Hi everyone,

I'm new here, but have been searching here and on Google for several weeks while I investigated equipment to buy. I'm new to MikroTik, so for you experts, please take it easy on me.

I'm not by any means a networking expert, but usually know enough to get by and don't mind researching/learning (learning is the reason why I purchased MikroTik).

I just recently replaced an ASUS RT-AC68U with a MikroTik HAP AC2, two CAP ACs, and a Netgear managed POE switched. I only got the managed switch just in case I wanted to take advantage of VLAN setups in the future, but my setup is really basic and using the switch as a dummy switch with basically everything disabled. I just wanted better wifi coverage and the Asus was struggling to get a signal to my front bedroom and garage/back/basement area. I'm in a relative small home, about 1500 square feet (3 stories), but plenty of walls (drywall/plaster), etc., so HAP AC in main floor, and one CAP AC for upper and lower floors.

My network setup is below. I have Verizon Fios 100/100 via Ethernet to my own equipment (so no modem, etc.) directly to the HAP AC2. HAP AC2 to Netgear switch (GS108PEv3 POE switch), Netgear switch powering two CAP AC via POE.

HAP AC2 is setup as Home Mesh via quickset (I used this option after reading the Wiki that it basically sets the router up for routing + placing Wifi under cAPsMan) which is what I wanted. The two CAP ACs, plus the Wifi inside the HAP AC2 to be under cAPsMan to setup a seamless wifi network with all three devices.

I initially struggle with cAPsMan getting the wifi within the HAP AC2 to broadcast, but finally figured out that I needed to set the CAP Interface for the HAP AC2 wifi to connect to cAPsMan address 127.0.0.1. Then the wifi started broadcasting.

My next issue is I tried to setup one CAP AC via cAPsMan, but this is where i'm struggling. New CAP AC, logged into to setup device as CAP device, then after rebooting, nothing. CAPsMan doesn't recognize this device and I've tried everything I could think of. Problem is, after I set the CAP AC in CAP mode and reboot, I can't log back in to troubleshoot further and requires me to reset and start over.

Am I missing something with setup/configuration?

Nothing extra is configured for the HAP AC2 to Netgear, it's just plugged in and making connections (HAP AC2 ether 5 to Netgear port . If I directly plug into the Netgear in any other port, I get an IP address and internet.

Thanks in advance for any assistance.

How is the managed switch setup?

Can you please share your CAPsMAN configuration: /capsman export hide-sensitive file=capsman
You should be able to manage the cAP ac, are you using Winbox (is the cAP ac discovered)?

How is the managed switch setup?

The Managed switch is not configured. It's just plug and play and no managed features are enabled. Just going from HAP AC2 (port 5) to Netgear port 8.

Good news is I have an update that I got it to work, and will post additional info separately.

Can you please share your CAPsMAN configuration: /capsman export hide-sensitive file=capsman
You should be able to manage the cAP ac, are you using Winbox (is the cAP ac discovered)?

I'll post a config shortly, but I figured out the initially problem. I'm using Winbox (latest) and web config.

When I started from a freshly reset CAP AC, connected via Wifi, then changed the Quickset to CAP, after rebooting, the CAP AC did not auto connect to the LAN and was not assigned and IP address. I tested by manually resetting the CAP and holding the reset button until the light was solid to place in CAP mode that way, then an IP address was assigned and I saw what the differences were with the settings, so if MikroTik is looking at this post, I'm wondering if there is a slight glitch in the two ways to setup the CAP AC in CAP mode.

I'll probably end up setting a static IP in the DHCP reserved range anyway.

Ok, so I have a new development.

Got the CAP to work after hard resetting and resetting to CAP mode. Now, my issue is with the configuration.

When I was playing with the local Wifi of the HAP AC2 after configuring it for CAPsMAN, I found that the there was 3 wifi configurations. One for 2.4b/g/n, and two for 5G. One 5Ga/n and another for 5Gn/ac. I do specifically want to broadcast two Wifi SSIDs, one 2.4 and one 5G (the reason for this is because I need 5G for work, and even though on my work laptop I have the wifi radio to prefer 5G, I'd still rather configure 2.4 and 5G separately). This is because I need higher throughput for my work's VPN client.

The new question I have is, do I need three configurations for the three ranges (2.4b/g/n, 5Ga/n, and 5Gn/ac)?

