Terol Posted May 2, 2018 (edited) · Report post Всем привет! Приобрел hap ac 2 и и пытаюсь им заменить hap ac lite. До этого настраивал CAPsMAN на hap ac lite (в паре с 2 WAP ac) (опираясь на https://2keep.net/mikrotik-capsman-v2-hap-ac-lite/) но с hap ac 2 столкнулся с проблемой что он он видит в CAPsMAN собственые wi-fi интерфейсы. WAP AC нормально видится и подхватывает конфигурацию а сам hap ac 2 - не видит. Ниже конфиг # may/02/2018 22:48:44 by RouterOS 6.42.1 # software id = CK3K-T5I3 # # model = RouterBOARD D52G-5HacD2HnD-TC # serial number = 8A2A08B1335C /caps-man channel add band=2ghz-onlyn control-channel-width=20mhz extension-channel=disabled \ frequency=2412 name=lefoss-2.4g-1F tx-power=20 add band=2ghz-onlyn control-channel-width=20mhz extension-channel=disabled \ frequency=2437 name=lefoss-2.4g-2F tx-power=20 add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=Ce \ frequency=5180 name=lefoss-5g-1F tx-power=20 add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=Ce \ frequency=5220 name=lefoss-5g-2F tx-power=20 /interface bridge add admin-mac=CC:2D:E0:C2:CE:DB auto-mac=no comment=defconf name=bridge /interface ethernet set [ find default-name=ether1 ] name=ether1-tlstar-optic-source /interface pppoe-client add add-default-route=yes disabled=no interface=ether1-tlstar-optic-source \ name=pppoe-tlstar-internet password=yyyy use-peer-dns=yes user=xxxx /interface wireless # managed by CAPsMAN set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \ distance=indoors frequency=auto mode=ap-bridge ssid=MikroTik-C2CEDF \ wireless-protocol=802.11 # managed by CAPsMAN set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\ 20/40/80mhz-Ceee distance=indoors frequency=auto mode=ap-bridge ssid=\ MikroTik-C2CEE0 wireless-protocol=802.11 /caps-man datapath add bridge=bridge client-to-client-forwarding=yes local-forwarding=yes name=\ lefoss-datapath /caps-man security add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm \ group-key-update=10m name=lefoss-security passphrase=papa&papa /caps-man configuration add channel=lefoss-5g-2F country=russia3 datapath=lefoss-datapath mode=ap \ name=cfg-5G rx-chains=0,1 security=lefoss-security ssid=lefoss tx-chains=\ 0,1 add channel=lefoss-2.4g-2F country=russia3 datapath=lefoss-datapath mode=ap \ name=cfg-2.4G rx-chains=0,1 security=lefoss-security ssid=lefoss \ tx-chains=0,1 /interface list add comment=defconf name=WAN add comment=defconf name=LAN /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik /ip hotspot profile set [ find default=yes ] html-directory=flash/hotspot /ip pool add name=dhcp ranges=192.168.7.150-192.168.7.199 /ip dhcp-server add address-pool=dhcp disabled=no interface=bridge name=defconf /caps-man manager set enabled=yes /caps-man provisioning add action=create-dynamic-enabled master-configuration=cfg-5G add action=create-dynamic-enabled master-configuration=cfg-2.4G /interface bridge port add bridge=bridge comment=defconf interface=ether2 add bridge=bridge comment=defconf interface=ether3 add bridge=bridge comment=defconf interface=ether4 add bridge=bridge comment=defconf interface=ether5 add bridge=bridge interface=wlan2 add bridge=bridge interface=wlan1 /ip neighbor discovery-settings set discover-interface-list=LAN /interface list member add comment=defconf interface=bridge list=LAN add comment=defconf interface=ether1-tlstar-optic-source list=WAN add interface=pppoe-tlstar-internet list=WAN /interface wireless cap # set bridge=bridge caps-man-addresses=192.168.7.254 enabled=yes interfaces=\ wlan1,wlan2 /ip address add address=192.168.7.254/24 comment=defconf interface=ether2 network=\ 192.168.7.0 /ip dhcp-client add comment=defconf dhcp-options=hostname,clientid interface=\ ether1-tlstar-optic-source /ip dhcp-server network add address=192.168.7.0/24 comment=defconf dns-server=192.168.7.251 domain=\ 192.168.7.1 gateway=192.168.7.254 netmask=24 ntp-server=192.168.7.251 /ip dns set allow-remote-requests=yes /ip dns static add address=192.168.7.254 name=router.lan /ip firewall filter add action=accept chain=input comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untracked add action=drop chain=input comment="defconf: drop invalid" connection-state=\ invalid add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp add action=drop chain=input comment="defconf: drop all not coming from LAN" \ in-interface-list=!LAN add action=accept chain=forward comment="defconf: accept in ipsec policy" \ ipsec-policy=in,ipsec add action=accept chain=forward comment="defconf: accept out ipsec policy" \ ipsec-policy=out,ipsec add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \ connection-state=established,related add action=accept chain=forward comment=\ "defconf: accept established,related, untracked" connection-state=\ established,related,untracked add action=drop chain=forward comment="defconf: drop invalid" \ connection-state=invalid add action=drop chain=forward comment=\ "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \ connection-state=new in-interface-list=WAN /ip firewall nat add action=masquerade chain=srcnat comment="defconf: masquerade" \ ipsec-policy=out,none out-interface-list=WAN /ip service set telnet disabled=yes set ftp disabled=yes set www disabled=yes set ssh disabled=yes set api disabled=yes set winbox disabled=yes set api-ssl disabled=yes /system clock set time-zone-name=Europe/Moscow /system identity set name=lefoss-hap-2 /system routerboard settings set silent-boot=no /tool mac-server set allowed-interface-list=LAN /tool mac-server mac-winbox set allowed-interface-list=LAN Что самое обидное - сбрасываю hap ac lite и собираю на нем такую же конфигурацию - он свои интерфейся видит. Edited May 5, 2018 by Terol Решение найдено Вставить ник Quote Ответить с цитированием Share this post Link to post Share on other sites More sharing options...
Terol Posted May 5, 2018 · Report post Нарыл решение на форуме mikrotik. Итоговая компиляция 1. Set CAPsMAN to discover address 127.0.0.1 /interface wireless cap set caps-man-addresses=127.0.0.1 2. Open Firewall for CAPsMAN, (Make sure the firewall rule comes right before the default rule whose comment is "drop all not coming from LAN") /ip firewall filter add chain=output action=accept protocol=udp src-address=127.0.0.1 dst-address=127.0.0.1 port=5246,5247 /ip firewall filter add chain=input action=accept protocol=udp src-address=127.0.0.1 dst-address=127.0.0.1 port=5246,5247 Далее в CAPsMAN в таб provisioning и наблюдаем 127.0.0.1 Источники: https://forum.mikrotik.com/viewtopic.php?f=7&t=127517 https://forum.mikrotik.com/viewtopic.php?t=109377#p553944 Вставить ник Quote Ответить с цитированием Share this post Link to post Share on other sites More sharing options...