Community discussions

MikroTik App
 
SergeS
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 67
Joined: Fri Mar 25, 2016 6:23 am

CAPsMAN first time setup

Fri Dec 03, 2021 10:45 pm

I have hAP ac router (962UiGAS-5HacT2HnT what ever the hell it means!) as main router and cAP ac access point (RBcAPGi-5acD2nD) currently configured as wifi AP (bridge). Home network, nothing super special, wifi is a mix of 2.4 and 5 GHz devices, android phones and tablets, windows laptops, apple devices are very rare... I am planning to use both mikrotik devices to make CAPsMAN configuration (main router as a master, access point as a slave) to extend coverage with the same SSID. May be later will add another device as extra slave. I have never play with CAPsMAN so I need some inspired kicks :-) from experienced people.

Is this worthful to create such configuration with these devices?
Are these devices suitable to work together in CAPsMAN?
What are advantages/disadvantages?
Other recommendations?
 
erlinden
Forum Guru
Forum Guru
Posts: 1900
Joined: Wed Jun 12, 2013 1:59 pm
Location: Netherlands

Re: CAPsMAN first time setup

Fri Dec 03, 2021 11:17 pm

Is this worthful to create such configuration with these devices?
No
Are these devices suitable to work together in CAPsMAN?
Yes
What are advantages/disadvantages?
Single configuration, less performance and options
Other recommendations?
Don't

:D
 
SergeS
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 67
Joined: Fri Mar 25, 2016 6:23 am

Re: CAPsMAN first time setup

Fri Dec 03, 2021 11:50 pm

Is this worthful to create such configuration with these devices?
No
Can you please explain, why No? I did not get...
 
holvoetn
Forum Guru
Forum Guru
Posts: 5320
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: CAPsMAN first time setup

Sat Dec 04, 2021 1:23 am

Not worth the effort for one cap unless it's a study project ?

Is not that difficult either.
Mikrotik wiki capsman.
Good material to start.
 
SergeS
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 67
Joined: Fri Mar 25, 2016 6:23 am

Re: CAPsMAN first time setup

Sat Dec 04, 2021 3:57 am

Not worth the effort for one cap unless it's a study project ?
No, it is not for study, it is for everyday home usage.

What is alternative, if not worth?
Now, I have two SSIDs for 2.4GHz and two for 5 GHz, it is awkward, isn't it? :-)
 
holvoetn
Forum Guru
Forum Guru
Posts: 5320
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: CAPsMAN first time setup

Sat Dec 04, 2021 9:12 am

You can keep SSID the same for all.
Device will select the strongest signal so general advice is to lower transmission power with 7dB for 2.4 to "help" devices to favor 5gHz above 2.4gHz.

And set your frequencies on each cap/band so they do not overlap.
E.g. 1/6/11 are usually the only ones to use on 2.4gHz to have no overlap. Unless these are already used by surrounding transmitters...
Do a scan first to see which channel is the least congested at the spot where you want to put your device.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: CAPsMAN first time setup

Mon Dec 13, 2021 8:32 pm

No use standard wifi settings with vlans. Its what I do at home with
one mt router
one capac (used to be three)
two TP LINK APs (one eap245 and one eap 660hD)

Use this article to set it up very quick and easy. NO need for capsman unless you like an ulcer and hitting your head against the wall??
viewtopic.php?t=143620

One additional note not covered in that article.
I have untrusted subnets which I make into vlans lets say for example on my capac.

5ghz HOME USERS (trusted)
5ghz Virtual - Guest USERS (untrusted but not really)
2ghz Smart Devices untrusted 1 ( different media boxes ) UNTRUSTED
2ghz Virtual Smart devices untrusted 2 (smoke alarms) UNTRUSTED
2 ghz Virtual Smart devices untrusted 3 (thermostats - anything cooling/heating related) UNTRUSTEd

a. UNTRUSTED = box with software firmware with unknown code.
b. UNTRUSTED = cloud connection could be hacked at the provider end or hacked into by another device on the same wlan see a.

So I use vlans to separate the above groups of devices and users.
Clearly i dont want my smoke alarm devices to have any chance to being discovered talked to by my media boxes.
Similarly I dont want my xbox, to talk to my appletV, or to my Android movie box etc...... and I dont want my ecobee thermostat discovering my nest thermostat or hvac equipment etc..(

(you could use examples of indoor and outdoor videocameras, door locks et................ lots of fun.

However the more virtual WLANS I add to either the capac or TPLINK at some point I degrade the functionality for all the 2ghz equipment and eventually the AP and the 5ghz performance.
Thus I really have to decide for myself what are the critical UNTRUSTED devices I really want on a separate vlan, as I want to minimize the number of virtrual wlans used to two, three max.
- smoke/fire alarms yup dont want those hacked
-video cameras yup dont want those hacked.

Thus in my examples above, in the capac under wireless settings apart from firewall rules and the setup in the link provided, one simply UNCHECKS the forward box, which isolates wifi clients from each other. So this is close to the same thing as putting them on separate WLANs/vlans...........

Who is online

Users browsing this forum: erlinden, Google [Bot], GoogleOther [Bot] and 39 guests