Community discussions

MikroTik App
 
DeLorean
just joined
Topic Author
Posts: 9
Joined: Tue Sep 13, 2022 4:35 am

Setting up 2.4g and 5g

Tue Sep 13, 2022 6:16 am

During the pandemic my WiFi was killed with all of my kids being at home with their Chrome Books and other wireless devices all the time. I upgrade to a Wireless AP RBcAPGi-5acD2nD and it was working great with my Edge router lite. Well my router died and I upgraded to a RB4001iGS+ that has been great to handle my 1Gbps Fiber connection.
Everything seemed fine after setting it up and everything was happy... 900+ up and down on speed test WiFi was strong, how ever I kept getting some lag spikes on mine and my wife's W@H machines. IT was blaming my Internet and I was blaming my IT for not knowing what they where doing.
Fast forward a few weeks of going back and forth on the issue I was messing with my CAP working on getting it to play with my router. I got it to work, but only in 2.4g and my lagging problems with our W@H machines went away. Everything was good until I wanted to connect my 5g devices for faster connections. Don't ask me how, but I got 5G to work, but now I don't have 2.4g and I have a few devices that need the 2.4g (Traeger, daughters laptop, Wyze devices).

I am now nearly bald and think that I have lost my mind trying to right my WiFi ship.

Can anyone help or give me any direction I should go?
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11433
Joined: Thu Mar 03, 2016 10:23 pm

Re: Setting up 2.4g and 5g

Tue Sep 13, 2022 9:14 am

Post text export of cAP ac config. Open a terminal window from GUI, execute command /export hide-sensitive file=anynameyouwish, fetch the resulting file (with extension .rsc) from cAP ac Files section to your computer, open it with text editor, obfuscate (don't remove, replace it with some clearly dummy values, e.g. A.B.C.D for IP address or some such) remaining sensitive data (such as serial number, any passwords or user names) and copy-paste the whole lot here between [code] [/code] pair of tags.
 
DeLorean
just joined
Topic Author
Posts: 9
Joined: Tue Sep 13, 2022 4:35 am

Re: Setting up 2.4g and 5g

Tue Sep 13, 2022 4:55 pm

I don't know if this is correct or not



/caps-man channel

add band=5ghz-a/n/ac name="Mikrotik 5g"

add band=2ghz-b/g/n name="Mikrotik 2g"

/interface bridge

add admin-mac=2C:C8:1B:8B:DA:41 auto-mac=no comment=defconf name=bridge

/interface ethernet

set [ find default-name=ether2 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full,2500M-full

set [ find default-name=ether10 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full,2500M-full

/caps-man datapath

add bridge=bridge name=Default

/interface pppoe-client

add add-default-route=yes disabled=no interface=ether1 name=pppoe-out1 service-name=Xmission use-peer-dns=yes user=usernamehere

/caps-man security

add authentication-types=wpa-psk,wpa2-psk encryption=aes-ccm,tkip name=Terminator

/caps-man configuration

add channel="Mikrotik 5g" channel.band=5ghz-a/n/ac country="united states3" datapath=Default datapath.bridge=bridge mode=ap name="MikroTik 5g" security=Terminator security.authentication-types=wpa-psk,wpa2-psk .encryption=aes-ccm,tkip ssid="MikroTik 5g"

add channel="Mikrotik 2g" channel.band=2ghz-b/g/n country="united states3" datapath=Default datapath.bridge=bridge mode=ap name="Mikrotik 2g" security=Terminator ssid="Mikrotik 2g"

/caps-man interface

add channel="Mikrotik 2g" channel.band=2ghz-g/n configuration="Mikrotik 2g" configuration.mode=ap .ssid="Mikrotik 2g" datapath=Default datapath.bridge=bridge disabled=no l2mtu=1600 mac-address=48:8F:5A:0A:62:A8 master-interface=none name=cap1 radio-mac=48:8F:5A:0A:62:A8 radio-name="" security=Terminator \

