Community discussions

MikroTik App
  4. RouterOS
  5. Wireless Networking

Problem with new Capsman configuration on L009UiGS and cAP AC  [SOLVED]

Post Reply
 
User avatar
urbinek
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 87
Joined: Mon Oct 25, 2010 4:11 pm

Problem with new Capsman configuration on L009UiGS and cAP AC

Thu Mar 07, 2024 8:34 pm

Hi, I am running in circles now, not sure if vlans or something else is miss-configured, but to the point

I have L009UiGS running old capsman on mipsbe and AC devices which is perfectly running with vlan separation per network segment
vlan 64 - home eth+wifi
vlan 48 - guest eth+wifi
vlan 32 - iot eth+wifi
vlan 16 - infra eth only

Everything works fine, i can see different ssids, connect to them with different secrets, get diffrent networks, etc.

Now i want to migrate my network to new capsman running AX and AC devices, but until i get more hardware i want to run both capsman version, so for now i've installed
- routeros+wireless, on L009UiGS
- routeros+wifi-qcom-ac on cAP AC
- routeros+wireless on rb961
And for love of me i don't have any idea what i am am doing wrong.

In short, it seems that new CAP can reach and register in new CAPsMAN,
Code: Select all
 
 19:03:01 caps,info selected CAPsMAN urbinek_L009UiGS-2HaxD-IN@78:9A:18:B5:AD:9A%*6
 19:03:01 caps,info connected to urbinek_L009UiGS-2HaxD-IN@78:9A:18:B5:AD:9A%*6
whoever configuration is not in place:
Code: Select all
admin@RBcAPGi-5acD2nD > /interface/wifi/print detail 
Flags: M - master; D - dynamic; B - bound; X - disabled, I - inactive, R - running 
 0 M BI ;;; managed by CAPsMAN
        default-name="wifi1" name="wifi1" mac-address=C4:AD:34:40:7A:D9 arp-timeout=auto radio-mac=C4:AD:34:40:7A:D9 configuration.manager=capsman datapath=capsman-ac 
 1 M BI ;;; managed by CAPsMAN
        default-name="wifi2" name="wifi2" mac-address=C4:AD:34:40:7A:DA arp-timeout=auto radio-mac=C4:AD:34:40:7A:DA configuration.manager=capsman datapath=capsman-ac 
 2    I name="wifi21" mac-address=C6:AD:34:40:7A:D9 arp-timeout=auto master-interface=wifi1 
 3    I name="wifi22" mac-address=C6:AD:34:40:7A:DA arp-timeout=auto master-interface=wifi2 
 4    I name="wifi31" mac-address=C6:AD:34:40:7A:D9 arp-timeout=auto master-interface=wifi1 configuration.mode=ap 
 5    I name="wifi32" mac-address=C6:AD:34:40:7A:DA arp-timeout=auto master-interface=wifi2 configuration.mode=ap
While on CAPsMAN side, interfaces are created with aligned but trow error "no connection to CAPsMAN" (wtf?)
Code: Select all
admin@urbinek_L009UiGS-2HaxD-IN > /interface/wifi/print detail 
Flags: M - master; D - dynamic; B - bound; X - disabled, I - inactive, R - running 
 0 MDBI ;;; no connection to CAPsMAN
        name="2G_ac-RBcAPGi-5acD2nD" mac-address=C4:AD:34:40:7A:D9 arp-timeout=auto radio-mac=C4:AD:34:40:7A:D9 configuration=home_2-ac 
 1  D I name="2G_ac-RBcAPGi-5acD2nD2" mac-address=C6:AD:34:40:7A:D9 arp-timeout=auto master-interface=2G_ac-RBcAPGi-5acD2nD configuration=guest_2-ac 
 2  D I name="2G_ac-RBcAPGi-5acD2nD3" mac-address=C6:AD:34:40:7A:DA arp-timeout=auto master-interface=2G_ac-RBcAPGi-5acD2nD configuration=iot_2-ac 
 3 MDBI ;;; no connection to CAPsMAN
        name="5G_ac-RBcAPGi-5acD2nD" mac-address=C4:AD:34:40:7A:DA arp-timeout=auto radio-mac=C4:AD:34:40:7A:DA configuration=home_5-ac 
 4  D I name="5G_ac-RBcAPGi-5acD2nD2" mac-address=C6:AD:34:40:7A:DB arp-timeout=auto master-interface=5G_ac-RBcAPGi-5acD2nD configuration=guest_5-ac 
 5  D I name="5G_ac-RBcAPGi-5acD2nD3" mac-address=C6:AD:34:40:7A:DC arp-timeout=auto master-interface=5G_ac-RBcAPGi-5acD2nD configuration=iot_5-ac 
 6 M  I default-name="wifi1" name="wifi1" mac-address=78:9A:18:B5:AD:A2 arp-timeout=auto radio-mac=78:9A:18:B5:AD:A2 configuration.mode=ap .manager=capsman-or-local security.connect-priority=0

