i have a HEX routerboard model: RB750Gr3 and a CAP model: RBcAP2nD.
I'm trying to setup the router (RB750) as a CapsMan and connect the only CAP i have.
the router:
- is connectd to internet through pppoe client
- have a separate subnet (172.16.0.0/24) that should hold a server
Code: Select all
/interface bridge
add name=caps-bridge1
/interface bridge port
add bridge=caps-bridge1 interface=ether2
/interface ethernet
set [ find default-name=ether1 ] name=ether1-wan
set [ find default-name=ether3 ] disabled=yes
set [ find default-name=ether4 ] disabled=yes
set [ find default-name=ether5 ] name=ether5-lan
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1-wan name=pppoe-out1 password=my_pass user=my_user
/ip address
add address=172.16.1.1/24 comment=wired-subnet interface=ether5-lan network=172.16.1.0
add address=192.168.1.2/24 comment=wan-connection interface=ether1-wan network=192.168.1.0
add address=172.16.0.1/24 comment=server-network interface=ether5-lan network=172.16.0.0
add address=192.168.0.1/24 comment="bridge (caps-connection)" interface=caps-bridge1 network=192.168.0.0
/ip dhcp-client
add comment=defconf disabled=no interface=ether1-wan
/ip pool
add name=wired-subnet-pool1 ranges=172.16.1.2-172.16.1.30
add name=caps-pool ranges=192.168.0.2-192.168.0.254
/ip dhcp-server
add address-pool=wired-subnet-pool1 disabled=no interface=ether5-lan name=wired-subnet-dhcp1
add address-pool=caps-pool disabled=no interface=caps-bridge1 name=caps-dhcp-srv1
/ip dhcp-server network
add address=172.16.1.0/24 dns-server=172.16.1.1 gateway=172.16.1.1
add address=192.168.0.0/24 dns-server=8.8.8.8,192.168.0.1 gateway=192.168.0.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,172.16.0.1,172.16.1.1,192.168.0.1
/caps-man channel
add band=2ghz-b/g/n control-channel-width=20mhz extension-channel=disabled frequency=2412 name=channel1
add band=2ghz-b/g/n control-channel-width=20mhz extension-channel=disabled frequency=2437 name=channel2
add band=2ghz-b/g/n control-channel-width=20mhz extension-channel=disabled frequency=2462 name=channel3
/caps-man datapath
add bridge=caps-bridge1 local-forwarding=no name=users_datapath1
/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm name=security1 passphrase=my-wifi-pass
/caps-man configuration
add channel=channel1 country=egypt datapath=users_datapath1 distance=indoors installation=indoor mode=ap name=cfg1 rx-chains=0,1 security=security1 ssid=my-ssid tx-chains=0,1
/caps-man manager
set ca-certificate=auto certificate=auto enabled=yes upgrade-policy=require-same-version
/caps-man manager interface
add disabled=no interface=caps-bridge1
/caps-man provisioning
add action=create-dynamic-enabled master-configuration=cfg1
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="bypass fasttrack - access wan modem" dst-address=192.168.1.1
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface=pppoe-out1
/ip route
add check-gateway=ping distance=1 gateway=pppoe-out1