diff --git a/docs/03-VLAN-DEVICE-ASSIGNMENT.md b/docs/03-VLAN-DEVICE-ASSIGNMENT.md index 50ec624..01077f8 100644 --- a/docs/03-VLAN-DEVICE-ASSIGNMENT.md +++ b/docs/03-VLAN-DEVICE-ASSIGNMENT.md @@ -1,6 +1,6 @@ # VLAN Device Assignment Map -**Last Updated:** 2026-01-25 +**Last Updated:** 2026-02-01 **Purpose:** Complete inventory of all network devices with VLAN assignments --- @@ -76,10 +76,10 @@ | 192.168.31.116 | 192.168.30.21 | C8:D7:78:40:65:40 | Bosch Dishwasher | Kitchen | Home Connect app | | 192.168.31.117 | 192.168.30.22 | C8:D7:78:D6:DC:FC | Bosch Washer | Kids Bathroom| Home Connect app | | 192.168.31.106 | 192.168.30.31 | 18:DE:50:5B:C8:A6 | Tuya Smart Device | - | OUI: Tuya Smart Inc. | -| 192.168.31.113 | 192.168.30.32 | 38:1F:8D:04:6F:E4 | Tuya Smart Device | - | OUI: Tuya Smart Inc. | +| 192.168.31.113 | 192.168.30.32 | 38:1F:8D:04:6F:E4 | Xiaomi Smart Device | - | OUI: Xiaomi | | 192.168.31.149 | 192.168.30.33 | D4:AD:FC:BE:13:B0 | Tuya Smart Device | - | OUI: Tuya Smart Inc. | | 192.168.31.106 | 192.168.30.34 | 18:DE:50:5B:C8:A6 | Tuya Smart Device | - | OUI: Tuya Smart Inc. | -| 192.168.31.113 | 192.168.30.35| 38:1F:8D:04:6F:E4 | Tuya Smart Device | - | OUI: Tuya Smart Inc. | +| 192.168.31.113 | 192.168.30.35| 38:1F:8D:04:6F:E4 | Xiaomi Smart Device | - | OUI: Xiaomi | | 192.168.31.149 | 192.168.30.38| D4:AD:FC:BE:13:B0 | Shenzhen Intellirocks | - | Smart Device | | 192.168.31.101 | 192.168.30.39 | C8:5C:CC:52:EA:53 | Xiaomi Air Purifier | - | Mi Home app | --- @@ -162,7 +162,7 @@ C8:D7:78:D6:DC:FC Bosch Washer C8:D7:78:40:65:40 Bosch Dishwasher 50:2C:C6:7A:55:39 GREE Appliance 18:DE:50:5B:C8:A6 Tuya Device 1 -38:1F:8D:04:6F:E4 Tuya Device 2 +38:1F:8D:04:6F:E4 Xiaomi Smart Device D4:AD:FC:BE:13:B0 Intellirocks Device ``` @@ -209,7 +209,7 @@ D0:C9:07:8C:C9:46 Private Vendor 2 | DC:03:98 | LG Innotek | TV/Displays (WiFi) | | 50:2C:C6 | GREE Electric Appliances (Zhuhai) | AC/Appliances | | 18:DE:50 | Tuya Smart Inc. | IoT Platform | -| 38:1F:8D | Tuya Smart Inc. | IoT Platform | +| 38:1F:8D | Xiaomi | Smart Home Devices | | D4:AD:FC | Shenzhen Intellirocks Tech | Smart Devices | | AC:87:A3 | Apple Inc. | Consumer Electronics | | D0:C9:07 | Private (IEEE hidden) | Unknown | @@ -235,7 +235,7 @@ D0:C9:07:8C:C9:46 Private Vendor 2 |------|----|---------| | 30 (IoT) | 192.168.31.139 | GREE Air Conditioner | | 30 (IoT) | 192.168.31.106 | Tuya Smart Device #1 | -| 30 (IoT) | 192.168.31.113 | Tuya Smart Device #2 | +| 30 (IoT) | 192.168.31.113 | Xiaomi Smart Device | | 30 (IoT) | 192.168.31.149 | Shenzhen Intellirocks Smart Device | | 50 (Guest) | 192.168.31.15 | Apple device (unknown owner) | | 50 (Guest) | 192.168.31.142 | Privacy MAC device | diff --git a/docs/19-WIFI-CAPSMAN-CONFIG.md b/docs/19-WIFI-CAPSMAN-CONFIG.md new file mode 100644 index 0000000..c8d6010 --- /dev/null +++ b/docs/19-WIFI-CAPSMAN-CONFIG.md @@ -0,0 +1,200 @@ +# WiFi and CAPsMAN Configuration + +**Last Updated:** 2026-02-01 +**Purpose:** Document WiFi network settings, CAPsMAN configuration, and device compatibility requirements + +--- + +## Network Overview + +| SSID | Band | Purpose | Password | +|------|------|---------|----------| +| XTRM | 5GHz | Primary network (fast devices) | `M0stW4nt3d@home` | +| XTRM2 | 2.4GHz | IoT/Legacy devices | `M0stW4nt3d@IoT` | + +--- + +## XTRM (5GHz) - wifi1 + +**Target:** Modern devices (phones, laptops, tablets) + +| Setting | Value | +|---------|-------| +| SSID | XTRM | +| Band | 5GHz | +| Mode | 802.11ax (WiFi 6) | +| Channel | Auto (DFS enabled) | +| Width | 80MHz | +| Security | WPA2-PSK + WPA3-PSK | +| Cipher | CCMP (AES) | +| 802.11r (FT) | Enabled | +| Password | `M0stW4nt3d@home` | + +--- + +## XTRM2 (2.4GHz) - wifi2 + +**Target:** IoT devices, legacy devices, smartwatches + +### CRITICAL COMPATIBILITY REQUIREMENTS + +Some devices (Tuya JMWZG1 gateway, Amazfit TREX3, iPad 2) require legacy settings: + +| Setting | Value | Reason | +|---------|-------|--------| +| SSID | XTRM2 | | +| Band | 