[ #Mikrotik ][ #routerboard ] Setting Using the CAPsMAN in Japan.


Manual:CAPsMAN – MikroTik Wiki /

I think Controlled Access Point system Manager that is a preview build handling Currently (CAPsMAN), but it’ll keep writing how to use and set a little about this place.
# It is said to be merged officially to the Wireless package from ROS 6.14.


Note that the wireless LAN compatible models that can be used in Japan, please be careful and RB951Ui-2HnD at the time of writing, R52n-M because it is (W52).

I’ll explain in a simple configuration most this time.
Verification environment: RouterOS version: 6.14rc8

1. I will introduce the Wireless-fp package to CAP (Controlled Access Points) and CAPsMAN to the target first.

2. I run the following command at CAPsMAN.

/caps-man manager
set ca-certificate=auto certificate=auto enabled=yes require-peer-certificate=yes

3. I want to first confirm that the self-signed certificate that has been created.

[admin@MikroTik] /caps-man manager> print
enabled: yes
certificate: auto
ca-certificate: auto
require-peer-certificate: yes
generated-certificate: CAPsMAN-D4CA6DFA3854
generated-ca-certificate: CAPsMAN-CA-D4CA6DFA3854

4. Once you go to the settings of the CAP side. Run the following command, so that you can connect to CAPsMAN.

/interface wireless cap
set bridge=bridge1 caps-man-addresses=<CAPsMANのIPアドレス> caps-man-certificate-common-names=\
CAPsMAN-D4CA6DFA3854 certificate=request discovery-interfaces=ether1 enabled=yes \
interfaces=wlan1,wlan2 lock-to-caps-man=yes

5. I will return towards the CAPsMAN again. I will continue to set the parameters of the lower against the CAP here.

  • channel
  • datapath
  • security
  • configuration

6. I will continue to set the channel first. I will continue to type in a command similar to the following.

/caps-man channel
add band=2ghz-b/g/n extension-channel=Ce frequency=2422 name=24-1 width=20 tx-power=10

7. Then I will do the setting of the datapath. This controls the data transfer involved.

/caps-man datapath
add bridge=bridge1 client-to-client-forwarding=yes local-forwarding=no name=datapath1

8. Then I will do the security setting.

/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm name=\
hogehoge passphrase=hogehoge

9. I set the configuration templates that are set above the end.

[admin@MikroTik] /caps-man configuration>
add name=test channel=24_1 security=Felix-g datapath=datapath1 country=japan ssid=test mode=ap \
hide-ssid=yes rx-chains=0,1 tx-chains=0,1

10. I keep ahead of the MAC address of the CAP attached.

[admin@MikroTik] /caps-man radio> print
Flags: L - local, P - provisioned

11. I set to the CAP settings configuration.

/caps-man interface
add arp=proxy-arp channel=hoehoge configuration=hogehoge datapath=hogehoge\
disabled=no l2mtu=1600 mac-address=xx:xx:xx:xx:xx:xx master-interface=none \
mtu=1500 name=hogehoge radio-mac=xx:xx:xx:xx:xx:xx security=hogehoge

I think at least, it will be able to connect from the PC to the CAP and to control the CAP from CAPsMAN.

Thank you.



うつ病を患いながら、IT業界の末席にいるおっさんエンジニア。科学計算をしたことがないのに、HPC分野にお邪魔している。興味のある分野で学習したことをblogにまとめつつ、うつ病の経過症状のメモも置いておく日々。じつはRouterboard User Group JPの中の人でもある。 Amazon欲しいものリスト / Arm板を恵んでくれる人募集中