titre de certification - mikrotik · –cisco (ccna, ccda) ... layernetwork 2 capsman fwd 1 h.o. /...
TRANSCRIPT
![Page 1: Titre de certification - MikroTik · –Cisco (CCNA, CCDA) ... Layernetwork 2 CAPsMAN FWD 1 H.O. / Campus Loopback: 10.10.1.2 L2TP Server: 192.168.255.1 •Most standard setup •Same](https://reader030.vdocument.in/reader030/viewer/2022041102/5e34f13c5b005a12a847d107/html5/thumbnails/1.jpg)
CSPECAPsMAN
Real-life scenarios
Markham, ON, Canada
September 2019
© 2019 Alain Casault (v1)1
![Page 2: Titre de certification - MikroTik · –Cisco (CCNA, CCDA) ... Layernetwork 2 CAPsMAN FWD 1 H.O. / Campus Loopback: 10.10.1.2 L2TP Server: 192.168.255.1 •Most standard setup •Same](https://reader030.vdocument.in/reader030/viewer/2022041102/5e34f13c5b005a12a847d107/html5/thumbnails/2.jpg)
CSPE
First and foremost!
More bla bla bla before raffle and drinks; let’s have fun!
2© 2019 Alain Casault (v1)
![Page 3: Titre de certification - MikroTik · –Cisco (CCNA, CCDA) ... Layernetwork 2 CAPsMAN FWD 1 H.O. / Campus Loopback: 10.10.1.2 L2TP Server: 192.168.255.1 •Most standard setup •Same](https://reader030.vdocument.in/reader030/viewer/2022041102/5e34f13c5b005a12a847d107/html5/thumbnails/3.jpg)
CSPE
About Alain Casault (That’s me!)
• Electrical Engineering
• Over 25 years of experience
– MikroTik (MTCNA, MTCRE, MTCWE)
– Cisco (CCNA, CCDA)
– Microsoft & Linux / UNIX
• Author of MikroTik’s latest update of MTCNA course material (about 2011)
• CSPE’s CTO (and maintenance engineer, i.e. janitor, handyman)
© 2019 Alain Casault (v1) 3
![Page 4: Titre de certification - MikroTik · –Cisco (CCNA, CCDA) ... Layernetwork 2 CAPsMAN FWD 1 H.O. / Campus Loopback: 10.10.1.2 L2TP Server: 192.168.255.1 •Most standard setup •Same](https://reader030.vdocument.in/reader030/viewer/2022041102/5e34f13c5b005a12a847d107/html5/thumbnails/4.jpg)
CSPE
About CSPE (That’s my company!)
• Centre de Services Professionnels en Éducation
– Operating since 2014
– Learning centre
• “Young ones” division (https://educationhmo.com)
– Helping kids and adults with learning disabilities
• Telecommunications division (https://alaincasault.com)
– MikroTik and general telco training
– MikroTik consulting
© 2019 Alain Casault (v1) 4
![Page 5: Titre de certification - MikroTik · –Cisco (CCNA, CCDA) ... Layernetwork 2 CAPsMAN FWD 1 H.O. / Campus Loopback: 10.10.1.2 L2TP Server: 192.168.255.1 •Most standard setup •Same](https://reader030.vdocument.in/reader030/viewer/2022041102/5e34f13c5b005a12a847d107/html5/thumbnails/5.jpg)
CSPE
Presentation objective
• Demonstrate three CAPsMAN (Controlled Access Points System Manager) configurations
Quick and dirty definition : Centralized controller that manages the APs that are attached to it
5© 2019 Alain Casault (v1)
![Page 6: Titre de certification - MikroTik · –Cisco (CCNA, CCDA) ... Layernetwork 2 CAPsMAN FWD 1 H.O. / Campus Loopback: 10.10.1.2 L2TP Server: 192.168.255.1 •Most standard setup •Same](https://reader030.vdocument.in/reader030/viewer/2022041102/5e34f13c5b005a12a847d107/html5/thumbnails/6.jpg)
CSPE
INTRODUCTIONLet’s begin somewhere!
6© 2019 Alain Casault (v1)
![Page 7: Titre de certification - MikroTik · –Cisco (CCNA, CCDA) ... Layernetwork 2 CAPsMAN FWD 1 H.O. / Campus Loopback: 10.10.1.2 L2TP Server: 192.168.255.1 •Most standard setup •Same](https://reader030.vdocument.in/reader030/viewer/2022041102/5e34f13c5b005a12a847d107/html5/thumbnails/7.jpg)
CSPE
Why CAPsMAN?
• In the old days– As many configurations to maintain as there are APs
– As many (ROS / Firmware) upgrades as there are APs
– Clients management / stats spread across APs
– Maybe walk around the site for configuration changes
© 2019 Alain Casault (v1)
Internet
7
Bunch of APs
Mai
n r
ou
ter
![Page 8: Titre de certification - MikroTik · –Cisco (CCNA, CCDA) ... Layernetwork 2 CAPsMAN FWD 1 H.O. / Campus Loopback: 10.10.1.2 L2TP Server: 192.168.255.1 •Most standard setup •Same](https://reader030.vdocument.in/reader030/viewer/2022041102/5e34f13c5b005a12a847d107/html5/thumbnails/8.jpg)
CSPE
CA
PsM
AN
/
Mai
n r
ou
ter
Why CAPsMAN?
• In the modern days– Centralized configuration, amount of APs is
irrelevant• Everything is on the CAPsMAN!
• Template style configuration
– Centralized client management
– Automatic ROS upgrades (If so configured)• Nothing (so far) for firmware
– Fast & simple: Stay behind your keyboard to make changes and manage clients• (Efficient=pay raise… maybe)
© 2019 Alain Casault (v1) 8
Internet
Bunch of CAPs
![Page 9: Titre de certification - MikroTik · –Cisco (CCNA, CCDA) ... Layernetwork 2 CAPsMAN FWD 1 H.O. / Campus Loopback: 10.10.1.2 L2TP Server: 192.168.255.1 •Most standard setup •Same](https://reader030.vdocument.in/reader030/viewer/2022041102/5e34f13c5b005a12a847d107/html5/thumbnails/9.jpg)
CSPE
Three scenarios
• Layer 2 campus
– L2, CAPsMAN forwarding
• Home / Branch office
– L3, CAPsMAN forwarding
• Managed clients
– Local forwarding (L3)
© 2019 Alain Casault (v1) 9
Internet
Internet
Layer 2 CampusCAPsMAN scenarios
Home officeBranch office
Managed client
![Page 10: Titre de certification - MikroTik · –Cisco (CCNA, CCDA) ... Layernetwork 2 CAPsMAN FWD 1 H.O. / Campus Loopback: 10.10.1.2 L2TP Server: 192.168.255.1 •Most standard setup •Same](https://reader030.vdocument.in/reader030/viewer/2022041102/5e34f13c5b005a12a847d107/html5/thumbnails/10.jpg)
CSPE
Demonstration setup
© 2019 Alain Casault (v1) 10
Internet
Home / remote office
Hosted services client
Internet
CAP1
SimulateInternet /
Private L3 links
CAPsMAN
10
9
172.16.0.0/21Layer 2
CAPsMAN FWD
2
1
CAP2
1
CAP3
1
3
172.16.0.0/21Layer 3
CAPsMAN FWD
192.168.0.0/21Layer 3
Local FWD
H.O. / Campus
1
L2TP
L2TP
Loopback: 10.10.1.2L2TP Server: 192.168.255.1
Internet Sim.: 10.0.0.0/24
![Page 11: Titre de certification - MikroTik · –Cisco (CCNA, CCDA) ... Layernetwork 2 CAPsMAN FWD 1 H.O. / Campus Loopback: 10.10.1.2 L2TP Server: 192.168.255.1 •Most standard setup •Same](https://reader030.vdocument.in/reader030/viewer/2022041102/5e34f13c5b005a12a847d107/html5/thumbnails/11.jpg)
CSPE
LAYER 2, CAPSMAN FORWARDINGFirst scenario
11© 2019 Alain Casault (v1)
![Page 12: Titre de certification - MikroTik · –Cisco (CCNA, CCDA) ... Layernetwork 2 CAPsMAN FWD 1 H.O. / Campus Loopback: 10.10.1.2 L2TP Server: 192.168.255.1 •Most standard setup •Same](https://reader030.vdocument.in/reader030/viewer/2022041102/5e34f13c5b005a12a847d107/html5/thumbnails/12.jpg)
CSPE
Layer 2, CAPsMAN forwarding
© 2019 Alain Casault (v1) 12
Internet
CAP1CAPsMAN
10
9
172.16.0.0/21Layer 2
CAPsMAN FWD1
H.O. / Campus
Loopback: 10.10.1.2L2TP Server: 192.168.255.1
• Most standard setup
• Same building or campus, as long as it’s the same layer 2 network
• Notes
– No IP configuration on the CAP
– Port on CAPsMAN can be blank (no IP or bridge)
![Page 13: Titre de certification - MikroTik · –Cisco (CCNA, CCDA) ... Layernetwork 2 CAPsMAN FWD 1 H.O. / Campus Loopback: 10.10.1.2 L2TP Server: 192.168.255.1 •Most standard setup •Same](https://reader030.vdocument.in/reader030/viewer/2022041102/5e34f13c5b005a12a847d107/html5/thumbnails/13.jpg)
CSPE
Layer 2, CAPsMAN forwarding
• Configuration steps – CAPsMAN
– Rates
– Access-list (optional)
– Security
– Channels
– Configuration
– Provisioning
– Manager© 2019 Alain Casault (v1) 13
![Page 14: Titre de certification - MikroTik · –Cisco (CCNA, CCDA) ... Layernetwork 2 CAPsMAN FWD 1 H.O. / Campus Loopback: 10.10.1.2 L2TP Server: 192.168.255.1 •Most standard setup •Same](https://reader030.vdocument.in/reader030/viewer/2022041102/5e34f13c5b005a12a847d107/html5/thumbnails/14.jpg)
CSPE
Layer 2, CAPsMAN forwarding
• Configuration steps – CAPsMAN
– Rates
– Access-list (optional)
– Security
– Channels
– Configuration
– Provisioning
– Manager© 2019 Alain Casault (v1) 14
The allowed “basic” and “supported” rates.
“Suggestion, consult CWNP.COMfor tips on basic / supported rates”
![Page 15: Titre de certification - MikroTik · –Cisco (CCNA, CCDA) ... Layernetwork 2 CAPsMAN FWD 1 H.O. / Campus Loopback: 10.10.1.2 L2TP Server: 192.168.255.1 •Most standard setup •Same](https://reader030.vdocument.in/reader030/viewer/2022041102/5e34f13c5b005a12a847d107/html5/thumbnails/15.jpg)
CSPE
CAPsMAN (Rates)
© 2019 Alain Casault (v1) 15
![Page 16: Titre de certification - MikroTik · –Cisco (CCNA, CCDA) ... Layernetwork 2 CAPsMAN FWD 1 H.O. / Campus Loopback: 10.10.1.2 L2TP Server: 192.168.255.1 •Most standard setup •Same](https://reader030.vdocument.in/reader030/viewer/2022041102/5e34f13c5b005a12a847d107/html5/thumbnails/16.jpg)
CSPE
Layer 2, CAPsMAN forwarding
• Configuration steps – CAPsMAN
– Rates
– Access-list (optional)
– Security
– Channels
– Configuration
– Provisioning
– Manager© 2019 Alain Casault (v1) 16
Rules by which wireless clients are accepted.
“I use it to quickly identify clients”
![Page 17: Titre de certification - MikroTik · –Cisco (CCNA, CCDA) ... Layernetwork 2 CAPsMAN FWD 1 H.O. / Campus Loopback: 10.10.1.2 L2TP Server: 192.168.255.1 •Most standard setup •Same](https://reader030.vdocument.in/reader030/viewer/2022041102/5e34f13c5b005a12a847d107/html5/thumbnails/17.jpg)
CSPE
CAPsMAN (Access-list (optional))
© 2019 Alain Casault (v1) 17
![Page 18: Titre de certification - MikroTik · –Cisco (CCNA, CCDA) ... Layernetwork 2 CAPsMAN FWD 1 H.O. / Campus Loopback: 10.10.1.2 L2TP Server: 192.168.255.1 •Most standard setup •Same](https://reader030.vdocument.in/reader030/viewer/2022041102/5e34f13c5b005a12a847d107/html5/thumbnails/18.jpg)
CSPE
Layer 2, CAPsMAN forwarding
• Configuration steps – CAPsMAN
– Rates
– Access-list (optional)
– Security
– Channels
– Configuration
– Provisioning
– Manager© 2019 Alain Casault (v1) 18
Authentication, encryption, PSKs, etc.
