Community discussions

MikroTik App
  4. RouterOS
  5. Wireless Networking

Help! CAPs stop sending beacons and clients cannot associate anymore

Post Reply
 
surumadurum
just joined
Topic Author
Posts: 11
Joined: Wed Sep 17, 2014 3:22 pm

Help! CAPs stop sending beacons and clients cannot associate anymore

Sat Sep 03, 2016 1:06 pm

Hi,

I've been using CAPsMAN for almost 3 years now without major issues.
Now the interfaces kindof "get stuck" from time to time, meaning that clients get disconnected and cannot see the SSIDs anymore.

Then I remove the interfaces in CAPsMAN and Provision again and it's running again.
This is happening lately 3 or 4 times a day, or even quicker (I just resetted and did it half an hour ago).

I can see that when a CAP "got stuck" it's not displaying L2-MTU=1600 anymore, but is showing no value there.

What I changed before it first happened: I changed from "create enabled" to "create dynamic enabled", but already changed back now. Problem persists.

Idea anyone? This is in a productive environment and really a problem :/

Here's my config:
Active CAPsMAN Configuration is cfg_XXX_wlan and cfg_XXX_WLAN_guest

Thanks!
----
Code: Select all

# sep/03/2016 11:56:26 by RouterOS 6.36
# software id = 3RMU-L247
#
/caps-man channel
add extension-channel=disabled name=width20 width=20
add frequency=2412 name=channel1
add frequency=2437 name=channel6
add frequency=2462 name=channel11
/interface bridge
add disabled=yes name=artist_net
add mtu=1500 name=bridge1 protocol-mode=none
add disabled=yes name=bridge2
add disabled=yes name=camera_net
add name=guest_net protocol-mode=none
add disabled=yes name=office_net
/interface ethernet
set [ find default-name=ether1 ] name=e1-wan
set [ find default-name=ether2 ] name=e2-kasse
set [ find default-name=ether3 ] master-port=e2-kasse name=\
    e3-link-office-backbone
set [ find default-name=ether4 ] master-port=e2-kasse name=e4-nas
set [ find default-name=ether6 ] master-port=e2-kasse name=e6-server
set [ find default-name=ether5 ] master-port=e2-kasse
set [ find default-name=ether7 ] master-port=e2-kasse
set [ find default-name=ether8 ] master-port=e2-kasse
set [ find default-name=ether9 ] master-port=e2-kasse
set [ find default-name=ether10 ] master-port=e2-kasse
set [ find default-name=ether11 ] master-port=e2-kasse
set [ find default-name=ether12 ] master-port=e2-kasse
set [ find default-name=ether13 ] master-port=e2-kasse
set [ find default-name=ether14 ] master-port=e2-kasse
set [ find default-name=ether15 ] master-port=e2-kasse
set [ find default-name=ether16 ] master-port=e2-kasse
set [ find default-name=ether17 ] master-port=e2-kasse
set [ find default-name=ether18 ] master-port=e2-kasse
set [ find default-name=ether19 ] master-port=e2-kasse
set [ find default-name=ether20 ] master-port=e2-kasse
set [ find default-name=ether21 ] master-port=e2-kasse
set [ find default-name=ether22 ] master-port=e2-kasse
set [ find default-name=ether23 ] master-port=e2-kasse
set [ find default-name=ether24 ] master-port=e2-kasse
/interface vlan
add disabled=yes interface=guest_net name=vlan_guest vlan-id=10
/caps-man configuration
add channel.band=2ghz-b country=germany datapath.bridge=camera_net hide-ssid=\
    no mode=ap name=cfg_camera ssid=camera
/caps-man security
add authentication-types=wpa-psk,wpa2-psk encryption=aes-ccm,tkip name=\
    sec_XXX passphrase=XXX
