Community discussions

MikroTik App
 
itvalausd1
just joined
Topic Author
Posts: 4
Joined: Mon Mar 13, 2017 4:09 pm
Location: Uelzen - Germany

CAPsMAN, local forwarding problem

Mon Mar 13, 2017 5:06 pm

Hello and 'Moin',

My company wants to roll out round about 40-50 access points for differend customers.

At the moment we are testing with 4 access points a a level 5 virtual machine as CAPsMAN device.

The provisioning works fine, I can change all information from CAPsMAN an it will be applied on the AP.

I have two datapass configuration, both with local forward.
The first one should be used without any vlan tag, the other one with vlan ID 150.

There are two SSIDs on each access point, one for each datapass.

If I connect a Laptop or Mobilephone to one of these WiFi it doesn't get a IP-address. So that I guess that the datapass configuration is buggy.

My Configurations

The CAPsMAN address is provided by DHCP Option 138

Capsman:
# mar/13/2017 15:45:21 by RouterOS 6.38.3
# software id = 0SPQ-IKXF
#
/caps-man channel
add band=2ghz-g/n frequency=2447 name=channel8 tx-power=20 width=20
add band=2ghz-g/n frequency=2417 name=channel2 tx-power=20 width=20
add band=2ghz-g/n frequency=2422 name=channel3 tx-power=20 width=20
add band=2ghz-g/n frequency=2427 name=channel4 tx-power=20 width=20
add band=2ghz-g/n frequency=2432 name=channel5 tx-power=20 width=20
add band=2ghz-g/n frequency=2437 name=channel6 tx-power=20 width=20
add band=2ghz-g/n frequency=2442 name=channel7 tx-power=20 width=20
add band=2ghz-g/n frequency=2452 name=channel9 tx-power=20 width=20
add band=2ghz-g/n frequency=2457 name=channel10 tx-power=20 width=20
add band=2ghz-g/n frequency=2462 name=channel11 tx-power=20 width=20
add band=2ghz-g/n frequency=2467 name=channel12 tx-power=20 width=20
/caps-man datapath
add local-forwarding=yes name=GuestPortal vlan-id=150 vlan-mode=use-tag
add local-forwarding=yes name="Name Customer"
/caps-man security
add authentication-types="" name="Guest Portal"
add authentication-types=wpa2-psk encryption=aes-ccm name="Admin Portal" \
    passphrase=***PASS***
/caps-man configuration
add channel=channel8 country=germany datapath=GuestPortal \
    datapath.client-to-client-forwarding=no datapath.local-forwarding=no \
    name=GuestPortal security="Guest Portal" ssid="GuestPortal TESTING"
add channel=channel8 country=germany datapath.client-to-client-forwarding=yes \
    datapath.local-forwarding=yes name="Name Customer" security="Admin Portal" \
    ssid="Service TESTING"
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/tool user-manager customer
set admin access=\
    own-routers,own-users,own-profiles,own-limits,config-payment-gw
/caps-man manager
set ca-certificate=auto certificate=auto enabled=yes
/caps-man provisioning
add action=create-dynamic-enabled master-configuration="Name Customer" \
    radio-mac=6C:3B:6B:A0:**:** slave-configurations=GuestPortal
/ip address
add address=10.1.33.250/16 interface=ether1 network=10.1.0.0
/ip dns
set allow-remote-requests=yes servers=10.1.1.1,10.1.1.2,10.1.2.1,10.1.2.2
/ip route
add distance=1 gateway=10.1.0.1
/snmp
set contact=***NAME*** enabled=yes location=Servercluster \
    trap-version=2
/system clock
set time-zone-name=Europe/Berlin
/system identity
set name=****SYSTEMNAME****
/system ntp client
set enabled=yes primary-ntp=10.1.1.1 secondary-ntp=10.1.2.2
/tool user-manager database
set db-path=user-manager
:

AP:
# jan/07/1970 06:56:08 by RouterOS 6.38.3
# software id = 5F59-IT8Z
#
/interface bridge
add admin-mac=6C:3B:6B:A0:**:** auto-mac=no name=bridgeLocal
/interface wireless
# managed by CAPsMAN
# channel: 2447/20-Ce/gn(20dBm), SSID: Service TESTING, local forwarding
set [ find default-name=wlan1 ] disabled=no ssid=MikroTik
/interface vlan
add interface=ether1 name=vlan1 vlan-id=150
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/interface wireless cap
# 
set bridge=bridgeLocal discovery-interfaces=ether1 enabled=yes interfaces=\
    wlan1
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether1
/system identity
set name=MikrotikTestAP01
What is wrong with my config.
I'am not able to understand where the configuration problem is.

