Jump to content
Калькуляторы

hap ac2 не видит собственные wlan в CAPsMAN [РЕШЕНО]

Всем привет!

  Приобрел hap ac 2 и и пытаюсь им заменить hap ac lite. До этого настраивал CAPsMAN на hap ac lite (в паре с 2 WAP ac) (опираясь на https://2keep.net/mikrotik-capsman-v2-hap-ac-lite/) но  с hap ac 2  столкнулся с проблемой что он он видит в CAPsMAN собственые wi-fi интерфейсы. WAP AC нормально видится и подхватывает конфигурацию а сам hap ac 2 - не видит.  Ниже конфиг 

 

# may/02/2018 22:48:44 by RouterOS 6.42.1
# software id = CK3K-T5I3
#
# model = RouterBOARD D52G-5HacD2HnD-TC
# serial number = 8A2A08B1335C
/caps-man channel
add band=2ghz-onlyn control-channel-width=20mhz extension-channel=disabled \
    frequency=2412 name=lefoss-2.4g-1F tx-power=20
add band=2ghz-onlyn control-channel-width=20mhz extension-channel=disabled \
    frequency=2437 name=lefoss-2.4g-2F tx-power=20
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=Ce \
    frequency=5180 name=lefoss-5g-1F tx-power=20
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=Ce \
    frequency=5220 name=lefoss-5g-2F tx-power=20
/interface bridge
add admin-mac=CC:2D:E0:C2:CE:DB auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=ether1 ] name=ether1-tlstar-optic-source
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1-tlstar-optic-source \
    name=pppoe-tlstar-internet password=yyyy use-peer-dns=yes user=xxxx
/interface wireless
# managed by CAPsMAN
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \
    distance=indoors frequency=auto mode=ap-bridge ssid=MikroTik-C2CEDF \
    wireless-protocol=802.11
# managed by CAPsMAN
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
    20/40/80mhz-Ceee distance=indoors frequency=auto mode=ap-bridge ssid=\
    MikroTik-C2CEE0 wireless-protocol=802.11
/caps-man datapath
add bridge=bridge client-to-client-forwarding=yes local-forwarding=yes name=\
    lefoss-datapath
/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm \
    group-key-update=10m name=lefoss-security passphrase=papa&papa
/caps-man configuration
add channel=lefoss-5g-2F country=russia3 datapath=lefoss-datapath mode=ap \
    name=cfg-5G rx-chains=0,1 security=lefoss-security ssid=lefoss tx-chains=\
    0,1
add channel=lefoss-2.4g-2F country=russia3 datapath=lefoss-datapath mode=ap \
    name=cfg-2.4G rx-chains=0,1 security=lefoss-security ssid=lefoss \
    tx-chains=0,1
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp ranges=192.168.7.150-192.168.7.199
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/caps-man manager
set enabled=yes
/caps-man provisioning
add action=create-dynamic-enabled master-configuration=cfg-5G
add action=create-dynamic-enabled master-configuration=cfg-2.4G
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge interface=wlan2
add bridge=bridge interface=wlan1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1-tlstar-optic-source list=WAN
add interface=pppoe-tlstar-internet list=WAN
/interface wireless cap
# 
set bridge=bridge caps-man-addresses=192.168.7.254 enabled=yes interfaces=\
    wlan1,wlan2
/ip address
add address=192.168.7.254/24 comment=defconf interface=ether2 network=\
    192.168.7.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid interface=\
    ether1-tlstar-optic-source
/ip dhcp-server network
add address=192.168.7.0/24 comment=defconf dns-server=192.168.7.251 domain=\
    192.168.7.1 gateway=192.168.7.254 netmask=24 ntp-server=192.168.7.251
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.7.254 name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set winbox disabled=yes
set api-ssl disabled=yes
/system clock
set time-zone-name=Europe/Moscow
/system identity
set name=lefoss-hap-2
/system routerboard settings
set silent-boot=no
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN

 

Что самое обидное - сбрасываю hap ac lite и собираю на нем такую же конфигурацию - он свои интерфейся видит.

Edited by Terol
Решение найдено

Share this post


Link to post
Share on other sites

Нарыл решение на форуме mikrotik. Итоговая компиляция

 

1. Set CAPsMAN to discover address 127.0.0.1

/interface wireless cap set caps-man-addresses=127.0.0.1

2. Open Firewall for CAPsMAN, (Make sure the firewall rule comes right before the default rule whose comment is "drop all not coming from LAN")

/ip firewall filter add chain=output action=accept protocol=udp src-address=127.0.0.1 dst-address=127.0.0.1 port=5246,5247
/ip firewall filter add chain=input  action=accept protocol=udp src-address=127.0.0.1 dst-address=127.0.0.1 port=5246,5247

 

Далее в CAPsMAN в таб provisioning и наблюдаем 127.0.0.1

Источники:

 

https://forum.mikrotik.com/viewtopic.php?f=7&t=127517

https://forum.mikrotik.com/viewtopic.php?t=109377#p553944

 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.