add authentication-types=wpa-psk,wpa2-psk encryption=aes-ccm,tkip name=\
    sec_artists passphrase=XXX
add authentication-types=wpa-psk,wpa2-psk encryption=aes-ccm,tkip name=\
    sec_guest passphrase=XXX
/caps-man configuration
add datapath.bridge=bridge1 mode=ap name=cfg_XXX_wlan security=\
    sec_XXX ssid=XXX
add datapath.bridge=guest_net mode=ap name=cfg_XXX_WLAN_guest security=\
    sec_guest ssid=XXXEmployees
add channel.band=5ghz-a/n/ac country=germany datapath.bridge=bridge1 mode=ap \
    multicast-helper=full name=cfg_XXX_5G security=sec_XXX ssid=\
    XXX
add channel=channel6 country=germany datapath.bridge=bridge1 mode=ap \
    multicast-helper=full name=cfg_XXX_wlan_ch06 security=sec_XXX \
    ssid=XXX
add channel=channel11 country=germany datapath.bridge=bridge1 mode=ap \
    multicast-helper=full name=cfg_XXX_wlan_ch11 security=sec_XXX \
    ssid=XXX
/caps-man interface
add configuration=cfg_XXX_wlan disabled=no l2mtu=1600 mac-address=\
    4C:5E:0C:A0:38:09 master-interface=none name=WLAN-Bar-05Uhr-1 radio-mac=\
    4C:5E:0C:A0:38:09
add configuration=cfg_XXX_WLAN_guest disabled=no l2mtu=1600 mac-address=\
    4E:5E:0C:A0:38:09 master-interface=WLAN-Bar-05Uhr-1 name=\
    WLAN-Bar-05Uhr-1-1 radio-mac=00:00:00:00:00:00
add configuration=cfg_XXX_wlan disabled=no l2mtu=1600 mac-address=\
    4C:5E:0C:C8:67:73 master-interface=none name=WLAN-Bar-07Uhr-1 radio-mac=\
    4C:5E:0C:C8:67:73
add configuration=cfg_XXX_WLAN_guest disabled=no l2mtu=1600 mac-address=\
    4E:5E:0C:C8:67:73 master-interface=WLAN-Bar-07Uhr-1 name=\
    WLAN-Bar-07Uhr-1-1 radio-mac=00:00:00:00:00:00
add configuration=cfg_XXX_wlan disabled=no l2mtu=1600 mac-address=\
    4C:5E:0C:C8:67:8F master-interface=none name="WLAN-Bar-\?-1" radio-mac=\
    4C:5E:0C:C8:67:8F
add configuration=cfg_XXX_WLAN_guest disabled=no l2mtu=1600 mac-address=\
    4E:5E:0C:C8:67:8F master-interface="WLAN-Bar-\?-1" name="WLAN-Bar-\?-1-1" \
    radio-mac=00:00:00:00:00:00
add configuration=cfg_XXX_wlan disabled=no l2mtu=1600 mac-address=\
    4C:5E:0C:C1:84:09 master-interface=none name=WLAN-Bar-Lina-1 radio-mac=\
    4C:5E:0C:C1:84:09
add configuration=cfg_XXX_WLAN_guest disabled=no l2mtu=1600 mac-address=\
    4E:5E:0C:C1:84:09 master-interface=WLAN-Bar-Lina-1 name=WLAN-Bar-Lina-1-1 \
    radio-mac=00:00:00:00:00:00
add configuration=cfg_XXX_wlan disabled=no l2mtu=1600 mac-address=\
    4C:5E:0C:C2:8E:A1 master-interface=none name=WLAN-Bew-Joni-1 radio-mac=\
    4C:5E:0C:C2:8E:A1
add configuration=cfg_XXX_WLAN_guest disabled=no l2mtu=1600 mac-address=\
    4E:5E:0C:C2:8E:A1 master-interface=WLAN-Bew-Joni-1 name=WLAN-Bew-Joni-1-1 \
    radio-mac=00:00:00:00:00:00
add configuration=cfg_XXX_wlan disabled=no l2mtu=1600 mac-address=\
    4C:5E:0C:C1:83:EF master-interface=none name=WLAN-Bew-KLemoJule-1 \
    radio-mac=4C:5E:0C:C1:83:EF
add configuration=cfg_XXX_WLAN_guest disabled=no l2mtu=1600 mac-address=\
    4E:5E:0C:C1:83:EF master-interface=WLAN-Bew-KLemoJule-1 name=\
    WLAN-Bew-KLemoJule-1-1 radio-mac=00:00:00:00:00:00
add configuration=cfg_XXX_wlan disabled=no l2mtu=1600 mac-address=\
    4C:5E:0C:C2:8A:57 master-interface=none name=WLAN-Bew-Nathalie-1 \
    radio-mac=4C:5E:0C:C2:8A:57
add configuration=cfg_XXX_WLAN_guest disabled=no l2mtu=1600 mac-address=\
    4E:5E:0C:C2:8A:57 master-interface=WLAN-Bew-Nathalie-1 name=\
    WLAN-Bew-Nathalie-1-1 radio-mac=00:00:00:00:00:00
