Community discussions

MikroTik App
 
User avatar
nichky
Forum Guru
Forum Guru
Topic Author
Posts: 1275
Joined: Tue Jun 23, 2015 2:35 pm

ASK[CAPsMAN]

Sun Jul 11, 2021 5:33 am

cant make identity-regexp & common-name-regexp working

@rextended, i really need your input here
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: ASK[CAPsMAN]

Sun Jul 11, 2021 6:04 am

I'm not the only user on this forum.
I want help you, but you must wait, I'm on anoter time zone and now I must go to bed.

But do not forget to explain what exactly is the problem, routeros version used and on what devices.
Better if you provide some /export to understand
 
User avatar
nichky
Forum Guru
Forum Guru
Topic Author
Posts: 1275
Joined: Tue Jun 23, 2015 2:35 pm

Re: ASK[CAPsMAN]

Sun Jul 11, 2021 7:19 am

if i explore my config would be irelevant.
Whenever i fill that part for entity-regexp & common-name-regexp, and then when i do provisioning, i'm not getting any result according to what i have filled there
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: ASK[CAPsMAN]

Sun Jul 11, 2021 9:14 am

Show me the complete provisioning rules including the exact regexps that don't work and the exact names and MAC addresses (or certificate common names if you use them) of the cAPs that should match these regexps but don't.

Do you realize that the caps-man provisioning rules are processed the same way like firewall rules, routing rules etc., i.e. top to bottom until first match, therefore some rules may shadow other ones?
 
User avatar
nichky
Forum Guru
Forum Guru
Topic Author
Posts: 1275
Joined: Tue Jun 23, 2015 2:35 pm

Re: ASK[CAPsMAN]

Sun Jul 11, 2021 10:46 am

i got this one for testing purposes


/caps-man provisioning
add action=create-enabled hw-supported-modes=gn identity-regexp=GP-AP-.* master-configuration=test radio-mac=6C:3B:6B:xx:xx:xx slave-configurations=\
test

What i'm expecting is, once i'll click on provisioning i should be saying on /caps-man interface> to be GP-AP for that particular rule.

Maybe i'm wrong, but that is what i'm expecting.
Correctme what do you want me to correct to see that its working, once i click provisioning
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: ASK[CAPsMAN]

Sun Jul 11, 2021 11:08 am

I'm not sure I understand your expectation properly, but if you assume that the regexp is used to control what name will be assigned to the interface created according to the rule, it is a wrong assumption. All the regexp fields are match fields, i.e. they are used to select cAPs to which the rule will apply. So identity-regexp="n.sto" makes the rule apply only on cAPs whose /system identity name item contains n.sto - e.g. nesto-odlicno, tuka-nema-nisto etc.

To affect the name of the created interface, use name-format and name-prefix items.
 
User avatar
nichky
Forum Guru
Forum Guru
Topic Author
Posts: 1275
Joined: Tue Jun 23, 2015 2:35 pm

Re: ASK[CAPsMAN]

Sun Jul 11, 2021 11:51 am

that make a lot of sane. so my assumption is wrong.
In this case im not sure what this does.

Much appreciated if you can explain here, or advice me how can i make it works the way you suggesting
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: ASK[CAPsMAN]

Sun Jul 11, 2021 12:11 pm

You mean how you can automate the creation of the interface names?
 
User avatar
nichky
Forum Guru
Forum Guru
Topic Author
Posts: 1275
Joined: Tue Jun 23, 2015 2:35 pm

Re: ASK[CAPsMAN]

Sun Jul 11, 2021 1:02 pm

i mean if you can give me some tip how properly can i use identity-regexp & common-name-regexp working.

i have spend lot of time with our result
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: ASK[CAPsMAN]

Sun Jul 11, 2021 2:14 pm

The identity-regexp and common-name-regexp are useful in large networks with tens or even hundreds of cAPs where some groups of cAPs need specific configurations not due to their technical parameters (support of various frequency bands and Modulation and Coding Schemes) but e.g. due to "geographical" area they cover. So you want some SSIDs to be provisioned only on some groups of cAPs, or you centrally control cAPs in different regulatory domains, which is a very bad idea from networking point of view, as WAN between cAP and CAPsMAN is a source of headache, but a good example.

