Wireless clients cannot connect

tafkamax · Mon Oct 02, 2023 7:04 pm

Reading the forum and googeling I seem to have a common problem with my wifi setup. Disclaimer: IT WORKED BEFORE!

We tried to turn on 802.11r (FT) for our network. After that none of the clients could connect. They kind of connect, but don't get DHCP address. And adding static address manually also does not work.

Our router setup (Running CAPSMAN):

/interface bridge
add admin-mac=redacted auto-mac=no fast-forward=no igmp-snooping=yes name=bridge protocol-mode=mstp region-name=redacted region-revision=12 vlan-filtering=yes
/interface ethernet
/interface vlan
add comment="VLAN 6" interface=bridge name=l3vlan6 vlan-id=6
add comment="VLAN 40" interface=bridge name=l3vlan40 vlan-id=40
/interface wifiwave2 datapath
add bridge=bridge comment="Datapath for WiFi clients to pass data through" disabled=no name=vlan6 vlan-id=6
/interface wifiwave2 security
add authentication-types=wpa2-psk,wpa3-psk disabled=no ft=yes ft-over-ds=yes ft-preserve-vlanid=yes name=security
/interface wifiwave2 configuration
add disabled=no name=name-5GHz security=security ssid=name
add disabled=no name=name security=security ssid=name
/interface wifiwave2
add configuration=name disabled=no name=cap-wifi1 radio-mac=redacted
add configuration=name-5GHz disabled=no name=cap-wifi2 radio-mac=redacted
/interface bridge msti
redacted
/interface bridge port
add bridge=bridge comment=trunk frame-types=admit-only-vlan-tagged interface=ether1
add bridge=bridge comment=trunk frame-types=admit-only-vlan-tagged interface=ether2
add bridge=bridge comment=trunk frame-types=admit-only-vlan-tagged interface=ether3
add bridge=bridge comment=trunk frame-types=admit-only-vlan-tagged interface=ether4
add bridge=bridge comment=trunk frame-types=admit-only-vlan-tagged interface=ether5
add bridge=bridge comment=trunk frame-types=admit-only-vlan-tagged interface=ether6
add bridge=bridge comment=trunk frame-types=admit-only-vlan-tagged interface=ether7
add bridge=bridge comment=trunk frame-types=admit-only-vlan-tagged interface=ether8
add bridge=bridge comment=trunk frame-types=admit-only-vlan-tagged interface=ether9
add bridge=bridge comment=trunk frame-types=admit-only-vlan-tagged interface=ether10
add bridge=bridge comment=trunk frame-types=admit-only-vlan-tagged interface=ether11
add bridge=bridge comment=trunk frame-types=admit-only-vlan-tagged interface=ether12
add bridge=bridge comment=trunk frame-types=admit-only-vlan-tagged interface=ether13
add bridge=bridge comment=trunk frame-types=admit-only-vlan-tagged interface=ether14
add bridge=bridge comment=trunk frame-types=admit-only-vlan-tagged interface=ether16
add bridge=bridge comment=trunk frame-types=admit-only-vlan-tagged interface=sfp-sfpplus1
add bpdu-guard=yes bridge=bridge comment="Dedicated Management Port" frame-types=admit-only-untagged-and-priority-tagged interface=ether15 pvid=40
add bridge=bridge comment=trunk frame-types=admit-only-vlan-tagged interface=sfp-sfpplus2
/interface bridge vlan
add bridge=bridge untagged=bridge vlan-ids=1
add bridge=bridge tagged=ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10,ether11,ether12,ether13,ether14,ether16,sfp-sfpplus1,sfp-sfpplus2,bridge untagged=ether15 vlan-ids=40
add bridge=bridge tagged=bridge,ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10,ether11,ether12,ether13,ether14,ether16,sfp-sfpplus1,sfp-sfpplus2 vlan-ids=6,50
/interface wifiwave2 cap
set discovery-interfaces=all
/interface wifiwave2 capsman
set ca-certificate=auto enabled=yes interfaces=all package-path=/ require-peer-certificate=no upgrade-policy=suggest-same-version
/interface wifiwave2 provisioning
add action=create-enabled comment="Match Radio bands for 5GHz wifi." disabled=no master-configuration=name-5GHz supported-bands=5ghz-ax,5ghz-ac
add action=create-enabled comment="Match Radio bands for 2.4GHz radio." disabled=no master-configuration=name supported-bands=2ghz-ax,2ghz-n

