Hello, I need help guys becouse as you see, my CAPsMAN or my wlans are not working properly, I'm tryna solve this becouse I want to do a guests network and I created it in CAPsMAN, the configuration is correct and appears in the Wi-Fi points in all devices, but when you connect to it it connects as "SPA_WIFI" DHCP server and gives me addresses from that network. I guess this is happening becouse CAPsMAN detect like there is 2 wlans that are bugged or something and I cannot even see the virtual vlan or the status and traffic from these wlans (1 and 2). Didn't find something like this in the whole forum and youtube and that's why I write this.
Edit: when I log in the CAPs devices seems be well and wlan 3 appears, the only device that doesn't shows it is the manager.
Thank you guys for the help and have a nice day.
Code: Select all
# apr/22/2024 12:28:17 by RouterOS 6.49.10
# software id = IJH1-AHYL
#
# model = RBD52G-5HacD2HnD
# serial number = D7160D7D1923
/caps-man channel
add band=2ghz-b/g/n extension-channel=XX name="2.4Ghz(FA)"
add band=5ghz-a/n/ac extension-channel=XXXX name="5Ghz(FA)"
add band=2ghz-b/g/n extension-channel=XX name=2.4Ghz_guest
/interface bridge
add name=bridge_guest
add admin-mac=08:55:31:77:CF:07 auto-mac=no name=bridge_spa
/interface wireless
# managed by CAPsMAN
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
distance=indoors frequency=auto installation=indoor mode=ap-bridge ssid=\
MikroTik-77CF0B wireless-protocol=802.11
# managed by CAPsMAN
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
20/40/80mhz-XXXX distance=indoors frequency=auto installation=indoor \
mode=ap-bridge ssid=MikroTik-77CF0C wireless-protocol=802.11
/caps-man datapath
add bridge=bridge_spa client-to-client-forwarding=yes local-forwarding=yes \
name=SPA_WIFI
add bridge=bridge_guest client-to-client-forwarding=yes local-forwarding=yes \
name=SPA_GUEST
/caps-man security
add authentication-types=wpa-psk,wpa2-psk disable-pmkid=no encryption=aes-ccm \
group-encryption=aes-ccm name=SPA_WIFI
add authentication-types=wpa-psk,wpa2-psk encryption=aes-ccm \
group-encryption=aes-ccm name=SPA-GUEST
/caps-man configuration
add channel="2.4Ghz(FA)" channel.skip-dfs-channels=yes country=spain \
datapath=SPA_WIFI hw-retries=4 mode=ap multicast-helper=full name=\
SPA_WIFI_2.4GHz security=SPA_WIFI ssid=SPA_WIFI
add channel="5Ghz(FA)" channel.skip-dfs-channels=yes country=spain datapath=\
SPA_WIFI guard-interval=any hw-retries=4 mode=ap multicast-helper=full \
name=SPA_WIFI_5GHz security=SPA_WIFI ssid=SPA_WIFI
add channel=2.4Ghz_guest channel.skip-dfs-channels=yes country=spain \
datapath=SPA_GUEST hw-retries=4 mode=ap multicast-helper=full name=\
SPA_GUEST security=SPA-GUEST ssid=SPA_GUEST
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=pool0 ranges=192.168.101.80-192.168.101.99
add name=dhcp_pool1 ranges=192.168.100.80-192.168.100.99
/ip dhcp-server
add address-pool=pool0 disabled=no interface=bridge_spa name=SPA_WIFI
add address-pool=dhcp_pool1 disabled=no interface=bridge_guest name=SPA_GUEST
/caps-man manager
set enabled=yes
/caps-man manager interface
set [ find default=yes ] forbid=yes
add disabled=no interface=bridge_spa
add disabled=no interface=bridge_guest
/caps-man provisioning
add action=create-dynamic-enabled hw-supported-modes=b,g,gn \
master-configuration=SPA_WIFI_2.4GHz name-format=identity \
slave-configurations=SPA_GUEST
add action=create-dynamic-enabled hw-supported-modes=a,an,ac \
master-configuration=SPA_WIFI_5GHz name-format=identity
/interface bridge port
add bridge=bridge_spa interface=ether2
add bridge=bridge_spa interface=ether3
add bridge=bridge_spa interface=ether5
add bridge=bridge_guest interface=ether4
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge_spa list=LAN
add comment=defconf interface=ether4 list=WAN
add interface=ether5 list=WAN
add interface=bridge_guest list=LAN
/interface wireless cap
#
set discovery-interfaces=bridge_spa,bridge_guest enabled=yes interfaces=\
wlan1,wlan2
/ip address
add address=192.168.101.195/24 interface=bridge_spa network=192.168.101.0
add address=192.168.100.195/24 interface=bridge_guest network=192.168.100.0
/ip dhcp-client
add disabled=no interface=bridge_spa
add disabled=no interface=bridge_guest
/ip dhcp-server network
add address=192.168.100.0/24 dns-server=192.168.100.1 gateway=192.168.100.1
add address=192.168.101.0/24 dns-server=192.168.101.1 gateway=192.168.101.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" in-interface-list=WAN \
src-address=192.168.99.0/24
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
/system clock
set time-zone-name=Europe/Madrid
/system identity
set name=SPA_WADMIN
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN