Hello,
I have a CAPsMAN setup working with three devices (one hAP ac as the controller and two additional wAP ac). I have two separate WiFi networks configured and I'm currently using local forwarding, so I have manually created the bridge and VLAN entries on all devices, etc.. I would like to add a third WiFi network and I wanted to try and use the CAPsMAN forwarding mode but when I provision this new network I can see it and connect to it, but no traffic seems to be forwarded, i.e. I get no DHCP response (DHCP server is not running on these devices).
If I run `/interface print` it shows the wlan interfaces for this new network as disabled (X) whereas all of the others are not. If I just change the forwarding mode to use local forwarding like the others and re-provision then the new network works correctly.
Is it possible to run a mix of forwarding modes? Or must it be all one mode or the other? If I can mix them then obviously I've got something configured wrong somewhere which I'd like to get to the bottom of but before I go down that rabbit hole I just want to know if it's possible or not.
Thanks
Re: Mixing CAPsMAN forwarding modes
So I think the disabled wlan interface is a red herring and I can mix forwarding modes. If on my hAP ac (the CAPsMAN controller), I can perform a quick sniff:
I can see my test device trying to get a DHCP lease and failing back to link local addressing, so I think the WiFi network is provisioned. My DHCP server never sees these requests on its VLAN interface so I think what isn't working is the bridge/VLAN configuration on the hAP. Here's the output of `/interface export`:
This is working for local forwarding. VLAN 100 is the one I want to use for non-local forwarding. VLAN 1 & 1003 are used by two other WiFi networks both configured with local forwarding, VLAN 1 is untagged hence it doesn't really appear in the above. ether1 is the main interface, ether5 currently has one of the two wAP ac's connected by a long line, primarily because ether5 had PoE, although I'm not using that currently.
Any ideas what I'm missing?
Code: Select all
[admin@hap] /caps-man> /tool sniffer quick mac-address=00:11:22:33:44:55
INT TIME NUM DI SRC-MAC DST-MAC VLAN SRC-ADDRESS DST-ADDRESS PROTOCOL
cap 2564.777 879 <- 00:11:22:33:44:55 FF:FF:FF:FF:FF:FF 100 0.0.0.0:68 (bootpc) 255.255.255.255:67 (bootps) ip:udp
cap 2749.529 896 <- 00:11:22:33:44:55 FF:FF:FF:FF:FF:FF 100 0.0.0.0:68 (bootpc) 255.255.255.255:67 (bootps) ip:udp
cap 2776.776 897 <- 00:11:22:33:44:55 01:00:5E:00:00:FB 100 169.254.73.113:5353 224.0.0.251:5353 ip:udp
Code: Select all
/interface bridge
add admin-mac=6C:3B:6B:44:98:B8 auto-mac=no comment=defconf name=bridge protocol-mode=none
/interface ethernet
set [ find default-name=ether2 ] disabled=yes
set [ find default-name=ether3 ] disabled=yes
set [ find default-name=ether4 ] disabled=yes
set [ find default-name=sfp1 ] disabled=yes
/interface wireless
# managed by CAPsMAN
# channel: 2462/20/gn(20dBm), SSID: LAN, local forwarding
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce disabled=no distance=indoors frequency=auto mode=ap-bridge ssid=\
MikroTik-4498BF wireless-protocol=802.11
# managed by CAPsMAN
# channel: 5765/20-Ceee/ac(20dBm), SSID: LAN, local forwarding
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-Ceee disabled=no distance=indoors frequency=auto mode=ap-bridge ssid=\
MikroTik-4498BE wireless-protocol=802.11
/interface vlan
add interface=bridge name=guest vlan-id=1003
add interface=bridge name=iot vlan-id=100
/interface ethernet switch
set 0 name=switch
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface bridge port
add bridge=bridge interface=ether1
add bridge=bridge interface=ether2
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4
add bridge=bridge interface=ether5
add bridge=bridge interface=sfp1
/interface ethernet switch vlan
add independent-learning=yes ports=ether1,ether2,ether3,ether4,ether5 switch=switch vlan-id=1003
add independent-learning=yes ports=ether1,ether2,ether3,ether4,ether5 switch=switch vlan-id=100
/interface wireless cap
#
set bridge=bridge caps-man-addresses=127.0.0.1 caps-man-certificate-common-names=CAPsMAN-6C3B6B4498B8 certificate=request discovery-interfaces=\
bridge enabled=yes interfaces=wlan1,wlan2 lock-to-caps-man=yes
Any ideas what I'm missing?
Re: Mixing CAPsMAN forwarding modes [SOLVED]
for CAPsMAN forwarding to works, you should make an internet-able bridge on your CAPsMAN controller first. use this simple steps:
- create a bridge with no STP.
- assign ip address to the bridge, create dhcp server for the bridge if needed and other settings that required for any ip on the bridge can access internet suc as NAT, firewall rules, routing etc.
- assign a vacant ethernet port to the bridge, connect a pc/laptop to this port and use this for verify/testing if the bridge can properly access the internet. if it success, you can undo this step.
- now on the capsman datapath configuration, set the bridge you set on step 1 into "Bridge" on that config window, make sure local forwarding disabled.
- assign this datapath to configuration and also assign the configuration to provision.
- test it, try connect to the ssid assigned on the configuration, it this works you got the internet access instantly.
Re: Mixing CAPsMAN forwarding modes
I figured out the reason it wasn't working, I hadn't added a "bridge=" setting to the datapath configuration. I had copied one of the existing datapath configurations and just flipped local-forwarding to no. Once I fixed that, "/interface bridge vlan print" started to show the cap interfaces when a client joined the network and everything made more sense.now on the capsman datapath configuration, set the bridge you set on step 1 into "Bridge" on that config window, make sure local forwarding disabled.
Re: Mixing CAPsMAN forwarding modes
congrats on your successful implementation 
Who is online
Users browsing this forum: BartoszP and 5 guests