Community discussions

MikroTik App
 
vanikcz
newbie
Topic Author
Posts: 35
Joined: Wed Oct 14, 2015 11:06 pm

[CAPsMAN] Move from UBNT

Sun Sep 11, 2022 6:33 pm

Hi there!
Let me introduce situation, I'm pretty familiar with Mikrotik routers, I'm using mainly IPSec tunnels and some basic features. Now lack of devices force me to try Mikrotik APs.
I have one RB750Gr3 as main router and three hAP ac2 as AP and switch.

In first try, I tried to setup it like just three AP, one per floor. It works but roaming was not fully functional. Radio roamed, but IP connectivity not.
In second try I set up CAPsMAN with help of some friends and the Google.

It is working, but I'm not sure about config and also I'm having problems with Apple devices.

There are four subnets, managed in VLANs - so VLAN1 is management subnet, where switches, APs and so on resides. Also there is VLAN10 as LAN, VLAN11 as guest network and VLAN12 as network for IP cameras and NVR.
I need LAN and GUEST network to get working by WiFi, each in one SSID, both SSIDs on all APs on both frequencies (2 and 5 GHz).

I'm running config below, I need local forward for apple TV and others. I get lost with selection channels on both frequencies to get Apple gear working.

Can you please help me identify where I'm wrong?
# sep/11/2022 17:12:10 by RouterOS 7.5
#
# model = RB750Gr3
/interface bridge
add name=BR-GUEST priority=0x1000
add name=BR-CAM priority=0x1000
add name=BR-LAN priority=0x1000
add name=BR-MGMT priority=0x1000
/interface ethernet
set [ find default-name=ether1 ] name=E01-INTERNET
set [ find default-name=ether2 ] name=E02-CAN
set [ find default-name=ether3 ] disabled=yes
set [ find default-name=ether4 ] disabled=yes
set [ find default-name=ether5 ] disabled=yes
/interface vlan
add interface=E02-CAN name=E02-VL10-LAN vlan-id=10
add interface=E02-CAN name=E02-VL11-GUEST vlan-id=11
add interface=E02-CAN name=E02-VL12-CAM vlan-id=12
/caps-man configuration
add country="czech republic" datapath.bridge=BR-LAN \
    .client-to-client-forwarding=yes .local-forwarding=yes installation=any \
    mode=ap name=SSID-LAN security.authentication-types=wpa2-psk .encryption=\
    aes-ccm ssid=SSID-LAN
add channel.skip-dfs-channels=yes country="czech republic" datapath.bridge=\
    BR-GUEST installation=any mode=ap name=SSID-GUEST \
    security.authentication-types=wpa2-psk .encryption=aes-ccm ssid=SSID-GUEST
/interface list
add name=LOCALS
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=10.0.79.200-10.0.79.254
add name=dhcp_pool1 ranges=192.168.79.99-192.168.79.254
add name=dhcp_pool2 ranges=10.1.79.2-10.1.79.254
/ip dhcp-server
add address-pool=dhcp_pool0 interface=BR-MGMT name=dhcp1
add address-pool=dhcp_pool1 interface=BR-LAN lease-time=2d name=dhcp2
add address-pool=dhcp_pool2 interface=BR-GUEST lease-script=":local queueName \
    \"Client- \$leaseActMAC\";\r\
    \n \r\
    \n:if (\$leaseBound = \"1\") do={\r\
    \n    /queue simple add name=\$queueName target=(\$leaseActIP . \"/32\") l\
    imit-at=20M/20M max-limit=20M/20M comment=[/ip dhcp-server lease get [find\
    \_where active-mac-address=\$leaseActMAC && active-address=\$leaseActIP] h\
    ost-name];\r\
    \n} else={\r\
    \n    /queue simple remove \$queueName\r\
    \n}" lease-time=1h name=dhcp3
/caps-man manager
set enabled=yes
/caps-man manager interface
set [ find default=yes ] forbid=yes
add disabled=no interface=BR-MGMT
/caps-man provisioning
add action=create-dynamic-enabled master-configuration=SSID1 \
    slave-configurations=SSID-GUEST
/interface bridge port
add bridge=BR-MGMT ingress-filtering=no interface=E02-CAN
add bridge=BR-LAN ingress-filtering=no interface=E02-VL10-LAN
add bridge=BR-GUEST ingress-filtering=no interface=E02-VL11-GUEST
add bridge=BR-CAM ingress-filtering=no interface=E02-VL12-CAM
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface list member
add interface=BR-GUEST list=LOCALS
add interface=BR-CAM list=LOCALS
add interface=BR-LAN list=LOCALS
/interface ovpn-server server
set auth=sha1,md5
/ip address
add address=10.0.79.1/24 interface=BR-MGMT network=10.0.79.0
add address=192.168.79.1/24 interface=BR-LAN network=192.168.79.0
add address=10.1.79.1/24 interface=BR-GUEST network=10.1.79.0
add address=10.2.79.1/24 interface=BR-CAM network=10.2.79.0
add address=192.168.11.251/24 interface=E01-INTERNET network=192.168.11.0
add address=95.x.x.25 interface=E01-INTERNET network=95.xx.xx.25
/ip dhcp-server lease
add address=192.168.79.99 client-id=1:0:11:32:58:13:5c mac-address=\
    00:11:32:58:13:5C server=dhcp2
/ip dhcp-server network
add address=10.0.79.0/24 dns-server=192.168.51.2 domain=j*z \
    gateway=10.0.79.1
add address=10.1.79.0/24 dns-server=10.1.79.1 gateway=10.1.79.1
add address=192.168.79.0/24 dns-server=192.168.79.1 gateway=192.168.79.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip route
add disabled=no dst-address=0.0.0.0/0 gateway=192.168.11.254
add distance=1 dst-address=192.168.51.0/24 gateway=BR-MGMT
/system clock
set time-zone-name=Europe/Prague
/system ntp client
set enabled=yes
/system ntp client servers
add address=ntp.nic.cz
 