![Page 19: Titre de certification - MikroTik · –Cisco (CCNA, CCDA) ... Layernetwork 2 CAPsMAN FWD 1 H.O. / Campus Loopback: 10.10.1.2 L2TP Server: 192.168.255.1 •Most standard setup •Same](https://reader030.vdocument.in/reader030/viewer/2022041102/5e34f13c5b005a12a847d107/html5/thumbnails/19.jpg)
CSPE
CAPsMAN (Security)
© 2019 Alain Casault (v1) 19
![Page 20: Titre de certification - MikroTik · –Cisco (CCNA, CCDA) ... Layernetwork 2 CAPsMAN FWD 1 H.O. / Campus Loopback: 10.10.1.2 L2TP Server: 192.168.255.1 •Most standard setup •Same](https://reader030.vdocument.in/reader030/viewer/2022041102/5e34f13c5b005a12a847d107/html5/thumbnails/20.jpg)
CSPE
Layer 2, CAPsMAN forwarding
• Configuration steps – CAPsMAN
– Rates
– Access-list (optional)
– Security
– Channels
– Configuration
– Provisioning
– Manager© 2019 Alain Casault (v1) 20
The channels to use. For 802.11n in North America, stick with 1,6 and 11
![Page 21: Titre de certification - MikroTik · –Cisco (CCNA, CCDA) ... Layernetwork 2 CAPsMAN FWD 1 H.O. / Campus Loopback: 10.10.1.2 L2TP Server: 192.168.255.1 •Most standard setup •Same](https://reader030.vdocument.in/reader030/viewer/2022041102/5e34f13c5b005a12a847d107/html5/thumbnails/21.jpg)
CSPE
CAPsMAN (Channels)
© 2019 Alain Casault (v1) 21
![Page 22: Titre de certification - MikroTik · –Cisco (CCNA, CCDA) ... Layernetwork 2 CAPsMAN FWD 1 H.O. / Campus Loopback: 10.10.1.2 L2TP Server: 192.168.255.1 •Most standard setup •Same](https://reader030.vdocument.in/reader030/viewer/2022041102/5e34f13c5b005a12a847d107/html5/thumbnails/22.jpg)
CSPE
Layer 2, CAPsMAN forwarding
• Configuration steps – CAPsMAN
– Rates
– Access-list (optional)
– Security
– Channels
– Configuration
– Provisioning
– Manager© 2019 Alain Casault (v1) 22
A “configuration” object holds the parameters that can be assigned to CAPs (Kinda like a BSS’s template).
Secu
rity
Bri
dge
: D
atap
ath
Rat
es
Ch
ann
el
SSID
:W
ire
less
![Page 23: Titre de certification - MikroTik · –Cisco (CCNA, CCDA) ... Layernetwork 2 CAPsMAN FWD 1 H.O. / Campus Loopback: 10.10.1.2 L2TP Server: 192.168.255.1 •Most standard setup •Same](https://reader030.vdocument.in/reader030/viewer/2022041102/5e34f13c5b005a12a847d107/html5/thumbnails/23.jpg)
CSPE
CAPsMAN (Configuration)
© 2019 Alain Casault (v1) 23
![Page 24: Titre de certification - MikroTik · –Cisco (CCNA, CCDA) ... Layernetwork 2 CAPsMAN FWD 1 H.O. / Campus Loopback: 10.10.1.2 L2TP Server: 192.168.255.1 •Most standard setup •Same](https://reader030.vdocument.in/reader030/viewer/2022041102/5e34f13c5b005a12a847d107/html5/thumbnails/24.jpg)
CSPE
Layer 2, CAPsMAN forwarding
• Configuration steps – CAPsMAN
– Rates
– Access-list (optional)
– Security
– Channels
– Configuration
– Provisioning
– Manager© 2019 Alain Casault (v1) 24
A rule containing 1 or many “configurations” that is assigned to a CAP’s interface (identified by it’s MAC). The CAP’s interface will also be dynamically assigned a local identifier. A provisioning rule is a fully configured Wi-Fi interface.
MA
C
add
ress
1st
Wi-
Fi
con
fig
2n
d W
i-Fi
co
nfi
g (o
pt)
Mo
re W
i-Fi
co
nfi
gs?
