I’ve a CAPsMan managed network with hAPac as router and 3 cAPacs as APs. It’s a home wifi with a main private LAN (wifi + wired) and separate Guest and IOT wifis for devices with lesser security. Guest and IOT networks are implemented using VLANs.
All is running well, until I’ve connected 3 devices that run into strange loop and they could never reach internet, since they are assigned/deassigned within few seconds away. See a log excerpt below:
20:37:52 dhcp,info dhcp-v4-matrix-iot deassigned 192.168.2.92 for FC:DD:55:FC:E0:7D
20:37:52 dhcp,info dhcp-v4-matrix-iot assigned 192.168.2.92 for FC:DD:55:FC:E0:7D
20:37:59 caps,info FC:DD:55:FC:E0:7D@local2-GHz-CAPac-2NP-iot reassociating
20:37:59 dhcp,info dhcp-v4-matrix-iot deassigned 192.168.2.92 for FC:DD:55:FC:E0:7D
20:37:59 dhcp,info dhcp-v4-matrix-iot assigned 192.168.2.92 for FC:DD:55:FC:E0:7D
This happens all the time for all the 3 clients (same manufacturer - it’s a Toshiba AC). When I connect them to the private wifi, they associate and work without issues. There is a few of other devices on the IOT wifi that are also running without issues. I’m also attaching extended log with DHCP debug level.
I’ve searched this forum back and forth, tried a number of things but to no avail.
When I connect to temp AP (with the same SSID/pass) without the VLANs the clients work OK without any other change. I’m suspecting there might be my problem, but I failed to find my stumbling block.
Some wireless client devices make certain assumptions about the network they connect to, and if these are not fulfilled they disconnect again.
E.g. they check if they have internet connectivity.
It may be that on your guest network you have implemented additional firewall rules or other security measures that make these devices think the network is not OK.
Thanks for clueing me in! So do I understand this correctly that the deassignment is certainly a decision of the client, not the AP kicking the client out?
I’ll log all my FW rules to find out what makes the clients unhappy. Any clues what it could be? As I said, all other IOT devices are OK, I can reach public internet, DNS works, ping to internet etc.
I’ve checked the firewall rules, logged them, disabled them selectively. I’ve even set rules to allow everything on FW. But no progress.
By torching the VLAN interface I’ve learned they’re establishing connections to DNS and some MS and Amazon IPs (Azure and AWS I assume). So the connectivity is not the issue I assume.
I’m completely lost what to try next TBH. Any clues welcome.
Yes, the disconnection most likely comes from the client.
It would be an issue when your 3 devices have the same MAC address, but then it would not work on the other SSID either.
When you have reconfigured one unit to work on the main SSID and that then worked, it could explain the problem.
3 devices with the same MAC address is a serious quality control issue, but MikroTik cannot solve that, you need to contact the manufacturer of the AC.
It may be possible to find more info by doing a packet capture (Tools->Packet Sniffer) with output to a file, then download the file and examine it using wireshark.
That gives more detail than with Torch. You can filter the capture on MAC address so you get everything including the DHCP exchange.
Maybe you find the reason for the disconnect. I expect it tries do do something that gets denied.
Huge config…hence didn’t check it all. Was expecting to see VLAN filtering on the bridge, there is none. Think it would be beneficial to clean some config (or at least explain the reason).
Did you also have a look at the debug logging for wireless (assuming it is available in CAPsMAN)?
erlinden, I’ve completely missed that. I’ve tried and enabling VLAN filtering completely breaks the guest and IOT networks. They can’t reach internet and when I leave them I’m unable to join them again. So there is really something wrong with my VLAN setup.