The CAP-s had this kind of config:


/interface/bridge
add admin-mac=redacted auto-mac=no comment=trunk name=bridge vlan-filtering=yes protocol-mode=none

/interface/vlan
add comment="VLAN 6" interface=bridge name=l3vlan6 vlan-id=6
add comment="VLAN 40" interface=bridge name=l3vlan40 vlan-id=40
/interface bridge port
add bridge=bridge comment=trunk frame-types=admit-only-vlan-tagged interface=wifi1
add bridge=bridge comment=trunk frame-types=admit-only-vlan-tagged interface=wifi2
add bridge=bridge comment=trunk frame-types=admit-only-vlan-tagged interface=ether1
/interface bridge vlan
add bridge=bridge untagged=bridge vlan-ids=1
add bridge=bridge tagged=bridge,ether1,wifi1,wifi2 vlan-ids=40,6

I see there is a lot of confusion and problems regarding wifiwave2 with capsman.

The router itself is the DHCP server in the wifi clients network:

So the router has an address in the mgmt vlan and also in the WIFI clients vlan (10.0.0.0/22)

/ip pool
add name=wifi ranges=10.0.0.100-10.0.3.254
/ip dhcp-server
add address-pool=wifi interface=l3vlan6 name=wifi
/ip address
add address=192.168.20.24/24 interface=l3vlan40 network=192.168.20.0
add address=10.0.0.2/22 interface=l3vlan6 network=10.0.0.0
/ip dhcp-client
add interface=l3vlan6
/ip dhcp-server network
add address=10.0.0.0/22 dns-server=redacted gateway=10.0.0.1 netmask=22 ntp-server=redacted

Mon Oct 02, 2023 7:53 pm

You don't need any vlan config on cap devices.
It will come from capsman and datapath.

Reset cap devices to clean cap mode.

https://help.mikrotik.com/docs/display/ ... ionexample:

kravemir · Tue Oct 03, 2023 8:45 am

You don't need any vlan config on cap devices.
It will come from capsman and datapath.

If it's for hAP ac³, then one needs VLAN config on CAP, because WifiWave2 driver doesn't support VLANs on hAP ac³.

It also makes it even more complex to setup. Because it requires creation of static interfaces instead of dynamic, and then adding those interfaces to bridge port and clan settings.

Also, one mustn't use datapath settings, because that would add WifiWave2 interfaces to bridge as dynamic, and then it's impossible to re-add them manually with desired VLAN options.

tafkamax · Tue Oct 03, 2023 9:10 am

In the end it was that the /interface/wifiwave2/configuration was missing the datapath that uses vlan6...

Tue Oct 03, 2023 9:14 am

You don't need any vlan config on cap devices.
It will come from capsman and datapath.
If it's for hAP ac³, then one needs VLAN config on CAP, because WifiWave2 driver doesn't support VLANs on hAP ac³.

I don't think so.
Wifiwave2 works regardless of HW used.
Apart from band (AC vs AX) concept of setting up is identical.

tafkamax · Tue Oct 03, 2023 11:04 am

So we got the new setup working correctly. With CAPSMAN managing the datapaths.

Here is our working conf. For this to work the defined VLAN has to be name=vlan6, we used to have l3vlan6. So this is a "hidden" feature or quirk. I thought that only interface and vlan-id were important in configuring /interface/vlan, but the dynamic setup takes into account the name aswell.

