Manual:Simple CAPsMAN setup: Difference between revisions
Line 52: | Line 52: | ||
==Step #2, setup CAPsMAN== | ==Step #2, setup CAPsMAN== | ||
These changes must be applied to your router! | |||
* Create a configuration template for all your CAPs | * Create a configuration template for all your CAPs | ||
<pre> | <pre> |
Revision as of 14:09, 20 April 2018
Introduction
It is possible to create centralized Access Point management setup for home or office environment that is scalable to many Access Point. This can be done by setting up Controlled Access Point system Manager (CAPsMAN) on your router and connecting Controlled Access Points (CAPs) to it. There are multiple benefits of setting up CAPsMAN in your environment, the most important benefit is centralized configuration, you don't need to adjust changes to all CAPs in your network, but rather you need to specify changes in your CAPsMAN and all CAPs will receive these configuration changes. Another benefit is a centralized Registration Table, this will allow you to easily monitor devices and create Access Lists for devices in your network from a single device (from CAPsMAN). There are a lot of customization options, you can read more about the possibilities in the CAPsMAN manual page. This guide will provide you with a very easy, simple and fast way to setup CAPsMAN.
Note: It is not required that your router has a Wireless interface, but it is required that the "wireless" package is installed.
Option #1, using CLI
Before you can start configuring CAPsMAN, you must configure your selected CAPsMAN device as a router. Here we will assume that ether1 is used as a WAN port and ether2-ether5 are used as LAN ports. You can skip Step1 if you are already using the default configuration on your router.
Step #1, setup router
- Get an IP address from WAN (or add a static IP address)
/ip dhcp-client add disabled=no interface=ether1
- Create a bridge and add bridge ports to it
/interface bridge add name=bridge /interface bridge port add bridge=bridge interface=ether2 add bridge=bridge interface=ether3 add bridge=bridge interface=ether4 add bridge=bridge interface=ether5
- Add an IP address to the bridge
/ip address add address=192.168.88.1/24 interface=bridge
- Setup DHCP Server
/ip pool add name=pool1 ranges=192.168.88.10-192.168.88.254 /ip dhcp-server add address-pool=pool1 disabled=no interface=bridge /ip dhcp-server network add address=192.168.88.0/24 dns-server=8.8.8.8 gateway=192.168.88.1
- Setup NAT on your router
/ip firewall nat add action=masquerade chain=srcnat ipsec-policy=out,none out-interface=ether1
Note: You can skip these steps in case you have reset your device to defaults, these steps were only required for devices with no configuration at all (empty config).
Step #2, setup CAPsMAN
These changes must be applied to your router!
- Create a configuration template for all your CAPs
/caps-man configuration add country=latvia datapath.bridge=bridge name=Config security.authentication-types=wpa-psk,wpa2-psk security.passphrase=secret_wifi_password ssid=WiFi /caps-man provisioning add action=create-dynamic-enabled master-configuration=Config
Warning: Do NOT forget to change the country and the password. Select the right country or otherwise the CAP might select a frequency that is not supported in your area.
- For security reasons specify on which interfaces to listen to CAPs
/caps-man manager interface set [ find default=yes ] forbid=yes add disabled=no interface=bridge
Note: If default configuration is used, then specifying CAPsMAN ports can be skipped since the default firewall will block all incoming traffic from WAN side. This step can also be skipped if firewall is setup properly to block unwanted traffic from other ports.
- Enable CAPsMAN manager to listen to CAPs
/caps-man manager set enabled=yes
Step #3, setup CAPs
Note: This step can be skipped if you connect your CAP while it is in CAPs mode, the device will automatically add configuration that will work with this CAPsMAN setup. You can read more about how to put your device into CAPs mode Here. Make sure that your device supports CAPs mode.
- Create a bridge and add the interface that is connected to the CAPsMAN in a bridge
/interface bridge add name=bridge /interface bridge port add bridge=bridge interface=ether1
- Get an IP address from your router (or add a static IP address)
/ip dhcp-client add disabled=no interface=bridge
- Enable CAP on Wireless interfaces
/interface wireless cap set bridge=bridge discovery-interfaces=bridge enabled=yes interfaces=wlan1
- Connect more CAPs to your CAPsMAN and they should appear as CAP interfaces
/caps-man interface print Flags: M - master, D - dynamic, B - bound, X - disabled, I - inactive, R - running # NAME RADIO-MAC 0 MDBR cap1 4C:5E:0C:0F:C8:48 1 MDBR cap2 4C:5E:0C:C0:D9:AA
That is it! Check your connectivity by using another Wireless device, for example, your smarthphone, your device should be visible in the CAPsMAN's registration table:
/caps-man registration-table print # INTERFACE SSID MAC-ADDRESS 0 cap1 WiFi 4C:5E:0C:4B:DF:02 1 cap2 WiFi 4C:5E:0C:CB:0E:60