might have similar issue like described here - viewtopic.php?p=1019015#p1019015 - but decided to open new thread, as I have some more background info and not sure how to address it. I'm in contact with Mikrotik support for 3 weeks but so far no progress, so let's see if Community experts could help.
Can you help me to understand why client 28:24:FF:3E:0E:B3 disconnect with signal -66dBm ? This client is based on module DNSA-141 - 2.4GHz - https://downloads.codico.com/misc/Newsl ... SA-141.pdf (WLAN module of HaasSohn Kettle). Enabling DEBUG logs do not shows any details. On previous setup with Ubiquity based access points, I didn’t have those problems at all. I have tried all different setting however this combination is required to have all aprox. 53 clients connecting. Also for some reason, the client 28:24:FF:3E:0E:B3 never connects to MikrotikDOWN, which is actually closer than MikrotikUP, is it maybe some hidden incompatibility ?
After Mikrotik support replied, we found the dependency on enabled AX - as soon as I disable it, client connects even to closer MikrotikDOWN and seems to be more stable but we don't know why, definitively do not want to get dir of AX. Yet also can't replace Wifi module in the kettle .
I tried to debug it further, with sniffer I see quite strange behavior : Why ipv6 broadcast and why it prefer/connect then to AP, which is in bigger distance ? Both APs has the same configuration trough CAPSMAN.
Have you seen anything like that ? Btw also tried different firmware version, including latest beta 8
Relevant configs part from two APs and main router, APs are connected by cable to the main router:
MikrotikUP
Code: Select all
# 2024-02-02 09:37:09 by RouterOS 7.14beta8
# software id = 7VU7-Q2XU
#
# model = cAPGi-5HaxD2HaxD
/interface bridge
add add-dhcp-option82=yes admin-mac=78:9A:18:51:0E:5D auto-mac=no \
dhcp-snooping=yes name=bridge port-cost-mode=short protocol-mode=none
/interface ethernet
set [ find default-name=ether1 ] comment=WAN
set [ find default-name=ether2 ] comment=LAN
/interface wifi
# managed by CAPsMAN
# mode: AP, SSID: apSOME, channel: 5240/ax/eeeC
set [ find default-name=wifi1 ] configuration.manager=capsman .mode=ap \
disabled=no
# managed by CAPsMAN
# mode: AP, SSID: apSOME, channel: 2412/ax/Ce
set [ find default-name=wifi2 ] configuration.manager=capsman .mode=ap \
disabled=no
/interface list
add name=WAN
add name=LAN
/ip smb smb-user
set [ find default=yes ] disabled=yes read-only=yes
/interface bridge port
add bridge=bridge comment=WAN interface=ether1 internal-path-cost=10 \ path-cost=10 \ trusted=yes
add bridge=bridge comment=LAN interface=ether2 internal-path-cost=10 \ path-cost=10 \ trusted=yes
add bridge=bridge interface=wifi1 internal-path-cost=10 path-cost=10 trusted=\
yes
add bridge=bridge interface=wifi2 internal-path-cost=10 path-cost=10 trusted=\
yes
/interface bridge settings
set use-ip-firewall-for-pppoe=yes use-ip-firewall-for-vlan=yes
/ip firewall connection tracking
set icmp-timeout=30s loose-tcp-tracking=no udp-stream-timeout=2m
/ip neighbor discovery-settings
set discover-interface-list=all
/ip settings
set arp-timeout=20m
/ipv6 settings
set disable-ipv6=yes forward=no
/interface detect-internet
set detect-interface-list=all lan-interface-list=LAN wan-interface-list=WAN
/interface list member
add interface=ether1 list=WAN
add interface=bridge list=LAN
/interface wifi cap
set certificate=CAP-789A18510E5C discovery-interfaces=all enabled=yes \
lock-to-caps-man=yes
/interface wifi capsman
set package-path="" require-peer-certificate=no upgrade-policy=none
/ip dhcp-client
add interface=bridge
/ip dhcp-relay
add dhcp-server=10.0.0.1 disabled=no interface=ether1 local-address=10.0.0.3 \
name=relay1
/ip dns
set allow-remote-requests=yes
/ip firewall service-port
set h323 ports=1720
set sip ports=5060,5061,500,4500,5222,3478,80,443 sip-timeout=3m
/ip service
set www-ssl disabled=no
/ip smb smb-share
set [ find default=yes ] directory=/pub
