Mikrotik v7
Model: CHR, Software: RouterOS 7.6
NACVIEW_SERV - NACVIEW IP server address (standalone or VRRP)
RADIUS_KEY - RADIUS communication key
SW_IP - IP switch address
SNMP_SECRET - SNMP v2c password
SNMP_AUTH and SNMP_PRIV - SNMP v3 passwords
SNMP_USER and SNMP_GROUP - SNMP user and group
CONF_FILE - config filename (.txt or .cfg)
[admin@CAPSMAN] > /radius/add service=wireless accounting-port=1813 authentication-port=1812 secret=RADIUS_KEY src-address=SW_IP address=NACVIEW_SERV protocol=udp
[admin@CAPSMAN] > /radius/incoming/set accept=yes port=3799
[admin@CAPSMAN] > /caps-man/aaa/set interim-update=00:10:00
[admin@CAPSMAN] > /caps-man/manager/set enabled=yes
[admin@CAPSMAN] > /caps-man/datapath/add name=VLAN_DATAPATH_CAPS bridge=br0 vlan-mode=use-tag vlan-id=DEF_VLAN
[admin@CAPSMAN] > /interface/bridge add name=br0 pvid=DEF_VLAN vlan-filtering=yes
[admin@CAPSMAN] > /interface/vlan add interface=br0 name=MGMT vlan-id=193
[admin@CAPSMAN] > /interface/vlan add interface=br0 name=RTR vlan-id=192
[admin@CAPSMAN] > /interface/bridge/port add bridge=br0 interface=ether1 pvid=193
[admin@CAPSMAN] > /interface/bridge/port add bridge=br0 interface=ether2 pvid=192
[admin@CAPSMAN] > /interface/bridge/vlan add bridge=br0 tagged=br0 vlan-ids=192
[admin@CAPSMAN] > /interface/bridge/vlan add bridge=br0 tagged=br0 vlan-ids=193
[admin@CAPSMAN] > /interface/bridge/vlan add bridge=br0 tagged=br0,ether3 vlan-ids=80
[admin@CAPSMAN] > /interface/bridge/vlan add bridge=br0 tagged=br0,ether3 vlan-ids=96
[admin@CAPSMAN] > /interface/bridge/vlan add bridge=br0 tagged=br0,ether3 vlan-ids=120
[admin@CAPSMAN] > /caps-man/security/add name=EAP authentication-types=wpa2-eap encryption=aes-ccm eap-methods=passthrough eap-radius-accounting=yes
[admin@CAPSMAN] > /caps-man/configuration/add name=EAP mode=ap ssid=EAP_SSID datapath=VLAN_DATAPATH_CAPS security=EAP
[admin@CAPSMAN] > /caps-man/acHP2190ess-list/add action=query-radius disabled=no radius-accounting=yes vlan-mode=use-tag vlan-id=DEF_VLAN ssid-regexp=MAC_SSID
[admin@CAPSMAN] > /caps-man/configuration/add name=MAC mode=ap ssid=MAC_SSID datapath=VLAN_DATAPATH_CAPS
[admin@CAP] > /interface/wireless/cap/set enabled=yes interfaces=wlan2Ghz,wlan5Ghz discovery-interfaces=MGMT caps-man-addresses=10.20.193.21 bridge=br0 static-virtual=yes
[admin@CAPSMAN] > /caps-man/provisioning/add disabled=no action=create-enabled master-configuration=EAP slave-configurations=MAC name-format=cap radio-mac=18:FD:74:57:87:E4
Due to an error in CAPSMAN, manually assign VLANs to CAP interfaces!
