Centralised access points deployment and management are very common nowadays. The most common implementation in SoHo is UniFi where we host the controller in VM or Cloud Key. Recently I was working on a project where I needed to deploy a few access points and was looking for centralised deployment and management features for Mikrotik Access Points. Come to know about CAPsMAN. Controlled Access Point system Manager (CAPsMAN) allows applying wireless settings to multiple MikroTik AP devices from a central configuration interface. It was a pretty cool technique with lots of features.
For details please check: https://help.mikrotik.com/docs/pages/viewpage.action?pageId=1409149
The following configurations to configure CAPsMAN and how can we hook the Mikrotik AP with that.
A. Configure CAPsMAN in Router:
First create datapath and security:
/caps-man datapath add bridge=bridge1 local-forwarding=no name=datapath /caps-man security add authentication-types=wpa-psk,wpa2-psk encryption=aes-ccm name=security \ passphrase="RandomPa$$word"
Next create configuration for SSID. I am creating two different SSID. One for 2.4GHz and one for 5GHz
/caps-man configuration add country=australia datapath=datapath datapath.bridge=bridge1 mode=ap name=\ configuration2GHZ security=security ssid="MY WiFi-2" add channel="5Ghz-a/n/ac 5180/20" country=australia datapath=datapath \ datapath.bridge=bridge1 mode=ap name=configuration5GHZ security=security \ ssid="MY WiFi-5"
Create the provisioning profile
/caps-man provisioning add action=create-dynamic-enabled hw-supported-modes=gn master-configuration=\ configuration2GHZ name-format=prefix-identity name-prefix=2.4g add action=create-dynamic-enabled hw-supported-modes=an master-configuration=\ configuration5GHZ name-format=prefix-identity name-prefix=5g
Finally enable CAPsMAN Manager
/caps-man manager set enabled=yes
Now we are done configuring the CAPsMAN Manager; who will work as the centralised controller. Next Configure the AP.
B. Enable CAP:
Login to the AP and enable cap from wireless interface
interface wireless cap set enabled=yes
Now we should see APs are connected to the CAPsMAN manger:
[firstname.lastname@example.org] > caps-man interface print Flags: M - master, D - dynamic, B - bound, X - disabled, I - inactive, R - running # NAME RADIO-MAC MASTER-INTERFACE 0 MDB 2.4g-mt-ap01-1 2C:C8:1B:3D:09:59 none 1 MDB 2.4g-mt-ap02-1 2C:C8:1B:3D:15:F3 none 2 MDB 5g-mt-ap01-1 2C:C8:1B:3D:09:5A none 3 MDB 5g-mt-ap02-1 2C:C8:1B:3D:15:F4 none
CAPsMAN remote CAP
[email@example.com] > caps-man remote-cap print # ADDRESS NAME STATE RADIOS 0 2C:C8:1B:3D:15:F1/57571 [2C:C8:1B:3D:15:F1] Run 2 1 2C:C8:1B:3D:09:58/29847 [2C:C8:1B:3D:09:57] Run 2
If any devices are connected they will come under “Registration Table”
[firstname.lastname@example.org] > caps-man registration-table print # INTERFACE SSID MAC-ADDRESS UPTIME RX-SIGNAL