To facilitate this, you can use the name of the group as part of the individual name of eac cAP. So you prepare the provisioning rules for the groups, using the name of each group as identity-regexp for the provisioning rule corresponding to that group, and whenever you add a new cAP to the network, the only thing you have to do is to rename it accordingly (using the [Set Identity] button in Winbox->CAPsMAN->Remote CAP). So you end up with cAP names skopje-1 ... skopje-N and melbourne-1 ... melbourne-M, and two provisioning rules, one with identity-regexp=skopje and the other one with identity-regexp=melbourne.

And these two rules may be set with name-format=identity, which will make the interface names be generated as the cAP identity suffixed with the order number, rather than the default cap suffixed with the order number.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: ASK[CAPsMAN]

Sun Jul 11, 2021 4:05 pm

You mean how you can automate the creation of the interface names?
Exactly, I wouldnt bother assisting such an obtuse fellow probably doing something illegal because he refuses to provide the clear requirements (use cases what users should or should not be able to do and without any mention of config) and only wants info on some specific bit of config code.
(let alone not wanting to show the config or network diagram). So that forces you to come up with attempting to find plausible scenarios.
 
User avatar
nichky
Forum Guru
Forum Guru
Topic Author
Posts: 1275
Joined: Tue Jun 23, 2015 2:35 pm

Re: ASK[CAPsMAN]

Tue Jul 13, 2021 1:07 am

Thanks sindy, that makes a lot of sense.

hvala puno,najbolji si!
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: ASK[CAPsMAN]

Tue Jul 13, 2021 3:43 pm

nichky code

Now is it clear or do you still need help?
I hope you have solved
 
User avatar
nichky
Forum Guru
Forum Guru
Topic Author
Posts: 1275
Joined: Tue Jun 23, 2015 2:35 pm

Re: ASK[CAPsMAN]

Tue Jul 13, 2021 11:58 pm

tx @rextended, solved
 
PackElend
Member Candidate
Member Candidate
Posts: 269
Joined: Tue Sep 29, 2020 6:05 pm

Re: ASK[CAPsMAN]

Mon Jun 27, 2022 10:54 pm

could anyone explain the purpose of common-name-regexp?
I don't find any explanation.
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: ASK[CAPsMAN]

Mon Jun 27, 2022 11:02 pm

Sounds like matching on the CN (common name) field of the CAP certificate.
 
PackElend
Member Candidate
Member Candidate
Posts: 269
Joined: Tue Sep 29, 2020 6:05 pm

Re: ASK[CAPsMAN]

Tue Jun 28, 2022 10:35 am

Sounds like matching on the CN (common name) field of the CAP certificate.
and that is most likely the case, the old documentation is a bit confusing in the first place:

AP Controller (CAPsMAN) - RouterOS - MikroTik Documentation
common-name-regexp (string; Default: ) Regular expression to match radios by common name
but that could mean anything

Manual:CAPsMAN - MikroTik Wiki
common-name-regexp (string; Default: ) Regular expression to match radios by common name. Each CAP's common name identifier can be found under "/caps-man radio" as value "REMOTE-CAP-NAME"
but that is the same identity as system/identity on the CAP tough only if you do not use certificates...


but both documentations state the following:
CAPsMAN distinguishes between CAPs based on an identifier. The identifier is generated based on the following rules:

if CAP provided a certificate, identifier is set to the Common Name field in the certificate
otherwise identifier is based on Base-MAC provided by CAP in the form: '[XX:XX:XX:XX:XX:XX]'.
so it is the common name of the certificate, the same when you do
[admin@...] > certificate/print
Flags: L - CRL; T - TRUSTED
Columns: NAME, COMMON-NAME, FINGERPRINT
#    NAME                  COMMON-NAME   FINGERPRINT   

here is a tutorial using certificates for CAPsMAN, which could make the above stated easier understandable: https://www.gonscak.sk/?p=575

Who is online

Users browsing this forum: Bing [Bot], JDF, johnson73, ramirez and 75 guests