add configuration=cfg_XXX_wlan disabled=no l2mtu=1600 mac-address=\
    6C:3B:6B:41:CC:2F master-interface=none name=WLAN-Buero-Gelb-1 radio-mac=\
    6C:3B:6B:41:CC:2F
add configuration=cfg_XXX_WLAN_guest disabled=no l2mtu=1600 mac-address=\
    6E:3B:6B:41:CC:2F master-interface=WLAN-Buero-Gelb-1 name=\
    WLAN-Buero-Gelb-1-1 radio-mac=00:00:00:00:00:00
add configuration=cfg_XXX_wlan disabled=no l2mtu=1600 mac-address=\
    6C:3B:6B:41:CC:2E master-interface=none name=WLAN-Buero-Gelb-2 radio-mac=\
    6C:3B:6B:41:CC:2E
add configuration=cfg_XXX_WLAN_guest disabled=no l2mtu=1600 mac-address=\
    6E:3B:6B:41:CC:2E master-interface=WLAN-Buero-Gelb-2 name=\
    WLAN-Buero-Gelb-2-1 radio-mac=00:00:00:00:00:00
add configuration=cfg_XXX_wlan disabled=no l2mtu=1600 mac-address=\
    6C:3B:6B:41:CC:36 master-interface=none name=WLAN-Buero-PartyBuero-1 \
    radio-mac=6C:3B:6B:41:CC:36
add configuration=cfg_XXX_WLAN_guest disabled=no l2mtu=1600 mac-address=\
    6E:3B:6B:41:CC:36 master-interface=WLAN-Buero-PartyBuero-1 name=\
    WLAN-Buero-PartyBuero-1-1 radio-mac=00:00:00:00:00:00
add configuration=cfg_XXX_wlan disabled=no l2mtu=1600 mac-address=\
    6C:3B:6B:41:CC:35 master-interface=none name=WLAN-Buero-PartyBuero-2 \
    radio-mac=6C:3B:6B:41:CC:35
add configuration=cfg_XXX_WLAN_guest disabled=no l2mtu=1600 mac-address=\
    6E:3B:6B:41:CC:35 master-interface=WLAN-Buero-PartyBuero-2 name=\
    WLAN-Buero-PartyBuero-2-1 radio-mac=00:00:00:00:00:00
add configuration=cfg_XXX_wlan disabled=no l2mtu=1600 mac-address=\
    4C:5E:0C:C8:67:97 master-interface=none name=WLAN-Hammerhalle-1 \
    radio-mac=4C:5E:0C:C8:67:97
add configuration=cfg_XXX_WLAN_guest disabled=no l2mtu=1600 mac-address=\
    4E:5E:0C:C8:67:97 master-interface=WLAN-Hammerhalle-1 name=\
    WLAN-Hammerhalle-1-1 radio-mac=00:00:00:00:00:00
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot user profile
set [ find default=yes ] rate-limit=500k/500k session-timeout=30m \
    shared-users=unlimited
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-256-cbc,3des
/ip pool
add name=dhcp_pool3 ranges=192.168.1.230-192.168.1.239
add name=dhcp_pool4 ranges=192.168.10.10-192.168.10.254
add name=dhcp_pool5 ranges=192.168.20.2-192.168.20.254
add name=VPN_POOL ranges=192.168.1.240-192.168.1.254
add name=VPN_POOL2 ranges=10.10.100.0-10.10.100.254
add name=hs-pool-252 ranges=10.101.200.2-10.101.200.254
/ip dhcp-server
add address-pool=dhcp_pool3 authoritative=yes interface=bridge1 lease-time=\
    10h name=dhcp1
add address-pool=dhcp_pool4 interface=artist_net lease-time=1d name=dhcp2
add address-pool=dhcp_pool5 interface=camera_net lease-time=3d name=dhcp3
add address-pool=hs-pool-252 disabled=no interface=guest_net lease-time=1h \
    name=dhcp4
/ppp profile
set *0 local-address=192.168.1.11 remote-address=VPN_POOL
add name=PPPOE use-encryption=no
/interface pppoe-client
add add-default-route=yes allow=chap disabled=no interface=e1-wan \
    keepalive-timeout=disabled name=Telekom password=XXX profile=PPPOE \
    use-peer-dns=yes user=XXX
add add-default-route=yes interface=e1-wan keepalive-timeout=disabled \
    max-mru=1492 max-mtu=1492 name=pppoe-out1_alt password=XXX profile=\
    PPPOE use-peer-dns=yes user=XXX
/queue simple
add disabled=yes dst=Telekom max-limit=2M/2M name=GuestLimit_Upload target=\
    guest_net
add disabled=yes dst=guest_net max-limit=512k/2M name=GuestLimit target=\
    Telekom
