Community discussions

MikroTik App
  4. RouterOS
  5. Wireless Networking

WinBox can't connect to my device after CAPsMAN

Post Reply
 
ilja
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 56
Joined: Thu Feb 22, 2018 1:15 pm

WinBox can't connect to my device after CAPsMAN

Mon Mar 05, 2018 7:42 pm

Hey all.

I have run into a problem, when WinBox cant see or connect to my wAP after I make it to be both CAPsMAN and CAP. My setup:
I have three units total, one wAP (being CAPsMAN) and two cAP(CAPs).

When wAP is configured as default router(CAPsMAN) and two cAP(CAPs) - i can connect to all of them individually - everything works fine. But when I make wAP to be both CAPsMAN and CAP the WiFi works and after connecting to it's SSID I can go online, but i cannot connect to wAP anymore. I have tried looking under "Neighbors" - none, checked out the IP issued from my switch - 192.168.1.72 i can see the device is active, but even after i connect through switch to wAP and using wAP's IP WinBox is not connecting to the device. So i have to reset it to default and restore to configurations, just before i turn it to act both as MAN and CAP.

What's weird is that while configuring CAPsMAN, DHCP which I have set for bridge interface is 10.10.10.0. But when i connect to WiFi network created by CAPsMAN and check the IP i m receiving - it's 192.168.1.65 (which is my switch's DHCP range) as though it connects me to my switch instead of assigning an IP from configured IP pool (10.10.10.2-10.10.10.254).

Please help me to understand what am I doing wrong or missing out.
My configurations before I set wAP to be CAP
Code: Select all
[admin@MikroTik - office] > /ip dhcp print
Flags: D - dynamic, X - disabled, I - invalid 
 #    NAME                                          INTERFACE                                        RELAY           ADDRESS-POOL                                        LEASE-TIME ADD-ARP
 0    defconf                                       wlan1                                                            dhcp                                                10m       
 1    dhcp1                                         OfficeNet                                                        dhcp_pool4                                          10m       
[admin@MikroTik - office] > /ip pool print
 # NAME                                                                                                                                                     RANGES                         
 0 dhcp                                                                                                                                                     10.0.0.2-10.0.0.254            
 1 guest-wifi                                                                                                                                               10.1.1.2-10.1.1.50             
 2 dhcp_pool3                                                                                                                                               10.10.10.2-10.10.10.254        
 3 dhcp_pool4                                                                                                                                               10.10.10.2-10.10.10.254
[admin@MikroTik - office] > caps-man configuration print
 0 name="OfficeNet" mode=ap ssid="meshpower-office" datapath.bridge=OfficeNet 

 1 name="GuestNet" mode=ap ssid="meshpower-guest" security=GuestNet datapath=VLAN-GuestNet 
[admin@MikroTik - office] > caps-man provisioning print
Flags: X - disabled 
 0   radio-mac=00:00:00:00:00:00 hw-supported-modes="" identity-regexp="" common-name-regexp="" ip-address-ranges="" action=create-dynamic-enabled master-configuration=OfficeNet 
     slave-configurations=GuestNet name-format=prefix name-prefix="OfficeAP"
[admin@MikroTik - office] > caps-man datapath print
 0 name="VLAN-OfficeNet" client-to-client-forwarding=yes bridge=OfficeNet local-forwarding=yes vlan-mode=use-tag vlan-id=10 

 1 name="VLAN-GuestNet" client-to-client-forwarding=yes bridge=OfficeNet local-forwarding=yes vlan-mode=use-tag vlan-id=20
 
