default CAP configuration = no firewall
CAPsMAN: HAP AX2
quite complex config, 2 bridges (intranet and guests), Using combination of RAW and ordinary FW rules, but this config is working on non Wave2 routers and CAPs.
I can only recall I had to add unicast to the local Src. Address Type of the prerouting accept rule for Protocol: 17 (udp) and Any Port: 5246,5247 to make the CAPsMAN working on non Wave2 routers
Now it looks strange to me, rule Unicast Dst. Address Type would make more sense.
Anyway, I have tried to replicate the configuration I have succesfully used for many years on non Wave2 devices and bumped into issues with CAP joining the CAPsMAN.
I have been used to configure CAPsMAN service only on those Ethernet IF to which the CAPs were connected, but on the Wave2 CAPsMAN I couldn't find working combination
I don't want to attach the complex config and hope the description of the combinations below is enough to come out with some ideas, what mistake I am doing.
thanks for any hint
PiGeon
Config #1a
CAPsMAN
Interfaces: ether5
CAP
Discovery Interfaces:ether1
Torch: Interface ether5 and Src. Address CAP_IP
CAP_IP >UDP> 255.255.255.255:5246
Result: no connection to CAPsMAN
Config #1b - On CAP added CAPsMAN_IP to CAPsMAN Addressess: in CAP configuration
CAPsMAN
Interfaces: ether5
CAPsMAN Addressess:CAPsMAN_IP
CAP
Discovery Interfaces:ether1
Torch: Interface ether5 and Src. Address CAP_IP
CAP_IP >UDP> 255.255.255.255:5246
CAP_IP >UDP> CAPsMAN_IP:5246
Result: no connection to CAPsMAN
Config #2a
CAPsMAN
Interfaces: bridge_intranet (instead of ether5)
CAP
Discovery Interfaces:ether1
Torch: Interface ether5 and Src. Address CAP_IP
CAP_IP >UDP> 255.255.255.255:5246
CAP_IP >UDP> CAPsMAN_IP:5246
Result: no connection to CAPsMAN
Config #2b - On CAP added CAPsMAN_IP to CAPsMAN Addressess: in CAP configuration
CAPsMAN
Interfaces: bridge_intranet
CAPsMAN Addressess:CAPsMAN_IP
CAP
Discovery Interfaces:ether1
Torch: Interface ether5 and Src. Address CAP_IP
CAP_IP >UDP> 255.255.255.255:5246
CAP_IP >UDP> CAPsMAN_IP:5246
CAP_IP >TCP> CAPsMAN_IP:5246
Note: After the TCP connection the CAP was finally displayed as managed
Result: managed by CAPsMAN
Log: AP1@CAP_IP joined
Config #3
CAPsMAN
Interfaces: bridge_intranet
CAP
Discovery Interfaces:bridgeLocal (instead of ether1)
Torch: Interface ether5 and Src. Address CAP_IP
CAP_IP >UDP> 255.255.255.255:5246
CAP_IP >UDP> CAPsMAN_IP:5246
Note: no TCP connection to CAPsMAN_IP:5246
Result: managed by CAPsMAN
Log: AP1@CAP_MAC_address%*9 joined
