Hello. I have a problem with CAPsMAN. I tried the settings on a RB2011UIAS with a cAP AC on eth3, to dry-run the settings. But the AP doesn't connect to CAPsMAN (also, RoMON via the router doesn't discover the cAP AC).
I've set it up based on this video:
https://www.youtube.com/watch?v=LLuGby1ecVM
And adapted to our own needs. Wired employee LAN, guest wifi, wired POS printers+POS iPads.
Anyone see what is wrong?
RB2011UIAS:cAP AC:
I've set it up based on this video:
https://www.youtube.com/watch?v=LLuGby1ecVM
And adapted to our own needs. Wired employee LAN, guest wifi, wired POS printers+POS iPads.
Anyone see what is wrong?
RB2011UIAS:
Code:
# 1970-01-02 01:09:38 by RouterOS 7.14.1# software id = T1HW-1EBQ## model = RB2011UiAS-2HnD# serial number = 7A67079B60A0/caps-man channeladd band=2ghz-g/n control-channel-width=20mhz extension-channel=disabled frequency=2412 name=Ch01_20M_24G tx-power=10add band=2ghz-g/n control-channel-width=20mhz extension-channel=disabled frequency=2437 name=Ch06_20M_24G tx-power=10add band=2ghz-g/n control-channel-width=20mhz extension-channel=disabled frequency=2462 name=Ch11_20M_24G tx-power=10add band=2ghz-g/n control-channel-width=20mhz extension-channel=disabled frequency=2467 name=Ch12_20M_24G tx-power=10add band=2ghz-g/n control-channel-width=20mhz extension-channel=disabled frequency=2472 name=Ch13_20M_24G tx-power=10add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=disabled frequency=5180 name=Ch36_20M_5G tx-power=20add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=disabled frequency=5200 name=Ch40_20M_5G tx-power=20add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=disabled frequency=5220 name=Ch44_20M_5G tx-power=20add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=disabled frequency=5240 name=Ch48_20M_5G tx-power=20/interface bridgeadd name=bridge/interface ethernetset [ find default-name=ether1 ] name=eth1_WANset [ find default-name=ether2 ] name=eth2_kontorset [ find default-name=ether3 ] name=eth3_MikrotikAPsset [ find default-name=ether4 ] name=eth4_gastrofix_wiredset [ find default-name=ether5 ] disabled=yesset [ find default-name=ether6 ] disabled=yesset [ find default-name=ether7 ] disabled=yesset [ find default-name=ether8 ] disabled=yesset [ find default-name=ether9 ] disabled=yesset [ find default-name=ether10 ] disabled=yesset [ find default-name=sfp1 ] disabled=yes/interface wirelessset [ find default-name=wlan1 ] ssid=MikroTik/interface vlanadd interface=bridge name=EmployeeLAN_VLAN vlan-id=10add interface=bridge name=Gastrofix_VLAN vlan-id=30add interface=bridge name=GuestWIFI_VLAN vlan-id=20/caps-man datapathadd bridge=bridge local-forwarding=yes name=datapath-gastrofix vlan-id=30 vlan-mode=use-tagadd bridge=bridge local-forwarding=yes name=datapath-guest vlan-id=20 vlan-mode=use-tag/caps-man ratesadd basic=9Mbps name="GN Only - No B rates" supported=9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps vht-basic-mcs=""/caps-man securityadd authentication-types=wpa2-psk encryption=aes-ccm name=security-gastrofixadd name=security-guest/caps-man configurationadd channel=Ch36_20M_5G country=norway datapath=datapath-guest distance=indoors installation=indoor mode=ap name=cfg-5ghz-guest-ch36 security=security-guest ssid=Guest_5GHzadd channel=Ch06_20M_24G country=norway datapath=datapath-gastrofix distance=indoors installation=indoor mode=ap name=cfg-2.4-gastrofix-ch6 security=security-gastrofix ssid=Gastrofix_2.4GHzadd channel=Ch11_20M_24G country=norway datapath=datapath-gastrofix distance=indoors installation=indoor mode=ap name=cfg-2.4-gastrofix-ch11 security=security-gastrofix ssid=Gastrofix_2.4GHzadd channel=Ch12_20M_24G country=norway datapath=datapath-gastrofix distance=indoors installation=indoor mode=ap name=cfg-2.4-gastrofix-ch12 security=security-gastrofix ssid=Gastrofix_2.4GHzadd channel=Ch13_20M_24G country=norway datapath=datapath-gastrofix distance=indoors