/ip upnp
set allow-disable-external-interface=yes enabled=yes
/ip upnp interfaces
add interface=bridge type=internal
/ipv6 nd
set [ find default=yes ] disabled=yes
/system clock
set time-zone-name=Europe/Prague
/system identity
set name=Mikrotik_UP
Code: Select all
# 2024-02-02 09:37:14 by RouterOS 7.14beta8
# software id = 51IY-2PA5
#
# model = cAPGi-5HaxD2HaxD
/interface bridge
add add-dhcp-option82=yes admin-mac=78:9A:18:51:0E:0C auto-mac=no \
dhcp-snooping=yes name=bridge port-cost-mode=short protocol-mode=none
/interface ethernet
set [ find default-name=ether1 ] comment=WAN
set [ find default-name=ether2 ] comment=LAN
/interface wifi
# managed by CAPsMAN
# mode: AP, SSID: apSOME, channel: 5240/ax/eeeC
set [ find default-name=wifi1 ] configuration.manager=capsman .mode=ap \
disabled=no
# managed by CAPsMAN
# mode: AP, SSID: apSOME, channel: 2437/ax/Ce
set [ find default-name=wifi2 ] configuration.manager=capsman .mode=ap \
disabled=no
/interface list
add name=WAN
add name=LAN
/ip smb smb-user
set [ find default=yes ] disabled=yes read-only=yes
/interface bridge port
add bridge=bridge comment=WAN interface=ether1 internal-path-cost=10 \ path-cost=10 \ trusted=yes
add bridge=bridge comment=LAN interface=ether2 internal-path-cost=10 \ path-cost=10 \ trusted=yes
add bridge=bridge interface=wifi1 internal-path-cost=10 path-cost=10 trusted=\
yes
add bridge=bridge interface=wifi2 internal-path-cost=10 path-cost=10 trusted=\
yes
/interface bridge settings
set use-ip-firewall-for-pppoe=yes use-ip-firewall-for-vlan=yes
/ip firewall connection tracking
set icmp-timeout=30s loose-tcp-tracking=no udp-stream-timeout=2m
/ip neighbor discovery-settings
set discover-interface-list=all
/ip settings
set arp-timeout=20m
/ipv6 settings
set disable-ipv6=yes forward=no
/interface detect-internet
set detect-interface-list=all lan-interface-list=LAN wan-interface-list=WAN
/interface list member
add interface=ether1 list=WAN
add interface=bridge list=LAN
/interface wifi cap
set certificate=CAP-789A18510E0C discovery-interfaces=all enabled=yes \
lock-to-caps-man=yes
/interface wifi capsman
set package-path="" require-peer-certificate=no upgrade-policy=none
/ip dhcp-client
add interface=bridge
/ip dhcp-relay
add dhcp-server=10.0.0.1 disabled=no interface=ether1 local-address=10.0.0.2 \
name=relay1
/ip dns
set allow-remote-requests=yes
/ip firewall service-port
set h323 ports=1720
set sip ports=5060,5061,500,4500,5222,3478,80,443 sip-timeout=3m
/ip service
set www-ssl disabled=no
/ip smb smb-share
set [ find default=yes ] directory=/pub
/ip upnp
set allow-disable-external-interface=yes enabled=yes
/ip upnp interfaces
add interface=bridge type=internal
/ipv6 nd
set [ find default=yes ] disabled=yes
/system clock
set time-zone-name=Europe/Prague
/system identity
set name=Mikrotik_DOWN
Code: Select all
# 2024-02-02 09:36:53 by RouterOS 7.14beta8
# software id = S5MY-N4ZX
#
# model = RB960PGS
/interface bridge
add admin-mac=78:9A:18:4D:75:6F arp=proxy-arp auto-mac=no name=bridge
/interface list
add name=WAN
add name=LAN
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wifi datapath
add bridge=bridge disabled=no name=cadp
/interface wifi steering
add disabled=no name=steeringMK neighbor-group=dynamic-apSOME-32cba8ab rrm=\
yes wnm=yes
/interface wifi configuration
add channel.band=2ghz-ax .width=20/40mhz country=Czech datapath=cadp \
disabled=no dtim-period=2 mode=ap name=Config24_down qos-classifier=\
priority security.authentication-types=wpa2-psk .encryption="" .ft=yes \
.ft-mobility-domain=0x1ADF .ft-over-ds=yes .management-protection=\
disabled ssid=apSOME steering=steeringMK steering.neighbor-group=\
dynamic-apSOME-32cba8ab .rrm=yes .wnm=yes
add channel.band=5ghz-ax .frequency=5240 .skip-dfs-channels=10min-cac .width=\
20/40/80mhz country=Czech datapath=cadp disabled=no mode=ap name=\
"Cong5Ghz up" qos-classifier=priority security.authentication-types=\
wpa2-psk .encryption="" .ft=yes .ft-mobility-domain=0x1ADF .ft-over-ds=\