/interface bridge
add admin-mac=redacted auto-mac=no comment=trunk name=bridge protocol-mode=none
/interface vlan
add comment="VLAN 40" interface=bridge name=l3vlan40 vlan-id=40
add comment="VLAN 6" interface=bridge name=vlan6 vlan-id=6
/interface wifiwave2 datapath
add bridge=bridge comment="Datapath for WiFi clients to pass data through" disabled=no name=capdp vlan-id=6
/interface wifiwave2
# managed by CAPsMAN
set [ find default-name=wifi1 ] configuration.manager=capsman .mode=ap datapath=capdp disabled=no
# managed by CAPsMAN
set [ find default-name=wifi2 ] configuration.manager=capsman .mode=ap datapath=capdp disabled=no
/interface bridge port
add bridge=bridge comment=trunk frame-types=admit-only-vlan-tagged interface=ether1
/interface bridge vlan
add bridge=bridge untagged=bridge vlan-ids=1
add bridge=bridge tagged=bridge,ether1 vlan-ids=40
/interface wifiwave2 cap
set caps-man-addresses=192.168.20.24 discovery-interfaces=bridge enabled=yes slaves-datapath=capdp

kravemir · Tue Oct 03, 2023 12:11 pm

If it's for hAP ac³, then one needs VLAN config on CAP, because WifiWave2 driver doesn't support VLANs on hAP ac³.
I don't think so.
Wifiwave2 works regardless of HW used.
Apart from band (AC vs AX) concept of setting up is identical.

I don't just think, but I experienced it myself. I'm running hAP ax³ as CAPsMAN and hAP ac³ as CAP.

The slave interface (virtual wifi) won't get up, because it says something about vlan not supported by the driver.

The implementation of the driver isn't identical regarding capabilities. It rules out concept using dynamic interfaces and requires to use static interfaces, which are then manually added to bridge.

This is known issue by MikroTik, and it is even documented in WifiWave2 datapath docs:

802.11n/ac interfaces do not support this type of VLAN tagging under the wifiwave2 package, but they can be configured as VLAN access ports in bridge settings.

Tue Oct 03, 2023 12:24 pm

I stand corrected then !

tafkamax · Tue Oct 03, 2023 1:01 pm

Hmm

I happened upon another problem. I can't seem to get firewall rules for allowing only DHCP correct.

The router is the DHCP server for the wifi clients. I want to allow only dhcp, so the clients cant see the mikrotik UI. Unfortunately it doesn't work so easily. Here is my current configuration.

As you can see the router is 10.0.0.2, thats because the actual gateway is 10.0.0.1 and is not located in the router, it's in a juniper router. So theoretically dhcp client is the only thing necessary...

/ip firewall filter
add action=accept chain=input dst-address=10.0.0.2 dst-port=67 protocol=udp src-address-list=wifi-clients
add action=accept chain=input dst-address=10.0.0.2 dst-port="" protocol=udp src-address-list=wifi-clients src-port=68
add action=drop chain=input dst-address=10.0.0.2 src-address-list=wifi-clients
add action=accept chain=input dst-address=10.0.0.2 dst-port=68 protocol=udp src-address-list=wifi-clients

EDIT:
I added the ports for other main mgmt ways to drop list. I have winbox etc already disabled via conf.

add action=drop chain=input dst-address=10.0.0.2 dst-port=80 protocol=tcp src-address-list=wifi-clients
add action=drop chain=input dst-address=10.0.0.2 dst-port=443 protocol=tcp src-address-list=wifi-clients
add action=drop chain=input dst-address=10.0.0.2 dst-port=22 protocol=tcp src-address-list=wifi-clients

tafkamax · Tue Oct 03, 2023 4:19 pm

Turns out inside the CAP-s you have to turn off vlan-filtering=no for the CAP bridge! Because it dynamically creates the vlans.

Now the clients hop between the AP-s, but some super weird behavior with "no internet access" now after the hop from inital AP.

tafkamax · Wed Oct 04, 2023 11:09 am

Hmm currently it seems to work some of the times. The clients can connect to one specific AP. When moving away from that AP to the location of another AP. The device does not reconnect. When moving back to the original spot it reconnects.

I had 802.11r (FT) enabled and when connected to the first AP it worked, when moving around it reconnected to another AP, which is better than without FT, but it showed no external internet.