installation=indoor mode=ap name=cfg-2.4-gastrofix-ch13 security=security-gastrofix ssid=Gastrofix_2.4GHzadd channel=Ch36_20M_5G country=norway datapath=datapath-gastrofix distance=indoors installation=indoor mode=ap name=cfg-5ghz-gastrofix-ch36 security=security-gastrofix ssid=Gastrofix_5GHzadd channel=Ch40_20M_5G country=norway datapath=datapath-gastrofix distance=indoors installation=indoor mode=ap name=cfg-5ghz-gastrofix-ch40 security=security-gastrofix ssid=Gastrofix_5GHzadd channel=Ch48_20M_5G country=norway datapath=datapath-gastrofix distance=indoors installation=indoor mode=ap name=cfg-5ghz-gastrofix-ch48 security=security-gastrofix ssid=Gastrofix_5GHzadd channel=Ch44_20M_5G country=norway datapath=datapath-gastrofix distance=indoors installation=indoor mode=ap name=cfg-5ghz-gastrofix-ch44 security=security-gastrofix ssid=Gastrofix_5GHzadd channel=Ch06_20M_24G country=norway datapath=datapath-guest distance=indoors installation=indoor mode=ap name=cfg-2.4-guest-ch6 security=security-guest ssid=Guest_2.4GHzadd channel=Ch11_20M_24G country=norway datapath=datapath-guest distance=indoors installation=indoor mode=ap name=cfg-2.4-guest-ch11 security=security-guest ssid=Guest_2.4GHzadd channel=Ch12_20M_24G country=norway datapath=datapath-guest distance=indoors installation=indoor mode=ap name=cfg-2.4-guest-ch12 security=security-guest ssid=Guest_2.4GHzadd channel=Ch13_20M_24G country=norway datapath=datapath-guest distance=indoors installation=indoor mode=ap name=cfg-2.4-guest-ch13 security=security-guest ssid=Guest_2.4GHzadd channel=Ch40_20M_5G country=norway datapath=datapath-guest distance=indoors installation=indoor mode=ap name=cfg-5ghz-guest-ch40 security=security-guest ssid=Guest_5GHzadd channel=Ch48_20M_5G country=norway datapath=datapath-guest distance=indoors installation=indoor mode=ap name=cfg-5ghz-guest-ch48 security=security-guest ssid=Guest_5GHzadd channel=Ch44_20M_5G country=norway datapath=datapath-guest distance=indoors installation=indoor mode=ap name=cfg-5ghz-guest-ch44 security=security-guest ssid=Guest_5GHz/interface ethernet switch portset 2 default-vlan-id=10 vlan-mode=secureset 3 vlan-mode=secureset 4 default-vlan-id=30 vlan-mode=secureset 11 vlan-mode=secure/interface listadd name=WANadd name=LANadd name=WinboxAccess/interface wireless security-profilesset [ find default=yes ] supplicant-identity=MikroTik/ip pooladd name=gastrofix_dhcp_pool ranges=192.168.7.120-192.168.7.254add name=guest_dhcp_pool ranges=192.168.88.20-192.168.88.250add name=dhcp_bridge ranges=192.168.99.2-192.168.99.254/ip dhcp-serveradd address-pool=gastrofix_dhcp_pool interface=Gastrofix_VLAN lease-time=23h59m59s name=gastrofix_dhcp_serveradd address-pool=guest_dhcp_pool interface=GuestWIFI_VLAN lease-time=2h59m name=guest_dhcp_serveradd address-pool=dhcp_bridge interface=bridge name=dhcp1/portset 0 name=serial0/system logging actionset 0 memory-lines=3000set 1 disk-file-count=10 disk-lines-per-file=3000/caps-man access-listadd action=accept allow-signal-out-of-range=10s comment="-85..120 accept" disabled=no signal-range=-85..120 ssid-regexp=""add action=reject allow-signal-out-of-range=10s comment="-120..-86 reject" disabled=no signal-range=-120..-86 ssid-regexp=""/caps-man managerset ca-certificate=auto certificate=auto enabled=yes/caps-man manager interfaceset [ find default=yes ] forbid=yesadd disabled=no interface=eth3_MikrotikAPs/caps-man provisioningadd action=create-enabled comment=CAP_Bar hw-supported-modes=gn master-configuration=cfg-2.4-gastrofix-ch6 name-format=prefix-identity name-prefix=2.4GHz- slave-configurations=cfg-2.4-guest-ch6add action=create-enabled comment=CAP_Kontor hw-supported-modes=ac master-configuration=cfg-5ghz-gastrofix-ch36 name-format=prefix-identity name-prefix=5GHz- slave-configurations=cfg-5ghz-guest-ch36add action=create-enabled comment=CAP_BAR hw-supported-modes=ac master-configuration=cfg-5ghz-gastrofix-ch40 name-format=prefix-identity