Professional Documents
Culture Documents
CAPsMAN Real-Life Scenarios
CAPsMAN Real-Life Scenarios
CAPsMAN
Real-life scenarios
Markham, ON, Canada
September 2019
More bla bla bla before raffle and drinks; let’s have fun!
INTRODUCTION
Main router
– Maybe walk around the site for configuration
changes
Internet
Main router
CAPsMAN /
– Centralized client management
– Automatic ROS upgrades (If so configured)
• Nothing (so far) for firmware
– Fast & simple: Stay behind your keyboard to
make changes and manage clients
• (Efficient=pay raise… maybe)
Internet
• Layer 2 campus
– L2, CAPsMAN forwarding
Internet
Internet
Home office
• Managed clients
– Local forwarding (L3)
Layer 2 Campus
CAPsMAN scenarios
Internet
172.16.0.0/21
Layer 2
10 1
CAPsMAN FWD
Loopback: 10.10.1.2
9
L2TP Server: 192.168.255.1
CAPsMAN CAP1
L2TP
Home / remote office
L2TP
172.16.0.0/21
Internet2
1 1
Layer 3
CAPsMAN FWD
3
Simulate CAP2
Internet / Internet Sim.: 10.0.0.0/24
Private L3 links
Hosted services client
192.168.0.0/21
Layer 3
1
Local FWD
CAP3
• Notes
CAPsMAN CAP1
– Security
– Channels
– Configuration
– Provisioning
– Manager
© 2019 Alain Casault (v1) CSPE 18
CAPsMAN (Security)
Datapath
Security
Wireless
Channel
Bridge:
Rates
SSID:
– Configuration
– Provisioning
– Manager
© 2019 Alain Casault (v1) CSPE 22
CAPsMAN (Configuration)
2nd Wi-Fi
More Wi-Fi
address
1st Wi-Fi
– Configuration
format
configs?
config
config
MAC
Name
(opt)
– Provisioning
– Manager
© 2019 Alain Casault (v1) CSPE 24
Layer 2, CAPsMAN forwarding
Speedtest
CAP interfaces
L2TP
Home / remote office
L2TP
172.16.0.0/21
Internet2
1 1
Layer 3
CAPsMAN FWD
3
Simulate CAP2
Internet / Internet Sim.: 10.0.0.0/24
Private L3 links
• CAPsMAN
– Provisioning rule for the remote CAP, THAT’S IT!
Speedtest
CAP interfaces
subnet Internet
10 1
172.16.0.0/21
Layer 2
CAPsMAN FWD
Loopback: 10.10.1.2
9
L2TP Server: 192.168.255.1
CAPsMAN CAP1
L2TP
Home / remote office
L2TP
172.16.0.0/21
Internet2
1 1
Layer 3
CAPsMAN FWD
3
Simulate CAP2
Internet / Internet Sim.: 10.0.0.0/24
Private L3 links
Hosted services client
192.168.0.0/21
Layer 3
1
Local FWD
CAP3
• Keep in mind that this router is your client’s home router, not
just a CAP
• Configuration steps – CAP
– Full layer 3 configuration, including :
• All bridges and VLANs (I use software VLANs)
• IP addresses (bridges & WAN port)
• A default gateway for Internet access
• Firewall filters
• CAPsMAN
– “Configuration” rules and one “Security” profile for each client
• Config rules : Channels (up to 3 x 802.11n, 4 x 802.11ac) + SSID
• Copy and modify existing ones
– One “Provisioning” rule per client CAP
– THAT’S IT!
Speedtest
CAP interfaces
http://alaincasault.com
casault.alain@educationhmo.com
Questions, eh?