Simple CAPSMAN setup not working (Multiple SSIDs, multiple Networks)

bjoernhoefer · Sat Jan 25, 2025 1:35 am

Hello,

I wanted to upgrade my home network with some good Mikrotik hardware - but unfortunately I do miserably fail.

My setup
I do use a hAP ax^3 as "main router" which connects to my ISPs Router (DSL, nothing fancy)
One floor below I have a hAP ax^2 for connecting my streaming devices
At the basement I do have a hAP ax lite for streaming and iot devices
The devices are interconnected with some powerline adapters which work also good (so they are connected by ethernet cable to the main router)

My WIFI setup (assumption)
4 WIFIs
- Computer
- Streaming
- IoT
- Security
All WIFIs should be separated by IP-Scopes, the devices should be handed over "seamlessly" (from one station to another), updating the passwords or WIFI settings should not be a hassle.

So I thought CAPSMAN (v2) should be a good choice (which I also did/used "ages ago" (CAPSMAN v1).

How did I thought I can achieve this:
- Channels (24 and 50)
- Security (for every WIFI)
- Datapath with corresponding bridge at the main router as choosen option (for every WIFI)
- Configuration with the corresponding SSID (for every WIFI)
- Provisioning (for every WIFI / Band)

Configure the remote CAP and configuring the hap ax^2 and ax lite to get configured by the hap ax^3
And normally we're done...

My problem:
The ethernet port where the powerline adapter is connected to the hap ax^3 is in a bridge, where all other routers should get an IP (lets call it BackBone).
According to what I understood about CAPSMAN all traffic should go to the hap ax^3 and then to the according bridge.
But currently all traffic/clients exits at the BackBone Bridge... (so in every wifi you get the same ip-scope)

If I look at eg. the hap ax^2 - there is a new datapath.
The name of the datapath is "capdp" and it exits the (only existing) bridge at the hap ax^2.
So the setting is completely ignored. I did not configure anything special (like Slaves Datapath, Slaves Static) in the settings of the Slaves.

Can someone please tell me what I'm doing wrong or if this is simply not possible (and I wasted a lot of time and money).

Thanks for any idea/support

Bjoern

gigabyte091 · Sat Jan 25, 2025 9:30 am

Without a configuration export is hard to say what is wrong so please export your configuration. Configuration on CAP is not required, just put them in CAP mode.

Those settings you see in CAPs are created automatically. Are you using VLANs ?

bjoernhoefer · Sun Jan 26, 2025 2:24 am

Hi,

my configs for far:

/interface wifi configuration
add channel=24 country=Austria datapath=UNG disabled=no mode=ap name=UNG-24 security=UNG ssid=UNG
add channel=50 datapath=UNG disabled=no mode=ap name=UNG-50 security=UNG ssid=UNG
add channel=24 datapath=UNGiot disabled=no mode=ap name=UNGiot-24 security=UNGiot ssid=UNGiot steering=steering
add channel=50 country=Austria datapath=UNGiot disabled=no mode=ap name=UNGiot-50 security=UNGiot ssid=UNGiot
add channel=24 country=Austria datapath=UNGbb disabled=no mode=ap name=UNGbb-24 security=UNGbb ssid=UNGbb
add datapath=UNGstream disabled=no mode=ap name=UNGstream-24 security=UNGstream ssid=UNGstream
add channel=50 country=Austria datapath=UNGstream disabled=no mode=ap name=UNGstream-50 security=UNGstream ssid=UNGstream
add channel=24 country=Australia datapath=UNGsecurity disabled=no mode=ap name=UNGsecurity-24 security=UNGsecurity ssid=UNGsecurity
add channel=50 country=Austria datapath=UNGsecurity disabled=no mode=ap name=UNGsecurtiy-50 security=UNGsecurity ssid=UNGsecurtiy
add channel=24 country=Austria datapath=UNG disabled=no hide-ssid=yes mode=ap name=UNG24-24 security=UNG ssid=UNG24
add channel=50 country=Austria datapath=UNG disabled=no hide-ssid=yes mode=ap name=UNG50-50 security=UNG ssid=UNG50
add datapath=UNGbb disabled=no mode=ap name=UNGbb-50 security=UNGbb ssid=UNGbb

/interface wifi datapath
add disabled=no interface-list=UNG name=UNG
add bridge=UNGiot-bridge disabled=no name=UNGiot
add bridge=UNGstream-bridge disabled=no name=UNGstream
add bridge=UNGsecurity-bridge disabled=no name=UNGsecurity
add bridge=UNGbb-bridge disabled=no name=UNGbb
add bridge=UNGinterconnect-bridge disabled=no name=UNGinterconnect

/interface wifi channel
add band=2ghz-ax disabled=no name=24 skip-dfs-channels=10min-cac width=20/40mhz
add band=5ghz-ax disabled=no name=50 skip-dfs-channels=10min-cac width=20/40/80mhz

/interface wifi security
add authentication-types=wpa2-psk disabled=no ft=yes ft-over-ds=yes name=UNG wps=disable
add authentication-types=wpa2-psk,wpa3-psk disabled=no ft=yes ft-over-ds=yes name=UNGbb wps=disable
add authentication-types=wpa2-psk,wpa3-psk disabled=no ft=yes ft-over-ds=yes name=UNGiot wps=disable
add authentication-types=wpa2-psk,wpa3-psk disabled=no ft=yes ft-over-ds=yes name=UNGstream wps=disable
add authentication-types=wpa2-psk,wpa3-psk disabled=no ft=yes ft-over-ds=yes name=UNGsecurity wps=disable

add action=create-enabled disabled=no master-configuration=UNG-50 slave-configurations=UNGstream-50,UNGiot-50,UNGbb-50,UNGsecurtiy-50 supported-bands=5ghz-ax
add action=create-enabled disabled=no master-configuration=UNG-24 slave-configurations=UNGstream-24,UNGiot-24,UNGbb-24,UNGsecurity-24 supported-bands=2ghz-ax

