The purpose of this venture was to find a suitable and affordable replacement for Ubiquiti Unifi. We are budget constraint so now we are moving away from Ubiquiti. The major factor for this decision was that older yet working Unifi APs gets dumped by the controller while at the same time spamming us with EOL noticies and warnings thus forcing new purchases to replace the "obsolete" working units. We finally settled with MikroTik using CAPsMAN. This documentation is the result of our testing tribulation with the help of official product documentation, various forum posts and YouTube videos.
CAPsMAN is the acronym for Controlled Access Point system Manager developed by MikroTik, a centralized wireless network management solution. There are two points of configuration; the CAPsMAN (server/controller) and CAP client. Using this WLAN solution is not a bed of roses; on forum posts, it even was detested by some. At least for us, we are content and happy with it.
- Working DHCP services
- Bridge interfaces for each subnet/VLAN (e.g. Acad_Elem_Bridge, Library_Bridge, etc.)
-- Ether ports assigned to its respective bridge interface
-- Subnet IP address assigned to its respective bridge interface
Note: In our case, all of these are configured on the same device, an RB1100AHx2 which will be referred to as the "CAPsMAN" on this document.
There were 3 sections we configured that were important to us (Datapaths, Configurations, Provisioning) during the testing phase. Our WLAN infrastructure is open for now so security profile won't be convered here. For in-depth CAPsMAN information, visit the MikroTik official documentation https://help.mikrotik.com/docs/display/ROS/CAPsMAN or the old wiki https://wiki.mikrotik.com/wiki/Manual:CAPsMAN. Useful videos can also be found on YouTube.
-
Datapath: we understood this as the path where data connected to the Controlled AP (CAP) will travel. It therefore must use the bridge interface for the intended subnet/VLAN.
These are the steps:
- On the CAPsMAN, click CAPsMAN from the side menu. This will launch the CAPsMAN applet/widget/dashboard.
- Click the Datapaths tab.
- Click the plus icon. The New CAPs Datapath Configuration applet will launch.
- In the Name text field, type the appropriate name/label of this datapath (e.g. Elem_Datapath).
- Click the blank field on Bridge section then click the down arrow and select the appropriate bridge interface for use of this datapath (e.g. HighSchool_Bridge).
- Click OK to the close the applet. The newly created datapath profile will now be listed.
-
Configurations: this is basically your pre-defined master settings that will be applied to CAPs being provisioned. This includes SSID and other applicable settings of your preference. We have dual chain APs so we needed to create separate configuration profiles for 2G and 5G. On this document, we will create one for 2G which is the same procedure for 5G. These are the steps:
- Still on the CAPsMAN, click the Configurations tab.
- Click the plus icon. The New CAPs Configuration applet will launch.
- Work on the following settings:
Name: this is the label for this configuration. Use a meaningful name (e.g. Elem_2G).
Mode: ap
SSID: this is what WiFi users will see when they scan for wireless connectivity. Use a meaninful name (e.g. AIIAS-Academy-WiFi)
Country: united states (We are in the Philippines but Apple devices brought from the US by faculty and students have connectivity issues. This setting resolved the issues.)
Installation: any (We have both indoor and outdoor APs. We simply used a generic installation type)
- Click OK when done to close the applet. The newly created configuration profile will now be listed.
-
Provisioning: this is an ordered list of rules that contain settings that specify which radio to match and settings that specify what action to take if a radio matches. We needed to track at which AP user devices are connected and if they're picking up the correct IP address range. We also wanted that when a device tranfers from one location to another, it must refresh and use the SSID on the current location and release the previous connection. This took us some time to figure out but we're we did.
These are the steps:
- Still on the CAPsMAN, click the Provisioning tab.
- Click the plus icon. The New CAPs Provisioning applet with launch. Notice that Radio MAC has been pre-populated; it serves as wildcard for APs deployed on a certain location.
- Since this configuration is for 2G, we wanted to support only 802.11gn. On the Hw Supported Modes, click the down arrow then select gn.
- To make sure that the AP will pickup the correct provisioning, we used Identity Regexp. This is because our APs identity is based on their location (e.g. Elem-Front, Elem-Back, etc.). The APs at first were picking up provisioning intended for another location which was troublesome until we discovered this trick from the official documentation. On the Identity Regexp text field, we typed ^ followed by the APs deployed location (e.g. ^Elem- ). Notice we left the dash as is; it served as a wildcard for all APs deployed at the Elementary school building.
- On the Action field, select create dynamic enabled.
- On the Master Configuration field, select the configuration profile you created awhile back (e.g. Elem_2G).
- On the Name Format field, select prefix identity.
- Click OK when done to close the applet. The newly created provisioning profile will now be listed.
-
Enabling CAPsMAN
- Still on CAPsMAN, click the CAP Interface tab.
- Click Manager. The CAPs Manager applet will launch.
- Tick the Enabled checkbox then click OK. The CAPsMAN is now ready to serve.
For our use, we purposely prepared the CAP client. We have done the following:
- Removed default configuration
- Created a Bridge interface.
- Assign at least Ether 1 on the bridge.
- Configure DHCP-Client on the bridge interface
- If applicable, upgrade RouterOS to latest stable. We have 6.4.x as of writing.
- Change Identity to reflect deployment location (e.g. Elem-Front). This is to readily identify the AP when it communicates with the CAPsMAN/DHCP server.
When preliminaries are done, we then deploy the AP. We used these steps:
- On the DHCP Server lease, check if the deploy AP gets an IP address.
- When confirmed, make the AP's dynamic IP address static.
- Use Winbox or Webfig to connect to the AP using IP address.
- In the AP, click Wireless from the side menu. The Wireless Tables applet will launch.
- The Wifi Interface tab is pre-selected, click CAP. This will launch the CAP applet.
- On the Interfaces field, select the appropriate wireless interface (e.g. wlan1).
- On the Discovery Interfaces field, select the pre-created bridge interface.
- On the CAPsMAN Addresses field, type the IP address of the CAPsMAN (for us, this is also the subnet default gateway IP address).
- On the Bridge field, select the pre-created bridge interface.
- Finally, tick the Enabled checkbox the click OK to close the applet. Watch the configuration magic unfolds.
Test the WiFi.
This concludes WLAN Management using MikroTik CAPsMAN.
Hope this helps...
The high school WiFi layout is divided into 4 sections:
-
Front
-- Vendor: ComFast
-- IP address (static): 172.22.15.241
-
Back
-- Vendor: ComFast
-- IP address (static): 172.22.15.242
-
Left
-- Vendor: MikroTik
-- IP address (DHCP)
-
Right
-- Vendor: ComFast
-- IP address (static): 172.22.15.244