2,4GHz SSID disappears after a few hours

Grandes · January 16, 2023, 9:32pm

Router: cap in bridge mode RBCAPGI-5ACD2ND
Installed Version v64.9.7
I have the configuration as described in post #5 http://forum.mikrotik.com/t/2-4-ghz-home-ap-dual-missing/151254/1
Auto reboot is set every 24 hours.
After few hours SSID for 2,4GHz disappears and all devices are disconnected. Tx and Rx is only 0.0 kbps. changing the settings doesn’t help. Helps only manual reboot. After reboot everything works fine.
mikrotik interface.JPG
mikrotik config.JPG

holvoetn · January 17, 2023, 6:27am

Have you checked registration table ?
Are there devices which can ONLY connect to 2.4Ghz ? Because maybe they all moved to 5Ghz and then it’s normal what you see.

A client will chose the most optimal connection on itself. And 5Ghz is usually better then 2.4Ghz, for the same SSID.

erlinden · January 17, 2023, 9:14am

Is the SSID still broadcasted?
Does disable&enalbe the interface solve the problem?
Can you share your config?

/export file=anynameyoulike

Make sure you remove any personal information.

Grandes · January 17, 2023, 8:10pm

there are 22 connected devices in 2,4GHz . These devices are only 2,4GHz. When there is a problem with the network, they are all disconnected. At the same time the network 5GHz is working fine.

Grandes · January 17, 2023, 8:25pm

SSID is not broadcasted
disable&enalbe Wlan_2G doesn't help. Helps only System >> Reboot

# jan/17/2023 21:11:45 by RouterOS 6.49.7
# software id = N5VI-GBMC
#
# model = RBcAPGi-5acD2nD
# serial number = HCZ086JBxxx
/interface bridge
add admin-mac=18:FD:74:7C:1C:xx auto-mac=no comment=defconf name=bridge
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk supplicant-identity=\
    MikroTik wpa-pre-shared-key=xxxxxxxxxx5 wpa2-pre-shared-key=xxxxxxxxxxx
add authentication-types=wpa2-psk mode=dynamic-keys name=securiti5g \
    supplicant-identity="" wpa2-pre-shared-key=xxxxxxxxxxxxx
add authentication-types=wpa2-psk mode=dynamic-keys name=securiti2g \
    supplicant-identity="" wpa2-pre-shared-key=xxxxxxxxxx
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-onlyn comment=RBCAPGI-5ACD2ND \
    country=poland disabled=no distance=indoors mode=ap-bridge name=wlan_2G \
    security-profile=securiti2g ssid=kabel wireless-protocol=802.11 wps-mode=\
    disabled
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
    20/40/80mhz-XXXX country=poland disabled=no distance=indoors frequency=\
    5200 installation=indoor mode=ap-bridge name=wlan_5G security-profile=\
    securiti5g ssid=Kabel5G wireless-protocol=802.11
/interface wireless manual-tx-power-table
set wlan_2G comment=RBCAPGI-5ACD2ND
/interface wireless nstreme
set wlan_2G comment=RBCAPGI-5ACD2ND
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=wlan_2G
add bridge=bridge comment=defconf interface=wlan_5G
add bridge=bridge interface=ether1
/ip neighbor discovery-settings
set discover-interface-list=all
/interface list member
add comment=defconf interface=ether1 list=WAN
add interface=ether2 list=LAN
add interface=wlan_5G list=LAN
add interface=wlan_2G list=LAN
/ip dhcp-client
add comment=defconf disabled=no interface=bridge
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked disabled=yes
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid disabled=yes
add action=accept chain=input comment="defconf: accept ICMP" disabled=yes \
    protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" disabled=yes \
    dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    disabled=yes in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    disabled=yes ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    disabled=yes ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related disabled=yes
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked disabled=yes
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid disabled=yes
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new disabled=yes in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
/system clock
set time-zone-name=Europe/Warsaw
/system identity
set name=RouterOS
/system routerboard mode-button
set enabled=yes on-event=dark-mode
/system scheduler
add interval=1d name="Auto reboot" on-event="system reboot" policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-date=jan/02/2023 start-time=03:00:51
/system script
add comment=defconf dont-require-permissions=no name=dark-mode owner=*sys \
    policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    source="\r\
    \n   :if ([system leds settings get all-leds-off] = \"never\") do={\r\
    \n     /system leds settings set all-leds-off=immediate \r\
    \n   } else={\r\
    \n     /system leds settings set all-leds-off=never \r\
    \n   }\r\
    \n "
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN

bpwl · January 17, 2023, 8:40pm

Anything in the log file, around the time of SSID disappearence? You might add “/system logging add topics=wireless” to see something more.
What reason is given for the disconnects in the LOG ?
The Log will be cleared with the daily reboot. Daily reboots are common on my other brand APs, never on Mikrotik, those run for years non-stop.

Grandes · February 1, 2023, 4:01pm

Tue Jan 17 I moved google nest mni and chromecast devices to 5GHz network and until today everything worked fine.
Today at 13:27 the network crashed
mikrotik wifi.JPG

bpwl · February 1, 2023, 5:41pm

2GHz network: group key exchange timeout.

Looks like clients didn’t get the WPA/WPA2 key-change information. They will stop ALL being able to encrypt/decrypt properly.
https://www.techwalla.com/articles/what-is-a-wpa-group-rekey-interval

“group key exchange timeout” is in many posts in this forum, and is all over the internet for other brands.
I did not find a proper workaround or fix.

If group key updates are sent via broadcast/multicast there is quite a possibility this is missed by some or all clients.
Broadcast/multicast uses the low basic-rate interface rate, to be sure to reach all clients without fault.
However with broadcast/multicast there is NO feedback, so there are NO retries like with unicast.
Unicast can survive glitches in the wifi-ether, because it resends as needed. Broadcast/multicast will fail if disturbed !
Some AP operators rise the lowest basic rate higher than 6Mbps, to save some air-time for beacons. However higher basic-rates will fail more often.

Setting the “Group Key Update” interval in the security profile higher than the default 5 minutes, will reduce the problem.
1 hour and longer is not uncommon ! see: https://community.cisco.com/t5/wireless-mobility-blogs/group-key-update-timeout/ba-p/4135411

I don’t know if setting the Multicast helper to “full” on the wifi interface , will also convert this to unicasts!?
(Helper default setting is “default” , currently the same as “disabled”)