After a disasterous experiment with Ubiquiti UniFi APs, I decided to sell them on /r/homelabsales (because I’m not allowed to return) and buy MikroTik wAP ax APs. Interestingly, the Wi-Fi experience on MikroTik beats the UniFi one despite technically being “inferior” and the EU model.
But one issue with CAPsMAN is how hard it is to configure, especially with a home network full of VLANs (actually three at home). So how do you configure it?
First off, if you haven’t done so already, you’ll need a bridge interface on the interface connected to the VLAN-trunking switch, due to how MikroTik designed CAPsMAN:
/interface bridge
add name=lan
/interface bridge port
add bridge=lan interface=sfp-sfpplus2
Replace sfp-sfpplus2 with your trunking port.
Secondly, set up the VLANs in the Wi-Fi datapath:
/interface wifi datapath
add bridge=lan name=MainSSID-DP vlan-id=2
add bridge=lan name=GuestSSID-DP vlan-id=3
Replace the information with what corresponds to your network.
Third, set up the Wi-Fi passwords/RADIUS:
/interface wifi security
add authentication-types=wpa2-psk,wpa3-psk name=MainSSID-sec passphrase=password
add authentication-types=wpa2-psk,wpa3-psk name=GuestSSID-sec passphrase=password
Replace the information with what corresponds to your network.
Next, set up the Wi-Fi SSIDs for 2.4GHz and 5GHz:
/interface wifi configuration
add datapath=NeelWifi-DP name=MainSSID-2G security=MainSSID-sec ssid=MainSSID
add datapath=NeelWifi-DP name=MainSSID-5G security=MainSSID-sec ssid=MainSSID
add datapath=MooWifi-DP name=GuestSSID-2G security=GuestSSID-sec ssid=GuestSSID
add datapath=MooWifi-DP name=GuestSSID-5G security=GuestSSID-sec ssid=GuestSSID
Replace the information with what corresponds to your network.
Subsequently, set up the CAPsMAN:
/interface wifi cap
set discovery-interfaces=sfp-sfpplus2
/interface wifi capsman
set ca-certificate=auto enabled=yes interfaces=lan
Replace sfp-sfpplus2 with your trunking port.
Finally, enable the SSIDs for the MainSSID and GuestSSID SSIDs:
/interface wifi provisioning
add action=create-dynamic-enabled master-configuration=MainSSID-2G slave-configurations=GuestSSID-2G \
supported-bands=2ghz-g,2ghz-n,2ghz-ax
add action=create-dynamic-enabled master-configuration=MainSSID-5G slave-configurations=GuestSSID-5G \
supported-bands=5ghz-a,5ghz-n,5ghz-ac,5ghz-ax
Replace the information with what corresponds to your network.
Abridged configuration:
/interface bridge
add name=lan
/interface bridge port
add bridge=lan interface=sfp-sfpplus2
/interface wifi datapath
add bridge=lan name=MainSSID-DP vlan-id=2
add bridge=lan name=GuestSSID-DP vlan-id=3
/interface wifi security
add authentication-types=wpa2-psk,wpa3-psk name=MainSSID-sec passphrase=password
add authentication-types=wpa2-psk,wpa3-psk name=GuestSSID-sec passphrase=password
/interface wifi configuration
add datapath=NeelWifi-DP name=MainSSID-2G security=MainSSID-sec ssid=MainSSID
add datapath=NeelWifi-DP name=MainSSID-5G security=MainSSID-sec ssid=MainSSID
add datapath=MooWifi-DP name=GuestSSID-2G security=GuestSSID-sec ssid=GuestSSID
add datapath=MooWifi-DP name=GuestSSID-5G security=GuestSSID-sec ssid=GuestSSID
/interface wifi cap
set discovery-interfaces=sfp-sfpplus2
/interface wifi capsman
set ca-certificate=auto enabled=yes interfaces=lan
/interface wifi provisioning
add action=create-dynamic-enabled master-configuration=MainSSID-2G slave-configurations=GuestSSID-2G \
supported-bands=2ghz-g,2ghz-n,2ghz-ax
add action=create-dynamic-enabled master-configuration=MainSSID-5G slave-configurations=GuestSSID-5G \
supported-bands=5ghz-a,5ghz-n,5ghz-ac,5ghz-ax