name-prefix=5GHz- slave-configurations=cfg-5ghz-guest-ch40add action=create-enabled comment=CAP_Messanin hw-supported-modes=ac master-configuration=cfg-5ghz-gastrofix-ch44 name-format=prefix-identity name-prefix=5GHz- radio-mac=C4:AD:34:9E:DA:B2 slave-configurations=cfg-5ghz-guest-ch44add action=create-enabled comment=CAP_Chambre hw-supported-modes=ac master-configuration=cfg-5ghz-gastrofix-ch48 name-format=prefix-identity name-prefix=5GHz- slave-configurations=cfg-5ghz-guest-ch48add action=create-enabled comment=CAP_Kontor hw-supported-modes=gn master-configuration=cfg-2.4-gastrofix-ch11 name-format=prefix-identity name-prefix=2.4GHz- slave-configurations=cfg-2.4-guest-ch11add action=create-enabled comment=CAP_Chambre hw-supported-modes=gn master-configuration=cfg-2.4-gastrofix-ch12 name-format=prefix-identity name-prefix=2.4GHz- slave-configurations=cfg-2.4-guest-ch12add action=create-enabled comment=CAP_Messanin hw-supported-modes=gn master-configuration=cfg-2.4-gastrofix-ch13 name-format=prefix-identity name-prefix=2.4GHz- radio-mac=C4:AD:34:9E:DA:B1 slave-configurations=cfg-2.4-guest-ch13/interface bridge portadd bridge=bridge interface=eth2_kontoradd bridge=bridge interface=eth3_MikrotikAPsadd bridge=bridge interface=eth4_gastrofix_wired/ip neighbor discovery-settingsset discover-interface-list=!dynamic/interface ethernet switch ruleadd dst-address=192.168.1.0/24 new-dst-ports="" ports=eth2_kontor switch=switch1add dst-address=192.168.7.0/24 new-dst-ports="" ports=eth3_MikrotikAPs,eth4_gastrofix_wired switch=switch1add dst-address=192.168.88.0/24 new-dst-ports="" ports=eth3_MikrotikAPs switch=switch1/interface ethernet switch vlanadd independent-learning=yes ports=switch1-cpu,eth2_kontor switch=switch1 vlan-id=10add independent-learning=yes ports=switch1-cpu,eth3_MikrotikAPs switch=switch1 vlan-id=20add independent-learning=yes ports=switch1-cpu,eth3_MikrotikAPs,eth4_gastrofix_wired switch=switch1 vlan-id=30/interface list memberadd interface=eth1_WAN list=WANadd interface=eth2_kontor list=LANadd interface=eth3_MikrotikAPs list=LANadd interface=Gastrofix_VLAN list=LAN/ip address#hidden IP for forum:add address=xxxxx/24 interface=eth1_WAN network=xxxxadd address=192.168.1.1/24 interface=EmployeeLAN_VLAN network=192.168.1.0add address=192.168.7.1/24 interface=Gastrofix_VLAN network=192.168.7.0add address=192.168.88.1/24 interface=GuestWIFI_VLAN network=192.168.88.0add address=192.168.99.1/24 interface=bridge network=192.168.99.0/ip arpadd address=192.168.7.41 interface=Gastrofix_VLAN mac-address=FE:67:3A:11:0F:D0/ip cloudset update-time=no/ip dhcp-server leaseadd address=192.168.7.247 client-id=1:78:8a:20:4b:4:a6 mac-address=78:8A:20:4B:04:A6 server=gastrofix_dhcp_server/ip dhcp-server networkadd address=192.168.7.0/24 comment="DHCP for Gastrofix" dns-server=193.75.75.75,192.168.7.1 gateway=192.168.7.1 netmask=24add address=192.168.88.0/24 comment="DHCP for Guests" dns-server=193.75.75.75,193.75.75.193 gateway=192.168.88.1add address=192.168.99.0/24 gateway=192.168.99.1/ip dnsset allow-remote-requests=yes servers=193.75.75.75,193.75.75.193/ip firewall address-listadd address=192.168.1.0/24 list=AdminAccessadd address=0.0.0.0/8 list=bogonsadd address=172.16.0.0/12 list=bogonsadd address=10.0.0.0/8 list=bogonsadd address=169.254.0.0/16 list=bogonsadd address=127.0.0.0/8 list=bogonsadd address=224.0.0.0/4 list=bogonsadd address=198.18.0.0/15 list=bogonsadd address=192.0.0.0/24 list=bogonsadd address=192.0.2.0/24 list=bogonsadd address=198.51.100.0/24 list=bogonsadd address=203.0.113.0/24 list=bogonsadd address=100.64.0.0/10 list=bogonsadd address=240.0.0.0/4 list=bogonsadd address=192.88.99.0/24 list=bogons/ip firewall filteradd action=accept chain=input comment="accept established,related" connection-state=established,relatedadd action=drop chain=input comment="drop invalid" connection-state=invalidadd action=drop chain=forward