I have a hAP ax³ router and have recently obtained a cAP ax. I would like to use the cAP ax as a Wi-Fi extender and Ethernet bridge. It is within Wi-Fi range of the hAP ax³ but there is no nearby wired Ethernet connection.
It is a modest home network with few users. My intention is to use the two Ethernet ports to connect to devices close to the cAP ax.
I have no experience of CAPsMAN v2 but thought it might be possible approach. However, answers to cAP ax as Wi-Fi externder with CAPsMAN v2? suggest that might not be a good approach.
What would be a good approach taking full advantage of the Wi-Fi capabilities of both devices?
Re: cAP ax as Wi-Fi externder / Ethernet bridge?
CAPsMAN can only provision wifi interfaces after CAP connects to CAPsMAN. From your description I understand that there won't be any wired connection between hAP ax3 and cAP ax, so you'll have to use one of radios on cAP ax for uplink. If you can, I suggest you to dedicate one of radios on cAP ax to this role (and only use the other radio to provide local wireless coverage). Which one to dedicate (the 2.4GHz or 5GHz) IMO mostly depends on strength of hAP ax3 signal at spot where cAP ax will reside (and expectations about throughput available for cAP ax clients towards LAN core). If 5GHz signal of hAP ax3 is better than (say) -75dBm, then it should be fine to use 5GHz radio as backhaul.
To the configuration: you'll have to start from empty config (any profile available on cAP ax will have too much of unneeded "crap"), using winbox (which allows connection even if MT device doesn't have any IP setup) is highly recommened.
Then:
The last bullet will only make a difference after you appropriately configure CAPsMAN on hAP ax3 ... with all the setup, profiles and provisioning rules appropriate for cAP ax radio being provisioned by CAPsMAN.
It is possible to skip all the CAPsMAN stuff and simply setup the remaining wifi interface on cAP ax (wifi2 in example above) manually (matching SSID and security profiles with those used on hAP ax3). And it would work pretty fine ... except for (almost) seamless roaming of wireless clients between hAP ax3 and cAP ax, for that you need CAPsMAN.
Benefit of dedicating one radio interface on cAP ax to uplink only is that if same interface is used also as AP (for wireless clients to use), communication of those clients will use up two times as much airtime (once for communication between client and cAP ax and once for communication between cAP ax and hAP ax3). And that double airtime consumption affects also other wireless clients connected directly to hAP ax3. If this communication goes over 80MHz wide 5GHz channel, the degradation is considerable (but it's not killing communication), if it's using 2.4GHz channel, the effect will be greater. OTOH, if you can dedicate 5GHz for uplink, cAP ax will still offer up to 350Mbps to modern AX clients using 40MHz channel or up to almost 200Mbps if using 20MHz channels due to band congestion). You can make coverage of 2.4GHz signal from cAP ax as small as needed and let clietns roam to hAP ax3 as soon as possible (to benefit higher overall throughput available there).
Finally, if you find 2.4GHz signal overlap too big (so that clients stick to 2.4GHz interface of cAP ax where they would benefit of using 5GHz interface of hAP ax3), you can play with Tx power of 2.4GHz radio on cAP ax to make its coverage smaller. But consider this as a very last task, it's fine tuning. You need every thing else up and running flawlessly before doing it.
To the configuration: you'll have to start from empty config (any profile available on cAP ax will have too much of unneeded "crap"), using winbox (which allows connection even if MT device doesn't have any IP setup) is highly recommened.
Then:
- make sure both devices are running ROS version 7.13 or newer
- reset cAP ax to no config
- create a bridge, add all wifi and ethernet interfaces as member ports
You may get disconnected while doing it, but you should be able to reconnect and continue with configuration. - manually set up wifi interface of choice (IIRC wifi1 is 5GHz radio) in mode=station-bridge. Mind that it's not exactly a trivial task with all the profiles etc. But it's not a very hard one either.
This mode is only available in ROS v7.13 or newer (hence first bullet)
At this moment wired ports should be able to communicate with hAP ax3 (and the rest of LAN), receiving DHCP configuration from your main DHCP server. - two options:
- add DHCP client on bridge interface for cAP ax to receive IP address (and the rest of settings) from hAP ax3. You can make a DHCP reservation for cAP ax afterwards on hAP ax3 to make IP address immutable.
or - set up IP address, routing, DNS server, etc. by hand
- add DHCP client on bridge interface for cAP ax to receive IP address (and the rest of settings) from hAP ax3. You can make a DHCP reservation for cAP ax afterwards on hAP ax3 to make IP address immutable.
- set mode of remaining wifi itnerfaces (if you used wifi1 in bullet #4 above, then use wifi2 in this step) to cap mode.
More info about it is available in WiFi manual: https://help.mikrotik.com/docs/display/ ... iFiCAPsMAN
The last bullet will only make a difference after you appropriately configure CAPsMAN on hAP ax3 ... with all the setup, profiles and provisioning rules appropriate for cAP ax radio being provisioned by CAPsMAN.