add max-limit=1M/8M name=GuestIPLimit target=10.101.200.0/24
/tool user-manager customer
set admin access=\
    own-routers,own-users,own-profiles,own-limits,config-payment-gw
/caps-man access-list
add action=accept disabled=yes signal-range=-68..120 time=\
    0s-1d,sun,mon,tue,wed,thu,fri,sat
add action=reject disabled=yes signal-range=-120..-79 time=\
    0s-1d,sun,mon,tue,wed,thu,fri,sat
/caps-man manager
set enabled=yes
/caps-man provisioning
add action=create-enabled master-configuration=cfg_XXX_wlan name-format=\
    identity slave-configurations=cfg_XXX_WLAN_guest
add action=create-enabled disabled=yes identity-regexp=WLAN-Bew-Nathalie-1
add action=create-enabled disabled=yes hw-supported-modes=an \
    master-configuration=cfg_XXX_5G name-format=identity
/interface bridge port
add bridge=bridge1 interface=e2-kasse
add bridge=bridge1 disabled=yes interface=e3-link-office-backbone
add bridge=bridge1 disabled=yes interface=e4-nas
add bridge=bridge1 disabled=yes interface=ether5
add bridge=bridge1 disabled=yes interface=e6-server
add bridge=bridge1 disabled=yes interface=ether7
add bridge=bridge1 disabled=yes interface=ether8
add bridge=bridge1 disabled=yes interface=ether9
add bridge=bridge1 disabled=yes interface=ether10
add bridge=bridge1 disabled=yes interface=ether11
add bridge=bridge1 disabled=yes interface=ether12
add bridge=bridge1 disabled=yes interface=ether13
add bridge=bridge1 disabled=yes interface=ether14
add bridge=bridge1 disabled=yes interface=ether15
add bridge=bridge1 disabled=yes interface=ether16
add bridge=bridge1 disabled=yes interface=ether17
add bridge=bridge1 disabled=yes interface=ether18
add bridge=bridge1 disabled=yes interface=ether19
add bridge=bridge1 disabled=yes interface=ether20
add bridge=bridge1 disabled=yes interface=ether21
add bridge=bridge1 disabled=yes interface=ether22
add bridge=bridge1 disabled=yes interface=ether23
add bridge=bridge1 disabled=yes interface=ether24
add bridge=bridge1 interface=sfp1
add bridge=guest_net
/interface bridge settings
set use-ip-firewall=yes
/ip settings
set accept-redirects=yes
/interface ethernet switch port
set 0 dscp-based-qos-dscp-to-dscp-mapping=no
set 1 dscp-based-qos-dscp-to-dscp-mapping=no
set 2 dscp-based-qos-dscp-to-dscp-mapping=no
set 3 dscp-based-qos-dscp-to-dscp-mapping=no
set 4 dscp-based-qos-dscp-to-dscp-mapping=no
set 5 dscp-based-qos-dscp-to-dscp-mapping=no
set 6 dscp-based-qos-dscp-to-dscp-mapping=no
set 7 dscp-based-qos-dscp-to-dscp-mapping=no
set 8 dscp-based-qos-dscp-to-dscp-mapping=no
set 9 dscp-based-qos-dscp-to-dscp-mapping=no
set 10 dscp-based-qos-dscp-to-dscp-mapping=no
set 11 dscp-based-qos-dscp-to-dscp-mapping=no
set 12 dscp-based-qos-dscp-to-dscp-mapping=no
set 13 dscp-based-qos-dscp-to-dscp-mapping=no
set 14 dscp-based-qos-dscp-to-dscp-mapping=no
set 15 dscp-based-qos-dscp-to-dscp-mapping=no
set 16 dscp-based-qos-dscp-to-dscp-mapping=no
set 17 dscp-based-qos-dscp-to-dscp-mapping=no
set 18 dscp-based-qos-dscp-to-dscp-mapping=no
set 19 dscp-based-qos-dscp-to-dscp-mapping=no
set 20 dscp-based-qos-dscp-to-dscp-mapping=no
set 21 dscp-based-qos-dscp-to-dscp-mapping=no
set 22 dscp-based-qos-dscp-to-dscp-mapping=no
set 23 dscp-based-qos-dscp-to-dscp-mapping=no
set 24 dscp-based-qos-dscp-to-dscp-mapping=no
set 25 dscp-based-qos-dscp-to-dscp-mapping=no
/interface l2tp-server server
set default-profile=PPPOE enabled=yes ipsec-secret=mySecret use-ipsec=yes
