remove it if it is present.
Basic functions to act as capsman controller are present in base ROS package as of 7.13.

You missed configuring the local wifi on RB5009 as a CAP.
/interface wifi cap set ....
Interesting !!
Since when does RB5009 have wifi ??

It hasn't.
Top
 
davidemiccone
just joined
Posts: 11
Joined: Tue Jan 11, 2011 9:54 pm

Re: no connection to CAPsMAN, managed locally

Thu Apr 04, 2024 9:38 pm

HI!
I started upgrading my home network and switching to MikroTik devices. RB5009 as router - great piece of hardware. Few days ago I bought first new AP - cAP ax to test and try new configurations before I buy another APs.
To the point - My problem is similar to his guy here: viewtopic.php?t=200391
I cant get rid of the message "no connection to CAPsMAN, managed locally" on my rb5009 which is CAPsMAN controller. cAP receives configuration form controller without any issues, wifi works as it should but I don't know what is the reason of that message.
I have you identical problem, have you resolved ?
Top
Post Reply

Who is online

Users browsing this forum: igorr29, missosss123, seguis and 11 guests
  4. RouterOS
  5. Wireless Networking