If I connect to "Company Name" WiFi, I should get an IP from the same subnet as the AP. Didn't work.
If I plug the cable from the AP into my testlaptop, I get an IP-address.

If I connect to "Guest Portal" the same problem.

I have checked the settings on our HP Procurve switch multiple times.
Status and Counters - VLAN Information - for ports 6

  Port name: ***hide***
  VLAN ID Name                 | Status     Voice Jumbo Mode
  ------- -------------------- + ---------- ----- ----- --------
  9       CompanyNet      | Port-based No    No    Untagged
  22      VoIP                 | Port-based Yes   No    Tagged
  150     Guest-Portal         | Port-based No    No    Tagged
I hope someone knows the problem and is able to help me.

I would be nice to test a installation with Mikrotik Devices larger then 10 APs.

Best Regards and a nice evening from Germany.
David
 
User avatar
shadowskippie
Member Candidate
Member Candidate
Posts: 213
Joined: Tue Dec 21, 2010 6:20 pm

Re: CAPsMAN, local forwarding problem

Tue Mar 14, 2017 7:49 am

the local bridge on the AP. it needs to attach the the ether port so that the untagged and tagged frames can pass through onto your network.

Edit:
I will also added that if you do add the ether 1 port into the bridge, that vlan interface is going to give you problems. the system will start picking up the traffic going to it as a loop.
i've had this problem before.
 
itvalausd1
just joined
Topic Author
Posts: 4
Joined: Mon Mar 13, 2017 4:09 pm
Location: Uelzen - Germany

Re: CAPsMAN, local forwarding problem

Tue Mar 14, 2017 7:04 pm

the local bridge on the AP. it needs to attach the the ether port so that the untagged and tagged frames can pass through onto your network.

Edit:
I will also added that if you do add the ether 1 port into the bridge, that vlan interface is going to give you problems. the system will start picking up the traffic going to it as a loop.
i've had this problem before.

Hi shadowskippie,

I'm not exactly sure that I understand you in the right way...

Configuration on CAP:
[admin@MikroTik] > interface bridge pr detail 
Flags: X - disabled, R - running 
 0  R name="bridgeLocal" mtu=auto actual-mtu=1500 l2mtu=1598 arp=enabled 
      arp-timeout=auto mac-address=6C:3B:6B:A0:13:DB protocol-mode=rstp 
      priority=0x8000 auto-mac=no admin-mac=6C:3B:6B:A0:13:DB 
      max-message-age=20s forward-delay=15s transmit-hold-count=6 
      ageing-time=5m 

 1  R name="guest-bridge" mtu=auto actual-mtu=1500 l2mtu=1600 arp=enabled 
      arp-timeout=auto mac-address=6E:3B:6B:A0:13:DC protocol-mode=rstp 
      priority=0x8000 auto-mac=yes admin-mac=00:00:00:00:00:00 
      max-message-age=20s forward-delay=15s transmit-hold-count=6 
      ageing-time=5m 
[admin@MikroTik] > 
[admin@MikroTik] > interface bridge port pr detail 
Flags: X - disabled, I - inactive, D - dynamic 
 0    interface=ether1 bridge=bridgeLocal priority=0x80 path-cost=10 edge=auto 
      point-to-point=auto external-fdb=auto horizon=none auto-isolate=no 

 1 I  interface=wlan1 bridge=bridgeLocal priority=0x80 path-cost=10 edge=auto 
      point-to-point=auto external-fdb=auto horizon=none auto-isolate=no 

 2 I  interface=wlan3 bridge=guest-bridge priority=0x80 path-cost=10 edge=auto 
      point-to-point=auto external-fdb=auto horizon=none auto-isolate=no 

