Manual:CAPsMAN tips
Limit clients with low signal strength in the access list
Clients with low signal strength can bring wireless performance down for all clients. If you have good coverage of access points to prevent clients with low signal strengths from connecting you use the access list.
Access list rules are evaluated in list order from the top until a suitable rule is met. For the client to be dropped by access list when it leaves the access point's zone, the client must be accepted by access list rule with signal strength. First, add a rule that accepts clients with good signal strength, then add a rule that rejects other clients.
/caps-man access-list add action=accept signal-range=-70..120 add action=reject
Decrease TX power
In order to motivate clients to connect to the closest controlled access point (CAP), it is advised to decrease TX power. This will encourage wireless clients (phones, laptops, etc.) to connect to the closest CAP with the strongest signal. This can result in better wireless performance. It is possible to change TX power for Channel configuration, Configuration profile or for CAP Interface.
/caps-man channel set 0 tx-power=10 /caps-man configuration set 0 channel.tx-power=10 /caps-man interface set 0 channel.tx-power=10
Bridge set MAC address
Sometimes a problem arises if bridge which is used for CAPsMAN interfaces has automatic MAC address. It is always advised to set MAC address of bridge to static one. It will help to prevent loops and issues with CAPsMAN and CAP connection. Please check that your bridge interfaces have manually set MAC addresses. You can set MAC address of bridge the same as one of Ethernet interfaces that are added to this bridge as a port. Note that changing MAC address can break your setup, therefore, think through before you do it.
/interface bridge set 0 auto-mac=no admin-mac=XX:XX:XX:XX:XX:XX
VLAN interfaces and bridge
When dealing with VLAN interfaces and bridge interfaces be careful not to configure invalid Layer 2 configuration. One of the common mistakes is putting VLAN interfaces as bridge ports. VLAN interfaces should not be added to bridges as bridge ports. However, you can make VLAN interfaces on a bridge interface.
Wrong:
/interface vlan add interface=ether1 vlan-id=10 name=CAPsMAN_vlan_10 /interface bridge add name=CAPsMAN_bridge auto-mac=no admin-mac=64:D1:54:BD:88:08 /interface bridge port add interface=CAPsMAN_vlan_10 bridge=CAPsMAN_bridge
Right:
/interface bridge add name=CAPsMAN_bridge auto-mac=no admin-mac=64:D1:54:BD:88:08 /interface bridge port add interface=ether1 bridge=CAPsMAN_bridge /interface vlan add interface=CAPsMAN_bridge vlan-id=10 name=CAPsMAN_vlan_10
Please go through other common Layer 2 misconfiguration issues .
- Todo:
- Access list with the signal strength limit
- Lower tx-power
- Bridge mac-address
- VLAN interfaces in the bridge
- CAPsMAN static interfaces cannot be changed with configuration changes
- Multiple virtual interfaces