CAPSMAN with WifiWave2 does not work as intended

chg123 · Thu Aug 31, 2023 12:05 am

Hey,

After years of a happy life with a CAPSMAN installation I was confronted with the necessity to learn more about Wifiwave2:

Our next office should have AX wifi, of course from MikroTik again... but I am struggeling with the config:

Before I set up datapaths, configs and security on the central CAPSMAN and only enabled CAP.

So the Data is all brought to the central and then routed into the network which worked quite well.

Now i tried this with a fresh set up capsman (on an RB5009) and a single cap AX, both running RouterOS 7.11

And it does not work at all. Looks like the CAP connects to Capsman but does neither get an SSID nor broadcast something.

This is just a test setup. Finally i will run a bunch of CAP ax that should work on 5GHz and 2.4 GHz with AX, AC, N and G and should offer several SSIDs but this simple setup should work.

I had all this running with good old capsman but wifiwave2 drives me crazy...

CAPSMAN:

/interface wifiwave2
add name=cap-wifi1
add name=cap-wifi2
/interface wifiwave2 datapath
add bridge=bridge1 disabled=no name=dp-test
/interface wifiwave2 security
add authentication-types=wpa2-psk,wpa3-psk disabled=no name=sec-test \
    passphrase=veryverysecret
/interface wifiwave2 configuration
add country=Germany datapath=dp-test disabled=no manager=capsman name=\
    cfg-test security=sec-test ssid=test
/interface wifiwave2 capsman
set ca-certificate=CAPsMAN-CA-789A1837E28A enabled=yes interfaces="" \
    package-path="" require-peer-certificate=yes upgrade-policy=none
/interface wifiwave2 provisioning
add action=create-enabled disabled=no master-configuration=cfg-test

CAP:

/interface wifiwave2
# managed by CAPsMAN
set [ find default-name=wifi1 ] configuration.manager=capsman-or-local .mode=\
    ap disabled=no
# managed by CAPsMAN
set [ find default-name=wifi2 ] configuration.manager=capsman-or-local .mode=\
    ap disabled=no
/interface wifiwave2 cap
set certificate=CAP-48A98AC534F4 discovery-interfaces=bridge enabled=yes

ConradPino · Thu Aug 31, 2023 12:52 am

Everything learned for RouterOS 6.x Wireless should be reserved for RouterOS 6 devices alone.
RouterOS 7.x Wifiwave2 driver is chip vendor code and many ROS 6 features couldn't be fit in.
Study Wifiwave2 documentation like fresh novice student as that is how this field plays.

chg123 · Thu Aug 31, 2023 1:22 am

Study Wifiwave2 documentation like fresh novice student as that is how this field plays.

I wish that there would exist a real documentation.

There are two examples regarding capsman. one that even does not have a data path set up - meaning that there is no idea to what the wifi is connected, and the other that intensively uses VLAN.

In my mind CAPSMAN enabled less configured APs with a well-thought configured CAPSMAN.

So do you have any hint where i could find a tutorial for this - as https://help.mikrotik.com/docs/display/ROS/WifiWave2 does not really show a simple case where - with a minimum needed config - all wifi interfaces on all CAPs broadcast the same SSID.

I am aware that I have to completely re-learn CAPSMAN with WifiWave2, but where is the f***ing tutorial for learning?

Thu Aug 31, 2023 1:42 am

Why do you add interfaces manually on capsman controller ?
It wasn't needed on old capsman, it isn't in example either.

Provisioning will do that.

ConradPino · Thu Aug 31, 2023 1:47 am

@chg123 You've been here much longer than I but perhaps not following closely of late.
My first MT wirieless (hAP ax3 Wifiwave2 only) arrived recently and I'm pretty lost myself.
I can say new posts often languish then The Wise Ones and The Wise Guys arrive and ...
I am ignoring CapsMAN but trying out CapsMAN like features Wifiwave2 supports.

Thu Aug 31, 2023 1:56 am

Everything learned for RouterOS 6.x Wireless should be reserved for RouterOS 6 devices alone.
RouterOS 7.x Wifiwave2 driver is chip vendor code and many ROS 6 features couldn't be fit in.
Study Wifiwave2 documentation like fresh novice student as that is how this field plays.

As it happens to be... to me conceptually wifiwave2 is very much how old capsman on legacy wifi was to be set up ( and still is).

