Let me introduce situation, I'm pretty familiar with Mikrotik routers, I'm using mainly IPSec tunnels and some basic features. Now lack of devices force me to try Mikrotik APs.
I have one RB750Gr3 as main router and three hAP ac2 as AP and switch.
In first try, I tried to setup it like just three AP, one per floor. It works but roaming was not fully functional. Radio roamed, but IP connectivity not.
In second try I set up CAPsMAN with help of some friends and the Google.
It is working, but I'm not sure about config and also I'm having problems with Apple devices.
There are four subnets, managed in VLANs - so VLAN1 is management subnet, where switches, APs and so on resides. Also there is VLAN10 as LAN, VLAN11 as guest network and VLAN12 as network for IP cameras and NVR.
I need LAN and GUEST network to get working by WiFi, each in one SSID, both SSIDs on all APs on both frequencies (2 and 5 GHz).
I'm running config below, I need local forward for apple TV and others. I get lost with selection channels on both frequencies to get Apple gear working.
Can you please help me identify where I'm wrong?
Code: Select all
# sep/11/2022 17:12:10 by RouterOS 7.5
#
# model = RB750Gr3
/interface bridge
add name=BR-GUEST priority=0x1000
add name=BR-CAM priority=0x1000
add name=BR-LAN priority=0x1000
add name=BR-MGMT priority=0x1000
/interface ethernet
set [ find default-name=ether1 ] name=E01-INTERNET
set [ find default-name=ether2 ] name=E02-CAN
set [ find default-name=ether3 ] disabled=yes
set [ find default-name=ether4 ] disabled=yes
set [ find default-name=ether5 ] disabled=yes
/interface vlan
add interface=E02-CAN name=E02-VL10-LAN vlan-id=10
add interface=E02-CAN name=E02-VL11-GUEST vlan-id=11
add interface=E02-CAN name=E02-VL12-CAM vlan-id=12
/caps-man configuration
add country="czech republic" datapath.bridge=BR-LAN \
.client-to-client-forwarding=yes .local-forwarding=yes installation=any \
mode=ap name=SSID-LAN security.authentication-types=wpa2-psk .encryption=\
aes-ccm ssid=SSID-LAN
add channel.skip-dfs-channels=yes country="czech republic" datapath.bridge=\
BR-GUEST installation=any mode=ap name=SSID-GUEST \
security.authentication-types=wpa2-psk .encryption=aes-ccm ssid=SSID-GUEST
/interface list
add name=LOCALS
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=10.0.79.200-10.0.79.254
add name=dhcp_pool1 ranges=192.168.79.99-192.168.79.254
add name=dhcp_pool2 ranges=10.1.79.2-10.1.79.254
/ip dhcp-server
add address-pool=dhcp_pool0 interface=BR-MGMT name=dhcp1
add address-pool=dhcp_pool1 interface=BR-LAN lease-time=2d name=dhcp2
add address-pool=dhcp_pool2 interface=BR-GUEST lease-script=":local queueName \
\"Client- \$leaseActMAC\";\r\
\n \r\
\n:if (\$leaseBound = \"1\") do={\r\
\n /queue simple add name=\$queueName target=(\$leaseActIP . \"/32\") l\
imit-at=20M/20M max-limit=20M/20M comment=[/ip dhcp-server lease get [find\
\_where active-mac-address=\$leaseActMAC && active-address=\$leaseActIP] h\
ost-name];\r\
\n} else={\r\
\n /queue simple remove \$queueName\r\
\n}" lease-time=1h name=dhcp3
/caps-man manager
set enabled=yes
/caps-man manager interface
set [ find default=yes ] forbid=yes
add disabled=no interface=BR-MGMT
/caps-man provisioning
add action=create-dynamic-enabled master-configuration=SSID1 \
slave-configurations=SSID-GUEST
/interface bridge port
add bridge=BR-MGMT ingress-filtering=no interface=E02-CAN
add bridge=BR-LAN ingress-filtering=no interface=E02-VL10-LAN
add bridge=BR-GUEST ingress-filtering=no interface=E02-VL11-GUEST
add bridge=BR-CAM ingress-filtering=no interface=E02-VL12-CAM
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface list member
add interface=BR-GUEST list=LOCALS
add interface=BR-CAM list=LOCALS
add interface=BR-LAN list=LOCALS
/interface ovpn-server server
set auth=sha1,md5
/ip address
add address=10.0.79.1/24 interface=BR-MGMT network=10.0.79.0
add address=192.168.79.1/24 interface=BR-LAN network=192.168.79.0
add address=10.1.79.1/24 interface=BR-GUEST network=10.1.79.0
add address=10.2.79.1/24 interface=BR-CAM network=10.2.79.0
add address=192.168.11.251/24 interface=E01-INTERNET network=192.168.11.0
add address=95.x.x.25 interface=E01-INTERNET network=95.xx.xx.25
/ip dhcp-server lease
add address=192.168.79.99 client-id=1:0:11:32:58:13:5c mac-address=\
00:11:32:58:13:5C server=dhcp2
/ip dhcp-server network
add address=10.0.79.0/24 dns-server=192.168.51.2 domain=j*z \
gateway=10.0.79.1
add address=10.1.79.0/24 dns-server=10.1.79.1 gateway=10.1.79.1
add address=192.168.79.0/24 dns-server=192.168.79.1 gateway=192.168.79.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip route
add disabled=no dst-address=0.0.0.0/0 gateway=192.168.11.254
add distance=1 dst-address=192.168.51.0/24 gateway=BR-MGMT
/system clock
set time-zone-name=Europe/Prague
/system ntp client
set enabled=yes
/system ntp client servers
add address=ntp.nic.cz