Community discussions

MikroTik App
  4. RouterOS
  5. Wireless Networking

RB2011 with a router switch and hap ax2 as aps

Post Reply
 
Skift
just joined
Topic Author
Posts: 1
Joined: Fri Mar 28, 2025 7:03 pm

RB2011 with a router switch and hap ax2 as aps

Fri Mar 28, 2025 7:29 pm

Hi, I'm at a friend's house trying to setup his hap ax2 units as aps (6 of them). The setup he has now is rb2011 with a router switch configured as a switch only and the aps to be connected to it. I'm trying to set caps but they do not show on the CAPsMAN (configured on the rb2011). I'm thinking that the issue now is that each piece of hardware is on a different version, rb2011 is on 6.4x and hax ap2 is on 7.7. Is there something else that should I do or am I doing something wrong.
Top
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 23358
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:
Contact anav

Re: RB2011 with a router switch and hap ax2 as aps

Sun Mar 30, 2025 11:00 pm

I do not know with any certainty but I would think that having all devices on the same version of firmware will be helpful.
I am not a capsman guy but to get your RB2011 and 6 APs working, I can provide assistance without capsman to at least get you to a working config.
While you have that, suggest work with ONE hapax2 on the side to get capsman working with the RB2011, and when successful apply to all ??

you will need a management vlan where all smart devices behind the router ( any smart switches or APs) will get their IP address from.
This is a good reference for vlans......... viewtopic.php?t=143620

The best thing you can do is take one port off the bridge and do your config from there, a safe spot. For both Router and APs.

1. Take ether5 off the bridge at /interface bridge port

2. Make the following additions/mods

/interface ethernet
set [ find default-name=ether5] comment=OffBridge5

/interface list member
add interface=OffBridge5=LAN ( and trusted if you have a management interface list )

/ip address
add address=192.168.77.1/30 interface=OffBridge5 network=192.168.77.0

3. Now you can plug in your laptop to ether5, change your ipv4 settings to 192.168.77.2 and using winbox access the router as per normal.

4. Now you can start configuring your router for vlans such as guest, home, iot, media, anything else, and any other vlans aka printer vlan, or spouses work vlan, or kids vlan etc.. THe idea being you dont want vendor equipment and work and home mixing with anything else,,,,,,,just internet access, etc....
Top
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 23358
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:
Contact anav

Re: RB2011 with a router switch and hap ax2 as aps

Sun Mar 30, 2025 11:38 pm

Typical AP setup will assume 99 is management vlan, 10 is home 20 is guest wifi and 30 is IOT wifi, and ether2 is a wired port for home user.
Code: Select all
/interface bridge
add ingress-filtering=no name=bridgegym port-cost-mode=short vlan-filtering=yes
/interface ethernet
set [ find default-name=ether5 ] name=OffBridge5
/interface vlan
add interface=bridgegym name=base-VLAN vlan-id=99
/interface list
add name=TRUSTED
/interface wifi
{ WIFI as required }
/interface bridge port
add bridge=bridgegym frame-types=admit-only-vlan-tagged interface=ether1  comment="trunk from router"
add bridge=bridgegym frame-types=admit-only-untagged-and-priority-tagged interface=ether2 pvid=10  comment="home PC"
add bridge=bridgegym frame-types=admit-only-untagged-and-priority-tagged interface=IOT-2GHZ pvid=30  comment="iot WIFI"
add bridge=bridgegym frame-types=admit-only-untagged-and-priority-tagged interface=HOME-5GHZ pvid=10  Comment="home wifi"
add bridge=bridgegym frame-types=admit-only-untagged-and-priority-tagged interface=GUEST-5GHZ pvid=20  Comment="home wifi"
/ip neighbor discovery-settings
set discover-interface-list=TRUSTED
/ipv6 settings
set disable-ipv6=yes 
/interface bridge vlan
add bridge=bridgegym  tagged=ether1  untagged=ether2,HOME-5GHZ  vlan-ids=10
add bridge=bridgegym  tagged=ether1  untagged=GUEST-5GHZ  vlan-ids=20
add bridge=bridgegym  tagged=ether1  untagged=IOT-2GHZ   vlan-ids=30
add bridge=bridgegym  tagged=bridgegym,ether1  vlan-ids=99   {  only management vlan is tagged on the bridge }
/interface list member
add interface=base-VLAN list=TRUSTED
add interface=OffBridge5  list=TRUSTED
/ip address
add address=192.168.0.84/24 interface=base-VLAN  network=192.168.0.0  comment="static IP of AP on management vlan"
add address=192.168.77.1/30 interface=home-OffBridge5  network=192.168.77.0 
/ip dns
set servers=192.168.0.1
/ip route
add disabled=no dst-address=0.0.0.0/0 gateway=192.168.0.1 routing-table=main 
/system ntp client
set enabled=yes
system ntp client servers
add address=192.168.0.1
/tool mac-server
set allowed-interface-list=none
/tool mac-server mac-winbox
set allowed-interface-list=TRUSTED
Top
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 13662
Joined: Thu Mar 03, 2016 10:23 pm

