Manual:Simple CAPsMAN setup

From MikroTik Wiki
Jump to navigation Jump to search

Introduction

It is possible to create centralized Access Point management setup for home or office environment that is scalable to many Access Point. This can be done by setting up Controlled Access Point system Manager (CAPsMAN) on your router and connecting Controlled Access Points (CAPs) to it. There are multiple benefits of setting up CAPsMAN in your environment, the most important benefit is centralized configuration, you don't need to adjust changes to all CAPs in your network, but rather you need to specify changes in your CAPsMAN and all CAPs will receive these configuration changes. Another benefit is a centralized Registration Table, this will allow you to easily monitor devices and create Access Lists for devices in your network from a single device (from CAPsMAN). There are a lot of customization options, you can read more about the possibilities in the CAPsMAN manual page. This guide will provide you with a very easy, simple and fast way to setup CAPsMAN.

Option #1, using CLI

Before you can start configuring CAPsMAN, you must configure your selected CAPsMAN device as a router. Here we will assume that ether1 is used as a WAN port and ether2-ether5 are used as LAN ports. You can skip Step1 if you are already using the default configuration on your router.

Step #1, setup a router

  • Get an IP address from WAN (or add a static IP address)
/ip dhcp-client
add disabled=no interface=ether1
  • Create a bridge and add bridge ports to it
/interface bridge
add name=bridge
/interface bridge port
add bridge=bridge interface=ether2
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4
add bridge=bridge interface=ether5
  • Add an IP address to the bridge
/ip address
add address=192.168.88.1/24 interface=bridge
  • Setup DHCP Server
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge
/ip dhcp-server network
add address=192.168.88.0/24 dns-server=8.8.8.8 gateway=192.168.88.1
  • Setup NAT on your router
/ip firewall nat
add action=masquerade chain=srcnat ipsec-policy=out,none out-interface=ether1
Icon-note.png

Note: You can skip these steps in case you have reset your device to defaults, these steps were only required for devices with no configuration at all (empty config).


Step #2, setup CAPsMAN

  • Create a configuration template for all your CAPs
/caps-man configuration
add country=latvia datapath.bridge=bridge name=Config security.authentication-types=wpa-psk,wpa2-psk security.passphrase=secret_wifi_password ssid=WiFi
/caps-man provisioning
add action=create-dynamic-enabled master-configuration=Config
Icon-warn.png

Warning: Do NOT forget to change the country and the password. Select the right country or otherwise the CAP might select a frequency that is not supported in your area.


  • For security reasons specify on which interfaces to listen to CAPs
/caps-man manager interface
set [ find default=yes ] forbid=yes
add disabled=no interface=bridge
Icon-note.png

Note: If default configuration is used, then specifying CAPsMAN ports can be skipped since the default firewall will block all incoming traffic from WAN side. This step can also be skipped if firewall is setup properly to block unwanted traffic from other ports.


  • Enable CAPsMAN manager to listen to CAPs
/caps-man manager
set enabled=yes

Step #3, setup CAPs

Icon-note.png

Note: This step can be skipped if you connect your CAP while it is in CAPs mode, the device will automatically add configuration that will work with this CAPsMAN setup. You can read more about how to put your device into CAPs mode Here. Make sure that your device supports CAPs mode.


  • Create a bridge and add the interface that is connected to the CAPsMAN in a bridge
/interface bridge
add name=bridge
/interface bridge port
add bridge=bridge interface=ether1
  • Get an IP address from your router (or add a static IP address)
/ip dhcp-client
add disabled=no interface=bridge
  • Enable CAP on Wireless interfaces
/interface wireless cap
set bridge=bridge discovery-interfaces=bridge enabled=yes interfaces=wlan1

That is it! Check your connectivity by using another Wireless device, for example, your smarthphone, your device should be visible in the CAPsMAN's registration table:

/caps-man registration-table print 
 # INTERFACE                                                 SSID                                                MAC-ADDRESS       
 0 cap1                                                     WiFi                                                4C:5E:0C:4B:DF:02
 1 cap2                                                     WiFi                                                4C:5E:0C:CB:0E:60