yes ssid=apSOME steering=steeringMK steering.neighbor-group=\
dynamic-apSOME-32cba8ab .rrm=yes .wnm=yes
add channel.band=2ghz-ax .width=20/40mhz country=Czech datapath=cadp \
disabled=no dtim-period=2 mode=ap name=Config24_up qos-classifier=\
priority security.authentication-types=wpa2-psk .encryption="" .ft=yes \
.ft-mobility-domain=0x1ADF .ft-over-ds=yes .management-protection=\
disabled ssid=apSOME steering=steeringMK steering.neighbor-group=\
dynamic-apSOME-32cba8ab .rrm=yes .wnm=yes
add channel.band=5ghz-ax .frequency=5240 .skip-dfs-channels=10min-cac .width=\
20/40/80mhz country=Czech datapath=cadp disabled=no mode=ap name=\
"Cong5Ghz down" qos-classifier=priority security.authentication-types=\
wpa2-psk .encryption="" .ft=yes .ft-mobility-domain=0x1ADF .ft-over-ds=\
yes ssid=apSOME steering=steeringMK steering.neighbor-group=\
dynamic-apSOME-32cba8ab .rrm=yes .wnm=yes
/interface wifi
add configuration="Cong5Ghz up" configuration.mode=ap disabled=no name=\
"cap-wifi1 5GHz DOWN" radio-mac=78:9A:18:51:0E:0E
add configuration=Config24_down configuration.mode=ap disabled=no name=\
"cap-wifi2 2,4GHz DOWN" radio-mac=78:9A:18:51:0E:0F
add configuration="Cong5Ghz up" configuration.mode=ap disabled=no name=\
"cap-wifi2 5GHz UP" radio-mac=78:9A:18:51:0E:5E
add configuration=Config24_up configuration.mode=ap disabled=no name=\
"cap-wifi4 2,4GHz UP" radio-mac=78:9A:18:51:0E:5F
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=10.0.0.2-10.0.0.254
/ip dhcp-server
add add-arp=yes address-pool=dhcp always-broadcast=yes interface=bridge
add add-arp=yes address-pool=dhcp always-broadcast=yes interface=bridge
/ip smb smb-user
set [ find default=yes ] disabled=yes read-only=yes
/caps-man manager
set ca-certificate=auto certificate=auto enabled=yes
/interface bridge port
add bridge=bridge comment="AP DOWN" ingress-filtering=no interface=ether2 \
internal-path-cost=10 path-cost=10 trusted=yes
add bridge=bridge comment="AP UP" ingress-filtering=no interface=ether3 \
internal-path-cost=10 path-cost=10 trusted=yes
/interface bridge settings
set use-ip-firewall-for-pppoe=yes use-ip-firewall-for-vlan=yes
/ip firewall connection tracking
set icmp-timeout=30s loose-tcp-tracking=no udp-stream-timeout=2m
/ip neighbor discovery-settings
set discover-interface-list=LAN
/ip settings
set arp-timeout=20m max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes forward=no max-neighbor-entries=8192
/interface detect-internet
set detect-interface-list=WAN internet-interface-list=WAN lan-interface-list=\
LAN wan-interface-list=WAN
set ca-certificate=WiFi-CAPsMAN-CA-789A184D756E certificate=\
WiFi-CAPsMAN-789A184D756E enabled=yes interfaces=bridge package-path="" \
require-peer-certificate=yes upgrade-policy=none
/interface wifi provisioning
add action=create-dynamic-enabled comment="2,4GHz Mikrotik UP" disabled=no \
master-configuration=Config24_up radio-mac=78:9A:18:51:0E:5F
add action=create-dynamic-enabled comment="5Ghz Mikrotik UP" disabled=no \
master-configuration="Cong5Ghz up" radio-mac=78:9A:18:51:0E:5E
add action=create-dynamic-enabled comment="5GHz Mikrotik DOWN" disabled=no \
master-configuration="Cong5Ghz down" radio-mac=78:9A:18:51:0E:0E
add action=create-dynamic-enabled comment="2,4GHz Mikrotik DOWN" disabled=no \
master-configuration=Config24_down radio-mac=78:9A:18:51:0E:0F
/interface wireless cap
set bridge=bridge caps-man-addresses=127.0.0.1
/ip address
add address=10.0.0.1/24 interface=bridge network=10.0.0.0
/ip dhcp-server network
add address=10.0.0.0/24 dns-server=10.0.0.1 domain=local gateway=10.0.0.1 \
netmask=24
/ip dns
set allow-remote-requests=yes use-doh-server=\
https://cloudflare-dns.com/dns-query verify-doh-cert=yes
/routing bfd configuration
add disabled=no interfaces=all min-rx=200ms min-tx=200ms multiplier=5
/system clock
set time-zone-name=Europe/Prague
/system identity
set name=RouterMK
/system logging
add disabled=yes topics=wireless,debug