docs: update configs after CAP recovery and roms share setup
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
- 07-WIFI-CAPSMAN: CAP both radios working, access list no VLAN assignment - 01-NETWORK-MAP: fix CAP IP .6→.2, add Nobara and SMB shares section - 04-HARDWARE-INVENTORY: CAP SSH/version details, add Recalbox device - 06-VLAN-DEVICE-ASSIGNMENT: add Nobara (VLAN 10), Recalbox (VLAN 25) - 03-SERVICES-OTHER: add Roms SMB share section with mount details - CHANGELOG: add 2026-02-14 entries Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Kaloyan Danchev
@@ -1,6 +1,6 @@
|
||||
# WiFi and CAPsMAN Configuration
|
||||
|
||||
**Last Updated:** 2026-02-02
|
||||
**Last Updated:** 2026-02-14
|
||||
**Purpose:** Document WiFi network settings, CAPsMAN configuration, and device compatibility requirements
|
||||
|
||||
---
|
||||
@@ -104,41 +104,40 @@ If devices still can't connect, use WPA-only with TKIP-only:
|
||||
|---------|-------|
|
||||
| caps-man-addresses | 192.168.10.1 |
|
||||
| certificate | request |
|
||||
| RouterOS | 7.21.1 |
|
||||
| SSH Port | 2222 |
|
||||
| SSH | `ssh -i ~/.ssh/mikrotik_key -p 2222 xtrm@192.168.10.2` |
|
||||
|
||||
**Note:** CAP was factory reset on 2026-02-13. CAPsMAN certificate was regenerated and CAP re-enrolled with `certificate=request`.
|
||||
|
||||
### CAP Interfaces
|
||||
|
||||
| Interface | Radio | Band | SSID | Status |
|
||||
|-----------|-------|------|------|--------|
|
||||
| cap-wifi1 | wifi1 | 2.4GHz | XTRM2 | Working |
|
||||
| cap-wifi2 | wifi2 | 5GHz | XTRM | Channel issues (disabled) |
|
||||
| Interface | Radio | Band | SSID | Security | Status |
|
||||
|-----------|-------|------|------|----------|--------|
|
||||
| cap-wifi1 | wifi1 | 2.4GHz | XTRM2 | WPA2-PSK, CCMP | Working |
|
||||
| cap-wifi2 | wifi2 | 5GHz | XTRM | WPA2/WPA3-PSK | Working (Ch 5220, 20/40MHz) |
|
||||
|
||||
### CAP Access List Rule
|
||||
|
||||
CAP clients bypass VLAN assignment (go to VLAN 10):
|
||||
|
||||
```routeros
|
||||
/interface wifi access-list add \
|
||||
interface=cap-wifi1 \
|
||||
action=accept \
|
||||
comment="CAP clients - no VLAN" \
|
||||
place-before=0
|
||||
```
|
||||
**Note:** cap-wifi1 uses cfg-xtrm2 but with WPA2+CCMP only (not WPA+TKIP like the local wifi2). Legacy IoT devices requiring TKIP will only work on HAP1's local wifi2.
|
||||
|
||||
---
|
||||
|
||||
## WiFi Access List (VLAN Assignment)
|
||||
## WiFi Access List
|
||||
|
||||
Devices are assigned to VLANs based on MAC address:
|
||||
**Status:** VLAN assignment via access list is **not active** (rolled back 2026-01-27). All entries use `action=accept` without VLAN ID. Devices get their VLAN via DHCP static leases on the bridge.
|
||||
|
||||
| VLAN | Purpose | Example Devices |
|
||||
|------|---------|-----------------||
|
||||
| 20 | Trusted | MacBooks, iPhones, Samsung phones |
|
||||
| 25 | Kids | Kids devices |
|
||||
| 30 | IoT | Smart home devices, Chromecast, Bosch appliances |
|
||||
| 40 | Catch-All | Unknown devices (default) |
|
||||
**29 entries** configured (MAC-based accept rules + 1 default catch-all):
|
||||
|
||||
### Current Access List
|
||||
| # | MAC | Device | Notes |
|
||||
|---|-----|--------|-------|
|
||||
| 0 | AA:ED:8B:2A:40:F1 | Samsung S25 Ultra - Kaloyan | |
|
||||
| 1 | 82:6D:FB:D9:E0:47 | MacBook Air - Nora | |
|
||||
| 12 | CE:B8:11:EA:8D:55 | MacBook - Kaloyan | |
|
||||
| 13 | BE:A7:95:87:19:4A | MacBook 5GHz - Kaloyan | |
|
||||
| 27 | B8:27:EB:32:B2:13 | RecalBox RPi3 | VLAN 25 (Kids) |
|
||||
| 28 | CC:5E:F8:D3:37:D3 | ASUS ROG Ally - Kaloyan | |
|
||||
| 29 | (any) | Default - VLAN40 | Catch-all |
|
||||
|
||||
### Show Full Access List
|
||||
|
||||
```routeros
|
||||
/interface wifi access-list print
|
||||
|
||||
Reference in New Issue
Block a user