Implement CAPsMAN Support for Wireless Networks

[jonathanio]

As a Network Engineer,
I want to be able to configure CAPsMAN and link Access Points,
So that we can build and deploy a resilient wireless network.

Description

Currently, all networking configured is of the physical type (i.e., ethernet or sfp), but a wireless network is an important requirement. We need a way to set up CAPsMAN with the required certificates, link any access points, and configure the required wireless networks.

Notes

Do we want to combine all certificate exports into a single export?

Acceptance Criteria

• Create the Intermediate CA Certificate for CAPsMAN and the Server Certificate.
• Create the Client Certificates for each of the Access Points.
• Create the template for configuring CAPsMAN on the management node and any required DNS entries.
• Create the template for configuring access points with the client certificate and link to CAPsMAN.
• Detech CAPsMAN management of wireless interfaces to bypass updates to some settings.
• Create the export type for configuring certificates on a host.

[jonathanio]

[jonathan@ap1] /interface/wireless> print
Flags: X - disabled; R - running
 0 X  ;;; Unused
      ;;; managed by CAPsMAN
      ;;; channel: 2447/20-eC/gn(28dBm), SSID: , CAPsMAN forwarding
      name="wfi24" mtu=1500 l2mtu=1600 mac-address=xx:xx:xx:xx:xx:xx arp=enabled interface-type=IPQ4019
      mode=station ssid="MikroTik" frequency=2412 band=2ghz-b/g channel-width=20mhz secondary-frequency=""
      scan-list=default wireless-protocol=any vlan-mode=no-tag vlan-id=1 wds-mode=disabled
      wds-default-bridge=none wds-ignore-ssid=no bridge-mode=enabled default-authentication=yes
      default-forwarding=yes default-ap-tx-limit=0 default-client-tx-limit=0 hide-ssid=no
      security-profile=default compression=no

 1 X  ;;; Unused
      ;;; managed by CAPsMAN
      ;;; channel: 5785/20-eeCe/ac(27dBm), SSID: , CAPsMAN forwarding
      name="wfi50" mtu=1500 l2mtu=1600 mac-address=xx:xx:xx:xx:xx:xx arp=enabled interface-type=IPQ4019
      mode=station ssid="MikroTik" frequency=5180 band=5ghz-a channel-width=20mhz secondary-frequency=""
      scan-list=default wireless-protocol=any vlan-mode=no-tag vlan-id=1 wds-mode=disabled
      wds-default-bridge=none wds-ignore-ssid=no bridge-mode=enabled default-authentication=yes
      default-forwarding=yes default-ap-tx-limit=0 default-client-tx-limit=0 hide-ssid=no
      security-profile=default compression=no
[jonathan@ap1] /interface/wireless> cap/
[jonathan@ap1] /interface/wireless/cap> print
                            enabled: yes
                         interfaces: wfi24,wfi50
                        certificate: request
                   lock-to-caps-man: yes
               discovery-interfaces: bri01.10
                 caps-man-addresses: 172.27.2.1
                     caps-man-names: capsman
  caps-man-certificate-common-names:
                             bridge: bri01
                     static-virtual: no
              requested-certificate: CAP-XXXXXXXXXXXX
        locked-caps-man-common-name: CAPsMAN-XXXXXXXXXXXX
[jonathan@ap1] /interface/wireless/cap> /import network.rsc

╶─╴RouterOS Configuration Script ╶─────────────────────────────────────╴

    Host: ap1
  Export: Network Update Script
    Date: 2023-10-03T23:21:41+01:00
  Run ID: 268165

This script will reset and/or (re)configure resources for the network
update on the above host. If this is not the correct host, or this is not
the intended action, please cancel this script now!

╶──> Starting the Script...
╶──> Set up Physical Interfaces
 ╶─> Configure the Interfaces
  ╶> gbe01
  ╶> gbe02
  ╶> wfi24
failure: interface managed by CAPsMAN

Based on the above configuration during testing, the management of the physical interface setup will need to consider if a wireless interface is within the list of interfaces from /interface/wireless/cap and adjust what settings are updated accordingly.