Page 1 of 1
Integrated WLAN with Capsman
Posted: Wed Sep 20, 2017 9:54 pm
by SurfkingHH
Hello,
i hope you can help. I am very new to Mikrotic Routers.
I want to change my single router for a HAP AC + WAP AC.
I want to control the networks and users via CAPSMAN on the HAP AC.
I have managed to get CAPSMAN running and the WAP AC integrated.
But i struggle to get the HAP AC integrated WLAN running with CAPSMAN.
When i add them to CAPSMAN, they grey out and say "configured by CAPSMAN" but they dont activate and dont show up in the CAPSMAN interfaces.
I have searched and tried a lot with no success.
I have also reset the HAP AC and tried to only get the local interfaces running with CAPSMAN with no success.
Maybe its just something small.
Thanks for the help
Rene
Re: Integrated WLAN with Capsman
Posted: Thu Sep 21, 2017 12:55 am
by pcunite
Provide the configuration via /export compact file=MyFile.rsc and post here wrapped in forum code tag.
Re: Integrated WLAN with Capsman
Posted: Mon Sep 25, 2017 10:42 pm
by SurfkingHH
What is forum code tag?
Re: Integrated WLAN with Capsman
Posted: Mon Sep 25, 2017 10:44 pm
by SurfkingHH
# sep/23/2017 20:00:02 by RouterOS 6.40.1
# software id = Q1PZ-5VLY
#
# model = RouterBOARD 962UiGS-5HacT2HnT
# serial number =
/interface bridge
add name=HomeNet
add admin-mac=64:D1:54:6D:1C:19 auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=ether2 ] name=ether2-master
set [ find default-name=ether3 ] master-port=ether2-master
set [ find default-name=ether4 ] master-port=ether2-master
set [ find default-name=ether5 ] master-port=ether2-master
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \
disabled=no distance=indoors frequency=auto mode=ap-bridge ssid=\
MikroTik-6D1C1F wireless-protocol=802.11
# managed by CAPsMAN
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
20/40/80mhz-Ceee distance=indoors frequency=auto mode=ap-bridge ssid=\
MikroTik-6D1C1E wireless-protocol=802.11
/ip neighbor discovery
set ether1 discover=no
/caps-man configuration
add country=germany datapath.bridge=HomeNet name=HomeNet \
security.authentication-types=wpa2-psk security.encryption=aes-ccm \
security.group-encryption=aes-ccm security.passphrase=guest ssid=\
ResHome2
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
add name=dhcp_pool1 ranges=192.168.89.10-192.168.89.35
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge name=defconf
add address-pool=dhcp_pool1 disabled=no interface=HomeNet name=dhcp1
/caps-man manager
set enabled=yes
/caps-man provisioning
add master-configuration=HomeNet name-prefix=RESAP
/interface bridge port
add bridge=bridge comment=defconf interface=ether2-master
add bridge=bridge comment=defconf interface=sfp1
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/interface wireless cap
#
set caps-man-addresses=127.0.0.1 enabled=yes interfaces=wlan2
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=\
192.168.88.0
add address=192.168.89.1/24 interface=HomeNet network=192.168.89.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=\
ether1
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
add address=192.168.89.0/24 gateway=192.168.89.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat src-address=192.168.89.0/24
/system clock
set time-zone-name=Europe/Berlin
#error exporting /system routerboard mode-button
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=bridge
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=bridge
Re: Integrated WLAN with Capsman
Posted: Thu Oct 05, 2017 10:49 pm
by SurfkingHH
Hello,
does someone have an Idea what could be wrong?
thanks
Rene
Re: Integrated WLAN with Capsman
Posted: Wed Nov 08, 2017 4:38 pm
by matamouros
Mate I have the exact same problem, I posted at
viewtopic.php?f=7&t=127517. Getting a bit desperate now to be honest. Did you figure out how to enable the local wlan of the cap manager?
Re: Integrated WLAN with Capsman
Posted: Wed Nov 08, 2017 10:35 pm
by SurfkingHH
No unfortunatly not.
Re: Integrated WLAN with Capsman
Posted: Thu Nov 09, 2017 12:13 am
by matamouros
It's actually quite unbelievable that no one in this forum was able to move a finger to help, now that I've just happened to stumble upon the problem and managed to fix it a few hours ago. I'm sure this would've been dead easy for any hardcore routerOS person on here.
Go to IP > Firewall and disable the default rule commented as "drop all not coming from LAN". That should immediately add the local wlan interface(s) to CAPsMAN. Not sure why this comes like this by default, as obviously it prevents you from CAP-ing the local wifi interfaces on that same CAPsMAN device.
This needs to be disabled because obviously traffic from the local wlan interfaces is not coming from the LAN interface...
There you go, hope that sorts you, it did me.
Re: Integrated WLAN with Capsman
Posted: Thu Nov 09, 2017 11:02 am
by matiaszon
It's actually quite unbelievable that no one in this forum was able to move a finger to help, now that I've just happened to stumble upon the problem and managed to fix it a few hours ago. I'm sure this would've been dead easy for any hardcore routerOS person on here.
Go to IP > Firewall and disable the default rule commented as "drop all not coming from LAN". That should immediately add the local wlan interface(s) to CAPsMAN. Not sure why this comes like this by default, as obviously it prevents you from CAP-ing the local wifi interfaces on that same CAPsMAN device.
This needs to be disabled because obviously traffic from the local wlan interfaces is not coming from the LAN interface...
There you go, hope that sorts you, it did me.
It's quite unbelieveable, that new users have problems with using serach option on forum or google...
CAP does have nothing to do with standard firewall rules, unless you messed them up.
I would go through CAPsMAN config again, as this is most probably wrong. I have described how to do it in this post
viewtopic.php?f=13&t=126943&p=625423#p625186
Re: Integrated WLAN with Capsman
Posted: Thu Dec 14, 2017 6:04 pm
by matamouros
Would've preferred you actually helped when I needed, rather than arriving late to the party and pooping all over it.
Turns out you're wrong, and I'm only correcting you for the sake of future reference and people actually not becoming misinformed because of your reply on here. You do need to open up :5246 and :5247 for discovery, even if you are only using Layer 2.
viewtopic.php?t=83389#p592779
Also, hope you don't have to actually use the search on this forum to find something you quite desperately need, otherwise you'd realise the huge foot in your mouth you'd have to remove.
Re: Integrated WLAN with Capsman
Posted: Thu Apr 05, 2018 6:43 pm
by tiktiker
I tried to connect the integrated wlan to capsman with a RB2011, a CRS109 and a map Lite. It only worked with the map Lite which I just did for testing purpose. I also went through a lot of tutorials and of course the advices from the forum here including firewall rules etc.
So finally I'm stuck and can not get any further because I lost every ideas what to check furthermore. It seems that the provisioning of the integrated caps is a problem...
Does someone has an additonal input?