My configs are as follow:
Interface setup on L009UiGS-2HaxD:
Code: Select all
/interface bridge settings
set use-ip-firewall-for-vlan=yes

/interface bridge
add name=bridge-local vlan-filtering=yes

/interface bridge port
add bridge=bridge-local interface=ether3-962UiGS
add bridge=bridge-local interface=ether5-ipmi
add bridge=bridge-local interface=ether7-RB951G-2HnD
add bridge=bridge-local interface=ether8-260GS
add bridge=bridge-local interface=ether2-CRS305
add bridge=bridge-local interface=ether6-xen-eno1
add bridge=bridge-local interface=ether4-cAPGi-5acD2nD

/interface vlan
add interface=bridge-local name=vlan-guest vlan-id=48
add interface=bridge-local name=vlan-home vlan-id=64
add interface=bridge-local name=vlan-infra vlan-id=16
add interface=bridge-local name=vlan-iot vlan-id=32

/interface bridge vlan
add bridge=bridge-local tagged=bridge-local,ether2-CRS305,ether3-962UiGS,ether4-cAPGi-5acD2nD,ether5-ipmi,ether6-xen-eno1,ether7-RB951G-2HnD,ether8-260GS vlan-ids=16,32,48,64
Old capsman on L009UiGS-2HaxD:
Code: Select all
/caps-man channel
add band=5ghz-a/n/ac extension-channel=eCee name=5Ghz skip-dfs-channels=yes
add band=2ghz-g/n extension-channel=Ce name=2.4Ghz skip-dfs-channels=yes

/caps-man datapath
add bridge=bridge-local l2mtu=2280 mtu=2250 name=datapath-guest vlan-id=48 vlan-mode=use-tag
add bridge=bridge-local l2mtu=2280 mtu=2250 name=datapath-iot vlan-id=32 vlan-mode=use-tag
add bridge=bridge-local l2mtu=2280 mtu=2250 name=datapath-home vlan-id=64 vlan-mode=use-tag
/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm name=guest
add authentication-types=wpa2-psk encryption=aes-ccm name=home
add authentication-types=wpa2-psk encryption=aes-ccm name=iot
/caps-man configuration
add channel=2.4Ghz country=poland datapath=datapath-home distance=indoors hw-protection-mode=none hw-retries=10 installation=indoor keepalive-frames=enabled load-balancing-group="" multicast-helper=disabled name=home-2.4Ghz security=home ssid=urbinek_cAP
add channel=5Ghz country=poland datapath=datapath-guest disconnect-timeout=5s distance=indoors hw-retries=10 installation=indoor keepalive-frames=enabled multicast-helper=disabled name=guest-5Ghz security=guest ssid=urbinek_guest
add channel=5Ghz channel.skip-dfs-channels=yes country=poland datapath=datapath-home disconnect-timeout=5s distance=indoors hw-retries=10 installation=indoor keepalive-frames=enabled load-balancing-group="" multicast-helper=disabled name=home-5Ghz security=home ssid=urbinek_cAP
add channel=2.4Ghz country=poland datapath=datapath-guest datapath.l2mtu=2280 .mtu=2200 disconnect-timeout=5s distance=indoors hw-retries=10 installation=indoor keepalive-frames=enabled multicast-helper=disabled name=guest-2.4Ghz security=guest ssid=urbinek_guest
add channel=2.4Ghz country=poland datapath=datapath-iot datapath.l2mtu=2280 .mtu=2200 disconnect-timeout=5s distance=indoors hw-retries=10 installation=indoor keepalive-frames=enabled multicast-helper=disabled name=iot-2.4Ghz security=iot ssid=urbinek_iot
add channel=5Ghz country=poland datapath=datapath-iot datapath.l2mtu=2280 .mtu=2200 disconnect-timeout=5s distance=indoors hw-retries=10 installation=indoor keepalive-frames=enabled multicast-helper=disabled name=iot-5Ghz security=iot ssid=urbinek_iot

