...
On subsequent connections to CAPsMAN, CAP will use generated certificate.
CAP Configuration
When an AP is configured to be controlled by CAPsMAN, configuration of the managed wireless interfaces on the AP is ignored (exceptions: antenna-gain,antenna-mode). Instead, AP accepts configuration for the managed interfaces from CAPsMAN.
...
Property | Description |
---|---|
enabled (yes | no; Default: no) | Disable or enable CAP feature |
interfaces (list of interfaces; Default: empty) | List of wireless interfaces to be controlled by Manager |
certificate (certificate name | none; Default: none) | Certificate to use for authenticating |
discovery-interfaces (list of interfaces; Default: empty) | List of interfaces over which CAP should attempt to discover Manager |
caps-man-addresses (list of IP addresses; Default: empty) | List of Manager IP addresses that CAP will attempt to contact during discovery |
caps-man-names (list of allowed CAPs Manager names; Default: empty) | List of Manager names that CAP will attempt to connect, if empty - CAP does not check Manager name |
caps-man-certificate-common-names (list of allowed CAPs Manager CommonNames; Default: empty) | List of Manager certificate CommonNames that CAP will connect to, if empty - CAP does not check Manager certificate CommonName |
bridge (bridge interface; Default: none) | Bridge to which interfaces should be added when local forwarding mode is used |
static-virtual (Static Virtual Interface; Default: no) | CAP will create Static Virtual Interfaces instead of Dynamic and will try to reuse the same interface on reconnect to CAPsMAN if the MAC address will be the same. Note if two or more interfaces will have the same MAC address the assignment from the CAPsMAN could be random between those interfaces. |
CAPsMAN Configuration Concepts
Each wireless interface on a CAP that is under CAPsMAN control appears as a virtual interface on the CAPsMAN. This provides maximum flexibility in data forwarding control using regular RouterOS features, such as routing, bridging, firewall, etc.
...
[admin@CM] /caps-man> registration-table print # INTERFACE MAC-ADDRESS UPTIME RX-SIGNAL 0 cap1 00:03:7F:48:CC:0B 1h38m9s210ms -36
Examples
Basic configuration with master and slave interface
Create security profile for WPA2 PSK, without specifying passphrase:
...
DHCP client this CAPsMAN IP will see in "/ip dhcp-client print detail"
Configuration with certificates
You would want to configure certificates in your CAPsMAN to use options as Require Peer Certificate and Lock To Caps Man. These options increase security and in some cases stability of your CAPsMAN network. CAPs won't connect to CAPsMAN without a specific certificate and vice versa.
Fast and easy configuration
This is a basic configuration for using certificates in your CAPsMAN setup. This example assumes that you already have basic configuration on your CAPsMAN and CAP. It is best to use this configuration in CAPsMAN networks which are not constantly growing. For more details read about CAP to CAPsMAN Connection.
...
/interface wireless cap set lock-to-caps-man=yes set caps-man-certificate-common-names=CAPsMAN-D4CA6D987C26
Manual certificates and issuing with SCEP
With this example, you can create your own certificates for CAPsMAN and take control over issuing certificates to CAPs. This configuration can be useful in big, growing CAPsMAN networks. Many segments of this example can be done differently depending on your situation and needs. At this point, some knowledge about Certificates and their application can be useful.
...