It is possible to skip all the CAPsMAN stuff and simply setup the remaining wifi interface on cAP ax (wifi2 in example above) manually (matching SSID and security profiles with those used on hAP ax3). And it would work pretty fine ... except for (almost) seamless roaming of wireless clients between hAP ax3 and cAP ax, for that you need CAPsMAN.
Benefit of dedicating one radio interface on cAP ax to uplink only is that if same interface is used also as AP (for wireless clients to use), communication of those clients will use up two times as much airtime (once for communication between client and cAP ax and once for communication between cAP ax and hAP ax3). And that double airtime consumption affects also other wireless clients connected directly to hAP ax3. If this communication goes over 80MHz wide 5GHz channel, the degradation is considerable (but it's not killing communication), if it's using 2.4GHz channel, the effect will be greater. OTOH, if you can dedicate 5GHz for uplink, cAP ax will still offer up to 350Mbps to modern AX clients using 40MHz channel or up to almost 200Mbps if using 20MHz channels due to band congestion). You can make coverage of 2.4GHz signal from cAP ax as small as needed and let clietns roam to hAP ax3 as soon as possible (to benefit higher overall throughput available there).
Finally, if you find 2.4GHz signal overlap too big (so that clients stick to 2.4GHz interface of cAP ax where they would benefit of using 5GHz interface of hAP ax3), you can play with Tx power of 2.4GHz radio on cAP ax to make its coverage smaller. But consider this as a very last task, it's fine tuning. You need every thing else up and running flawlessly before doing it.
-
-
JohnConnett
newbie
- Posts: 35
- Joined:
Re: cAP ax as Wi-Fi externder / Ethernet bridge?
Thanks for a really useful reply!
Note that after step 2. there is NO password rather than the default password (took me a while to figure that out).
Successfully completed steps 1. through 5. taking the DCHP client option at step 5.. The cAP ax is then operating as an Ethernet bridge with both the Ethernet ports available (once I obtained a solution for cAP ax PoE-out to 802.3af Mode-A?).
CAPsMAN (hAP ax³):
CAP (cAP ax):
The caps-man-addresses=192.168.88.1 was needed. Although both devices are on the same subnet (192.168.88.0/24) the cAP ax is not on the
LAN.
The manual states: If the CAP is hAP ax2 or hAP ax3, it is strongly recommended to enable RSTP in the bridge configuration. Does this apply to the cAP ax, too? The bridge already has protocol-mode=rstp.
This is looking good. If I have made any obvious errors, please let me know. Thanks again for the help.
Note that after step 2. there is NO password rather than the default password (took me a while to figure that out).
Successfully completed steps 1. through 5. taking the DCHP client option at step 5.. The cAP ax is then operating as an Ethernet bridge with both the Ethernet ports available (once I obtained a solution for cAP ax PoE-out to 802.3af Mode-A?).
CAPsMAN (hAP ax³):
Code: Select all
#create a security profile
/interface wifi security
add authentication-types=wpa2-psk,wpa3-psk name=sec1 passphrase="My Secret"
#create configuraiton profiles to use for provisioning
/interface wifi configuration
add country="United Kingdom" name=5ghz security=sec1 ssid="My SSID"
add country="United Kingdom" name=2ghz security=sec1 ssid="My SSID"
#configure provisioning rules, configure band matching as needed
/interface wifi provisioning
add action=create-dynamic-enabled master-configuration=5ghz supported-bands=5ghz-ax
add action=create-dynamic-enabled master-configuration=2ghz supported-bands=2ghz-ax
#enable CAPsMAN service
/interface wifi capsman
set ca-certificate=auto enabled=yes
Code: Select all
#enable CAP service, in this case CAPsMAN is on same LAN, but you can also specify "caps-man-addresses=x.x.x.x" here
/interface/wifi/cap set enabled=yes caps-man-addresses=192.168.88.1
#set configuration.manager= on the WiFi interface that should act as CAP
/interface/wifi/set wifi2 configuration.manager=capsman-or-local
#print wifi
/interface/wifi/print
Flags: M - MASTER; B - BOUND; R - RUNNING
Columns: NAME, CONFIGURATION.MODE, CONFIGURATION.SSID, CHANNEL.WIDTH
# NAME CONFIGURATION.MODE CONFIGURATION.SSID CHANNEL.WIDTH
0 MBR wifi1 station-bridge My SSID 20/40/80mhz
;;; managed by CAPsMAN
;;; mode: AP, SSID: My SSID, channel: 2462/ax/eC
1 MBR wifi2 ap
LAN.
The manual states: If the CAP is hAP ax2 or hAP ax3, it is strongly recommended to enable RSTP in the bridge configuration. Does this apply to the cAP ax, too? The bridge already has protocol-mode=rstp.
This is looking good. If I have made any obvious errors, please let me know. Thanks again for the help.
Who is online
Users browsing this forum: No registered users and 5 guests