/caps-man provisioning
add action=create-dynamic-enabled hw-supported-modes=gn master-configuration=home-2.4Ghz name-format=prefix-identity name-prefix=2.4Ghz slave-configurations=iot-2.4Ghz,guest-2.4Ghz
add action=create-dynamic-enabled hw-supported-modes=an,ac master-configuration=home-5Ghz name-format=prefix-identity name-prefix=5Ghz slave-configurations=guest-5Ghz,iot-5Ghz

/caps-man manager
set ca-certificate=auto certificate=auto enabled=yes upgrade-policy=suggest-same-version
New capsman on L009UiGS-2HaxD:
Code: Select all
/interface wifi security
add authentication-types=wpa2-psk disabled=no name=guest
add authentication-types=wpa2-psk disabled=no name=iot
add authentication-types=wpa2-psk disabled=no name=home

/interface wifi channel
add band=2ghz-n disabled=no name=2-AC skip-dfs-channels=disabled
add band=5ghz-ac disabled=no name=5-AC skip-dfs-channels=disabled
add band=5ghz-ax disabled=no name=5-AX skip-dfs-channels=disabled
add band=2ghz-ax disabled=no name=2-AX skip-dfs-channels=disabled

/interface wifi datapath
add bridge=bridge-local disabled=no name=guest vlan-id=48
add bridge=bridge-local disabled=no name=home vlan-id=64
add bridge=bridge-local disabled=no name=iot vlan-id=32
add bridge=bridge-local disabled=no name=capsman-ac

/interface wifi configuration
add channel=2-AC country=Poland datapath=capsman-ac disabled=no manager=capsman name=home_2-ac security=home ssid=urbinek_cAP-NEW
add channel=2-AC country=Poland datapath=capsman-ac disabled=no name=guest_2-ac security=guest ssid=urbinek_guest-NEW
add channel=2-AC country=Poland datapath=capsman-ac disabled=no name=iot_2-ac security=iot ssid=urbinek_iot-NEW
add channel=2-AX country=Poland datapath=home disabled=no name=home_2-ax security=home ssid=urbinek_cAP-NEW
add channel=2-AX country=Poland datapath=guest disabled=no name=guest_2-ax security=guest ssid=urbinek_guest-NEW
add channel=2-AX country=Poland datapath=iot disabled=no name=iot_2-ax security=iot ssid=urbinek_iot-NEW
add channel=5-AC country=Poland datapath=capsman-ac disabled=no manager=capsman name=home_5-ac security=home ssid=urbinek_cAP-NEW
add channel=5-AC country=Poland datapath=capsman-ac disabled=no name=guest_5-ac security=guest ssid=urbinek_guest-NEW
add channel=5-AC country=Poland datapath=capsman-ac disabled=no name=iot_5-ac security=iot ssid=urbinek_iot-NEW
add channel=5-AX country=Poland datapath=guest disabled=no name=guest_5-ax security=guest ssid=urbinek_guest-NEW
add channel=5-AX country=Poland datapath=iot disabled=no name=iot_5-ax security=iot ssid=urbinek_iot-NEW
add channel=5-AX country=Poland datapath=home disabled=no name=home_5-ax security=home ssid=urbinek_cAP-NEW

/interface wifi provisioning
add action=create-dynamic-enabled disabled=no master-configuration=home_2-ac name-format=2G_ac-%I slave-configurations=guest_2-ac,iot_2-ac supported-bands=2ghz-n
add action=create-dynamic-enabled disabled=no master-configuration=home_5-ac name-format=5G_ac-%I slave-configurations=guest_5-ac,iot_5-ac supported-bands=5ghz-ac
add action=create-dynamic-enabled disabled=no master-configuration=home_5-ax name-format=5G_ax-%I slave-configurations=guest_5-ax,iot_5-ax supported-bands=5ghz-ax
add action=create-dynamic-enabled disabled=no master-configuration=home_2-ax name-format=2G_ax-%I slave-configurations=guest_2-ax,iot_2-ax supported-bands=2ghz-ax