Nam
e
form
at
![Page 25: Titre de certification - MikroTik · –Cisco (CCNA, CCDA) ... Layernetwork 2 CAPsMAN FWD 1 H.O. / Campus Loopback: 10.10.1.2 L2TP Server: 192.168.255.1 •Most standard setup •Same](https://reader030.vdocument.in/reader030/viewer/2022041102/5e34f13c5b005a12a847d107/html5/thumbnails/25.jpg)
CSPE
Layer 2, CAPsMAN forwarding
• Configuration steps – CAPsMAN
– Rates
– Access-list (optional)
– Security
– Channels
– Configuration
– Provisioning
– Manager© 2019 Alain Casault (v1) 25
Suggestion : Always end this list with provisioning rules that will assign a new CAP a bogus (and non-dangerous) configuration
![Page 26: Titre de certification - MikroTik · –Cisco (CCNA, CCDA) ... Layernetwork 2 CAPsMAN FWD 1 H.O. / Campus Loopback: 10.10.1.2 L2TP Server: 192.168.255.1 •Most standard setup •Same](https://reader030.vdocument.in/reader030/viewer/2022041102/5e34f13c5b005a12a847d107/html5/thumbnails/26.jpg)
CSPE
CAPsMAN (Provisioning)
© 2019 Alain Casault (v1) 26
![Page 27: Titre de certification - MikroTik · –Cisco (CCNA, CCDA) ... Layernetwork 2 CAPsMAN FWD 1 H.O. / Campus Loopback: 10.10.1.2 L2TP Server: 192.168.255.1 •Most standard setup •Same](https://reader030.vdocument.in/reader030/viewer/2022041102/5e34f13c5b005a12a847d107/html5/thumbnails/27.jpg)
CSPE
Layer 2, CAPsMAN forwarding
• Configuration steps – CAPsMAN
– Rates
– Access-list (optional)
– Security
– Channels
– Configuration
– Provisioning
– Manager© 2019 Alain Casault (v1) 27
Why bogus configurations?
With bogus CAP interfaces, you can do an exit survey if you enable them. With the weird and hard to guess password (and no bridge attached), it’s not a security issue!
![Page 28: Titre de certification - MikroTik · –Cisco (CCNA, CCDA) ... Layernetwork 2 CAPsMAN FWD 1 H.O. / Campus Loopback: 10.10.1.2 L2TP Server: 192.168.255.1 •Most standard setup •Same](https://reader030.vdocument.in/reader030/viewer/2022041102/5e34f13c5b005a12a847d107/html5/thumbnails/28.jpg)
CSPE
Layer 2, CAPsMAN forwarding
• Configuration steps – CAPsMAN
– Rates
– Access-list (optional)
– Security
– Channels
– Configuration
– Provisioning
– Manager© 2019 Alain Casault (v1) 28
Enable CAPsMAN
![Page 29: Titre de certification - MikroTik · –Cisco (CCNA, CCDA) ... Layernetwork 2 CAPsMAN FWD 1 H.O. / Campus Loopback: 10.10.1.2 L2TP Server: 192.168.255.1 •Most standard setup •Same](https://reader030.vdocument.in/reader030/viewer/2022041102/5e34f13c5b005a12a847d107/html5/thumbnails/29.jpg)
CSPE
Layer 2, CAPsMAN forwarding
• Configuration steps – CAP
– Give it a name (system identity) and Ptouch it!
– CAP setup
• Enable it
• Specify the wireless interfaces that will be used on the CAPs
• Specify discovery interface
– RoMON (with password) would be a good idea in case of problems
© 2019 Alain Casault (v1) 29
![Page 30: Titre de certification - MikroTik · –Cisco (CCNA, CCDA) ... Layernetwork 2 CAPsMAN FWD 1 H.O. / Campus Loopback: 10.10.1.2 L2TP Server: 192.168.255.1 •Most standard setup •Same](https://reader030.vdocument.in/reader030/viewer/2022041102/5e34f13c5b005a12a847d107/html5/thumbnails/30.jpg)
CSPE
CAP
© 2019 Alain Casault (v1) 30
![Page 31: Titre de certification - MikroTik · –Cisco (CCNA, CCDA) ... Layernetwork 2 CAPsMAN FWD 1 H.O. / Campus Loopback: 10.10.1.2 L2TP Server: 192.168.255.1 •Most standard setup •Same](https://reader030.vdocument.in/reader030/viewer/2022041102/5e34f13c5b005a12a847d107/html5/thumbnails/31.jpg)
CSPE
Layer 2, CAPsMAN forwarding
Speedtest
CAP interfaces
© 2019 Alain Casault (v1) 31
![Page 32: Titre de certification - MikroTik · –Cisco (CCNA, CCDA) ... Layernetwork 2 CAPsMAN FWD 1 H.O. / Campus Loopback: 10.10.1.2 L2TP Server: 192.168.255.1 •Most standard setup •Same](https://reader030.vdocument.in/reader030/viewer/2022041102/5e34f13c5b005a12a847d107/html5/thumbnails/32.jpg)
CSPE
LAYER 3, CAPSMAN FORWARDING (REMOTE CAP)
Second scenario
32© 2019 Alain Casault (v1)
![Page 33: Titre de certification - MikroTik · –Cisco (CCNA, CCDA) ... Layernetwork 2 CAPsMAN FWD 1 H.O. / Campus Loopback: 10.10.1.2 L2TP Server: 192.168.255.1 •Most standard setup •Same](https://reader030.vdocument.in/reader030/viewer/2022041102/5e34f13c5b005a12a847d107/html5/thumbnails/33.jpg)
CSPE
Layer 3, CAPsMAN forwarding (remote CAP)
© 2019 Alain Casault (v1) 33
• Same setup, minor differences
• Remote CAPs use an IP address instead of multicast traffic to reach CAPsMAN
• Home workers and remote office workers use the same parameters for their wireless devices for true mobility
• Same corporate network access rules are applied to all as if they were located in the H.O.