erlinden
Forum Guru
Forum Guru
Posts: 1195
Joined: Wed Jun 12, 2013 1:59 pm

Re: [CAPsMAN] Move from UBNT

Sun Sep 11, 2022 10:27 pm

To start with, only use a single bridge (and read the following topic carefully):
viewtopic.php?t=143620
First the problem, then the solution
 
vanikcz
newbie
Topic Author
Posts: 35
Joined: Wed Oct 14, 2015 11:06 pm

Re: [CAPsMAN] Move from UBNT

Mon Sep 12, 2022 1:12 pm

moderator note: do not quote preceding post, use "post Reply".
Thank you for that ultimate VLAN Guide!
Now there is only problem with settings of channel lists over two bands.
 
erlinden
Forum Guru
Forum Guru
Posts: 1195
Joined: Wed Jun 12, 2013 1:59 pm

Re: [CAPsMAN] Move from UBNT

Mon Sep 12, 2022 1:24 pm

Make a configuration per channel, that way you will be able to select the frequency per radio per accesspoint.
First the problem, then the solution
 
User avatar
atomicduck
Member Candidate
Member Candidate
Posts: 116
Joined: Fri Oct 02, 2020 1:42 pm

Re: [CAPsMAN] Move from UBNT

Sat Oct 01, 2022 4:12 pm

Can you please help me identify where I'm wrong?
Hello, just a few quick notes: you can make it all work, but as there is no "smarts" integrated in Coapsman, roaming depends on signal availability. My approach for this problem is to install enough access points, and set signal levels rather low. You are looking for 3 dB diffference between 2,4 and 5 ghz, on the same SSID, so you can compensate for higher radio attenuation of 5 ghz signal.

When I design the wifi, I usually start with a floorplan and add an AP in every room, set tx power to 3/6 dbm, and carefully set channels. As I am in EU, i use 1,5,9 and 13. In US you will have 1,6,11. For 5 Ghz, you just set it up to ch 140 in practice, because extensions after that can't be read by some older devices.