2.4GHz | IoT compatibility | +| Mode | **802.11g** | Legacy device support | +| Channel | **1 (2412 MHz)** | Most compatible | +| Width | **20MHz** | Required for old devices | +| Security | **WPA-PSK + WPA2-PSK** | WPA needed for legacy | +| Cipher | **TKIP + CCMP** | TKIP required for old devices | +| 802.11r (FT) | **Disabled** | Causes issues with IoT | +| Password | `M0stW4nt3d@IoT` | | + +### Devices Requiring WPA + TKIP + +| Device | MAC Address | Model | Notes | +|--------|-------------|-------|-------| +| Amazfit TREX3 | TBD | Smartwatch | Requires WPA+TKIP | +| Tuya Smart Gateway | TBD | JMWZG1 | Requires WPA+TKIP | +| iPad 2 | TBD | A1395/A1396 | Legacy device | + +### RouterOS Commands for XTRM2 + +```routeros +# Working configuration for legacy devices +/interface wifi set wifi2 \ + channel.frequency=2412 \ + channel.band=2ghz-g \ + channel.width=20mhz \ + security.authentication-types=wpa-psk,wpa2-psk \ + security.encryption=tkip,ccmp \ + security.ft=no \ + security.ft-over-ds=no \ + security.passphrase="M0stW4nt3d@IoT" +``` + +### Fallback (Maximum Compatibility) + +If devices still can't connect, use WPA-only with TKIP-only: + +```routeros +/interface wifi set wifi2 \ + security.authentication-types=wpa-psk \ + security.encryption=tkip +``` + +--- + +## CAPsMAN Configuration + +### Manager (HAP ax³ - 192.168.10.1) + +| Setting | Value | +|---------|-------| +| Enabled | Yes | +| Interfaces | bridge, vlan10-mgmt | +| Certificate | Auto-generated | + +### CAP Device (CAP XL ac - 192.168.10.2) + +| Setting | Value | +|---------|-------| +| caps-man-addresses | 192.168.10.1 | +| certificate | request | +| SSH Port | 2222 | + +### CAP Interfaces + +| Interface | Radio | Band | SSID | Status | +|-----------|-------|------|------|--------| +| cap-wifi1 | wifi1 | 2.4GHz | XTRM2 | Working | +| cap-wifi2 | wifi2 | 5GHz | XTRM | Channel issues (disabled) | + +### CAP Access List Rule + +CAP clients bypass VLAN assignment (go to VLAN 10): + +```routeros +/interface wifi access-list add \ + interface=cap-wifi1 \ + action=accept \ + comment="CAP clients - no VLAN" \ + place-before=0 +``` + +--- + +## WiFi Access List (VLAN Assignment) + +Devices are assigned to VLANs based on MAC address: + +| VLAN | Purpose | Example Devices | +|------|---------|-----------------|| +| 20 | Trusted | MacBooks, iPhones, Samsung phones | +| 25 | Kids | Kids devices | +| 30 | IoT | Smart home devices, Chromecast, Bosch appliances | +| 40 | Catch-All | Unknown devices (default) | + +### Current Access List + +```routeros +/interface wifi access-list print +``` + +--- + +## Troubleshooting + +### Device can see XTRM2 but can't connect + +1. Check security settings - device may need WPA (not WPA2) +2. Check cipher - device may need TKIP (not CCMP/AES) +3. Try 802.11g mode instead of 802.11n +4. Use channel 1, 6, or 11 + +### Device connects but disconnects immediately + +1. Check if 802.11r (Fast Transition) is disabled +2. Check VLAN assignment - CAP clients need special rule +3. Check channel width - use 20MHz for stability + +### CAP not connecting to CAPsMAN + +1. Check certificate - remove old cert and re-request +2. Check firewall - ports 5246-5247 UDP must be open +3. Check interface binding - CAPsMAN must listen on correct interface + +--- + +## Backup Files + +| File | Location | Purpose | +|------|----------|---------| +| wifi-backup-working.rsc | Router files | WiFi config export | +| config-backup-working.backup | Router files | Full system backup | + +--- + +## Quick Reference + +### Show WiFi status +```routeros +/interface wifi print +/interface wifi monitor wifi2 once +/interface wifi registration-table print +``` + +### Show security settings +```routeros +/interface wifi security print detail +:put [/interface wifi get wifi2 security.authentication-types] +:put [/interface wifi get wifi2 security.encryption] +``` + +### Check CAPsMAN +```routeros +/interface wifi capsman print +/interface wifi capsman remote-cap print +```