...
Now everyone connecting to CAP's with ssid=SSID1 will have their radius authentication requests sent to x.x.x.x and everyone connecting to CAP's with ssid=SSID2 will have their radius authentication requests sent to y.y.y.y
/caps-man access-list
Access list on CAPsMAN is an ordered list of rules that is used to allow/deny clients to connect to any CAP under CAPsMAN control. When client attempts to connect to a CAP that is controlled by CAPsMAN, CAP forwards that request to CAPsMAN. As a part of registration process, CAPsMAN consults access list to determine if client should be allowed to connect. The default behaviour of the access list is to allow connection.
Access list rules are processed one by one until matching rule is found. Then the action in the matching rule is executed. If action specifies that client should be accepted, client is accepted, potentially overriding it's default connection parameters with ones specified in access list rule.
Access list is configured in /caps-man access-list menu. There are the following parameters for access list rules:
- client matching parameters:
- address - MAC address of client
- mask - MAC address mask to apply when comparing client address
- interface - optional interface to compare with interface to which client actually connects to
- time - time of day and days when rule matches
- signal-range - range in which client signal must fit for rule to match
- allow-signal-out-of-range - option which permits client's signal to be out of the range always or for some time interval
- action parameter - specifies action to take when client matches:
- accept - accept client
- reject - reject client
- query-radius - query RADIUS server if particular client is allowed to connect
- connection parameters:
- ap-tx-limit - tx speed limit in direction to client
- client-tx-limit - tx speed limit in direction to AP (applies to RouterOS clients only)
- client-to-client-forwarding - specifies whether to allow forwarding data received from this client to other clients connected to the same interface
- private-passphrase - PSK passphrase to use for this client if some PSK authentication algorithm is used
- radius-accounting - specifies if RADIUS traffic accounting should be used if RADIUS authentication gets done for this client
- vlan-mode - VLAN tagging mode specifies if traffic coming from client should get tagged (and untagged when going to client).
- vlan-id - VLAN ID to use if doing VLAN tagging.
/caps-man actual-interface-configuration
/caps-man channel
Sub-menu: /caps-man channels
Channel group settings allows for the configuration of lists of radio channel related settings, such as radio band, frequency, Tx Power extension channel and width.
Channel group settings are configured in the Channels profile menu /caps-man channels
| Property | Description |
|---|---|
| band (2ghz-b | 2ghz-b/g | 2ghz-b/g/n | 2ghz-onlyg | 2ghz-onlyn | 5ghz-a | 5ghz-a/n | 5ghz-onlyn; Default: ) | Define operational radio frequency band and mode taken from hardware capability of wireless card |
| comment (string; Default: ) | Short description of the Channel Group profile |
| extension-channel (Ce | Ceee | eC | eCee | eeCe | eeeC | disabled; Default: ) | Extension channel configuration. (E.g. Ce = extension channel is above Control channel, eC = extension channel is below Control channel) |
| frequency (integer [0..4294967295]; Default: ) | Channel frequency value in MHz on which AP will operate. |
| name (string; Default: ) | Descriptive name for the Channel Group Profile |
| tx-power (integer [-30..40]; Default: ) | TX Power for CAP interface (for the whole interface not for individual chains) in dBm. It is not possible to set higher than allowed by country regulations or interface. By default max allowed by country or interface is used. |
| width (; Default: ) | Sets Channel Width in MHz. (E.g. 20, 40) |
| save-selected (; Default: yes) | Saves selected channel for the CAP Radio - will select this channel after the CAP reconnects to CAPsMAN and use it till the channel Re-optimize is done for this CAP. |
/caps-man configuration
/caps-man datapath
...