As for Apple stuff, they all work, by you will have to dig into the config. There is plenty of manuals and stuff online, but expect the learning curve to be steep.

Still, I preffer MikroTik over other solutions because the system does exactly as you tell it to, and it is built for engineers, not as a "comic book" as some other interfaces feel when I use them.
 
gotsprings
Forum Guru
Forum Guru
Posts: 1743
Joined: Mon May 14, 2012 9:30 pm

Re: [CAPsMAN] Move from UBNT

Sun Oct 02, 2022 4:15 am

Everytime I open the cloud portal for one vendor... I start a stop watch. As I try to figure out how long it takes between an action and the device reporting it. Sometimes it's a few minutes.

Caps-man constant and near instant stream of data, spoiled me.
"It ain't what you don't know that gets you into trouble. It's what you know for sure that just ain't so."
Mark Twain
 
User avatar
atomicduck
Member Candidate
Member Candidate
Posts: 116
Joined: Fri Oct 02, 2020 1:42 pm

Re: [CAPsMAN] Move from UBNT

Sun Oct 02, 2022 10:58 am

moderator note: do not quote preceding post, use "post Reply".
CapsMan / MikroTik is hardcore. It is really hard to do stuff in it sometimes, but the good thing is that when things are set they are rock-solid. I have a number of installations, and number of devices is usually 20-30, sometimes double that number of APs. It is hard to imagine better way to manage and oversee all of those in a better way. Also Dude.

Of course, some features are lacking in the sense that filtering and options are not optimal, but if everything works that is minor.

I would very much appreciate roaming support on MikroTik tho and also some kind of actually intelligent auto-channel engine would be good.

That said, I can now correctly design and set all the channels and signal strengths on a 30 multi AP network in about 30 minutes. :-) But the path to get there was long.
 
gotsprings
Forum Guru
Forum Guru
Posts: 1743
Joined: Mon May 14, 2012 9:30 pm

Re: [CAPsMAN] Move from UBNT

Sun Oct 02, 2022 8:42 pm

moderator note: do not quote preceding post, use "post Reply".
Unfortunately for me any my clients... the actual performance of the radios is not comparable to current options. Also there are quirks that you "can't get around due to the inhouse driver".

So while I love caps-man... I sure don't enjoy all the trouble tickets. I really didn't like the loss of customers who lost faith as it took months to get answers from Mikrotik. I might add the ultimate resolution came when Mikrotik confirmed that the problem was not solvable with their radios.

I can't tell you how many times someone has been looking at caps-man over my shoulder and just asked "Is there anyway that could control a good radio?"

I mean maybe they think that Mikrotik could add something to other vendors or other vendors could some how talk to caps-man... I think they are just wishing. But in the end... what matters is that we can put out reliable systems that "WORK" day in and day out with Little to NO messing with, after deployment. While the ACv2 driver improves actual radio performance to closer to the units we used back in 2017... I loose caps-man. And only have a few pieces of hardware to choose from... and I am back to configuring each radio as an island... and trouble shooting is back to 2012 when you had to alt+tab between different devices.

Junking all the config work I had done, really sucked. But there was no way clients were gonna put up with the issues that kept popping up.

On the bright side... after Mikrotik told me flat out... I took those lessons and way more leery of the next vendor. So much so it prevented another bad situation for us.

We had to go back to our old wireless vendor, as it "actually works". Despite the PURCHASE cost increase... there is no real downside to the client.
"It ain't what you don't know that gets you into trouble. It's what you know for sure that just ain't so."
Mark Twain
 
User avatar
atomicduck
Member Candidate
Member Candidate
Posts: 116
Joined: Fri Oct 02, 2020 1:42 pm

Re: [CAPsMAN] Move from UBNT

Mon Oct 03, 2022 1:52 pm

I am curious what was the issue at hand for you?