Broad lines high level:
- security profile
- channel
- configuration
- provision for capsman or assign config for direct interface

chg123 · Thu Aug 31, 2023 2:07 am

Why do you add interfaces manually on capsman controller ?
It wasn't needed on old capsman, it isn't in example either.

Provisioning will do that.

I did *not* add them. It happened automatically.

chg123 · Thu Aug 31, 2023 2:07 am

Everything learned for RouterOS 6.x Wireless should be reserved for RouterOS 6 devices alone.
RouterOS 7.x Wifiwave2 driver is chip vendor code and many ROS 6 features couldn't be fit in.
Study Wifiwave2 documentation like fresh novice student as that is how this field plays.
As it happens to be... to me conceptually wifiwave2 is very much how old capsman on legacy wifi was to be set up ( and still is).

Broad lines high level:
- security profile
- channel
- configuration
- provision for capsman or assign config for direct interface

So maybe you could give me a hint for a very minimal configuration that just works.

Thu Aug 31, 2023 2:23 am

I did *not* add them. It happened automatically.

Ok, then please check your provisioning rules since no configuration is being applied.
Make a rule for 2GHz AX and 5GHz AX using same configuration.

ConradPino · Thu Aug 31, 2023 2:28 am

I am not using CapsMAN, just experimenting with CapsMAN patterns. This hAP ax3 VLAN configuration is working:

/interface wifiwave2 channel
add band=2ghz-ax name=ch2g skip-dfs-channels=10min-cac width=20/40mhz
add band=5ghz-ax name=ch5g skip-dfs-channels=10min-cac width=20/40/80mhz

/interface wifiwave2 datapath
add bridge=bridge client-isolation=yes name=path-guest vlan-id=403
add bridge=bridge client-isolation=no name=path-prime vlan-id=405

/interface wifiwave2 security
add authentication-types=wpa2-psk,wpa3-psk name=auth-guest passphrase=secret1 wps=disable
add authentication-types=wpa2-psk,wpa3-psk name=auth-prime passphrase=secret2 wps=disable

/interface wifiwave2 configuration
add country="United States" mode=ap name=conf-guest security=auth-guest
add country="United States" mode=ap name=conf-prime security=auth-prime

/interface wifiwave2
set [ find default-name=wifi1 ] channel=ch5g configuration=conf-prime configuration.mode=ap .ssid=Bird-Fake datapath=path-prime
add configuration=conf-guest configuration.mode=ap .ssid=Bird-Real datapath=path-guest mac-address=4A:A9:8A:C0:94:E2 master-interface=wifi1 name=wifi1g
set [ find default-name=wifi2 ] channel=ch2g configuration=conf-prime configuration.mode=ap .ssid=Fowl-Love datapath=path-prime
add configuration=conf-guest configuration.mode=ap .ssid=Fowl-Hate datapath=path-guest mac-address=4A:A9:8A:C0:94:E3 master-interface=wifi2 name=wifi2g

I hope to clean up last section to rely more on predefined configuration but other matters are pressing:

/interface wifiwave2
set [ find default-name=wifi1 ] channel=ch5g configuration=conf-prime .ssid=Bird-Fake datapath=path-prime
add configuration=conf-guest .ssid=Bird-Real datapath=path-guest mac-address=4A:A9:8A:C0:94:E2 master-interface=wifi1 name=wifi1g
set [ find default-name=wifi2 ] channel=ch2g configuration=conf-prime .ssid=Fowl-Love datapath=path-prime
add configuration=conf-guest .ssid=Fowl-Hate datapath=path-guest mac-address=4A:A9:8A:C0:94:E3 master-interface=wifi2 name=wifi2g

CAPSMAN with WifiWave2 does not work as intended

CAPSMAN with WifiWave2 does not work as intended

Re: CAPSMAN with WifiWave2 does not work as intended

Re: CAPSMAN with WifiWave2 does not work as intended

Re: CAPSMAN with WifiWave2 does not work as intended

Re: CAPSMAN with WifiWave2 does not work as intended

Re: CAPSMAN with WifiWave2 does not work as intended

Re: CAPSMAN with WifiWave2 does not work as intended

Re: CAPSMAN with WifiWave2 does not work as intended

Re: CAPSMAN with WifiWave2 does not work as intended

Re: CAPSMAN with WifiWave2 does not work as intended

Who is online