/ip address
add address=192.168.1.11/24 interface=bridge1 network=192.168.1.0
add address=192.168.10.1/24 interface=artist_net network=192.168.10.0
add address=192.168.20.1/24 interface=camera_net network=192.168.20.0
add address=192.168.0.2/24 disabled=yes interface=e1-wan network=192.168.0.0
add address=10.101.200.1/24 comment="hotspot network" interface=guest_net \
    network=10.101.200.0
/ip dhcp-client
add dhcp-options=hostname,clientid interface=bridge1
add dhcp-options=hostname,clientid interface=e1-wan
/ip dhcp-relay
add dhcp-server=192.168.1.1 interface=e1-wan local-address=192.168.1.11 name=\
    relay1
/ip dhcp-server network
add address=10.101.200.0/24 comment="hotspot network" gateway=10.101.200.1
add address=192.168.1.0/24 caps-manager=192.168.1.11 dns-server=192.168.1.10 \
    domain=XXX.local gateway=192.168.1.1 netmask=24 wins-server=\
    192.168.1.10
add address=192.168.10.0/24 gateway=192.168.10.1
add address=192.168.20.0/24 gateway=192.168.20.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,217.0.43.81
/ip dns static
add address=192.168.1.1 name="Telekom Router"
/ip firewall filter
add action=drop chain=forward comment="NO ACCESS HOTSPOT->INTERNAL" \
    in-interface=guest_net log-prefix="" out-interface=bridge1
add action=drop chain=forward disabled=yes dst-address=192.168.1.0/24 \
    log-prefix="" src-address=10.101.200.0/24
add action=accept chain=forward comment="accept FTP on 2121" dst-port=2121 \
    log=yes log-prefix="FIREWALL 2121: accept TCP" protocol=tcp
add action=accept chain=forward dst-port=2121 log=yes log-prefix=\
    "2121 FIREWALL: ACCEPT UDP" protocol=udp
add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=yes
add action=accept chain=forward dst-port=5060 log-prefix="" protocol=udp
add action=accept chain=input dst-port=5060 log-prefix="" protocol=udp
add action=accept chain=input comment="allow traffic from VPN partners" \
    log-prefix="" src-address=192.168.1.240-192.168.1.254
add action=accept chain=input dst-port=500,1701,4500 log-prefix=\
    "ACCEPTING IPSEC" protocol=udp
add action=accept chain=input log-prefix="" protocol=ipsec-ah
add action=accept chain=input log-prefix="" protocol=ipsec-esp
add action=accept chain=forward dst-address=192.168.1.10 dst-port=21 \
    log-prefix="" protocol=tcp
add action=accept chain=input comment="Accept established connections" \
    connection-state=established log-prefix=""
add action=accept chain=input comment="Accept related connections" \
    connection-state=related log-prefix=""
add action=accept chain=input comment=UDP log-prefix="" protocol=udp
add action=accept chain=input comment="Allow limited pings" limit=\
    50/5s,2:packet log-prefix="" protocol=icmp
add action=accept chain=input comment="From our LAN" in-interface=bridge1 \
    log-prefix="" src-address=192.168.1.0/24
add action=drop chain=input comment="drop incoming new connections from ppoe" \
    connection-state=new in-interface=e1-wan log=yes log-prefix=\
    "DROP INCOMING CONNECTION"
add action=drop chain=input comment="Drop excess pings" log-prefix="" \
    protocol=icmp
add action=log chain=input comment="Log everything else" log-prefix=\
    "DROP INPUT"
add action=drop chain=input comment="Drop everything else" log-prefix=""
add action=drop chain=input comment="drop invalid connections" \
    connection-state=invalid log=yes log-prefix="DROP INVALID: "