Regarding the MirkoTik WiFi, one has to not expect hgih transfer speeds, as devices used are predominantly older iteration of WiFi and simple to maintain when you get a grip with CapsMan.

That said, I get 80-100 mbps routinely in a well covered facility. In my view, if wireless can serve as 100 mbps wired counterpart, that is enough. Just today I tested one external WiFi where I tested the speed 50-60 meters from AP, and it worked relatively fine. I got about 10 mbps, which is not stellar, but the device was far away. Even through the wall the speed was about 5-6 mbps using an iPhone. For simple uses, browsing and such, that is enough.

Now, I could have used Cambium or Ubiquity, but their devices are 3-5 times more expensive, and most people simply don't care speed that much if the coverage is always there.

My biggest mistake with MikroTik implementations where I used too low a number of APs, as "that would be enough". MT APs are so cheap that you can really just put an ap in every office and be done with it. I set 2.4 signal 3db lower than 5 ghz, and generally low signal levels and all works fine. Not much overlapping, and roaming works as a charm. I don't notice it really, and used the laptop all around.
 
gotsprings
Forum Guru
Forum Guru
Posts: 1743
Joined: Mon May 14, 2012 9:30 pm

Re: [CAPsMAN] Move from UBNT

Mon Oct 03, 2022 2:28 pm

No MU-MIMO becomes an issue in many of my installs.

2.4 radios no longer passing traffic but appearing to carry clients in caps-man. Disabling and reenbaling the interface will make it work again.

Radios flat out giving up when surrounded by noisy environments.

Wireless cards from particular vendors refusing to connect to certain bands.

Low speed tests were more of uhh... Who cares...
Not being able to keep a wifi call or zoom meeting was more of an issue.

Etc
Etc
Etc
"It ain't what you don't know that gets you into trouble. It's what you know for sure that just ain't so."
Mark Twain
 
User avatar
atomicduck
Member Candidate
Member Candidate
Posts: 116
Joined: Fri Oct 02, 2020 1:42 pm

Re: [CAPsMAN] Move from UBNT

Mon Oct 03, 2022 3:25 pm

Yeah... Those are quite specific issues and I can relate to them.
What provider you used to fix the issue?
 
gotsprings
Forum Guru
Forum Guru
Posts: 1743
Joined: Mon May 14, 2012 9:30 pm

Re: [CAPsMAN] Move from UBNT

Mon Oct 03, 2022 4:21 pm

Yeah... Those are quite specific issues and I can relate to them.
What provider you used to fix the issue?
I am no Fan of UniF--k and after years with it... i avoid it and won't use it. If another trade wants to put them in... I explain that I will not help if they have an issue. THEY ALWAYS HAVE ISSUES. Then they try and share their server to me or beg and bitch at me. I remind them... NOPE. Not happening.

80% of the time the UniF--ker gives in and removes their crap.
The remaining 20% usually try to work out some deal where we split the wireless clients...

Most UniF--kers I encounter can't understand simple S--t like port forwards or how subnets work. I don't feel its my job to teach them.

Cambium had some show stoppers in their WiFi6 WAPS that had been in the software for almost 2 years before I looked at them. I showed them where the issues were and how to reproduce them. They thought the issue "wasn't that bad." Until we opened up the can to everyone else having issues that were related to the bug.

Cambium stated it would take a firmware rewrite to fix it. 5 months later... its fixed. And it broke other things... so after 10 months of dealing with Cambium specfically about getting the WiFi6 stuff up to par... I have zero PAID deployments. All my gear is spread across a bunch of test sites. I trip over bugs. Reproduce them. Document them. Give Cambium access to the devices and network. Do a screen share with video and demonstrate the issue.

They now no longer start the email response with... "Did you check this???" They just ask for a support file and a clear explanation. Then I wait for follow up firmware and report back.

Long and short of it... I don't put them in the field as I would be trading one problem for another.

