Community discussions

 
User avatar
swisstico
just joined
Topic Author
Posts: 5
Joined: Sat Dec 12, 2015 6:10 am
Contact:

CAPsMAN - How to force layer 2?

Thu Jun 16, 2016 4:43 am

Hello everybody,

We have an issue with CAPsMAN and need your help.
We configured a wifi in various routers linked a main one with CAPsMAN and all routers (including the main one) are managed by CAPsMAN.

Everything works fine EXCEPT the main router, for the reason that is the only one that connect to himself in layer 3 (by IP), so the firewall is blocking it and we must add a filter rule to bypass the firewall.
There is a way to force CAPsMAN to work in layer 2?

2 examples (2 different offices):
http://imgur.com/a/SkNyC

Thanks for your help!
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 5934
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: CAPsMAN - How to force layer 2?

Thu Jun 16, 2016 2:58 pm

Yes you can, set discovery-interface to any local interface on the manager router, or create a dummy loopback interface with static MAC and set  discovery-interface to that one.
 
User avatar
eworm
Member
Member
Posts: 392
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: CAPsMAN - How to force layer 2?

Fri Jul 29, 2016 12:10 am

Same issue here... Could not make it work with a local ethernet interface. Either connects on layer 3 or not at all. Is it picky on interfaces that belongs to bridge, have vlan config, ... whatever?

Any what is a dummy loopback interface? A bridge with no ports? A virtual ethernet interface? Tried both, no success either.
Manage RouterOS scripts and extend your devices' functionality: RouterOS Scripts
 
User avatar
czolo
Member
Member
Posts: 418
Joined: Fri Mar 04, 2005 9:49 am
Location: Poland (Warsaw)
Contact:

Re: CAPsMAN - How to force layer 2?

Tue Aug 02, 2016 10:05 pm

Maybe try that:
interface wireless cap set caps-man-addresses=127.0.0.1
| --= Czo|_o =--
| http://wifi4eu.pl
| Innovation in WiFi
 
User avatar
eworm
Member
Member
Posts: 392
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: CAPsMAN - How to force layer 2?

Tue Aug 02, 2016 10:48 pm

Maybe try that:
interface wireless cap set caps-man-addresses=127.0.0.1
That is still layer 3, no? :wink:
Manage RouterOS scripts and extend your devices' functionality: RouterOS Scripts
 
User avatar
czolo
Member
Member
Posts: 418
Joined: Fri Mar 04, 2005 9:49 am
Location: Poland (Warsaw)
Contact:

Re: CAPsMAN - How to force layer 2?

Tue Aug 02, 2016 11:08 pm

Yes, but it works :)
| --= Czo|_o =--
| http://wifi4eu.pl
| Innovation in WiFi
 
User avatar
swisstico
just joined
Topic Author
Posts: 5
Joined: Sat Dec 12, 2015 6:10 am
Contact:

Re: CAPsMAN - How to force layer 2?

Thu Aug 25, 2016 7:42 am

Nice workaround!
This is our solution for now:

1. Add CAPsMAN to discover address 127.0.0.1 (As czolo wrote)
/interface wireless cap set caps-man-addresses=127.0.0.1
2. Open Firewall for CAPsMAN
/ip firewall filter add chain=output action=accept protocol=udp src-address=127.0.0.1 dst-address=127.0.0.1 port=5246,5247
/ip firewall filter add chain=input  action=accept protocol=udp src-address=127.0.0.1 dst-address=127.0.0.1 port=5246,5247
BUT PLEASE MikroTik Team, fix the issue, we would be so thankful! :D
 
User avatar
czolo
Member
Member
Posts: 418
Joined: Fri Mar 04, 2005 9:49 am
Location: Poland (Warsaw)
Contact:

Re: CAPsMAN - How to force layer 2?

Thu Aug 25, 2016 9:48 pm

Nice workaround!
thx :)
| --= Czo|_o =--
| http://wifi4eu.pl
| Innovation in WiFi
 
jrbenito
just joined
Posts: 9
Joined: Tue May 20, 2014 4:19 am

Re: CAPsMAN - How to force layer 2?

Mon Jan 21, 2019 4:49 pm

Nice workaround!
This is still an issue almost three years later.

1) I cannot forbid CAPsMan on all interfaces but local because it prevents own cap to connect
2) I cannot use layer 2 on own cap interface
3) The worst: this is not documented anywhere besides user forums (it should be on CAPsMan manual to prevent people be fighting hours with something that isn´t going to work)

4) I noticed that if I enable certificate request and CAPsMan is not configured, event disabling the certificate request on Cap has no effect, it still requests certificate to CAPsMan resulting in error. (this is a bug)
 
nescafe2002
Long time Member
Long time Member
Posts: 622
Joined: Tue Aug 11, 2015 12:46 pm
Location: Netherlands

Re: CAPsMAN - How to force layer 2?

Mon Jan 21, 2019 5:08 pm

Have you tried the last beta?

https://mikrotik.com/download/changelog ... lease-tree
What's new in 6.44beta50 (2018-Dec-17 13:01):

*) capsman - always accept connections from loopback address;
 
jrbenito
just joined
Posts: 9
Joined: Tue May 20, 2014 4:19 am

Re: CAPsMAN - How to force layer 2?

Mon Jan 21, 2019 10:19 pm

Have you tried the last beta?
What's new in 6.44beta50 (2018-Dec-17 13:01):

*) capsman - always accept connections from loopback address;
Nope, I am running 6.43.8. Nice to see a solution is finally coming.
 
Pea
Member Candidate
Member Candidate
Posts: 191
Joined: Fri Jul 17, 2015 11:07 pm
Location: Czech

Re: CAPsMAN - How to force layer 2?

Tue Jan 22, 2019 12:18 am

3) The worst: this is not documented anywhere besides user forums (it should be on CAPsMan manual to prevent people be fighting hours with something that isn´t going to work)
https://wiki.mikrotik.com/wiki/Manual:S ... in_CAPsMAN
But I agree that having firewall rule for CAP on CAPsMAN is annoying. L2 should run as other CAPs.

Who is online

Users browsing this forum: No registered users and 28 guests