Manual:CAPsMAN tips

From MikroTik Wiki
Revision as of 12:14, 1 July 2019 by Artursl (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Limit clients with low signal strength in the access list

Clients with low signal strength can bring wireless performance down for all clients. If you have good coverage of access points, you can use the access list to prevent clients with low signal strengths from connecting.

Access list rules are evaluated in list order from the top until a suitable rule is met. For the client to be dropped by access list when it leaves the access point's zone, the client must be accepted by access list rule with signal strength. First, add a rule that accepts clients with good signal strength, then add a rule that rejects other clients.

/caps-man access-list
add action=accept signal-range=-70..120
add action=reject

Decrease TX power

In order to motivate clients to connect to the closest controlled access point (CAP), it is advised to decrease TX power. This will encourage wireless clients (phones, laptops, etc.) to connect to the closest CAP with the strongest signal. This can result in better wireless performance. It is possible to change TX power for Channel configuration, Configuration profile or for CAP Interface.

Do one of following:

/caps-man channel set 0 tx-power=10
/caps-man configuration set 0 channel.tx-power=10
/caps-man interface set 0 channel.tx-power=10

Bridge set MAC address

Sometimes a problem arises if bridge which is used for CAPsMAN interfaces has automatic MAC address. It is always advised to set MAC address of bridge to static one. It will help to prevent loops and issues with CAPsMAN and CAP connection. Please check that your bridge interfaces have manually set MAC addresses. You can set MAC address of bridge the same as one of Ethernet interfaces that are added to this bridge as a port. Note that changing MAC address can break your setup, therefore, think through before you do it.

/interface bridge set 0 auto-mac=no admin-mac=XX:XX:XX:XX:XX:XX

VLAN interfaces and bridge

When dealing with VLAN interfaces and bridge interfaces be careful not to configure invalid Layer 2 configuration. One of the common mistakes is putting VLAN interfaces as bridge ports. VLAN interfaces should not be added to bridges as bridge ports. However, you can make VLAN interfaces on a bridge interface. Also, keep your configuration as simple as possible, it will be more stable and easier to debug.

Correct configuration:

/interface bridge add name=CAPsMAN_bridge auto-mac=no admin-mac=64:D1:54:BD:88:08
/interface bridge port add interface=ether1 bridge=CAPsMAN_bridge
/interface vlan add interface=CAPsMAN_bridge vlan-id=10 name=CAPsMAN_vlan_10

Please go through other common Layer 2 misconfiguration issues .

Multiple SSIDs

In CAPsMAN networks, it is common to use multiple SSIDs (slave/virtual APs) for different users, like "OFFICE", "GUEST", "MANAGEMENT", "WAREHOUSE" etc. Although, maximum theoretical count for slave access points on one master interface is 32, creating many slave interfaces can decrease the overall performance of access point. It is due to that each slave access point must act as a separate access point and has to send its own control frames like beacons and others. So available air time with each slave access point decreases. One option to separate access point users in different networks is to use WPA2-EAP and help of RADIUS and different VLANs.

Copy slave interfaces

When copying slave interfaces in the interface menu, interface is copied exactly. This means that all properties are the same. You must change the MAC address manually. Make sure that there are no identical MAC addresses among your access points.

Radar detection

In the 5GHz band, most of the countries have frequency restrictions related to weather and military radars. This means that there are frequencies that can be set, but before access point opens for connections it must listen for these radars. If it finds a radar in this frequency, it must move to another frequency. In some frequencies listening period can be even 10 minutes. Therefore if non-DFS channels are free, it is best to use those, otherwise, you probably will have to wait for your access point to be visible. In RouterOS CAPsMAN configuration it is possible to set "Skip DFS Channel" option to use only non-DFS channels.

Reprovision

When changing settings in provisioning rules you must reprovision Remote CAPs or Radio interfaces for changes to take effect. If you use provisioning action "create enabled" you will also have to remove previously created interfaces. However, this will discard the changes you have made for CAPsMAN interfaces.

Connect to CAP with RouterOS device

If you want to connect RouterOS client to CAPsMAN CAP, mode "station-bridge" will not work, instead, you have to use mode "station". You can also use other station modes if you have to except "station-bridge".

Set SSID

It is possible to configure CAPsMAN configuration and interfaces without SSID. However, you won't be able to see your CAP interfaces and connect to them. Therefore make sure you have set SSID to some value.