Anda di halaman 1dari 57

Wireless guru

jonggol- indonesia

CAPsMAN V2

Using MikroTik since 2011


2011 - SMKN 7 SAMARINDA
2015 - PT MULTIMEDIA NUSANTARA / TELKOM METRA
2016 IDN.id (training center )
Contact Information

Email : f4rras@gmail.com
Phone : +62 85250 113323
Web : idn.id

What is the CAPsMAN


Why we need the CAPsMAN
How to the CAPsMAN communication to the CAPs
Features of the CAPsMAN
Laboratory
Conclusion

Its Possible to manage, configuration, and


monitoring all Access Points in one device
CAPsMAN V1 : RouterOS v6.11
CAPsMAN V2 : RouterOS v6.22rc7

That needs more time and


Manpower if we need to
changes other policy.

Conventionally, you have to

configuration wireless Access


Points one by one.

Administrator has to make sure


all APs like SSID, Security,
Access List, Policy, etc. That the
configurations can running
according requirement.

There are so many windows if


you want to monitoring your
access point.
7

CAPsMAN V2

Highly flexible

Highly scalable

No Additional license
required (Comes free with
Routerboard)

CAPsMAN can be any


MikroTik hardware with at
least one wireless card

Easy availability

CAP

CAPsMAN

x86 or RouterBOARD based device

x86 or RouterBOARD based device

Newest RouterOS v6 Version

Newest RouterOS v6 Version

Atheros chipset (a/b/g/n/ac)


wireless card

Wireless-cm2 package installed and


enabled

Wireless-cm2 package installed and


enabled
At least level 4 RouterOS license
9

Centralized Wireless Network Management

10

Centralized Wireless Network Management


Dual Band AP support

11

Centralized Wireless Network Management


Dual Band AP support
MAC and IP Layer Communication with APs

12

MAC Layer 2

No IP Address required

CAP and CAPsMAN must be in the


same layer 2

IP (UDP) Layer3
CAP and CAPsMAN must reachable
using IP protocol
Can traverse NAT if necessary

13

Centralized Wireless Network Management


Dual Band AP support
MAC and IP Layer Communication with Aps
Full and Local data forwarding mode

14

Centralized Wireless Network Management


Dual Band AP support
MAC and IP Layer Communication with APs
Full and Local data forwarding mode
Manage Client Authentication

15

Hi R4 do you know
Who is the real CAPsMAN

Hi There, I Connected
to R2, so that I think R2
is the Real CAPsMAN

Sorry, I Forget I think


R1 is the Real CAPsMAN

Centralized Wireless Network Management


Dual Band AP support
MAC and IP Layer Communication with Aps
Full and Local data forwarding mode
Manage Client Authentication
Certificate support for AP communication

16

Centralized Wireless Network Management


Dual Band AP support
MAC and IP Layer Communication with Aps
Full and Local data forwarding mode
Manage Client Authentication
Certificate support for AP communication
Manage Configuration of APs

17

Centralized Wireless Network Management


Dual Band AP support
MAC and IP Layer Communication with Aps
Full and Local data forwarding mode
Manage Client Authentication
Certificate support for AP communication
Manage Configuration of APs
Grouping Configuration APs

18

Centralized Wireless Network Management


Dual Band AP support
MAC and IP Layer Communication with Aps
Full and Local data forwarding mode
Manage Client Authentication
Certificate support for AP communication
Manage Configuration of APs
Grouping Configuration APs
Custom Configuration support

19

Centralized Wireless Network Management


Dual Band AP support
MAC and IP Layer Communication with Aps
Full and Local data forwarding mode
Manage Client Authentication
Certificate support for AP communication
Manage Configuration of APs
Grouping Configuration APs
Custom Configuration support
Radius MAC Authentication

20

CAPsMAN automatic upgrade of all CAP clients (configurable)


Improved CAP<->CAPsMAN data connection protocol
Added "Name Format" and "Name Prefix" setting for Provision rules
Improved logging entries when client roams between the CAPs
Added L2 Path MTU discovery

