I kinda wish I had read the forum before buying the hAP ax3, but there was no way to know I'd get hit by this problem before actually getting hit by it.
I'd read these threads and have pretty much the same problem: an Apple Macbook Pro 2016-2017 will not work with the hAP ax3's wifi, and every other device I have works fine, including a newer iPhone SE 2nd Generation. Sadly, the Macbook Pro 13in. "late 2016" I have is my only laptop and will be for a while since it has $1000 of music production software on it, so I do have to figure this issue out soon.
This thread is the closest to my situation:
viewtopic.php?p=966083&hilit=macos#p966083
"What happens - I connect the WiFi and after a minute or a few seconds, it is auto disconnected from the MikroTik. However, the WiFi on the Mac says it's still connected, but when I try to browse, there is no internet connection. Pinging my router also does not work."
That is exactly what happens to me. I'd add that eventually, the Macbook Pro figures out that the wifi connection is no good, and then it goes into a lengthy re-connect attempt before finally giving up. I can then manually re-connect it, and it will work for a minute or two, and then it will fail in the same way again.
I tried this tip, but it unfortunately doesn't work for me: viewtopic.php?p=966083#p1039918
"If it the "new" wifiwave2 drivers, those screenshots should work. The most important setting is to set your country correctly (and as here you need to check right boxes in the security tab).
On the older drivers, it's critical that the distance=indoors is set on the wireless interfaces & the group key timeout is 1:00:00 (default was lower in "old" drivers) for it work on a Mac."
I am pretty sure I do not have the wifiwave2 drivers and am using the bone stock "old wifi" drivers. I suspect this advice would work for most Macs, just not mine.
I seem to be having the same problem as these two other posters in that the specific model years of Macbook Pro, the "late 2016/early 2017" models, just don't work:
viewtopic.php?p=966083&hilit=macos#p966083
viewtopic.php?t=194216
Note that one of them tried a Macbook Pro 2019 and it did work...
I suspect it is the chipset in the Macbook Pro 2016-2017 that just doesn't like the hAP ax3 (and probably not the ax2 either). I suppose I can test this if I got a macos-compatible USB wifi adapter and used it with this Macbook Pro and the hAP ax3.
Oh, I should add that my same Macbook Pro 13in late-2016 works fine with an hAP ac2 on 5GHz.
I also seem to be having the same problem with this Macbook Pro and the hAP ax3 on the 2.4GHz radio, but it seems to go for much longer (around 10 minutes) before it loses the connection. It is likely similar to this other thread: viewtopic.php?t=194216#p1038418
I have not tried shutting off the 5GHz radio and turning the 2.4GHz radio down to N mode since that is worse than my older hAP ac2 can provide (might as well return the hAP ax3 and keep the hAP ac2).
But, I'd like to keep the hAP ax3, so I'm game to help figure this out with whatever debugging is needed.
My config. I started with a factory default with AP QuickSet and configured only the LAN and WAN networking and the WiFi SSIDs. The Macbook Pro didn't work, but all the other devices did on the factory default. I've since then changed a few settings per what I read online, trying to change as few settings per test loop at a time. What you see below is where I currently am at, but I have not fixed this issue even once.
# 2024-02-08 20:52:40 by RouterOS 7.13.4
# software id = 3003-87TI
#
# model = C53UiG+5HPaxD2HPaxD
# serial number =
/interface bridge
add admin-mac=48:A9:8A:56:01:51 auto-mac=no comment=defconf name=bridge port-cost-mode=short
/interface wifi
set [ find default-name=wifi1 ] channel.band=5ghz-ax .skip-dfs-channels=10min-cac .width=20/40/80mhz configuration.antenna-gain=6 .country="United States" .mode=ap .ssid=\
mywifi5 disabled=no security.authentication-types=wpa2-psk,wpa3-psk .connect-priority=0 .group-key-update=1h
set [ find default-name=wifi2 ] channel.skip-dfs-channels=10min-cac .width=20/40mhz configuration.antenna-gain=6 .country="United States" .mode=ap .ssid=mywifi2 disabled=no \
security.authentication-types=wpa2-psk,wpa3-psk .connect-priority=0
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/ip pool
add name=dhcp ranges=192.168.138.100-192.168.138.254
/ip dhcp-server
add address-pool=dhcp interface=bridge lease-time=10m name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether2 internal-path-cost=10 path-cost=10
add bridge=bridge comment=defconf interface=ether3 internal-path-cost=10 path-cost=10
add bridge=bridge comment=defconf interface=ether4 internal-path-cost=10 path-cost=10
add bridge=bridge comment=defconf interface=ether5 internal-path-cost=10 path-cost=10
add bridge=bridge comment=defconf interface=wifi1 internal-path-cost=10 path-cost=10
add bridge=bridge comment=defconf interface=wifi2 internal-path-cost=10 path-cost=10
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.138.1/24 comment=defconf interface=bridge network=192.168.138.0
add address=192.168.89.2/24 interface=ether1 network=192.168.89.0
/ip dhcp-client
add comment=defconf disabled=yes interface=ether1
/ip dhcp-server network
add address=192.168.138.0/24 comment=defconf dns-server=192.168.138.1 gateway=192.168.138.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=192.168.89.1
/ip dns static
add address=192.168.138.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related hw-offload=yes
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=33434-33534 protocol=udp
add action=accept chain=input comment="defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=input comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=forward comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
/system clock
set time-zone-name=America/Los_Angeles
/system logging
add topics=debug,wireless
/system note
set show-at-login=no
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
In the wireless, debug log, it just looks like a four-step sequence over and over:
associated
connected
disconnected
disassociated
Thanks in advance for any help!