Jump to content

hap ac2 не видит собственные wlan в CAPsMAN [РЕШЕНО]

Terol

By Terol
in Mikrotik Wireless

 Share

Recommended Posts

Terol

Terol

Posted
Posted (edited)

Всем привет!

  Приобрел hap ac 2 и и пытаюсь им заменить hap ac lite. До этого настраивал CAPsMAN на hap ac lite (в паре с 2 WAP ac) (опираясь на https://2keep.net/mikrotik-capsman-v2-hap-ac-lite/) но  с hap ac 2  столкнулся с проблемой что он он видит в CAPsMAN собственые wi-fi интерфейсы. WAP AC нормально видится и подхватывает конфигурацию а сам hap ac 2 - не видит.  Ниже конфиг 

  

# may/02/2018 22:48:44 by RouterOS 6.42.1
# software id = CK3K-T5I3
#
# model = RouterBOARD D52G-5HacD2HnD-TC
# serial number = 8A2A08B1335C
/caps-man channel
add band=2ghz-onlyn control-channel-width=20mhz extension-channel=disabled \
    frequency=2412 name=lefoss-2.4g-1F tx-power=20
add band=2ghz-onlyn control-channel-width=20mhz extension-channel=disabled \
    frequency=2437 name=lefoss-2.4g-2F tx-power=20
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=Ce \
    frequency=5180 name=lefoss-5g-1F tx-power=20
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=Ce \
    frequency=5220 name=lefoss-5g-2F tx-power=20
/interface bridge
add admin-mac=CC:2D:E0:C2:CE:DB auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=ether1 ] name=ether1-tlstar-optic-source
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1-tlstar-optic-source \
    name=pppoe-tlstar-internet password=yyyy use-peer-dns=yes user=xxxx
/interface wireless
# managed by CAPsMAN
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \
    distance=indoors frequency=auto mode=ap-bridge ssid=MikroTik-C2CEDF \
    wireless-protocol=802.11
# managed by CAPsMAN
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
    20/40/80mhz-Ceee distance=indoors frequency=auto mode=ap-bridge ssid=\
    MikroTik-C2CEE0 wireless-protocol=802.11
/caps-man datapath
add bridge=bridge client-to-client-forwarding=yes local-forwarding=yes name=\
    lefoss-datapath
/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm \
    group-key-update=10m name=lefoss-security passphrase=papa&papa
/caps-man configuration
add channel=lefoss-5g-2F country=russia3 datapath=lefoss-datapath mode=ap \
    name=cfg-5G rx-chains=0,1 security=lefoss-security ssid=lefoss tx-chains=\
    0,1
add channel=lefoss-2.4g-2F country=russia3 datapath=lefoss-datapath mode=ap \
    name=cfg-2.4G rx-chains=0,1 security=lefoss-security ssid=lefoss \
    tx-chains=0,1
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp ranges=192.168.7.150-192.168.7.199
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/caps-man manager
set enabled=yes
/caps-man provisioning
add action=create-dynamic-enabled master-configuration=cfg-5G
add action=create-dynamic-enabled master-configuration=cfg-2.4G
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge interface=wlan2
add bridge=bridge interface=wlan1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1-tlstar-optic-source list=WAN
add interface=pppoe-tlstar-internet list=WAN
/interface wireless cap
# 
set bridge=bridge caps-man-addresses=192.168.7.254 enabled=yes interfaces=\
    wlan1,wlan2
/ip address
add address=192.168.7.254/24 comment=defconf interface=ether2 network=\
    192.168.7.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid interface=\
    ether1-tlstar-optic-source
/ip dhcp-server network
add address=192.168.7.0/24 comment=defconf dns-server=192.168.7.251 domain=\
    192.168.7.1 gateway=192.168.7.254 netmask=24 ntp-server=192.168.7.251
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.7.254 name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set winbox disabled=yes
set api-ssl disabled=yes
/system clock
set time-zone-name=Europe/Moscow
/system identity
set name=lefoss-hap-2
/system routerboard settings
set silent-boot=no
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN

 

Что самое обидное - сбрасываю hap ac lite и собираю на нем такую же конфигурацию - он свои интерфейся видит.

Edited by Terol
Решение найдено
Terol

Terol

Posted
  • Author
Posted

Нарыл решение на форуме mikrotik. Итоговая компиляция

 

1. Set CAPsMAN to discover address 127.0.0.1 

/interface wireless cap set caps-man-addresses=127.0.0.1

2. Open Firewall for CAPsMAN, (Make sure the firewall rule comes right before the default rule whose comment is "drop all not coming from LAN") 

/ip firewall filter add chain=output action=accept protocol=udp src-address=127.0.0.1 dst-address=127.0.0.1 port=5246,5247
/ip firewall filter add chain=input  action=accept protocol=udp src-address=127.0.0.1 dst-address=127.0.0.1 port=5246,5247

 

Далее в CAPsMAN в таб provisioning и наблюдаем 127.0.0.1

Источники:

 

https://forum.mikrotik.com/viewtopic.php?f=7&t=127517

https://forum.mikrotik.com/viewtopic.php?t=109377#p553944

 

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...
На сайте используются файлы cookie и сервисы аналитики для корректной работы форума и улучшения качества обслуживания. Продолжая использовать сайт, вы соглашаетесь с использованием файлов cookie и с Политикой конфиденциальности.