Manual:CAPsMAN tips: Difference between revisions
(Initial commit) |
(Fixed some mistakes) |
||
| Line 3: | Line 3: | ||
===Limit clients with low signal strength in the access list=== | ===Limit clients with low signal strength in the access list=== | ||
Clients with low signal strength can bring wireless performance down for all clients. If you have good coverage of access points to prevent clients with low signal strengths from connecting | Clients with low signal strength can bring wireless performance down for all clients. If you have good coverage of access points, you can use the access list to prevent clients with low signal strengths from connecting. | ||
Access list rules are evaluated in list order from the top until a suitable rule is met. For the client to be dropped by access list when it leaves the access point's zone, the client must be accepted by access list rule with signal strength. First, add a rule that accepts clients with good signal strength, then add a rule that rejects other clients. | Access list rules are evaluated in list order from the top until a suitable rule is met. For the client to be dropped by access list when it leaves the access point's zone, the client must be accepted by access list rule with signal strength. First, add a rule that accepts clients with good signal strength, then add a rule that rejects other clients. | ||
| Line 17: | Line 17: | ||
In order to motivate clients to connect to the closest controlled access point (CAP), it is advised to decrease TX power. This will encourage wireless clients (phones, laptops, etc.) to connect to the closest CAP with the strongest signal. This can result in better wireless performance. It is possible to change TX power for Channel configuration, Configuration profile or for CAP Interface. | In order to motivate clients to connect to the closest controlled access point (CAP), it is advised to decrease TX power. This will encourage wireless clients (phones, laptops, etc.) to connect to the closest CAP with the strongest signal. This can result in better wireless performance. It is possible to change TX power for Channel configuration, Configuration profile or for CAP Interface. | ||
Do one of following: | |||
<pre> | <pre> | ||
/caps-man channel set 0 tx-power=10 | /caps-man channel set 0 tx-power=10 | ||
| Line 34: | Line 35: | ||
When dealing with VLAN interfaces and bridge interfaces be careful not to configure invalid Layer 2 configuration. One of the common mistakes is putting VLAN interfaces as bridge ports. VLAN interfaces should not be added to bridges as bridge ports. However, you can make VLAN interfaces on a bridge interface. Also, keep your configuration as simple as possible, it will be more stable and easier to debug. | When dealing with VLAN interfaces and bridge interfaces be careful not to configure invalid Layer 2 configuration. One of the common mistakes is putting VLAN interfaces as bridge ports. VLAN interfaces should not be added to bridges as bridge ports. However, you can make VLAN interfaces on a bridge interface. Also, keep your configuration as simple as possible, it will be more stable and easier to debug. | ||
''' | '''Correct configuration:''' | ||
<pre> | <pre> | ||
/interface bridge add name=CAPsMAN_bridge auto-mac=no admin-mac=64:D1:54:BD:88:08 | /interface bridge add name=CAPsMAN_bridge auto-mac=no admin-mac=64:D1:54:BD:88:08 | ||
| Line 47: | Line 42: | ||
</pre> | </pre> | ||
Please go through other [[ Manual:Layer2_misconfiguration | common Layer 2 misconfiguration issues ]]. | Please go through other [[ Manual:Layer2_misconfiguration#Bridged_VLAN | common Layer 2 misconfiguration issues ]]. | ||
===Multiple SSIDs=== | ===Multiple SSIDs=== | ||
In CAPsMAN networks, it is common to use multiple SSIDs (slave/virtual APs) for different users, like "OFFICE", "GUEST", "MANAGEMENT", "WAREHOUSE" etc. Although, maximum theoretical count for slave access points on one master interface is 32, creating many slave interfaces can decrease the overall performance of access point. It is due to that each slave access point must act as a separate access point and has to send its own control frames like beacons and others. So available air time with each slave access point decreases. One option to separate access point users in different networks is to use WPA2-EAP and help of RADIUS and different VLANs. | In CAPsMAN networks, it is common to use multiple SSIDs (slave/virtual APs) for different users, like "OFFICE", "GUEST", "MANAGEMENT", "WAREHOUSE" etc. Although, maximum theoretical count for slave access points on one master interface is 32, creating many slave interfaces can decrease the overall performance of access point. It is due to that each slave access point must act as a separate access point and has to send its own control frames like beacons and others. So available air time with each slave access point decreases. One option to separate access point users in different networks is to use WPA2-EAP and help of RADIUS and different VLANs. | ||
Revision as of 11:02, 28 June 2019
Limit clients with low signal strength in the access list
Clients with low signal strength can bring wireless performance down for all clients. If you have good coverage of access points, you can use the access list to prevent clients with low signal strengths from connecting.
Access list rules are evaluated in list order from the top until a suitable rule is met. For the client to be dropped by access list when it leaves the access point's zone, the client must be accepted by access list rule with signal strength. First, add a rule that accepts clients with good signal strength, then add a rule that rejects other clients.
/caps-man access-list add action=accept signal-range=-70..120 add action=reject
Decrease TX power
In order to motivate clients to connect to the closest controlled access point (CAP), it is advised to decrease TX power. This will encourage wireless clients (phones, laptops, etc.) to connect to the closest CAP with the strongest signal. This can result in better wireless performance. It is possible to change TX power for Channel configuration, Configuration profile or for CAP Interface.
Do one of following:
/caps-man channel set 0 tx-power=10 /caps-man configuration set 0 channel.tx-power=10 /caps-man interface set 0 channel.tx-power=10
Bridge set MAC address
Sometimes a problem arises if bridge which is used for CAPsMAN interfaces has automatic MAC address. It is always advised to set MAC address of bridge to static one. It will help to prevent loops and issues with CAPsMAN and CAP connection. Please check that your bridge interfaces have manually set MAC addresses. You can set MAC address of bridge the same as one of Ethernet interfaces that are added to this bridge as a port. Note that changing MAC address can break your setup, therefore, think through before you do it.
/interface bridge set 0 auto-mac=no admin-mac=XX:XX:XX:XX:XX:XX
VLAN interfaces and bridge
When dealing with VLAN interfaces and bridge interfaces be careful not to configure invalid Layer 2 configuration. One of the common mistakes is putting VLAN interfaces as bridge ports. VLAN interfaces should not be added to bridges as bridge ports. However, you can make VLAN interfaces on a bridge interface. Also, keep your configuration as simple as possible, it will be more stable and easier to debug.
Correct configuration:
/interface bridge add name=CAPsMAN_bridge auto-mac=no admin-mac=64:D1:54:BD:88:08 /interface bridge port add interface=ether1 bridge=CAPsMAN_bridge /interface vlan add interface=CAPsMAN_bridge vlan-id=10 name=CAPsMAN_vlan_10
Please go through other common Layer 2 misconfiguration issues .
Multiple SSIDs
In CAPsMAN networks, it is common to use multiple SSIDs (slave/virtual APs) for different users, like "OFFICE", "GUEST", "MANAGEMENT", "WAREHOUSE" etc. Although, maximum theoretical count for slave access points on one master interface is 32, creating many slave interfaces can decrease the overall performance of access point. It is due to that each slave access point must act as a separate access point and has to send its own control frames like beacons and others. So available air time with each slave access point decreases. One option to separate access point users in different networks is to use WPA2-EAP and help of RADIUS and different VLANs.