[admin@CAPSMAN] > /interface/bridge/vlan/set 3 tagged=br0,ether3,cap1,cap2,cap3 vlan-ids=80
[admin@CAPSMAN] > /interface/bridge/vlan/set 4 tagged=br0,ether3,cap1,cap2,cap3 vlan-ids=96
[admin@CAPSMAN] > /interface/bridge/vlan/set 5 tagged=br0,ether3,cap1,cap2,cap3 vlan-ids=120
[admin@CAPSMAN] > /caps-man/aaa/set interim-update=00:10:00
[admin@CAPSMAN] > /caps-man/manager/set enabled=yes
[admin@CAPSMAN] > /caps-man/datapath/add name=VLAN_DATAPATH_LOCAL bridge=br0 vlan-mode=use-tag vlan-id=DEF_VLAN local-forwarding=yes
[admin@CAP] > /interface/bridge add name=br0 pvid=DEF_VLAN vlan-filtering=yes
[admin@CAP] > /interface/vlan add interface=br0 name=MGMT vlan-id=193
[admin@CAP] > /interface/vlan add interface=br0 name=RTR vlan-id=192
[admin@CAP] > /interface/bridge/port add bridge=br0 interface=ether1 pvid=193
[admin@CAP] > /interface/bridge/port add bridge=br0 interface=ether2 pvid=192
[admin@CAP] > /interface/bridge/vlan add bridge=br0 tagged=br0 vlan-ids=192
[admin@CAP] > /interface/bridge/vlan add bridge=br0 tagged=br0 vlan-ids=193
[admin@CAP] > /interface/bridge/vlan add bridge=br0 tagged=br0,ether3 vlan-ids=80
[admin@CAP] > /interface/bridge/vlan add bridge=br0 tagged=br0,ether3 vlan-ids=96
[admin@CAP] > /interface/bridge/vlan add bridge=br0 tagged=br0,ether3 vlan-ids=120
[admin@CAPSMAN] > /caps-man/security/add name=EAP authentication-types=wpa2-eap encryption=aes-ccm eap-methods=passthrough eap-radius-accounting=yes
[admin@CAPSMAN] > /caps-man/configuration/add name=EAP_LOCAL mode=ap ssid=EAP_SSID datapath=VLAN_DATAPATH_LOCAL security=EAP
[admin@CAPSMAN] > /caps-man/access-list/add action=query-radius disabled=no radius-accounting=yes vlan-mode=use-tag vlan-id=DEF_VLAN ssid-regexp=MAC_SSID
[admin@CAPSMAN] > /caps-man/configuration/add name=MAC_LOCAL mode=ap ssid=MAC_SSID datapath=VLAN_DATAPATH_LOCAL
[admin@CAP] > /interface/wireless/cap/set enabled=yes interfaces=wlan2Ghz,wlan5Ghz discovery-interfaces=MGMT caps-man-addresses=10.20.193.21 bridge=br0 static-virtual=yes
[admin@CAPSMAN] > /caps-man/provisioning/add disabled=no action=create-enabled master-configuration=EAP_LOCAL slave-configurations=MAC_LOCAL name-format=cap radio-mac=18:FD:74:57:87:E5
Due to an error in CAPSMAN, manually assign VLANs to CAP interfaces!
[admin@CAP] > /interface/bridge/vlan/set 3 tagged=br0,ether3,cap4,cap5,cap6 vlan-ids=80
[admin@CAP] > /interface/bridge/vlan/set 4 tagged=br0,ether3,cap4,cap5,cap6 vlan-ids=96
[admin@CAP] > /interface/bridge/vlan/set 5 tagged=br0,ether3,cap4,cap5,cap6 vlan-ids=120
[admin@CAPSMAN] > /snmp/community/add name=SNMP_SECRET security=none read-access=yes write-access=no
[admin@CAPSMAN] > /snmp/set enabled=yes trap-community=SNMP_SECRET src-address=SW_IP trap-version=2 trap-target=NACVIEW_SERV
[admin@CAPSMAN] > /snmp/community/add name=SNMP_USER security=private read-access=yes write-access=no authentication-protocol=SHA1 encryption-protocol=DES authentication-password=SNMP_AUTH encryption-password=SNMP_PRIV
[admin@CAPSMAN] > /snmp/set enabled=yes src-address=SW_IP trap-target=NACVIEW_SERV trap-version=3 trap-community=SNMP_USER
[admin@CAPSMAN] > /system/logging/action/add name="NACVIEW" target=remote remote=NACVIEW_SERV remote-port=514 src-address=SW_IP bsd-syslog=no
[admin@CAPSMAN] > /system/logging/add topics=warning action=NACVIEW
Entered configuration commands at the level of the given menu: export
Configuration at the level of the given menu: print
Equivalent to show running-config: [admin@CAPSMAN] > export
Save configuration to file: [admin@CAPSMAN] > export file=CONF_FILE
Uploading configuration: [admin@CAPSMAN] > import file-name:CONF_FILE