![Page 34: Titre de certification - MikroTik · –Cisco (CCNA, CCDA) ... Layernetwork 2 CAPsMAN FWD 1 H.O. / Campus Loopback: 10.10.1.2 L2TP Server: 192.168.255.1 •Most standard setup •Same](https://reader030.vdocument.in/reader030/viewer/2022041102/5e34f13c5b005a12a847d107/html5/thumbnails/34.jpg)
CSPE
Layer 3, CAPsMAN forwarding (remote CAP)
© 2019 Alain Casault (v1) 34
• CAP is on different subnet
Internet
Home / remote office
Internet
CAP1
SimulateInternet /
Private L3 links
CAPsMAN
10
9
172.16.0.0/21Layer 2
CAPsMAN FWD
2
1
CAP2
1
3
172.16.0.0/21Layer 3
CAPsMAN FWD
H.O. / Campus
1
L2TP
L2TP
Loopback: 10.10.1.2L2TP Server: 192.168.255.1
Internet Sim.: 10.0.0.0/24
![Page 35: Titre de certification - MikroTik · –Cisco (CCNA, CCDA) ... Layernetwork 2 CAPsMAN FWD 1 H.O. / Campus Loopback: 10.10.1.2 L2TP Server: 192.168.255.1 •Most standard setup •Same](https://reader030.vdocument.in/reader030/viewer/2022041102/5e34f13c5b005a12a847d107/html5/thumbnails/35.jpg)
CSPE
Layer 3, CAPsMAN forwarding (remote CAP)
• CAPsMAN
– Provisioning rule for the remote CAP, THAT’S IT!
© 2019 Alain Casault (v1) 35
![Page 36: Titre de certification - MikroTik · –Cisco (CCNA, CCDA) ... Layernetwork 2 CAPsMAN FWD 1 H.O. / Campus Loopback: 10.10.1.2 L2TP Server: 192.168.255.1 •Most standard setup •Same](https://reader030.vdocument.in/reader030/viewer/2022041102/5e34f13c5b005a12a847d107/html5/thumbnails/36.jpg)
CSPE
Layer 3, CAPsMAN forwarding (remote CAP)
• Configuration steps – CAP
– Give it a name (system identity) and Ptouch it!
– CAP
• Enable CAP
• Specify the wireless interfaces that will be CAPs
• Specify CAPsMAN IP address instead of discovery interface
– RoMON (with password) would be a good idea in case of problems
– DHCP-client on an Ethernet interface
• With default route
– Create L2TP tunnel to H.O.