 3    interface=vlan150 bridge=guest-bridge priority=0x80 path-cost=10 edge=auto 
      point-to-point=auto external-fdb=auto horizon=none auto-isolate=no 
[admin@MikroTik] > 
[admin@MikroTik] > interface pr det
Flags: D - dynamic, X - disabled, R - running, S - slave 
 0  RS name="ether1" default-name="ether1" type="ether" mtu=1500 actual-mtu=1500 l2mtu=1598 
       max-l2mtu=2028 mac-address=6C:3B:6B:A0:13:DB fast-path=yes 
       last-link-up-time=jan/02/1970 00:00:30 link-downs=0 

 1  XS ;;; managed by CAPsMAN
       ;;; channel: 2447/20-Ce/gn(20dBm), SSID: Service TESTING, CAPsMAN forwarding
       name="wlan1" default-name="wlan1" type="wlan" mtu=1500 actual-mtu=1500 l2mtu=1600 
       max-l2mtu=2290 mac-address=6C:3B:6B:A0:13:DC fast-path=yes link-downs=0 

 2 DXS ;;; managed by CAPsMAN
       ;;; SSID: GuestPortal TESTING, CAPsMAN forwarding
       name="wlan3" type="wlan" mtu=1500 actual-mtu=1500 l2mtu=1600 
       mac-address=6E:3B:6B:A0:13:DC fast-path=yes link-downs=0 

 3  R  name="bridgeLocal" type="bridge" mtu=auto actual-mtu=1500 l2mtu=1598 
       mac-address=6C:3B:6B:A0:13:DB fast-path=yes last-link-up-time=jan/02/1970 00:00:28 
       link-downs=0 

 4  R  name="guest-bridge" type="bridge" mtu=auto actual-mtu=1500 l2mtu=1600 
       mac-address=6E:3B:6B:A0:13:DC fast-path=yes last-link-up-time=jan/02/1970 00:25:42 
       link-downs=0 
 5  R  name="vlan150" type="vlan" mtu=1500 actual-mtu=1500 l2mtu=1594 
       mac-address=6C:3B:6B:A0:13:DB fast-path=yes last-link-down-time=jan/02/1970 00:26:22 
       last-link-up-time=jan/02/1970 00:26:22 link-downs=1 

[admin@MikroTik] > 
Do you mean this way?
 
itvalausd1
just joined
Topic Author
Posts: 4
Joined: Mon Mar 13, 2017 4:09 pm
Location: Uelzen - Germany

[SOLVED]CAPsMAN, local forwarding problem

Fri Mar 17, 2017 5:13 pm

SOLVED

On CAP you have to add 'ether1' to the localbridge, to get local forward running.

Screenshot
[admin@Davids TestAP] > interface bridge port pr det
Flags: X - disabled, I - inactive, D - dynamic 
 0    interface=ether1 bridge=bridgeLocal priority=0x80 path-cost=10 edge=auto point-to-point=auto external-fdb=auto 
      horizon=none auto-isolate=no 

 1  D interface=wlan1 bridge=bridgeLocal priority=0x80 path-cost=10 edge=yes point-to-point=no external-fdb=no horizon=none 
      auto-isolate=no 

 2  D interface=wlan24 bridge=bridgeLocal priority=0x80 path-cost=10 edge=yes point-to-point=no external-fdb=no horizon=none 
      auto-isolate=no 
[admin@Davids TestAP] > 
No idea, why this will be not done automatically , when you set the CAP-AccessPoint to CAP mode,...
 
User avatar
shadowskippie
Member Candidate
Member Candidate
Posts: 213
Joined: Tue Dec 21, 2010 6:20 pm

Re: CAPsMAN, local forwarding problem

Wed Mar 22, 2017 7:29 am

Morning

Glad to see you got it working.

When i made the suggestion i didn't see ether1 in your bridge. good chance i missed it.
I checked several times but it seems i can miss the obvious.

I see you are attaching the Wlan interfaces. if you have the CAP setup correctly then you don't need to do that. not saying it's wrong but just thought i'd enlighten.


As for why Mtik doesn't do thee thing automatically?
Well, Mtik is basically Lego. you need to build everything in there. not a lot of automatic things. for me i like that, it forces me to understand how a thing works. a lot of enterprise stuff will do things for you automatically but leave you lacking knowledge in the end. Again, not a bad thing, but it would be nice to have a better understanding of things.

Who is online

Users browsing this forum: JDF, sybadi and 34 guests