MikroTIk RouterOS CAPsMAN

Here are the notes from Uldis Cernevskis presentation at the US MUM in Pittburgh, PA.

MikroTik CAPsMAN is a wireless provisioning and management system for MikroTIk wireless AP’s.

Controlled Access Point system Manager (CAPsMAN) allows centralization of wireless network management and if necessary, data processing. When using the CAPsMAN feature, the network will consist of a number of ‘Controlled Access Points’ (CAP) that provide wireless connectivity and a ‘system Manager’ (CAPsMAN) that manages the configuration of the APs, it also takes care of client authentication and optionally, data forwarding.

When a CAP is controlled by CAPsMAN it only requires the minimum configuration required to allow it to establish connection with CAPsMAN. Functions that were conventionally executed by an AP (like access control, client authentication) are now executed by CAPsMAN. The CAP device now only has to provide the wireless link layer encryption/decryption.

There is not narrative, just a brain dump.

CAPsMAN Features

  • CapsMan is a centralized management of RouterOS AP’s
  • Dual band support
  • provisioning
  • Certificate support
  • Radius MAC Authentication
  • Custom config support
  • Layer 3 management of off site AP’s

Requirements

  • Newest version 6 version
  • Wireless-fp package installed

Setup

  • Enable CAPSMAN Service
  • Create abridge
  • Add IP to bridge
  • Create CAPsMAN Configuration
  • Create provisioning rule
  • Enable CAP mode on AP’s

Other Features

  • Works on MAC layer 2 or UDP via layer 3
  • CAP attempts to contact a CAPsMAN and is listed in the CAP list

 

Steve Discher

Steve Discher was born in Apple Valley, California and today makes his home in College Station, Texas with his wife and three children. He is a 1987 graduate of Texas A-M University and owns ISP Supplies, a wireless distribution company, and conducts MikroTik training classes. His hobbies include flying his Piper Cub and RV camping with his family.

Recent Posts

  • Finding an IP address with Wireshark using ARP requests

    Can’t remember a device’s IP Address? Address Resolution Protocol (ARP) requests can be used by Wireshark to get the IP address of an unknown host on your network. ARP is a broadcast request that’s meant to help the client machine …

  • Creating Trunk and Access Ports on MikroTik CRS3xx Series Switches

    The switch menu and configuration interface is significantly different on the CRS3xx versus the CRS1xx or CRS2xx series switches and if you are trying to configure VLANs, the process is totally different. Here is a quick HowTo for configuring VLANs …

  • Ubiquiti Unifi Video NVR Upgrade Fails

    Yesterday I got tired of the nagging “Update Available” on my Ubiquiti Video NVR so I went through the upgrade process in the web GUI. It failed with Error 400. I tried several times, several browsers, same error. I then …

See More News