When looking at the firewall logs. I was seeing that the sessions were created, but timed out from the outside world. So the outside world could not redirect traffic back to the wifi client. I have a question: Is that related to ARP tables? If so, then it might be similar to this topic: viewtopic.php?t=200085

I will paste my config again.

The important thing here is that compared to the example in: https://help.mikrotik.com/docs/display/ ... ionexample: , I am using only "admit-only-vlan-tagged" in "bridge ports". Should I change this to "admit-only-untagged-and-priority-tagged" or "admit-all" and might this help?

I used to have static VLAN-s in my CAP, but changed this, because I didn't understand beforehand, that CAPSMAN dynamically creates the VLAN-s and etc.

CAPSMAN ROUTER CONF:

/interface bridge
add admin-mac=02:E7:89:69:92:29 auto-mac=no fast-forward=no igmp-snooping=yes name=bridge protocol-mode=mstp region-name=ext region-revision=12 vlan-filtering=yes
/interface vlan
add comment="VLAN 6" interface=bridge name=vlan6 vlan-id=6
add comment="VLAN 40" interface=bridge name=vlan40 vlan-id=40
/interface wifiwave2 datapath
add bridge=bridge comment="Datapath for WiFi clients to pass data through" disabled=no name=vlan6 vlan-id=6
/interface wifiwave2 security
add authentication-types=wpa2-psk disabled=no name=security
/interface wifiwave2 configuration
add country=Estonia datapath=vlan6 disabled=no name=REDACTED-SSID-5GHz security=security ssid=REDACTED-SSID
add country=Estonia datapath=vlan6 disabled=no name=REDACTED-SSID security=security ssid=REDACTED-SSID
/interface wifiwave2
add configuration=REDACTED-SSID disabled=no name=wifi--capax-01_2GHz-1 radio-mac=48:A9:8A:E0:8F:27
# changed intended channel to 5260/ax/Ceee
add configuration=REDACTED-SSID-5GHz disabled=no name=wifi--capax-01_5Ghz-1 radio-mac=48:A9:8A:E0:8F:26
add configuration=REDACTED-SSID disabled=no name=wifi--capax-02_2GHz-1 radio-mac=48:A9:8A:E0:8C:1D
# changed intended channel to 5520/ax/eCee
add configuration=REDACTED-SSID-5GHz disabled=no name=wifi--capax-02_5Ghz-1 radio-mac=48:A9:8A:E0:8C:1C
add configuration=REDACTED-SSID disabled=no name=wifi--capax-03_2GHz-1 radio-mac=48:A9:8A:E4:F5:9F
add configuration=REDACTED-SSID-5GHz disabled=no name=wifi--capax-03_5Ghz-1 radio-mac=48:A9:8A:E4:F5:9E
add configuration=REDACTED-SSID disabled=no name=wifi--capax-04_2GHz-1 radio-mac=48:A9:8A:E4:F5:B3
add configuration=REDACTED-SSID-5GHz disabled=no name=wifi--capax-04_5Ghz-1 radio-mac=48:A9:8A:E4:F5:B2
add configuration=REDACTED-SSID disabled=no name=wifi--capax-05_2GHz-1 radio-mac=48:A9:8A:E4:F5:8F
add configuration=REDACTED-SSID-5GHz disabled=no name=wifi--capax-05_5Ghz-1 radio-mac=48:A9:8A:E4:F5:8E
add configuration=REDACTED-SSID disabled=no name=wifi--capax-06_2GHz-1 radio-mac=48:A9:8A:E4:F5:03
add configuration=REDACTED-SSID-5GHz disabled=no name=wifi--capax-06_5Ghz-1 radio-mac=48:A9:8A:E4:F5:02
add configuration=REDACTED-SSID disabled=no name=wifi--capax-07_2GHz-1 radio-mac=48:A9:8A:E4:F4:E3
