Community discussions

MikroTik App
 
raddi
just joined
Topic Author
Posts: 1
Joined: Tue Nov 30, 2021 7:37 pm

wireless Mac-Auth or 802.1x with capsman

Tue Nov 30, 2021 8:28 pm

hello,
this ist my first post an i hope someone can help me

I have set my WLAN to mikrotik wap and cap managed with capsman and auth the clients with 802.1x credentials via radius. This configuration works very well.
/caps-man datapath
add bridge=AP-Bridge local-forwarding=yes name=APdatapath
/caps-man security
add authentication-types=wpa2-eap eap-methods=passthrough encryption=aes-ccm \
    name=wpa2eap tls-certificate=none tls-mode=no-certificates
/caps-man configuration
add country=germany datapath=APdatapath mode=ap multicast-helper=full name=\
    CAPsMAN1 security=wpa2eap ssid="CAPsMAN-SSID"
/caps-man interface
add channel=2GHz-Ch5 configuration=CAPsMAN1 disabled=no l2mtu=1600 \
    mac-address=xx:xx:xx:xx:xx:xx master-interface=none name="cap1 (2,4GHz)" \
    radio-mac=xx:xx:xx:xx:xx:xx radio-name=xxxxxxxxxxxx
add channel=5GHz-Ch44 configuration=CAPsMAN1 disabled=no l2mtu=1600 \
    mac-address=xx:xx:xx:xx:xx:xx master-interface=none name="cap2 (5Ghz)" \
    radio-mac=xx:xx:xx:xx:xx:xx radio-name=xxxxxxxxxxxx
add channel=2GHz-Ch9 configuration=CAPsMAN1 disabled=no l2mtu=1600 \
    mac-address=xx:xx:xx:xx:xx:xx master-interface=none name="cap3 (2,4GHz)" \
    radio-mac=xx:xx:xx:xx:xx:xx radio-name=xxxxxxxxxxxx
add channel=5GHz-Ch52 configuration=CAPsMAN1 disabled=no l2mtu=1600 \
    mac-address=xx:xx:xx:xx:xx:xx master-interface=none name="cap4 (5GHz)" \
    radio-mac=xx:xx:xx:xx:xx:xx radio-name=xxxxxxxxxxxx
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/caps-man aaa
set mac-mode=as-username-and-password
/caps-man access-list
add action=accept allow-signal-out-of-range=10s disabled=no mac-address=\
    00:00:00:00:00:00 ssid-regexp=""
/caps-man manager
set ca-certificate=auto certificate=auto enabled=yes
Now I want to extend this with mac-bypass for clients with no 802.1x.
I want to use this solution https://wiki.freeradius.org/guide/mac-a ... -or-802-1x for manage the bypass, but the mikrotik ap's send no message to the radius server, if there ist no 802.1x client.
What do i need to change at my setup to realise this?

thanks for your support
raddi

Who is online

Users browsing this forum: chinhbq, lurker888, tangent and 20 guests