dst-address=77.66.21.133 in-interface=GuestWIFI_VLANadd action=accept chain=input comment="Admin Access to Router" src-address-list=AdminAccessadd action=accept chain=input comment="allow LAN to DNS-TCP" dst-port=53 in-interface-list=LAN protocol=tcpadd action=accept chain=input comment="allow LAN to DNS-UDP" dst-port=53 in-interface-list=LAN protocol=udpadd action=accept chain=input comment="accept ICMP" protocol=icmpadd action=accept chain=input comment="CAPsMAN accept all local traffic" dst-port=5246,5247 protocol=udp src-address=127.0.0.1add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1 log=yes log-prefix="acceot local loopback CAPsMAN"add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address-type=local src-address-type=localadd action=drop chain=input comment="Drop All Else" log-prefix=DROP-FIREWALLadd action=drop chain=forward dst-address=77.66.21.133 in-interface=GuestWIFI_VLANadd action=fasttrack-connection chain=forward comment=fasttrack connection-state=established,related hw-offload=yesadd action=accept chain=forward comment="accept established,related" connection-state=established,relatedadd action=drop chain=forward comment="drop invalid" connection-state=invalidadd action=accept chain=forward comment="Allow all LAN (Office, Guest and POS) Traffic to Internet" in-interface-list=LAN out-interface-list=WANadd action=accept chain=forward comment="accept in ipsec policy" ipsec-policy=in,ipsecadd action=accept chain=forward comment="accept out ipsec policy" ipsec-policy=out,ipsecadd action=drop chain=forward comment="DROP ALL Else"add action=accept chain=forward comment="Allow Port Fowarding if required" connection-nat-state=dstnatadd action=accept chain=forward comment="accept in ipsec policy" ipsec-policy=in,ipsecadd action=accept chain=forward comment="accept out ipsec policy" ipsec-policy=out,ipsecadd action=drop chain=forward comment="DROP All Else"/ip firewall natadd action=redirect chain=dstnat comment="Force Users to Router DNS -TCP" dst-port=53 protocol=tcpadd action=redirect chain=dstnat comment="Force Users to Router DNS -UDP" dst-port=53 protocol=udpadd action=accept chain=srcnat disabled=yes ipsec-policy=out,none out-interface=eth1_WAN/ip firewall rawadd action=drop chain=prerouting comment="Drop all non-internet networks" src-address-list=bogons/ip serviceset telnet disabled=yesset ftp disabled=yesset www disabled=yesset ssh disabled=yes port=2200set www-ssl disabled=noset api disabled=yesset api-ssl disabled=yes/ip sshset strong-crypto=yes/lcdset default-screen=stat-slideshow/system clockset time-zone-name=Europe/Oslo/system identityset name=Router-Kontor/system loggingadd action=disk topics=info,critical,error,info/system noteset show-at-login=no/system ntp clientset enabled=yes/system ntp client serversadd address=79.160.13.250add address=162.159.200.1/tool bandwidth-serverset enabled=no/tool mac-serverset allowed-interface-list=none/tool mac-server pingset enabled=no/tool romonset enabled=yes secrets=mysecretCode:
# jan/02/1970 00:02:06 by RouterOS 6.49.10# software id = JMR2-YE58## model = RBcAPGi-5acD2nD# serial number = BECD0BC7D2E7/interface bridgeadd admin-mac=C4:AD:34:9E:DA:AF auto-mac=no comment=defconf name=bridgeLocal/interface wireless# managed by CAPsMANset [ find default-name=wlan1 ] ssid=MikroTik# managed by CAPsMANset [ find default-name=wlan2 ] ssid=MikroTik/interface wireless security-profilesset [ find default=yes ] supplicant-identity=MikroTik/ip hotspot profileset [ find default=yes ] html-directory=hotspot/interface bridge portadd bridge=bridgeLocal comment=defconf interface=ether1add bridge=bridgeLocal comment=defconf interface=ether2/interface wireless cap# set bridge=bridgeLocal discovery-interfaces=bridgeLocal enabled=yes interfaces=wlan1,wlan2/ip dhcp-clientadd comment=defconf disabled=no interface=bridgeLocal/tool romonset enabled=yes secrets=mysecretStatistics: Posted by okw — Mon Mar 25, 2024 1:29 pm