Ruckus Wireless has changed dramatically from the guys I dealt with 10+ years ago. However... I have had one really annoying bug crop up. They if I "just stayed on the prior firmware" it didn't cause me any problems across all sorts of WAPS, Environments, and Use Cases (Homes,Bars,Doctors Offices,NBA Arenas,National UniF--k Distributors...)

I was concerned that the product change over from WiFi5 to WiFi6 was gonna stop me dead if the new hardware required the new BUGGY firmware. Fortunately... Ruckus a proper firmware when the new stuff came out. The next iteration had features and bugs... but I have a set and forget firmware image.

During my wait for new Ruckus hardware, I dug in deep with Cambium. They actually open a ticket and follow through with me. From where I started to now... I am just about ready to use them in FLAT networks. Now they are out of hardware... and about to have another price increase.

For perspective...
My Goto Ruckus WAP is the R550 at US$800
The Cambium direct comparison is the XV2-2 which launched in 2020 at $400. It is now $560. And will be just south of $600 by Christmas.

Now a cAP XL AC released in 2022 has a WiFi 5 radio that can NEVER be upgraded to even WiF5 WAVE2. If I put them out in the wild... all my caps-man issues are JUST WAITING TO POP UP AND F--K ME!

So we have to make extra sure to let the customer know... "These will not work as well as other vendor. But they MIGHT be OK. If you start having issues... we are gonna have to upgrade."

We were getting Ruckus H510s for $200 for a while there...
One per Room. A radio tuned to send the 2.4 and 5Ghz the same distance. A managed switch includes and driven by POE. Used a ton of those.

Now the replacement is $800... and we can't get them for less than $450... But do the same comparison..
WAP in the room. Tuned for the room. Managed Switch. Driven by POE...

The performance of the hAP AC2 as a WAP and managed switch WASN'T EVEN CLOSE to the performance of the H510. So the $75 vs $200 was quick argument.

Will the new hAP AX3 change my mind... from what I can tell... its using Wave2 drivers at release... that means it is not gonna be caps-man. Unless something changes dramatically between now and then...

Plus we will have to start all over with vetting...

Where is that Cambium XV2-22H they mentioned a year ago???
"It ain't what you don't know that gets you into trouble. It's what you know for sure that just ain't so."
Mark Twain
 
User avatar
atomicduck
Member Candidate
Member Candidate
Posts: 116
Joined: Fri Oct 02, 2020 1:42 pm

Re: [CAPsMAN] Move from UBNT

Mon Oct 03, 2022 5:48 pm

:-) a netadmin's horror story from hell. One really has to understand the scope and the philosophy behind MikroTik, and either accept it or move on. Their way of doing stuff is producing very useful and versatile equipment for cheap. Most of the stuff they make is not available anywhere else. Take little MAPlite for example - I use that for LAN port emulation in warehouses and productions facilities and it works wonders. I have some running for years and they all work (also used Cap lite for that purpose, which are the same). It even works over host device USB power, which is amazing. But this philosophy means you won't be getting cutting edge stuff, because that stuff is not cheap. They tend to focus on stuff that they deem important and often the choice is good, or at least good enough. For example MikroTik SSTP VPN is very slow. Even on fast hardware it is limited to 5mbps from my experience. Buy why spend time fixing that when you can use hardware accelerated ipsec tunnels? Same with other stuff, at least that is how I interpret this to myself.

And you always have an option to use Cisco... But they too are plagued with delivery problems and their equipment is quite expensive. At least double of what you mentioned, but I am pretty sure you would be able to make a really solid WiFi using Cisco stuff. However I don't like them because they are assholes that install backdoors to their stuff. I would never use them. Pretty sure MikroTik is clean tho.
 
gotsprings
Forum Guru
Forum Guru
Posts: 1743
Joined: Mon May 14, 2012 9:30 pm

Re: [CAPsMAN] Move from UBNT

Mon Oct 03, 2022 6:13 pm


:-) a netadmin's horror story from hell. One really has to understand the scope and the philosophy behind MikroTik, and either accept it or move on. Their way of doing stuff is producing very useful and versatile equipment for cheap. ...
Here we go again...

