Você está na página 1de 20

Centralised Wireless

Network Management
Using Mikrotik CAPsMAN

by Chan Ty
Innovative Technology Training Centre (ITTC)
www.ittc.edu.kh

1
About ITTC
Mikrotik Training Centre

• MTCNA • MTCINE

• MTCRE • MTCWE

• MTCTCE • MTCUME

2
About Me
• Chan Ty

• Mikrotik Certified Trainer

• MTCNA, MTCRE, MTCTCE, MTCINE

• Working at MekongNet as NOC Manager and


Director at ITTC

• Mostly focusing on Routing, Switching and QoS

3
Challenge
• Traditionally, administering
wireless Access Point is done
individually one by one SW
APs

SW
• Administrator has to make sure APs

that the configurations are the SW


APs
same for all APs like SSID,
SW
Security, Access List, Policy, etc. APs
SW
APs
• That needs more time and
affords if we have want o APs SW
changes something for the Router
APs
whole WLAN

4
Solution
• Since RouterOS v6.11,
Mikrotik introduced a feature
SW
called Controlled Access CAPs
Point system MANager SW
CAPs
(CAPsMAN) SW
CAPs
• CAPsMan allows SW
CAPs
centralisation of wireless
SW
network management (SSID, CAPs

Access List, Security,……) CAPs SW


and/or data processing Router
CAPs
(Firewall, QoS, Routing,…) + CAPsMAN

(controller)
5
CAPsMAN Features
• Centralised management of • CAPsMAN v2 (since v6.22rc7)
RouterOS Access Point
• CAPsMAN automatic upgrade of
• Dual Band AP Support all CAP client (configurable)

• Provisioning of APs • Improved CAP<>CAPsMAN data


connection protocol
• MAC and IP Layer communication
with APs • Add “Name Format” and “Name
Prefix” setting for provisioning
• Certificate support for AP rules
communication
• Improve logging entries when
• Full and Local data forwarding mode client roams between the CAPs
• RADIUS MAC authentication • Add L2 Path MTU discovery
• Custom configuration support • CAPsMAN v1 and CAPsMAN v2 is
NOT compatible
6
Requirements
CAPsMAN CAP
• x86 or RouterBoard • x86 or RouterBoard
based device based device
• Newest RouterOS • Newest RouterOS
version version
• Wireless-fp installed • Atheros chipset (a/b/g/n/
and enabled ac) wireless card
• Wireless-fp installed
and enabled
• At least Level 4
RouterOS license
7
CAP to CAPsMAN
Connection
MAC Layer 2 IP (UDP) Layer 3

• No IP Configuration • CAP must reach


Required the CAPsMAN
using IP Protocol
• CAP and CAPsMAN
must be in the same • CAP can
Layer 2 Network passthrough NAT

8
Simple Setup
CAPsMAN CAP
1. Enable CAPsMAN service
5. Enable CAP mode on APs
2. Create and add IP configuration
to Bridge interface

3. Create CAPsMAN Configuration

4. Create Provisioning rule

CAP
WLAN1 Ether1

Bridge

L2
CAP Router
WLAN1 Ether1 Switch Ether2 (CAPsMAN) Ether1

CAP
WLAN1 Ether1 9
Simple Setup
1. Enable CAPsMAN service

10
Simple Setup
2. Create and add IP configuration to Bridge interface

11
Simple Setup
3. Add new CAPsMAN configuration

1 2

12
Simple Setup
4. Add new Provisioning rule

13
Simple Setup
5. Enable CAP on AP

14
Verify on CAPsMAN

15
Verify on CAP

16
Control Packet Capture

17
Data Packet Capture

18
Question ?

19
សូមអរគុណ
saum arkoun
Thank You

20

Você também pode gostar