21

22

23

24

Make sure all Router uses RouterOS version 6.23 above


Reset your RouterOS Configuration

Make sure that your routerboard already installed and enabled

wireless-cm2 package

System packages

25

Secure your RouterOS


Set password login

24

Step
1

R1-CAPsMAN

Configure your System-identity

/system identity set name=Rx


27

Step
2

28

LAB 1

29

Step
3
Bridge Bridge +
R1

[admin@R1-CAPsMAN] > interface bridge add name=bridge-R2


[admin@R1-CAPsMAN] > interface bridge add name=bridge-R3
30

Step
4

IP Addresses +
R1

[admin@R1-CAPsMAN] > ip address add address=192.168.20.1/24 interface=bridge-R2


[admin@R1-CAPsMAN] > ip address add address=192.168.30.1/24 interface=bridge-R3
31

IP DHCP Server DHCP Setup


R1

R1

R1

The Result

32

Step
5
CAPsMAN Manager

R1

33

CAPsMAN Channels
R1

Name : channel1
Frequency : 2412 MHz
Width : 20 MHz
Band : 2ghz-b/g/n

Name : channel6
Frequency : 2437 MHz
Width : 20 MHz
Band : 2ghz-b/g/n
34

CAPsMAN Datapaths
R1

Name : R2
Bridge : bridge-R2

Name : R3
Bridge : bridge-R3
35

CAPsMAN security Cfg


R1

Name : SecurityAll
Passphrasae : 12345678

36

CAPsMAN configurations

Name : R2
Mode : ap
SSID : XOffice2

Channel : channel1
Datapath : R2
Security : securityAll
37

CAPsMAN configurations

Name : R3
Mode : ap
SSID : XOffice3

Channel : channel6
Datapath : R3
Security : securityAll
38

Step
6
CAPsMAN Provisioning
R1

R2 : 4C:5E:0C:CE:F7
Action : create enabled
Master Configuration : R2
Name Format : identity

R3 : 4C:5E:0C:EF:CF:22
Action : create enabled
Master Configuration : R3
Name Format : identity

39

Step
7
Wireless Interface CAP
CAP

interface wireless cap set enabled=yes interfaces=wlan1 discovery-interfaces=ether1

40

Radio MAC R2 : 4C:5E:0C:0B:CE:F7


Radio MAC R3 : D4:CA:6D:29:C3:A3

AOffice
EOfice
IOffice
MOffice
Radio MAC R2 : D4:CA:6D:52:F5:DB
Radio MAC R3 : 4C:5E:0C:0B:CE:F7

BOffice
FOfice
JOffice
NOffice

Radio MAC R2 : D4:CA:6D:52:30:3B


Radio MAC R3 : 4C:5E:0C:F0:1C:0C

COffice
GOfice
KOffice
OOffice
Radio MAC R2 : D4:CA:6D:4C:8D:A1
Radio MAC R3 : 4C:5E:0C:EF:CF:22

DOffice
HOfice
LOffice
POffice
41

CAPsMAN Interface

The Result

42

R2

R3

43

Radio

Remote CAP

44

Registration Table

45

Access List

46

Have any question?


Rise your hand!

47

Just need one device to control all Access

Points!

More easier to control, manage, and

configure Access Points .

48

49

50

http://wiki.mikrotik.com/wiki/Manual:CAPsMAN
http://mum.mikrotik.com/presentations/US16/presentation_3080_1462856630.pdf

by Shakeel Khan

51

Hi, My connection is very slow


I think someone already knows
The password of Access Point.

Could you change the name SSID


Of Access point on 2st Floor ?
Tomorrow my department will
be move on 3nd Floor

Would you like to change the


Password of Access point on
2rd Floor ?

I want to know, how


many User Connect
to Access Point On
3th Floor

52

Create new profile password for R2

53

R2 Changes configuration SSID by directly

R3 Changes configuration Password by profile


which has been made before

54

Before

After

55

CAPsMAN Registration Table

56

CAPsMAN Access List

57