When I tested with one config (after starting over with the HAP AC2), I got an error for the 5G stating no wifi channel and 5G didn't broadcast. Ideally, I'd like to have 5G automatically connect to the best channels, but I will manually configure 2.4 to connect to channels 1, 6, and 11 so there is no overlap in the 2.4 range.

Thanks.

You need a config for every wlan interface at least.

Thanks, gnro. I was able to get everything configured. I configured the 2.4 network manually to channel 1, 6, and 11 via the channel config, and originally left 5G un-configured as I originally thought it was going to set each of the three 5G interfaces on different channels based on clutter. Well, after rebooting all three devices (within 2 minutes of each other so they all wouldn't reboot at once), they each chose 5G channel 161, so I then just manually configured each AP to a 5G channel based on the current wifi scan.

Everything seems to be working fine. The only thing I'm now trying to keep tweaking is the TX Power. The Capsman tips guide suggested lowering power and setting the tx power value to 10. Can someone share what the normal default power ranges are for the HAP AC2 and CAP for 2.4 and 5G networks? What I'm trying to tweak is instead of setting all three to the same power reduction, is tweaking each individually to give maximum wifi benefit and roaming.

Thanks.

Could you publish your working configurations please?

Sure, I can do that.

Do you want just the caps-man export or do you want to see other stuff?

I know the caps-man export command based on post #3, but if you want other stuff, please post the command to type in terminal.

Thanks.

/export hide-sensitive -file=capsman

Sent from my SM-A705FN using Tapatalk

Here you go. I cleared out all mac addresses/names/serial numbers. I'm open to recommendations for any improvements.

These settings work for me. I'm still playing with tweaking power settings. I currently have two at reduced power for 2.4, and the one in my basement at default power. No power reduction for 5G at this time.

Thanks.




