CAP AX does not upgrade in manual mode

RouterOS General
1

Hi, I want to upgrade my CAP AX device however i cannot do that, because when I download a package from Miktotik website (routeros-7.12.npk and wifiwave2.npk files, x86) and upload them into root files directory then clicking “reset”, it does not upgrading. It stays on the same version which was earlier however the uploaded files are removed from the root directory automatically. Maybe I download the wrong version of the file? My goal is to upgrade it from current version to 7.13 but as far as I understood I need firstly to upgrade it to 7.12 and then 7.13 (my main router hAP ax3 did the same procedure with automatic upgrade with no problem)

I cannot use automatical method because I am not a mikrotic’s power user and had messed up with configuration so when I hit check for updates it ends up with an error “cannot resolve DNS name”, however it works great and serves me well as an capsmann device so I am only left with manual method upgrade :slight_smile:

2

Your configuration sounds screwed up. Post your config? From CLI: “export hide-sensitive file=AnyNameYouWant”

3

Thanks for a reply. Here’s my config, however my firewall rules are empty but in that exported file it shows that there are plenty of rules

# 2024-01-01 17:02:21 by RouterOS 7.11.2
# software id = HIL3-NHIS
#
# model = cAPGi-5HaxD2HaxD
# serial number = HEB08W08GY6
/interface bridge
add admin-mac=48:A9:8A:A4:5A:57 auto-mac=no comment=defconf name=bridge
/interface wifiwave2
# managed by CAPsMAN
# mode: AP, SSID: STARLINK_5G, channel: 5885/ax/eeeC
set [ find default-name=wifi1 ] configuration.manager=capsman .mode=ap \
    datapath.bridge=bridge disabled=no
# managed by CAPsMAN
# mode: AP, SSID: STARLINK, channel: 2427/ax/Ce
set [ find default-name=wifi2 ] configuration.manager=capsman .mode=ap \
    datapath.bridge=bridge disabled=no
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/ip pool
add name=dhcp ranges=192.168.89.10-192.168.89.254
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=*3
add bridge=bridge comment=defconf interface=*4
add bridge=bridge interface=ether1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/ipv6 settings
set max-neighbor-entries=15360
/interface list member
add comment=defconf interface=bridge list=LAN
/interface wifiwave2 cap
set certificate=none discovery-interfaces=bridge enabled=yes
/ip address
add address=192.168.89.1/24 comment=defconf interface=ether1 network=\
    192.168.89.0
/ip dhcp-server network
add address=192.168.89.0/24 comment=defconf dns-server=192.168.89.1 gateway=\
    192.168.89.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=192.168.88.1
/ip dns static
add address=192.168.89.1 comment=defconf name=router.lan
add address=159.148.172.226 disabled=yes name=upgrade.mikrotik.com
/ip firewall filter
add action=accept chain=input connection-state=established,related,untracked \
    disabled=yes
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=\
    icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=\
    33434-33534 protocol=udp
add action=accept chain=input comment=\
    "defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\
    udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \
    protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=\
    ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\
    ipsec-esp
add action=accept chain=input comment=\
    "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment=\
    "defconf: drop everything else not coming from LAN" in-interface-list=\
    !LAN
add action=accept chain=forward comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment=\
    "defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \
    hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\
    icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=\
    500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\
    ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\
    ipsec-esp
add action=accept chain=forward comment=\
    "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment=\
    "defconf: drop everything else not coming from LAN" in-interface-list=\
    !LAN
/system clock
set time-zone-name=Europe/Kiev
/system note
set show-at-login=no
/system ntp client
set enabled=yes
/system ntp client servers
add address=0.ua.pool.ntp.org
add address=1.ua.pool.ntp.org
/system routerboard mode-button
set enabled=yes on-event=dark-mode
/system script
add comment=defconf dont-require-permissions=no name=dark-mode owner=*sys \
    policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    source="\r\
    \n   :if ([system leds settings get all-leds-off] = \"never\") do={\r\
    \n     /system leds settings set all-leds-off=immediate \r\
    \n   } else={\r\
    \n     /system leds settings set all-leds-off=never \r\
    \n   }\r\
    \n "
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
4

Did you download the X86 version and tried to upgrade?
you should use arm 64 for cap ax.

5

Possibly enabling the static DNS entry would solve the issue:

add address=159.148.172.226 > disabled=yes > name=upgrade.mikrotik.com

6

Reset or reboot?

https://help.mikrotik.com/docs/display/ROS/Upgrading+and+installation#Upgradingandinstallation-Manualupgrade

7

You are using your AP not in CAP mode…
The quick fix solution is following the following steps:

From your configuration export it looks like that your cAP ax is not in CAP mode. Considering how messed up your configuration now the risk averse way is to Netinstall (there is a Mikrotik YouTube video about it) the current stable RouterOS v7 version on your device. It is an ARM64 based equipment, therefore you’ll need the routeros-7.13.1-arm64.npk and the wifi-qcom-7.13.1-arm64.npk packages from the extra packages (this one is to be uploaded via VinBox after the Netinstall). There are some hoops to jump trough tough during the process:

  1. after downloading the required files (routeros-7.13.1-arm64.npk ; all_packages-arm64-7.13.1.zip ; netinstall64-7.13.1.zip or netinstall-7.13.1.tar.gz) connect your computer to a simple (not smart/managed aka dumb) switch, and the Eth1 port of the cAP ax to the same switch.
  2. Make a photo of the label (containing its MAC address among other things) on the cAP ax as it may come handy down the road.
  3. After the successful Netinstall if the cAP ax is powered with PoE than connect a second patch cable to its Eth2 port, otherwise remove the patch cable from Eth1 port of the cAP ax and connect it to its Eh2 port.
  4. Log in to the cAP ax with WinBox. After that in the right side panel select System / RouterBOARD and click on the Upgrade button, than on the OK one.
  5. In the right side panel select System / Reboot and click on the Yes button, than wait for the reboot of the cAP ax.
  6. Log in to the cAP ax with WinBox. After that in the right side panel select Files, than click on the Upload button and find the wifi-qcom-7.13.1-arm64.npk file which you have extracted from the all_packages-arm64-7.13.1.zip file and upload it.
  7. In the right side panel select System / Reboot and click on the Yes button, than wait for the reboot of the cAP ax.
  8. Log in to the cAP ax with WinBox. After that in the right side panel select System / Packages and make sure that you have two packages in the Package List namely: routeros and wifi-qcom.
  9. In the right side panel select System / Reset Configuration and tick the CAPS Mode and Do Not Backup checkboxes and make sure that the other two are not checked. Than click on the Reset Configuration button.
  10. After the cAP ax restarted log in to the cAP ax with WinBox. Click OK to apply the default configuration and change the admin user’s password.
  11. You may log out from the cAP ax, than disconnect it and also your computer from the simple switch. Connect your computer to the switch port it was connected previously and connect the Eth1 port of the cAP ax to the switch/router port where you will intend to use it on the long run.
  12. Check in your DHCP server what address it has assigned to the cAP ax.
  13. Read trough the new WiFi part of the documentation to have an overview about the basics of the configuration options.