Community discussions

MikroTik App
 
8577
newbie
Topic Author
Posts: 40
Joined: Fri Mar 20, 2020 8:25 pm
Location: US

CAPsMAN forwarding question

Thu Oct 06, 2022 4:01 am

Trying to wrap my head around this:
https://help.mikrotik.com/docs/display/ ... ardingMode

If we want to use 'capsman forwarding' as in NOT local forwarding, for the router running capsman to handle the caps connected through a POE switch. I have my capsman router trunked (tagged frames) to a CRS1xx swtich, do we want to connect the cap to access ports (untagged) for a cap with normal 'cap mode' (non tagged interface) configuration or a trunk? The document linked above makes it seem as if we use tagged (trunk port) to connect caps to a switch in between the router running capsman and cap.

Just trying to make sense of it - and the difference between local forwarding and capsman forwarding.
Thanks
 
holvoetn
Forum Guru
Forum Guru
Posts: 1831
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: CAPsMAN forwarding question

Thu Oct 06, 2022 5:57 am

Last question first:

Both cases: wireless settings of AP are determined by capsman.
Local forwarding: your AP device is handling all client traffic. It therefor needs to be configured correctly to do so.
Manager forwarding: all client data traffic from your AP is encapsulated and first sent to the capsman controller. There it is decrypted and only then client data will be sent where it needs to go.

As for the first part of your question, I am not sure I fully understand.
Can you provide a small drawing ?
 
8577
newbie
Topic Author
Posts: 40
Joined: Fri Mar 20, 2020 8:25 pm
Location: US

Re: CAPsMAN forwarding question

Thu Oct 06, 2022 5:07 pm

Here is a slightly modified drawing showing the interfaces/vlans in use. I had it working on a tagged trunk to the cap, but trying to follow the manual for capsman forwarding through my crs switch.
You do not have the required permissions to view the files attached to this post.
 
mkx
Forum Guru
Forum Guru
Posts: 8967
Joined: Thu Mar 03, 2016 10:23 pm

Re: CAPsMAN forwarding question  [SOLVED]

Thu Oct 06, 2022 6:50 pm

I have my capsman router trunked (tagged frames) to a CRS1xx swtich, do we want to connect the cap to access ports (untagged) for a cap with normal 'cap mode' (non tagged interface) configuration or a trunk?

When using "! local-forwarding", then as already indicated all traffic of wireless clients will be sent to CAPsMAN. It will be set over the very same transport channel as it's used for CAP-to-CAPsMAN management connection (i.e. over which CAPsMAN provisions CAP). And that leaves creating that transport channel entirely to CAP/CAPsMAN administrator.

To be concrete: if you have on CAPsMAN configured (say) /caps-man manager add disabled=no interface=myVlan and local-forwarding set to no in /caps-man datapath, then property of same datapath entries bridge applies to bridge name on CAPsMAN. At the same time you can have /interface wireless cap set discovery-interfaces=<uplink_physical_interface> on CAP (or a VLAN interface, it doesn't matter) and if CAP can talk to CAPsMAN (so it can get provisioned), also traffic will get to CAPsMAN and only thing that can go wrong is wrongly set bridge property on CAPsMAN.

On the other hand, in "local-forwarding" case the rest of /caps-man datapath settings don't matter much (except for vlan-id and vlan-mode), it's CAP setting /interface wireless cap property bridge that defines where provisioned wireless interfaces will attach (and deliver client's traffic). And it's again up to CAP administrator to properly set up mentioned bridge so that it'll be able to move traffic as desired. And from capsman (the provisioning process) it doesn't matter if it's trunk or access or whatever port, bridge needs to be properly configured.
 
8577
newbie
Topic Author
Posts: 40
Joined: Fri Mar 20, 2020 8:25 pm
Location: US

Re: CAPsMAN forwarding question

Thu Oct 06, 2022 7:06 pm

Thanks mkx, I think I got the config parts down, for the most part since I have gotten it to work, at least with vlan tagging. (as addressed in another post).

My challenge in understanding is when I plug the cap device into the poe switch as a normal cap in cap mode (system reset-configuration cap-mode=yes) it never shows up as a neighbor or as a remote cap on the capsman router. I have tried the switch interface as a trunk port with vlans10/30 tagged, and I have tried it with the switch interface as a non-tagged access port set to vlan30 or vlan10, either way it never shows up. If I remove the interface the test cap is on (ether8 in my case) from the bridge and vlan table it will show up as a L2 neighbor on the switch, but of course it still does not connect to capsman. I have capsman listening on the trunk interface on the router, vlan10, vlan30, and the bridge. No matter what I set capsman to listen on, it never picks up the cap when it is plugged into the poe switch. My confusion is capsman forwarding is it on layer 2, or layer 3? In the past I think I always plugged caps into the router direct, no problems when I plug them directly into the router in the same bridge, works fine. But using it on my poe switch, I have only gotten it to work with a tagged vlan interface on the cap. So I am trying to follow the manual, but I can never see the cap when I plug it into the poe switch in 'cap-mode'. I have a cap on ether7 and ether8, neither will show up in the registration table or remote cap, or ip/neighbor/print.
 
8577
newbie
Topic Author
Posts: 40
Joined: Fri Mar 20, 2020 8:25 pm
Location: US

Re: CAPsMAN forwarding question

Thu Oct 06, 2022 9:04 pm

Ok, just to confirm any suspicions, yes, I am an idiot. I neglected to add the trunk port (ether5) the one connected to the switch to the manager interfaces this entire time. This explains why it never would come up initially.

After adding it, magically I see the cap in the remote-cap list.
Columns: ADDRESS, NAME, STATE, RADIOS
#  ADDRESS                  NAME                 STATE  RADIOS
0  C4:AD:xx:xx:xx:C4/59383  [C4:AD:xx:xx:xx:C4]  Run         2
1  2C:C1:xx:xx:xx:FA/59711  [2C:xx:xx:xx:xx:FA]  Run         1

Who is online

Users browsing this forum: Bing [Bot], broderick, Hermanis, Semrush [Bot], swa69er, tom65 and 31 guests