Re: RB2011 with a router switch and hap ax2 as aps

Mon Mar 31, 2025 8:54 am

Hi, I'm at a friend's house trying to setup his hap ax2 units as aps (6 of them). The setup he has now is rb2011 with a router switch configured as a switch only and the aps to be connected to it. I'm trying to set caps but they do not show on the CAPsMAN (configured on the rb2011). I'm thinking that the issue now is that each piece of hardware is on a different version, rb2011 is on 6.4x and hax ap2 is on 7.7. Is there something else that should I do or am I doing something wrong.

There are two generations of wifi/wireles drivers in Mikrotik world:
  1. (legacy) wireless
    this was the only generation, available in ROS v6.
    It is still available in ROS v7 but it only supports wireless radios up to AC.
  2. (new) wifi
    it was introduced in ROS v7. It's the only driver generation supporting AX devices. It also supports some AC devices (on those one has choice of running either driver generation)

And each driver generation comes with different generation of CAPsMAN as well.

So if you want to use RB2011 as CAPsMAN for hAP ax3 devices, you have to upgrade RB2011 to ROS v7. While in principle it should be possible to upgrade it using ROS built-in upgrader (it would take a few steps), I'd recommend to netinstall RB2011 to latest ROS (7.18.2 at the time of writing). Prior to using netinstall, make configuration export (the one which creates textual output ... you will use it as a reference when configuring RB2011 from scratch after upgrade) and binary backup (if you ever decide to go back to ROS v6).

If your RB2011 is the one with wireless, then you'll have to install also optional package wireless. New CAPsMAN (for wifi) is part of basic package since 7.13, so you don't have to install any of wifi packages on RB2011.

I also recommend you to upgrade hAP ax3 devices to 7.18.2. Beware that there are reports about troubles when running recent ROS versions on hAP ax3 devices, so start with upgrading only one of devices, throughly test it with all the clients that need to connect to those APs ... and proceed with upgrading the rest of APs if tests are successful.
Top
 
phascogale
Member Candidate
Member Candidate
Posts: 131
Joined: Tue Oct 17, 2023 11:25 am

Re: RB2011 with a router switch and hap ax2 as aps

Mon Mar 31, 2025 10:20 am

@mkx, Skift is avoiding potential ax3 problems by having ax2. :-)
Top
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 13662
Joined: Thu Mar 03, 2016 10:23 pm

Re: RB2011 with a router switch and hap ax2 as aps

Mon Mar 31, 2025 11:48 am

@mkx, Skift is avoiding potential ax3 problems by having ax2. :-)
Ah ... while writing reply I've had in mind that @skift mentioned hAP axN ... but wasn't sure whether N was 2 or 3. And didn't bother to check. My fault.

The recommendation to upgrade CAP devices to recent ROS v7 is still standing but without the disclaimer though.
Top
Post Reply
  4. RouterOS
  5. Wireless Networking