/interface wifi capsman
set ca-certificate=auto enabled=yes interfaces=bridge-local package-path="" require-peer-certificate=no upgrade-policy=none
Interface and CAP configuration on RBcAPGi-5acD2nD
Code: Select all
/interface bridge
add admin-mac=C4:AD:34:40:7A:D7 auto-mac=no name=bridge-local

/interface ethernet
set [ find default-name=ether1 ] name=ether1-uplink

/interface vlan
add interface=bridge-local name=vlan-infra vlan-id=16

/interface wifi datapath
add bridge=bridge-local disabled=no name=capsman-ac

/interface wifi
set [ find default-name=wifi1 ] configuration.manager=capsman datapath=capsman-ac disabled=no
set [ find default-name=wifi2 ] configuration.manager=capsman datapath=capsman-ac disabled=no
add disabled=no mac-address=C6:AD:34:40:7A:D9 master-interface=wifi1 name=wifi21
add disabled=no mac-address=C6:AD:34:40:7A:DA master-interface=wifi2 name=wifi22
add configuration.mode=ap disabled=no mac-address=C6:AD:34:40:7A:D9 master-interface=wifi1 name=wifi31
add configuration.mode=ap disabled=no mac-address=C6:AD:34:40:7A:DA master-interface=wifi2 name=wifi32

/interface bridge port
add bridge=bridge-local interface=ether1-uplink
add bridge=bridge-local interface=ether2
add bridge=bridge-local interface=wifi1 pvid=64
add bridge=bridge-local interface=wifi21 pvid=48
add bridge=bridge-local interface=wifi2 pvid=64
add bridge=bridge-local interface=wifi22 pvid=48
add bridge=bridge-local interface=wifi31 pvid=32
add bridge=bridge-local interface=wifi32 pvid=32

/interface bridge vlan
add bridge=bridge-local tagged=ether1-uplink untagged=wifi1,wifi2 vlan-ids=64
add bridge=bridge-local tagged=ether1-uplink untagged=wifi21,wifi22 vlan-ids=48
add bridge=bridge-local tagged=ether1-uplink vlan-ids=16
add bridge=bridge-local tagged=ether1-uplink untagged=wifi31,wifi32 vlan-ids=32

/interface wifi cap
set certificate=request discovery-interfaces=bridge-local enabled=yes slaves-datapath=capsman-ac slaves-static=yes
You do not have the required permissions to view the files attached to this post.
Top
 
User avatar
urbinek
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 87
Joined: Mon Oct 25, 2010 4:11 pm

Re: Problem with new Capsman configuration on L009UiGS and cAP AC  [SOLVED]

Fri Mar 08, 2024 12:39 pm

Okay, so it seems that adding manager in was unessesary
/interface wifi configuration
add channel=2-AC country=Poland datapath=capsman-ac disabled=no manager=capsman name=home_2-ac security=home ssid=urbinek_cAP-NEW
add channel=5-AC country=Poland datapath=capsman-ac disabled=no manager=capsman name=home_5-ac security=home ssid=urbinek_cAP-NEW
When removed, caps is downloading configuration and broadcasting networks
Zrzut ekranu 2024-03-08 112824.png
It i think there is still problem with vlan/bridging. I cant add interfaces as they are dybnamic
You do not have the required permissions to view the files attached to this post.
Top
 
User avatar
urbinek
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 87
Joined: Mon Oct 25, 2010 4:11 pm

Re: Problem with new Capsman configuration on L009UiGS and cAP AC

Fri Mar 08, 2024 4:13 pm

Missing ingredient was, actually tagging bridge on cAP and enabling filtering, lol
Code: Select all
/interface/bridge set [find where name=bridge-local] vlan-filtering=yes
/interface/bridge/vlan add bridge=bridge-local tagged=bridge-local vlan-ids=64
/interface/bridge/vlan add bridge=bridge-local tagged=bridge-local vlan-ids=16
/interface/bridge/vlan add bridge=bridge-local tagged=bridge-local vlan-ids=32
/interface/bridge/vlan add bridge=bridge-local tagged=bridge-local vlan-ids=48
Top
Post Reply

Who is online

Users browsing this forum: No registered users and 14 guests
  4. RouterOS
  5. Wireless Networking