[admin@MikroTik - office] > caps-man security print
 0 ;;; password for guest network - meshpowerguest
   name="GuestNet" authentication-types=wpa-psk,wpa2-psk encryption=aes-ccm passphrase="meshpowerguest" 
[admin@MikroTik - office] > /ip address print
Flags: X - disabled, I - invalid, D - dynamic 
 #   ADDRESS            NETWORK         INTERFACE                                                                                                                                          
 0   ;;; defconf
     10.0.0.1/24        10.0.0.0        wlan1                                                                                                                                              
 1   10.10.10.1/24      10.10.10.0      OfficeNet                                                                                                                                          
 2 D 192.168.1.72/24    192.168.1.0     ether1
 [admin@MikroTik - office] > interface bridge print 
Flags: X - disabled, R - running 
 0 R name="OfficeNet" mtu=1500 actual-mtu=1500 l2mtu=1598 arp=enabled arp-timeout=auto mac-address=6C:3B:6B:63:25:1B protocol-mode=rstp fast-forward=no igmp-snooping=no priority=0x8000 
     auto-mac=yes max-message-age=20s forward-delay=15s transmit-hold-count=6 ageing-time=5m region-name="" region-revision=0 max-hops=20 vlan-filtering=no pvid=1 
[admin@MikroTik - office] > interface bridge port print 
Flags: X - disabled, I - inactive, D - dynamic, H - hw-offload 
 #     INTERFACE                                                      BRIDGE                                                     HW  PVID PRIORITY  PATH-COST INTERNAL-PATH-COST    HORIZON
 0 I   OfficeAP2-1                                                    *8                                                         yes    1     0x80         10                 10       none
 1   H ether1                                                         OfficeNet                                                  yes    1     0x80         10                 10       none
   [admin@MikroTik - office] > /ip route print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit 
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 ADS  0.0.0.0/0                          192.168.1.254             1
 1 ADC  10.0.0.0/24        10.0.0.1        wlan1                     0
 2 ADC  10.10.10.0/24      10.10.10.1      OfficeNet                 0
 3 ADC  192.168.1.0/24     192.168.1.72    OfficeNet                 0
[admin@MikroTik - office] > /ip firewall filter print
Flags: X - disabled, I - invalid, D - dynamic 
 0  D ;;; special dummy rule to show fasttrack counters
      chain=forward action=passthrough 

 1    ;;; allows user manager to work with local hosts
      chain=input action=accept src-address=127.0.0.0/24 log=no log-prefix="" 

 2    ;;; place hotspot rules here
      chain=unused-hs-chain action=passthrough log=no log-prefix="" 

 3    ;;; defconf: accept established,related,untracked
      chain=input action=accept connection-state=established,related,untracked log=no log-prefix="" 

 4    ;;; defconf: drop invalid
      chain=input action=drop connection-state=invalid log=no log-prefix="" 

 5    ;;; defconf: accept ICMP
      chain=input action=accept protocol=icmp log=no log-prefix="" 

 6    ;;; defconf: drop all not coming from LAN
      chain=input action=drop in-interface-list=!LAN log=no log-prefix="" 

 7    ;;; defconf: accept in ipsec policy
      chain=forward action=accept log=no log-prefix="" ipsec-policy=in,ipsec 

 8    ;;; defconf: accept out ipsec policy
      chain=forward action=accept log=no log-prefix="" ipsec-policy=out,ipsec 

 9    ;;; defconf: fasttrack
      chain=forward action=fasttrack-connection connection-state=established,related log=no log-prefix="" 

10    ;;; defconf: accept established,related, untracked
      chain=forward action=accept connection-state=established,related,untracked log=no log-prefix="" 

11    ;;; defconf: drop invalid
      chain=forward action=drop connection-state=invalid log=no log-prefix="" 

12    ;;; defconf:  drop all from WAN not DSTNATed
      chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface-list=WAN log=no log-prefix="" 

13    ;;; CAPSMANAGER Discovery
      chain=input action=accept protocol=udp src-port=5246,5247 

14    ;;; CAPSMANAGER Discovery
      chain=input action=accept protocol=udp dst-port=5246,5247 
[admin@MikroTik - office] > /ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic 
 0 X  ;;; place hotspot rules here
      chain=unused-hs-chain action=passthrough 

 1    ;;; defconf: masquerade
      chain=srcnat action=masquerade out-interface-list=WAN ipsec-policy=out,none 

 2 X  ;;; masquerade hotspot network
      chain=srcnat action=masquerade src-address=192.168.88.0/24 log=no log-prefix="" 

 3 X  chain=srcnat action=masquerade out-interface=wlan1 log=no log-prefix="" 

 4    chain=srcnat action=masquerade src-address=10.10.10.0/24 log=no log-prefix="" 

 5    chain=srcnat action=masquerade out-interface=all-wireless log=no log-prefix=""
Top
 
ilja
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 56
Joined: Thu Feb 22, 2018 1:15 pm

Re: WinBox can't connect to my device after CAPsMAN

Tue Mar 06, 2018 6:19 am

Anyone, please?
Top
 
ilja
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 56
Joined: Thu Feb 22, 2018 1:15 pm

Re: WinBox can't connect to my device after CAPsMAN

Tue Mar 06, 2018 10:59 am

Solved.
I figured out that there is a default created firewall rule to block all traffic coming from LAN. Disabling that rule made it work!
Top
Post Reply
  4. RouterOS
  5. Wireless Networking