# aug/21/2020 07:02:45 by RouterOS 6.47.2
# software id = 454H-NATK
#
# model = RBD52G-5HacD2HnD
# serial number = 000000000000
/caps-man channel
add band=2ghz-b/g/n control-channel-width=20mhz frequency=2412 name=Channel1
add band=2ghz-b/g/n control-channel-width=20mhz frequency=2437 name=Channel6 \
tx-power=10
add band=2ghz-b/g/n control-channel-width=20mhz frequency=2462 name=Channel11 \
tx-power=10
add band=5ghz-a/n/ac frequency=5180 name=Channel36
add band=5ghz-a/n/ac frequency=5240 name=Channel48
add band=5ghz-a/n/ac frequency=5745 name=Channel149
add band=5ghz-a/n/ac frequency=5805 name=Channel161
/interface bridge
add admin-mac=00:00:00:00:00:00 auto-mac=no comment=defconf name=bridge
/interface wireless
# managed by CAPsMAN
# channel: 2437/20-Ce/gn(8dBm), SSID: TNG, CAPsMAN forwarding
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
distance=indoors frequency=auto installation=indoor mode=ap-bridge ssid=\
MikroTik-71F33C wireless-protocol=802.11
# managed by CAPsMAN
# channel: 5240/20-eeeC/ac(28dBm), SSID: TNG_5G, CAPsMAN forwarding
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
20/40/80mhz-XXXX distance=indoors frequency=auto installation=indoor \
mode=ap-bridge ssid=MikroTik-71F33D wireless-protocol=802.11
/caps-man datapath
add bridge=bridge name=Datapath
/caps-man security
add authentication-types=wpa-psk,wpa2-psk encryption=aes-ccm,tkip name=\
Security
/caps-man configuration
add country="united states3" datapath=Datapath mode=ap name=Config_2.4 \
security=Security ssid=TNG
add channel.band=5ghz-a/n/ac country="united states3" datapath=Datapath mode=\
ap name=Config_5G security=Security ssid=TNG_5G
/caps-man interface
add channel=Channel1 configuration=Config_2.4 datapath=Datapath disabled=no \
l2mtu=1600 mac-address=00:00:00:00:00:00 master-interface=none name=\
CAP_Basement_2.4 radio-mac=00:00:00:00:00:00 radio-name=000000000000 \
security=Security
add channel=Channel36 channel.band=5ghz-a/n/ac configuration=Config_5G \
datapath=Datapath disabled=no l2mtu=1600 mac-address=00:00:00:00:00:00 \
master-interface=none name=CAP_Basement_5G radio-mac=00:00:00:00:00:00 \
radio-name=000000000000 security=Security
add channel=Channel11 configuration=Config_2.4 disabled=no l2mtu=1600 \
mac-address=00:00:00:00:00:00 master-interface=none name=CAP_Upstairs_2.4 \
radio-mac=00:00:00:00:00:00 radio-name=000000000000
add channel=Channel161 channel.band=5ghz-a/n/ac configuration=Config_5G \
disabled=no l2mtu=1600 mac-address=00:00:00:00:00:00 master-interface=\
none name=CAP_Upstairs_5G radio-mac=00:00:00:00:00:00 radio-name=\
000000000000
add channel=Channel6 configuration=Config_2.4 datapath=Datapath disabled=no \
l2mtu=1600 mac-address=00:00:00:00:00:00 master-interface=none name=\
HAP_AC2_CAP_2.4 radio-mac=00:00:00:00:00:00 radio-name=000000000000 \
security=Security
add channel=Channel48 channel.band=5ghz-a/n/ac configuration=Config_5G \
datapath=Datapath disabled=no l2mtu=1600 mac-address=00:00:00:00:00:00 \
master-interface=none name=HAP_AC2_CAP_5G radio-mac=00:00:00:00:00:00 \
radio-name=000000000000 security=Security
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp ranges=192.168.3.20-192.168.3.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/caps-man access-list
add action=accept allow-signal-out-of-range=10s disabled=no signal-range=\
-75..120 ssid-regexp=""
add action=reject
/caps-man manager
set enabled=yes
/caps-man provisioning
add action=create-dynamic-enabled hw-supported-modes=a,ac,an \
master-configuration=Config_5G
add action=create-dynamic-enabled hw-supported-modes=b,g,gn \
master-configuration=Config_2.4
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/interface wireless cap
#
set bridge=bridge caps-man-addresses=127.0.0.1 discovery-interfaces=bridge \
enabled=yes interfaces=wlan2,wlan1
/ip address
add address=192.168.3.1/24 comment=defconf interface=ether2 network=\
192.168.3.0
/ip dhcp-client
add comment=defconf disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.3.0/24 comment=defconf gateway=192.168.3.1 netmask=24
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.3.1 comment=defconf name=router.lan type=A
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1 \
src-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
/system clock
set time-zone-name=America/New_York
/system scheduler
add interval=1w name="Friday Automatic Reboot" on-event="/system reboot" \
policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=aug/21/2020 start-time=03:02:00
add interval=1w name="Monday Automatic Reboot" on-event="/system reboot" \
policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=aug/24/2020 start-time=03:02:00
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN

Thanks for now i am using ac2 as all in one router because i had some issues with capsman losing connnectivity and since i am working from home i have to have stable connection so no time for playing. I would like to give it a try.
I have hEX s and AC^2.

Sent from my SM-A705FN using Tapatalk

Ok, hopefully you get it working better.

I started with just the HAP AC2 and wifi didn't reach the back of my house where I have a ring floodlight cam. I then decided on the the additional CAP AC (one in basement and one upstairs mainly for better 5G coverage) because the CAP AC and the HAP AC2 have basically the same hardware specs and I was aiming for a close to exact match spec for spec with all three AP devices.

I am considering adding cAP ac as well - for now ac2 has enough coverage for me, far placeshas 2g reaches up to 40-50mbit which is enough for my use there. I considered to have HeX s as the main router and haP ac2 with cAP ac as APs. While i had using hEX s as CAPsMAN i had a lot of network failures.
I am not sure if hEX s is strong enough to be as main router.
Second option is to use hAP ac^2 as main router and add cAP as additional ap with CAPsMAN on AC2.

Rbd52g is much more powerful than rb750gr3. Just try what you suggested and check the profiler when you see any performance problems.

How do i get into profiler?

Sent from my SM-A705FN using Tapatalk

Thank you
Do you think that Capsman will be too much for hex s ?

No. Especially if you use local forwarding instead of centralised forwarding to capsman. On the other side I would not use capsman for few clients at home. I don't see any important benefits from it, just putting another level of possible problems to your network. Keep the network simple, it will work smoothly.

I though that capsman will be best when i will have additional cAP ac. With 1 ap there is no point for sure but just for playing and know its features.

Sent from my SM-A705FN using Tapatalk

Then you do well. It is nice toy to play in small installations.