security.authentication-types=wpa-psk,wpa2-psk

add channel="Mikrotik 5g" channel.band=5ghz-a/n/ac configuration="MikroTik 5g" configuration.mode=ap .ssid="MikroTik 5g" datapath=Default disabled=no l2mtu=1600 mac-address=48:8F:5A:0A:62:A9 master-interface=none name=cap2 radio-mac=48:8F:5A:0A:62:A9 radio-name="" security=Terminator \

security.authentication-types=wpa-psk,wpa2-psk

/interface list

add comment=defconf name=WAN

add comment=defconf name=LAN

/interface lte apn

set [ find default=yes ] ip-type=ipv4 use-network-apn=no

/interface wireless security-profiles

set [ find default=yes ] supplicant-identity=MikroTik

/ip pool

add name=dhcp ranges=192.168.88.10-192.168.88.254

add name=vpn ranges=192.168.89.2-192.168.89.255

/ip dhcp-server

add address-pool=dhcp interface=bridge name=DHCP

/port

set 0 name=serial0

set 1 name=serial1

/ppp profile

set *FFFFFFFE dns-server=192.168.88.1 local-address=192.168.89.1 remote-address=vpn

/caps-man manager

set ca-certificate=auto enabled=yes upgrade-policy=suggest-same-version

/caps-man manager interface

set [ find default=yes ] forbid=yes

add disabled=no interface=bridge

/caps-man provisioning

add action=create-dynamic-enabled master-configuration="MikroTik 5g" radio-mac=48:8F:5A:0A:62:A9

add action=create-dynamic-enabled master-configuration="Mikrotik 2g" radio-mac=48:8F:5A:0A:62:A8

/interface bridge port

add bridge=bridge comment=defconf ingress-filtering=no interface=ether2

add bridge=bridge comment=defconf ingress-filtering=no interface=ether3

add bridge=bridge comment=defconf ingress-filtering=no interface=ether4

add bridge=bridge comment=defconf ingress-filtering=no interface=ether5

add bridge=bridge comment=defconf ingress-filtering=no interface=ether6

add bridge=bridge comment=defconf ingress-filtering=no interface=ether7

add bridge=bridge comment=defconf ingress-filtering=no interface=ether8

add bridge=bridge comment=defconf ingress-filtering=no interface=ether9

add bridge=bridge comment=defconf ingress-filtering=no interface=ether10

add bridge=bridge comment=defconf ingress-filtering=no interface=sfp-sfpplus1

/ip neighbor discovery-settings

set discover-interface-list=LAN

/ip settings

set max-neighbor-entries=8192

/ipv6 settings

set max-neighbor-entries=8192

/interface detect-internet

set detect-interface-list=all

/interface l2tp-server server

set enabled=yes use-ipsec=yes

/interface list member

add comment=defconf interface=bridge list=LAN

add comment=defconf interface=ether1 list=WAN

add interface=pppoe-out1 list=WAN

/interface ovpn-server server

set auth=sha1,md5

/interface pptp-server server

# PPTP connections are considered unsafe, it is suggested to use a more modern VPN protocol instead

set enabled=yes

/interface sstp-server server

set default-profile=default-encryption enabled=yes

/interface wireless cap

set caps-man-addresses=::,:: discovery-interfaces=cap1

/ip address

add address=192.168.88.1/24 comment=defconf interface=bridge network=192.168.88.0

add address=192.168.88.2/30 interface=ether1 network=192.168.88.0

/ip cloud

set ddns-enabled=yes

/ip dhcp-client

add interface=ether1

add interface=cap1

/ip dhcp-server lease

add address=192.168.88.100 client-id=1:a8:a1:59:13:f9:a2 mac-address=A8:A1:59:13:F9:A2 server=DHCP

add address=192.168.88.17 client-id=1:7c:d3:a:7a:84:9a mac-address=7C:D3:0A:7A:84:9A server=DHCP

add address=192.168.88.97 mac-address=84:EA:ED:11:E0:2D server=DHCP

add address=192.168.88.254 client-id=1:b4:2e:99:3a:75:fe mac-address=B4:2E:99:3A:75:FE server=DHCP

/ip dhcp-server network

add address=192.168.88.0/24 comment=defconf dns-server=1.1.1.1 gateway=192.168.88.1