# changed intended channel to 5540/ax/eeCe
add configuration=REDACTED-SSID-5GHz disabled=no name=wifi--capax-07_5Ghz-1 radio-mac=48:A9:8A:E4:F4:E2
add configuration=REDACTED-SSID disabled=no name=wifi--capax-08_2GHz-1 radio-mac=48:A9:8A:E4:F5:8B
# changed intended channel to 5765/ax/eCee
add configuration=REDACTED-SSID-5GHz disabled=no name=wifi--capax-08_5Ghz-1 radio-mac=48:A9:8A:E4:F5:8A
add configuration=REDACTED-SSID disabled=no name=wifi--capax-09_2GHz-1 radio-mac=48:A9:8A:E2:B1:A7
add configuration=REDACTED-SSID-5GHz disabled=no name=wifi--capax-09_5Ghz-1 radio-mac=48:A9:8A:E2:B1:A6
add configuration=REDACTED-SSID disabled=no name=wifi--capax-10_2GHz-1 radio-mac=48:A9:8A:E2:AD:F9
add configuration=REDACTED-SSID-5GHz disabled=no name=wifi--capax-10_5Ghz-1 radio-mac=48:A9:8A:E2:AD:F8
add configuration=REDACTED-SSID disabled=no name=wifi--capax-11_2GHz-1 radio-mac=48:A9:8A:E0:8C:3D
add configuration=REDACTED-SSID-5GHz disabled=no name=wifi--capax-11_5Ghz-1 radio-mac=48:A9:8A:E0:8C:3C
add configuration=REDACTED-SSID disabled=no name=wifi--capax-12_2GHz-1 radio-mac=48:A9:8A:E2:AE:99
add configuration=REDACTED-SSID-5GHz disabled=no name=wifi--capax-12_5Ghz-1 radio-mac=48:A9:8A:E2:AE:98
add configuration=REDACTED-SSID disabled=no name=wifi--capax-13_2GHz-1 radio-mac=48:A9:8A:E2:B8:39
add configuration=REDACTED-SSID-5GHz disabled=no name=wifi--capax-13_5Ghz-1 radio-mac=48:A9:8A:E2:B8:38
/ip pool
add name=wifi ranges=10.0.0.100-10.0.3.253
/ip dhcp-server
add address-pool=wifi interface=vlan6 name=wifi
/port
set 0 name=serial0
set 1 name=serial1
/snmp community
set [ find default=yes ] addresses=REDACTED_IP
/system logging action
set 3 remote=192.168.2.6
#error exporting "/interface/bridge/host" (timeout)
/interface bridge msti
add bridge=bridge comment=external identifier=1 vlan-mapping=20,178-179
add bridge=bridge comment=management identifier=2 vlan-mapping=40,50
add bridge=bridge comment=services identifier=3 vlan-mapping=5-6,12-19,25-26,30-39,41-49
/interface bridge port
add bridge=bridge comment=trunk frame-types=admit-only-vlan-tagged interface=ether1
add bridge=bridge comment=trunk frame-types=admit-only-vlan-tagged interface=ether2
add bridge=bridge comment=trunk frame-types=admit-only-vlan-tagged interface=ether3
add bridge=bridge comment=trunk frame-types=admit-only-vlan-tagged interface=ether4
add bridge=bridge comment=trunk frame-types=admit-only-vlan-tagged interface=ether5
add bridge=bridge comment=trunk frame-types=admit-only-vlan-tagged interface=ether6
add bridge=bridge comment=trunk frame-types=admit-only-vlan-tagged interface=ether7
add bridge=bridge comment=trunk frame-types=admit-only-vlan-tagged interface=ether8
add bridge=bridge comment=trunk frame-types=admit-only-vlan-tagged interface=ether9
add bridge=bridge comment=trunk frame-types=admit-only-vlan-tagged interface=ether10
add bridge=bridge comment=trunk frame-types=admit-only-vlan-tagged interface=ether11
