MikroTik CAPsMAN and CAP Basic Configuration

Centralised access points deployment and management are very common nowadays. The most common implementation in SoHo is UniFi where we host the controller in VM or Cloud Key. Recently I was working on a project where I needed to deploy a few access points and was looking for centralised deployment and management features for Mikrotik Access Points. Come to know about CAPsMAN. Controlled Access Point system Manager (CAPsMAN) allows applying wireless settings to multiple MikroTik AP devices from a central configuration interface. It was a pretty cool technique with lots of features. 

For details please check: https://help.mikrotik.com/docs/pages/viewpage.action?pageId=1409149

The following configurations to configure CAPsMAN and how can we hook the Mikrotik AP with that. 

A. Configure CAPsMAN in Router:

First create datapath and security:

/caps-man datapath
add bridge=bridge1 local-forwarding=no name=datapath
/caps-man security
add authentication-types=wpa-psk,wpa2-psk encryption=aes-ccm name=security \
    passphrase="RandomPa$$word"

Next create configuration for SSID. I am creating two different SSID. One for 2.4GHz and one for 5GHz

/caps-man configuration
add country=australia datapath=datapath datapath.bridge=bridge1 mode=ap name=\
    configuration2GHZ security=security ssid="MY WiFi-2"
add channel="5Ghz-a/n/ac 5180/20" country=australia datapath=datapath \
    datapath.bridge=bridge1 mode=ap name=configuration5GHZ security=security \
    ssid="MY WiFi-5"

Create the provisioning profile

/caps-man provisioning
add action=create-dynamic-enabled hw-supported-modes=gn master-configuration=\
    configuration2GHZ name-format=prefix-identity name-prefix=2.4g
add action=create-dynamic-enabled hw-supported-modes=an master-configuration=\
    configuration5GHZ name-format=prefix-identity name-prefix=5g

Finally enable CAPsMAN Manager

/caps-man manager set enabled=yes

Now we are done configuring the CAPsMAN Manager; who will work as the centralised controller. Next Configure the AP.

B. Enable CAP:

Login to the AP and enable cap from wireless interface

interface wireless cap set enabled=yes

Now we should see APs are connected to the CAPsMAN manger:

[admin@mt.core-router] > caps-man interface print 
Flags: M - master, D - dynamic, B - bound, X - disabled, I - inactive, R - running 
 #      NAME                                             RADIO-MAC         MASTER-INTERFACE                                           
 0 MDB  2.4g-mt-ap01-1                                   2C:C8:1B:3D:09:59 none                                                       
 1 MDB  2.4g-mt-ap02-1                                   2C:C8:1B:3D:15:F3 none                                                       
 2 MDB  5g-mt-ap01-1                                     2C:C8:1B:3D:09:5A none                                                       
 3 MDB  5g-mt-ap02-1                                     2C:C8:1B:3D:15:F4 none       

CAPsMAN remote CAP

[admin@mt.core-router] > caps-man remote-cap print 
 # ADDRESS                                                                  NAME                      STATE                          RADIOS
 0 2C:C8:1B:3D:15:F1/57571                                                  [2C:C8:1B:3D:15:F1]       Run                                 2
 1 2C:C8:1B:3D:09:58/29847                                                  [2C:C8:1B:3D:09:57]       Run                                 2

If any devices are connected they will come under “Registration Table”

[admin@mt.core-router] > caps-man registration-table print 
 # INTERFACE                                     SSID                                     MAC-ADDRESS       UPTIME                RX-SIGNAL