/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat disabled=yes log=yes log-prefix="" \
    src-address=10.10.100.0/24 to-addresses=192.168.1.99
add action=masquerade chain=srcnat log-prefix="" src-address=192.168.1.0/24
add action=dst-nat chain=dstnat dst-port=2121 log=yes log-prefix=\
    "DST-NAT 2121 TCP" protocol=tcp to-addresses=192.168.1.10 to-ports=21
add action=dst-nat chain=dstnat dst-port=2121 log=yes log-prefix=\
    "DST-NAT 2121 UDP" protocol=udp to-addresses=192.168.1.10 to-ports=21
add action=dst-nat chain=dstnat disabled=yes dst-port=500 log=yes log-prefix=\
    "DST NAT" protocol=udp to-addresses=192.168.1.10
add action=dst-nat chain=dstnat disabled=yes dst-port=4500 log=yes \
    log-prefix="DST NAT" protocol=udp to-addresses=192.168.1.10
add action=dst-nat chain=dstnat disabled=yes dst-port=1701 log=yes \
    log-prefix=DST-NAT protocol=udp to-addresses=192.168.1.10
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    src-address=10.101.200.0/24

/ip proxy
set cache-path=web-proxy1
/ip route

add distance=1 dst-address=255.255.255.255/32 gateway=bridge1
/ip service
set www-ssl disabled=no
/lcd
set default-screen=stat-slideshow
/lcd interface
set e2-kasse disabled=yes
set e3-link-office-backbone disabled=yes
set e4-nas disabled=yes
set ether5 disabled=yes
set e6-server disabled=yes
set ether7 disabled=yes
set ether8 disabled=yes
set ether9 disabled=yes
set ether10 disabled=yes
set ether11 disabled=yes
set ether12 disabled=yes
set ether13 disabled=yes
set ether14 disabled=yes
set ether15 disabled=yes
set ether16 disabled=yes
set ether17 disabled=yes
set ether18 disabled=yes
set ether19 disabled=yes
set ether20 disabled=yes
set ether21 disabled=yes
set ether22 disabled=yes
set ether23 disabled=yes
set ether24 disabled=yes
set sfp1 disabled=yes

/system clock
set time-zone-autodetect=no time-zone-name=Europe/Berlin
/system identity
set name=MikroTikSwitch
/system leds
set 0 interface=sfp1
/system logging
add topics=wireless,debug
add disabled=yes topics=l2tp
add disabled=yes topics=ipsec
add prefix="PPPOE LOG:" topics=pppoe
add prefix="INTERF: " topics=interface
/system ntp client
set enabled=yes primary-ntp=130.149.7.7

/tool romon
set enabled=yes
/tool romon port
add
/tool user-manager database
set db-path=web-proxy1
[admin@MikroTikSwitch] >
Top
Post Reply

Who is online

Users browsing this forum: D3nkis, DanSch1982 and 90 guests
  4. RouterOS
  5. Wireless Networking