add bridge=bridge comment=trunk frame-types=admit-only-vlan-tagged interface=ether12
add bridge=bridge comment=trunk frame-types=admit-only-vlan-tagged interface=ether13
add bridge=bridge comment=trunk frame-types=admit-only-vlan-tagged interface=ether14
add bridge=bridge comment=trunk frame-types=admit-only-vlan-tagged interface=ether16
add bridge=bridge comment=trunk frame-types=admit-only-vlan-tagged interface=sfp-sfpplus1
add bpdu-guard=yes bridge=bridge comment="Dedicated Management Port" frame-types=admit-only-untagged-and-priority-tagged interface=ether15 pvid=40
add bridge=bridge comment=trunk frame-types=admit-only-vlan-tagged interface=sfp-sfpplus2
/ip neighbor discovery-settings
set discover-interface-list=all lldp-med-net-policy-vlan=1
/interface bridge vlan
add bridge=bridge untagged=bridge vlan-ids=1
add bridge=bridge tagged=ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10,ether11,ether12,ether13,ether14,ether16,sfp-sfpplus1,sfp-sfpplus2,bridge untagged=ether15 vlan-ids=40
add bridge=bridge tagged=bridge,ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10,ether11,ether12,ether13,ether14,ether16,sfp-sfpplus1,sfp-sfpplus2 vlan-ids=6
/interface wifiwave2 cap
set discovery-interfaces=all
/interface wifiwave2 capsman
set ca-certificate=auto enabled=yes interfaces=all package-path=/ require-peer-certificate=no upgrade-policy=suggest-same-version
/interface wifiwave2 provisioning
add action=create-enabled comment="Match Radio bands for 5GHz wifi." disabled=no master-configuration=REDACTED-SSID-5GHz name-format=%I_5Ghz- supported-bands=5ghz-ax,5ghz-ac
add action=create-enabled comment="Match Radio bands for 2.4GHz radio." disabled=no master-configuration=REDACTED-SSID name-format=%I_2GHz- supported-bands=2ghz-ax,2ghz-n
/ip address
add address=192.168.20.24/24 interface=vlan40 network=192.168.20.0
add address=10.0.0.2/22 interface=vlan6 network=10.0.0.0
/ip dhcp-server network
add address=10.0.0.0/22 comment="VLAN6 subnet for wifi clients." dns-server=REDACTED_IP
/ip dns
set allow-remote-requests=yes servers=REDACTED_IP
/ip route
add distance=1 gateway=192.168.20.1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www-ssl certificate=REDACTED-DOMAIN-NAME_cert.cer_0 disabled=no tls-version=only-1.2
set api disabled=yes
set winbox disabled=yes
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote
/snmp
set contact=root@REDACTED-DOMAIN enabled=yes location=Tallinn
/system clock
set time-zone-name=Europe/Tallinn
/system identity
set name=REDACTED-DOMAIN-NAME
/system logging
add action=remote topics=info
add action=remote topics=warning
add action=remote topics=error
add action=remote topics=critical
add action=remote topics=wireless
/system note
set show-at-login=no
/system ntp client
set enabled=yes
/system ntp client servers
add address=REDACTED_IP
add address=REDACTED_IP
/system routerboard settings
set enter-setup-on=delete-key
/tool e-mail
set address=REDACTED-DOMAIN-NAME from=root@REDACTED-DOMAIN-NAME tls=starttls