So far what worked:
- I created vlans for every WIFI on every device (CAPSman and HAP)
- I created bridges for every VLAN and joined in the VLAN
- I enabled the option:

/interface/wifi/cap/set slaves-static=yes

- I recreated the datapath on every hap
- I changed the datapath setting manually on every hap (so that they correct wifi will be in the correct bridge)

Seems to work okayish - but this seem NOT to be the way the manuals suggested me how this should work.

Configuration on the hap:
VLANs:

add interface=ether1 name=UNG-vlan vlan-id=10
add interface=ether1 name=UNGbb-vlan vlan-id=1
add interface=ether1 name=UNGiot-vlan vlan-id=20
add interface=ether1 name=UNGsecurity-vlan vlan-id=30
add interface=ether1 name=UNGstream-vlan vlan-id=40

Bridge:

/interface bridge
add name=UNG-bridge port-cost-mode=short
add name=UNGbb-bridge port-cost-mode=short
add name=UNGiot-bridge port-cost-mode=short
add name=UNGsecurity-bridge port-cost-mode=short
add name=UNGstream-bridge port-cost-mode=short
/interface bridge port
add bridge=UNG-bridge interface=UNG-vlan internal-path-cost=10 path-cost=10
add bridge=UNGbb-bridge interface=UNGbb-vlan internal-path-cost=10 path-cost=10
add bridge=UNGiot-bridge interface=UNGiot-vlan internal-path-cost=10 path-cost=10
add bridge=UNGsecurity-bridge interface=UNGsecurity-vlan internal-path-cost=10 path-cost=10
add bridge=UNGstream-bridge interface=UNGstream-vlan internal-path-cost=10 path-cost=10
add bridge=UNG-bridge interface=ether4 internal-path-cost=10 path-cost=10

Datapath:

/interface wifi datapath
add bridge=*6 comment=defconf disabled=no name=capdp
add bridge=UNG-bridge disabled=no name=UNG
add bridge=UNGiot-bridge disabled=no name=UNGiot
add bridge=UNGstream-bridge disabled=no name=UNGstream
add bridge=UNGbb-bridge disabled=no name=UNGbb
add bridge=UNGsecurity-bridge disabled=no name=UNGsecurity

# managed by CAPsMAN 192.168.89.1, traffic processing on CAP
# mode: AP, SSID: UNG, channel: 2442/ax/eC
set [ find default-name=wifi1 ] configuration.manager=capsman .mode=ap datapath=UNG disabled=no security.connect-priority=0
# managed by CAPsMAN 192.168.89.1, traffic processing on CAP
# mode: AP, SSID: UNGstream
add configuration.mode=ap datapath=UNGstream disabled=no mac-address=4A:A9:8A:06:58:C3 master-interface=wifi1 name=wifi2 security.connect-priority=0
# managed by CAPsMAN 192.168.89.1, traffic processing on CAP
# mode: AP, SSID: UNGiot
add configuration.mode=ap datapath=UNGiot disabled=no mac-address=4A:A9:8A:06:58:C4 master-interface=wifi1 name=wifi3 security.connect-priority=0
# managed by CAPsMAN 192.168.89.1, traffic processing on CAP
# mode: AP, SSID: UNGbb
add configuration.mode=ap datapath=UNGbb disabled=no mac-address=4A:A9:8A:06:58:C5 master-interface=wifi1 name=wifi4
# managed by CAPsMAN 192.168.89.1, traffic processing on CAP
# mode: AP, SSID: UNGsecurity
add configuration.mode=ap datapath=UNGsecurity disabled=no mac-address=4A:A9:8A:06:58:C6 master-interface=wifi1 name=wifi5

And best of all - I did a ping test for 500 pings - seems that I have a 5% packet loss - which leads to "connectivity to capsman interrupted" - so all WIFIs are getting recreated around all 2 minutes...

Any help warmely welcome in case further configs needed - please let me know.

Björn

gigabyte091 · Sun Jan 26, 2025 7:59 am

First of all, only one bridge is needed, there is no need to create bridge for every VLAN.

Also create only one datapath on CAPsMAN controller and set it to your bridge. I use it that way and it's working so there is no need to create datapath for every VLAN.

Also I wouldn't touch settings on CAP devices, leave them as is. Only thing I change there is to add mgmt VLAN and assign it to the bridge so i can have trunk to each AP.

There is no need to create VLANs on each CAP, that is handled automatically when you assign VLAN for each wireless network on CAPsMAN.

My advice, start over, start small, create VLANs, test them, then when you confirm everything is working start adding your SSIDs and VLANs.

Simple CAPSMAN setup not working (Multiple SSIDs, multiple Networks)

Simple CAPSMAN setup not working (Multiple SSIDs, multiple Networks)

Re: Simple CAPSMAN setup not working (Multiple SSIDs, multiple Networks)

Re: Simple CAPSMAN setup not working (Multiple SSIDs, multiple Networks)

Re: Simple CAPSMAN setup not working (Multiple SSIDs, multiple Networks)