Community discussions

MikroTik App
 
swisstico
just joined
Topic Author
Posts: 19
Joined: Sat Dec 12, 2015 6:10 am
Contact:

CAPsMAN - How to force layer 2?

Thu Jun 16, 2016 4:43 am

Hello everybody,

We have an issue with CAPsMAN and need your help.
We configured a wifi in various routers linked a main one with CAPsMAN and all routers (including the main one) are managed by CAPsMAN.

Everything works fine EXCEPT the main router, for the reason that is the only one that connect to himself in layer 3 (by IP), so the firewall is blocking it and we must add a filter rule to bypass the firewall.
There is a way to force CAPsMAN to work in layer 2?

2 examples (2 different offices):
http://imgur.com/a/SkNyC

Thanks for your help!
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7169
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: CAPsMAN - How to force layer 2?

Thu Jun 16, 2016 2:58 pm

Yes you can, set discovery-interface to any local interface on the manager router, or create a dummy loopback interface with static MAC and set  discovery-interface to that one.
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1089
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: CAPsMAN - How to force layer 2?

Fri Jul 29, 2016 12:10 am

Same issue here... Could not make it work with a local ethernet interface. Either connects on layer 3 or not at all. Is it picky on interfaces that belongs to bridge, have vlan config, ... whatever?

Any what is a dummy loopback interface? A bridge with no ports? A virtual ethernet interface? Tried both, no success either.
 
User avatar
czolo
Member
Member
Posts: 423
Joined: Fri Mar 04, 2005 9:49 am
Location: Poland (Warsaw)
Contact:

Re: CAPsMAN - How to force layer 2?

Tue Aug 02, 2016 10:05 pm

Maybe try that:
interface wireless cap set caps-man-addresses=127.0.0.1
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1089
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: CAPsMAN - How to force layer 2?

Tue Aug 02, 2016 10:48 pm

Maybe try that:
interface wireless cap set caps-man-addresses=127.0.0.1
That is still layer 3, no? :wink:
 
User avatar
czolo
Member
Member
Posts: 423
Joined: Fri Mar 04, 2005 9:49 am
Location: Poland (Warsaw)
Contact:

Re: CAPsMAN - How to force layer 2?

Tue Aug 02, 2016 11:08 pm

Yes, but it works :)
 
swisstico
just joined
Topic Author
Posts: 19
Joined: Sat Dec 12, 2015 6:10 am
Contact:

Re: CAPsMAN - How to force layer 2?

Thu Aug 25, 2016 7:42 am

Nice workaround!
This is our solution for now:

1. Add CAPsMAN to discover address 127.0.0.1 (As czolo wrote)
/interface wireless cap set caps-man-addresses=127.0.0.1
2. Open Firewall for CAPsMAN
/ip firewall filter add chain=output action=accept protocol=udp src-address=127.0.0.1 dst-address=127.0.0.1 port=5246,5247
/ip firewall filter add chain=input  action=accept protocol=udp src-address=127.0.0.1 dst-address=127.0.0.1 port=5246,5247
BUT PLEASE MikroTik Team, fix the issue, we would be so thankful! :D
 
User avatar
czolo
Member
Member
Posts: 423
Joined: Fri Mar 04, 2005 9:49 am
Location: Poland (Warsaw)
Contact:

Re: CAPsMAN - How to force layer 2?

Thu Aug 25, 2016 9:48 pm

Nice workaround!
thx :)
 
jrbenito
just joined
Posts: 12
Joined: Tue May 20, 2014 4:19 am

Re: CAPsMAN - How to force layer 2?

Mon Jan 21, 2019 4:49 pm

Nice workaround!
This is still an issue almost three years later.

1) I cannot forbid CAPsMan on all interfaces but local because it prevents own cap to connect
2) I cannot use layer 2 on own cap interface
3) The worst: this is not documented anywhere besides user forums (it should be on CAPsMan manual to prevent people be fighting hours with something that isn´t going to work)

4) I noticed that if I enable certificate request and CAPsMan is not configured, event disabling the certificate request on Cap has no effect, it still requests certificate to CAPsMan resulting in error. (this is a bug)
 
nescafe2002
Forum Veteran
Forum Veteran
Posts: 912
Joined: Tue Aug 11, 2015 12:46 pm
Location: Netherlands

Re: CAPsMAN - How to force layer 2?

Mon Jan 21, 2019 5:08 pm

Have you tried the last beta?

https://mikrotik.com/download/changelog ... lease-tree
What's new in 6.44beta50 (2018-Dec-17 13:01):

*) capsman - always accept connections from loopback address;
 
jrbenito
just joined
Posts: 12
Joined: Tue May 20, 2014 4:19 am

Re: CAPsMAN - How to force layer 2?

Mon Jan 21, 2019 10:19 pm

Have you tried the last beta?
What's new in 6.44beta50 (2018-Dec-17 13:01):

*) capsman - always accept connections from loopback address;
Nope, I am running 6.43.8. Nice to see a solution is finally coming.
 
Pea
Member Candidate
Member Candidate
Posts: 234
Joined: Fri Jul 17, 2015 11:07 pm
Location: Czech

Re: CAPsMAN - How to force layer 2?

Tue Jan 22, 2019 12:18 am

3) The worst: this is not documented anywhere besides user forums (it should be on CAPsMan manual to prevent people be fighting hours with something that isn´t going to work)
https://wiki.mikrotik.com/wiki/Manual:S ... in_CAPsMAN
But I agree that having firewall rule for CAP on CAPsMAN is annoying. L2 should run as other CAPs.

Who is online

Users browsing this forum: No registered users and 16 guests