/ip dns

set allow-remote-requests=yes servers=1.1.1.1,1.0.0.1

/ip dns static

add address=192.168.88.1 comment=defconf name=router.lan

/ip firewall filter

add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked

add action=accept chain=input comment="allow IPsec NAT" dst-port=4500 protocol=udp

add action=accept chain=input comment="allow IKE" dst-port=500 protocol=udp

add action=accept chain=input comment="allow l2tp" dst-port=1701 protocol=udp

add action=accept chain=input comment="allow pptp" dst-port=1723 protocol=tcp

add action=accept chain=input comment="allow sstp" dst-port=443 protocol=tcp

add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid

add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp

add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1

add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN

add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec

add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec

add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related hw-offload=yes

add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked

add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid

add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN

/ip firewall nat

add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN

add action=dst-nat chain=dstnat dst-port=32400 in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.88.100 to-ports=32400

add action=dst-nat chain=dstnat dst-port=921 in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.88.100 to-ports=443

add action=dst-nat chain=dstnat dst-port=2456-2458 in-interface=pppoe-out1 protocol=udp to-addresses=192.168.88.100 to-ports=2456-2458

add action=dst-nat chain=dstnat dst-port=2456-2458 in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.88.100 to-ports=2456-2458

add action=dst-nat chain=dstnat dst-port=443 in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.88.100 to-ports=443

add action=masquerade chain=srcnat comment="masq. vpn traffic" src-address=192.168.89.0/24

/ip upnp

set enabled=yes

/ppp secret

add name=vpn

/system clock

set time-zone-name=America/Denver

/system resource irq rps

set sfp-sfpplus1 disabled=no

/tool mac-server

set allowed-interface-list=LAN

/tool mac-server mac-winbox

set allowed-interface-list=LAN
 
DeLorean
just joined
Topic Author
Posts: 9
Joined: Tue Sep 13, 2022 4:35 am

Re: Setting up 2.4g and 5g

Tue Sep 13, 2022 5:15 pm

delorean1.rsc
You do not have the required permissions to view the files attached to this post.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11433
Joined: Thu Mar 03, 2016 10:23 pm

Re: Setting up 2.4g and 5g

Tue Sep 13, 2022 9:35 pm

Do you intend to use multiple Mikrotik APs in your network? If not, then I suggest you to ditch capsman and go with plain WiFi config under /interface wireless (even though commercial name of device is cAP ac, you don't have to use capsman). When using capsman, settings are dispersed around and it's harder to put all pieces together (at least that's my own experience).
 
DeLorean
just joined
Topic Author
Posts: 9
Joined: Tue Sep 13, 2022 4:35 am

Re: Setting up 2.4g and 5g

Tue Sep 13, 2022 10:57 pm

Thanks for your reply. This is the 1st time that I have had devices that I could link together as such... I've had Cisco, Edge router-lite, multiple consumer devices before that too... So when I set this up I found a guide that made any sense to me (https://www.nkent.us/wiki/index.php/Wir ... Tik_cAP_ac) the guide appears to no longer be online.
Would there be a guide that I could follow for the "Wireless" option you mentioned?
 
holvoetn
Forum Guru
Forum Guru
Posts: 5403
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Setting up 2.4g and 5g

Wed Sep 14, 2022 12:06 am

Check in usefull user articles, anav has some nice posts to get you started.

viewtopic.php?t=182373
 
DeLorean
just joined
Topic Author
Posts: 9
Joined: Tue Sep 13, 2022 4:35 am

Re: Setting up 2.4g and 5g

Wed Sep 14, 2022 3:34 am

Okay...So it looks like I need to follow these steps viewtopic.php?t=181718

Is there any easy way to remove what I have done so far with the AP to configure it with these steps instead?
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11433
Joined: Thu Mar 03, 2016 10:23 pm

Re: Setting up 2.4g and 5g

Wed Sep 14, 2022 8:43 am

Either click through capsman configuration section and remove everything you see (the important part being cap section of wireless configuration subtree) ... or reset to defaults and re-do the DST NAT part you have. Then proceed with configuration of wireless interfaces.

Who is online

Users browsing this forum: kovacspro, tjanas94 and 29 guests