CAP CONF:

/interface bridge
add admin-mac=48:A9:8A:E0:8F:25 auto-mac=no comment=trunk name=bridge protocol-mode=none
/interface vlan
add comment="VLAN 40" interface=bridge name=l3vlan40 vlan-id=40
add comment="VLAN 6" interface=bridge name=vlan6 vlan-id=6
/interface wifiwave2 datapath
add bridge=bridge comment="Datapath for WiFi clients to pass data through" disabled=no name=capdp vlan-id=6
/interface wifiwave2
# managed by CAPsMAN
# mode: AP, SSID: REDACTED-SSID, channel: 5680/ax/eCee
set [ find default-name=wifi1 ] configuration.manager=capsman .mode=ap datapath=capdp disabled=no
# managed by CAPsMAN
# mode: AP, SSID: REDACTED-SSID, channel: 2457/ax/eC
set [ find default-name=wifi2 ] configuration.manager=capsman .mode=ap datapath=capdp disabled=no
/snmp community
set [ find default=yes ] addresses=REDACTED_IP
/system logging action
set 3 remote=192.168.2.6
/interface bridge port
add bridge=bridge comment=trunk frame-types=admit-only-vlan-tagged interface=ether1
/ip neighbor discovery-settings
set discover-interface-list=none
/interface bridge vlan
add bridge=bridge untagged=bridge vlan-ids=1
add bridge=bridge tagged=bridge,ether1 vlan-ids=40
/interface wifiwave2 cap
set caps-man-addresses=192.168.20.24 discovery-interfaces=bridge enabled=yes slaves-datapath=capdp
/ip address
add address=192.168.188.1/24 interface=ether2 network=192.168.188.0
add address=192.168.20.40/24 interface=l3vlan40 network=192.168.20.0
/ip dns
set servers=REDACTED_IP
/ip route
add distance=1 gateway=192.168.20.1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set api disabled=yes
set winbox disabled=yes
/snmp
set contact=root@REDACTED-DOMAIN enabled=yes location=Tallinn
/system clock
set time-zone-name=Europe/Tallinn
/system identity
set name=wifi--capax-01
/system logging
add action=remote topics=info
add action=remote topics=warning
add action=remote topics=error
add action=remote topics=critical
/system note
set show-at-login=no
/system ntp client
set enabled=yes
/system ntp client servers
add address=REDACTED_IP
add address=REDACTED_IP
/system routerboard mode-button
set enabled=yes on-event=dark-mode
/system script
add comment=defconf dont-require-permissions=no name=dark-mode owner=*sys policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\
    "\r\
    \n   :if ([system leds settings get all-leds-off] = \"never\") do={\r\
    \n     /system leds settings set all-leds-off=immediate \r\
    \n   } else={\r\
    \n     /system leds settings set all-leds-off=never \r\
    \n   }\r\
    \n "
/tool e-mail
set address=REDACTED-DOMAIN-NAME from=root@REDACTED-domain tls=starttls
/tool mac-server
set allowed-interface-list=none
/tool mac-server mac-winbox
set allowed-interface-list=none

Although frame-types specify that: Specifies allowed frame types on a bridge port. This property only has an effect when vlan-filtering is set to yes.

But for CAPSMAN to work with CAP-s the CAP-s need to disable vlan-filtering, because capsman dynamically creates everything necessary.

tafkamax · Thu Oct 05, 2023 10:26 am

I am one step closer to solving the problem!

Connect client to wifi

Walk away from AP

Client changes to another AP

Can't ping GW anymore

Do "forget connection"

Remove the lease for the client device from mikrotik dhcp-server UI

Reconnect

Voila, can ping GW again!

tafkamax · Thu Oct 05, 2023 11:19 am

I don't know what to do! It is a super weird problem

I tried to downgrade 7.12beta9 to 7.11.2, for the CAPSMAN host it worked, but for the AP-s the automatic provisioning did not work! Like wtf...

Can I submit a bug request or something regarding all the issues I've had?

gigabyte091 · Thu Oct 05, 2023 11:24 am

Best thing right now, open support ticket, attach supout.rif file when opening the ticket.

prmfeddema · Thu Feb 15, 2024 4:37 pm

Same here - whenever i enable FT some clients (ipad air - older model) is unable to connect.

Wireless clients cannot connect

Wireless clients cannot connect

Re: Wireless clients cannot connect

Re: Wireless clients cannot connect

Re: Wireless clients cannot connect

Re: Wireless clients cannot connect

Re: Wireless clients cannot connect

Re: Wireless clients cannot connect

Re: Wireless clients cannot connect

Re: Wireless clients cannot connect

Re: Wireless clients cannot connect

Re: Wireless clients cannot connect

Re: Wireless clients cannot connect

Re: Wireless clients cannot connect

Re: Wireless clients cannot connect

Re: Wireless clients cannot connect

Who is online