© 2019 Alain Casault (v1) 36
![Page 37: Titre de certification - MikroTik · –Cisco (CCNA, CCDA) ... Layernetwork 2 CAPsMAN FWD 1 H.O. / Campus Loopback: 10.10.1.2 L2TP Server: 192.168.255.1 •Most standard setup •Same](https://reader030.vdocument.in/reader030/viewer/2022041102/5e34f13c5b005a12a847d107/html5/thumbnails/37.jpg)
CSPE
CAP
© 2019 Alain Casault (v1) 37
![Page 38: Titre de certification - MikroTik · –Cisco (CCNA, CCDA) ... Layernetwork 2 CAPsMAN FWD 1 H.O. / Campus Loopback: 10.10.1.2 L2TP Server: 192.168.255.1 •Most standard setup •Same](https://reader030.vdocument.in/reader030/viewer/2022041102/5e34f13c5b005a12a847d107/html5/thumbnails/38.jpg)
CSPE
Layer 3, CAPsMAN forwarding (remote CAP)
Speedtest
CAP interfaces
© 2019 Alain Casault (v1) 38
![Page 39: Titre de certification - MikroTik · –Cisco (CCNA, CCDA) ... Layernetwork 2 CAPsMAN FWD 1 H.O. / Campus Loopback: 10.10.1.2 L2TP Server: 192.168.255.1 •Most standard setup •Same](https://reader030.vdocument.in/reader030/viewer/2022041102/5e34f13c5b005a12a847d107/html5/thumbnails/39.jpg)
CSPE
LAYER 3, LOCAL FORWARDING (REMOTE CAP)Third scenario
39© 2019 Alain Casault (v1)
![Page 40: Titre de certification - MikroTik · –Cisco (CCNA, CCDA) ... Layernetwork 2 CAPsMAN FWD 1 H.O. / Campus Loopback: 10.10.1.2 L2TP Server: 192.168.255.1 •Most standard setup •Same](https://reader030.vdocument.in/reader030/viewer/2022041102/5e34f13c5b005a12a847d107/html5/thumbnails/40.jpg)
CSPE
Layer 3, Local forwarding (remote CAP)
© 2019 Alain Casault (v1) 40
• More elaborate setup
• Remote CAPs use an IP address to reach CAPsMAN
![Page 41: Titre de certification - MikroTik · –Cisco (CCNA, CCDA) ... Layernetwork 2 CAPsMAN FWD 1 H.O. / Campus Loopback: 10.10.1.2 L2TP Server: 192.168.255.1 •Most standard setup •Same](https://reader030.vdocument.in/reader030/viewer/2022041102/5e34f13c5b005a12a847d107/html5/thumbnails/41.jpg)
CSPE
Layer 3, Local forwarding (remote CAP)
© 2019 Alain Casault (v1) 41
• Good setup for managed services but :
– Wireless parameters must vary per client (SSID & Security)
• Client traffic is left on the LOCAL network
– CAPsMAN never sees client traffic
![Page 42: Titre de certification - MikroTik · –Cisco (CCNA, CCDA) ... Layernetwork 2 CAPsMAN FWD 1 H.O. / Campus Loopback: 10.10.1.2 L2TP Server: 192.168.255.1 •Most standard setup •Same](https://reader030.vdocument.in/reader030/viewer/2022041102/5e34f13c5b005a12a847d107/html5/thumbnails/42.jpg)
CSPE
Layer 3, Local forwarding (remote CAP)
© 2019 Alain Casault (v1) 42
• CAP is on different subnet
Internet
Home / remote office
Hosted services client
Internet
CAP1
SimulateInternet /
Private L3 links
CAPsMAN
10
9
172.16.0.0/21Layer 2
CAPsMAN FWD
2
1
CAP2
1
CAP3
1
3
172.16.0.0/21Layer 3
CAPsMAN FWD
192.168.0.0/21Layer 3
Local FWD
H.O. / Campus
1
L2TP
L2TP
Loopback: 10.10.1.2L2TP Server: 192.168.255.1
Internet Sim.: 10.0.0.0/24
![Page 43: Titre de certification - MikroTik · –Cisco (CCNA, CCDA) ... Layernetwork 2 CAPsMAN FWD 1 H.O. / Campus Loopback: 10.10.1.2 L2TP Server: 192.168.255.1 •Most standard setup •Same](https://reader030.vdocument.in/reader030/viewer/2022041102/5e34f13c5b005a12a847d107/html5/thumbnails/43.jpg)
CSPE
Layer 3, Local forwarding (remote CAP)
• Keep in mind that this router is your client’s home router, not just a CAP
• Configuration steps – CAP
– Full layer 3 configuration, including :
• All bridges and VLANs (I use software VLANs)
• IP addresses (bridges & WAN port)
• A default gateway for Internet access
• Firewall filters
© 2019 Alain Casault (v1) 43
![Page 44: Titre de certification - MikroTik · –Cisco (CCNA, CCDA) ... Layernetwork 2 CAPsMAN FWD 1 H.O. / Campus Loopback: 10.10.1.2 L2TP Server: 192.168.255.1 •Most standard setup •Same](https://reader030.vdocument.in/reader030/viewer/2022041102/5e34f13c5b005a12a847d107/html5/thumbnails/44.jpg)
CSPE
Layer 3, Local forwarding (remote CAP)
• CAPsMAN
– “Configuration” rules and one “Security” profile for each client
• Config rules : Channels (up to 3 x 802.11n, 4 x 802.11ac) + SSID
• Copy and modify existing ones
– One “Provisioning” rule per client CAP
– THAT’S IT!