Its just inevitable.
"It ain't what you don't know that gets you into trouble. It's what you know for sure that just ain't so."
Mark Twain
 
User avatar
atomicduck
Member Candidate
Member Candidate
Posts: 116
Joined: Fri Oct 02, 2020 1:42 pm

Re: [CAPsMAN] Move from UBNT

Mon Oct 03, 2022 6:52 pm


Its just inevitable.
If all would be perfect, what would you hope for? :-)
 
User avatar
atomicduck
Member Candidate
Member Candidate
Posts: 116
Joined: Fri Oct 02, 2020 1:42 pm

Re: [CAPsMAN] Move from UBNT

Wed Oct 26, 2022 4:14 pm


Here we go again...

Its just inevitable.
Been to a Cambium conference last week. Seems that they don't have much if any supply chain issues. Most of their equipment is available immediately here, and I have to admit that sounds sweet. I waited to MikroTik PoE SW for 9 months this year, and waiting for my 5011 for 10 months in total.

They really seem to push tech. They allready have 3+ radios stuff out, with 2.4, 5 and 6ghz on board. Long term investment as it seems.
 
gotsprings
Forum Guru
Forum Guru
Posts: 1743
Joined: Mon May 14, 2012 9:30 pm

Re: [CAPsMAN] Move from UBNT

Sat Oct 29, 2022 9:24 pm

atomicduck

My comment about inevitably sts from...
"At some point in my back and forth Tik fans... They eventually run into a moment where they have to admit that the radios serving wifi clients is pretty terrible. Then they immediately pivot... But it's cheap."

As for Cambium... I have been ridding them for 9 months sending back bug reports then working them with engineering.

So pretty much anyone who goes on about how great the WiFi6 from Cambium is... I don't have any faith in any thing they have to say.

Apparently no one does proper QA anymore.

But the webinar and talk with the reps back in Dec really got my interest. 6ghz radios that can run as 5ghz until there are more devices sounded awesome. But they missed a bunch of release dates. And here in the US... The XV2-2s have been steadily rising in price... And availability had become a problem recently.
"It ain't what you don't know that gets you into trouble. It's what you know for sure that just ain't so."
Mark Twain
 
User avatar
atomicduck
Member Candidate
Member Candidate
Posts: 116
Joined: Fri Oct 02, 2020 1:42 pm

Re: [CAPsMAN] Move from UBNT

Sun Oct 30, 2022 12:54 pm

atomicduck

"But it's cheap."

Apparently no one does proper QA anymore.

But the webinar and talk with the reps back in Dec really got my interest. 6ghz radios that can run as 5ghz until there are more devices sounded awesome. But they missed a bunch of release dates. And here in the US... The XV2-2s have been steadily rising in price... And availability had become a problem recently.
Based on your previous comments, I specifically asked them about deliveries and stuff. They did tell me that some of the stuff face some delivery issues, but that they mostly solve that rather quickly. Also, most of the stuff they presented they have on stock here, so delivery wise they seem to be better than most of the others. I can't even get MikroTik switches normally. Had two bigger installations this year (about 50 APs in total) and getting the units was paint the ass. And for PoE 24p switch I waited for 7 months. Not nice.

As for the cheapness - yeah, MirkoTik is cheap. MikroTik radios are not as good as compared to others, but one compensate that with coverage. I had a lot of issues before, but careful planning and channel selections does seem to make everything work in unison. Not an easy task to do tho, but it can be done. And I kind of don't mind too much. My logic is that if I can get 100mbps WiFi speed in practice (compared to 100 mpbs lan) almost everywhere, my task is done. But I do think your comments are very valid points.

Also getting high speed WiFi to work fine is a big problem. People are having gigabit connections to the internet now, and mostly they access internet through WiFi. Devices for home use are usualluy powerful, they do beam-forming and other voodoo stuff, but when they are set to ridiculous channel widths, coverage is shit.

Who is online

Users browsing this forum: No registered users and 9 guests