© 2019 Alain Casault (v1) 44
![Page 45: Titre de certification - MikroTik · –Cisco (CCNA, CCDA) ... Layernetwork 2 CAPsMAN FWD 1 H.O. / Campus Loopback: 10.10.1.2 L2TP Server: 192.168.255.1 •Most standard setup •Same](https://reader030.vdocument.in/reader030/viewer/2022041102/5e34f13c5b005a12a847d107/html5/thumbnails/45.jpg)
CSPE
CAPsMAN (Configuration)
© 2019 Alain Casault (v1) 45
![Page 46: Titre de certification - MikroTik · –Cisco (CCNA, CCDA) ... Layernetwork 2 CAPsMAN FWD 1 H.O. / Campus Loopback: 10.10.1.2 L2TP Server: 192.168.255.1 •Most standard setup •Same](https://reader030.vdocument.in/reader030/viewer/2022041102/5e34f13c5b005a12a847d107/html5/thumbnails/46.jpg)
CSPE
Layer 3, Local forwarding (remote CAP)
• Configuration steps – CAP
– Enable it
– Specify the wireless interfaces that will be CAPs
– Specify CAPsMAN IP address instead of discovery interface
– Specify the bridge into which CAP interfaces will be assigned
© 2019 Alain Casault (v1) 46
![Page 47: Titre de certification - MikroTik · –Cisco (CCNA, CCDA) ... Layernetwork 2 CAPsMAN FWD 1 H.O. / Campus Loopback: 10.10.1.2 L2TP Server: 192.168.255.1 •Most standard setup •Same](https://reader030.vdocument.in/reader030/viewer/2022041102/5e34f13c5b005a12a847d107/html5/thumbnails/47.jpg)
CSPE
CAP (Local forwarding)
© 2019 Alain Casault (v1) 47
![Page 48: Titre de certification - MikroTik · –Cisco (CCNA, CCDA) ... Layernetwork 2 CAPsMAN FWD 1 H.O. / Campus Loopback: 10.10.1.2 L2TP Server: 192.168.255.1 •Most standard setup •Same](https://reader030.vdocument.in/reader030/viewer/2022041102/5e34f13c5b005a12a847d107/html5/thumbnails/48.jpg)
CSPE
Layer 3, Local forwarding (remote CAP)
Speedtest
CAP interfaces
© 2019 Alain Casault (v1) 48
![Page 49: Titre de certification - MikroTik · –Cisco (CCNA, CCDA) ... Layernetwork 2 CAPsMAN FWD 1 H.O. / Campus Loopback: 10.10.1.2 L2TP Server: 192.168.255.1 •Most standard setup •Same](https://reader030.vdocument.in/reader030/viewer/2022041102/5e34f13c5b005a12a847d107/html5/thumbnails/49.jpg)
CSPE
Conclusion
CAPsMAN offers all the options to address most if not all of our needs
© 2019 Alain Casault (v1) 49
![Page 50: Titre de certification - MikroTik · –Cisco (CCNA, CCDA) ... Layernetwork 2 CAPsMAN FWD 1 H.O. / Campus Loopback: 10.10.1.2 L2TP Server: 192.168.255.1 •Most standard setup •Same](https://reader030.vdocument.in/reader030/viewer/2022041102/5e34f13c5b005a12a847d107/html5/thumbnails/50.jpg)
CSPE
Remember me for your training needs
50© 2019 Alain Casault (v1)
OK, maybe not for him.But for you, our classes will help you
get the max out of your MikroTik routers!
Training given by Mr. Alain Casault, Eng. MTCNA, MTCRE, MTCWEMikroTik certified trainer
http://[email protected]
![Page 51: Titre de certification - MikroTik · –Cisco (CCNA, CCDA) ... Layernetwork 2 CAPsMAN FWD 1 H.O. / Campus Loopback: 10.10.1.2 L2TP Server: 192.168.255.1 •Most standard setup •Same](https://reader030.vdocument.in/reader030/viewer/2022041102/5e34f13c5b005a12a847d107/html5/thumbnails/51.jpg)
CSPE
Thank you!
© 2019 Alain Casault (v1) 51
Questions, eh?
![Page 52: Titre de certification - MikroTik · –Cisco (CCNA, CCDA) ... Layernetwork 2 CAPsMAN FWD 1 H.O. / Campus Loopback: 10.10.1.2 L2TP Server: 192.168.255.1 •Most standard setup •Same](https://reader030.vdocument.in/reader030/viewer/2022041102/5e34f13c5b005a12a847d107/html5/thumbnails/52.jpg)
CSPE
END OF THE “CAPSMAN” PRESENTATION
52© 2019 Alain Casault (v1)