CAP AX no samsung device can connect

kiemlicz · January 13, 2025, 10:44pm

I’ve seen ton of post about Mikrotik wifi equipment, yet I’ve decided to give it a shot.
I’ve got a ton of Samsung “smartthing” equipment that worked ok with previous TP Link Omada (EAP 670)
I’m extremely disappointed with this “cap ax”

I’ve followed precisely this https://help.mikrotik.com/docs/spaces/ROS/pages/224559120/WiFi#WiFi-CAPsMAN-CAPVLANconfigurationexample%3A to setup my

CCR2004 as main router with wifi-qcom package (replaced wireless package)
CRS as POE switch, it just… switches (no qcom package here)
caps (they come with new packages preinstalled)
So assume my config is exactly the same as linked one

Result:

android samsung phones, laptops - connect
no other samsung “smart device” connects (fridge etc.)

yes yes: I have a separate profile without WPA3, they reside on 2.4Ghz N band only (like the “guest” from linked example)

all the CCR logs say is repeated every second:

dhcp_iot deassigned 192.168.60.209 for 40:CA:63:72:7C:B9 Samsung-Oven
dhcp_iot assigned 192.168.60.209 for 40:CA:63:72:7C:B9 Samsung-Oven
40:CA:63:72:7C:B9@cap-wifi2-virtual4 disconnected, connection lost, signal strength -49

I’ve pinned this to be concerned with ‘security’ only issue as exposing open network results in some devices (tested on one cause I have too many of them to f&*^% go one by one) connecting ok.

I’ve seen also: http://forum.mikrotik.com/t/ax-series-lineup-wifi-issues/166664/1

How to make these devices connect? I cannot imagine that they won’t work
Where do I even look for meaningful logs (debug tag doesn’t add ANY value - seriously wtf Mikrotik?!)

ConnyMercier · January 14, 2025, 10:35pm

Good Evening,

I haven`t had the pleasure to work with Samsung IOT-Devices yet…
But I had my fair share of IOT connectivity issues…

I don`t have a lot of Information on your System…
If I had to diagnose the Issue, I would configure a cAPax as a basic AP.
Same SSID and Password, but nothing else (Virtual-Interfaces / Slave-Interface, VLAN, AccessList, etc)
Furthermore If possible, also provide a unrestricted Internet-Access to the Network.

If you are comfortable with RouterOS / Mikrotik, it is a quick and easy way to Isolate the Issue.

erlinden · January 15, 2025, 7:51am

Please show your config (of all involved devices):

/export file=anynameyoulike

Next, please supply all RouterOS and firmware versions of all involved devices.

No reason to install wifi-qcom on the CCR, CAPsMAN is available from the main package (since 7.13.x).

GreekFire · May 29, 2025, 11:14am

Hi Guys

I don’t know if that will help, what i found with the newest Samsung Smart TV is the settings for fast Roaming FT,
as long i have switch off that, all working good

let me know if that works for yours

Thanks!!

maigonis · May 29, 2025, 11:56am

Yes, FT can be issue, so if MFP. OP try this as template:

/interface wifi security
add authentication-types=wpa2-psk disabled=no management-protection=disabled name=Administracija wps=disable ft=no

ToTheFull · May 29, 2025, 12:04pm

Good catch all, It’s about time to make a list of devices that will and won’t work with FT enabled.

Ipad Air 2

maigonis · May 29, 2025, 12:18pm

Well, on my armbian boards I get “wpa_supplicant[647]: FT: Invalid key management type (2)” and fails to use ft (tested built in Chinese wifi chip and My Mediatek usb sticks). Also Im pretty sure my Samsung Galaxy tab S9 FE+ does support ft (haven’t verified), but fails to use it (the same as armbian), meanwhile S22 is fine. Still testing, but it seems that ft does have issues and is causing at least some part of disconnects and connectivity problems in general on 5ghz radios. I do use my wap ax to test connection to my home network, 2.4ghz bands connection is fine overall, can use ft or whatever I want and connection holds. 5ghz band is a different story - it drops at least once daily whit reason code 3 if ft is on. Whit out ft I tested connection over 3 days and it was fine.

roe1974 · May 29, 2025, 1:19pm

Same here with rb5009 and two cAPax … enabling ft for 5GHz ends in disconnections of Devices like Samsung TV for example.
But on the Samsung TV I have observed the following when ft=on. I have one SSID for 2.4GHz and 5GHz on two cAPs … with ft=on I suddenly see my SSID twice on the TV (1x with the note 5GHz) and he wants again the (allready known) wifi password … with ft=off I see, as normal, my SSID only once ?
Maybe you could connect devices that support roaming to a virtual AP where ft=on and the master interface is ft=off for all devices that do not support it ?

maigonis · May 29, 2025, 11:04pm

You can create virtual SSIDs whit different security settings and you most likely see two SSIDs because security settings have changed. Important thing to remember - security change on SSID may require you to reconnect device (forget network and enter password again).

Btw wap ax whit out ft still got reason code 3 today, so removing ft is not a complete fix. It does help thru.

roe1974 · May 30, 2025, 6:10pm

I am on 7.18.2 (Capsman on RB5009, two cAPax) … with ft=off works like a charme !

robmaltsystems · June 1, 2025, 12:12pm

If there is no fp setting, I assume it’s off?

erlinden · June 1, 2025, 12:24pm

There is a difference in the two screenshots. No visible equals unset, while ft=no it is explicitly set. As “no” is default, the result will be the same.

infabo · June 1, 2025, 4:48pm

aye.

“ft (no | yes: default: no)
Whether to enable 802.11r fast BSS transitions ( roaming).”
https://help.mikrotik.com/docs/spaces/ROS/pages/224559120/WiFi#:~:text=ft%20(no,BSS%20transitions%20(%20roaming).

kiemlicz · November 4, 2025, 5:42pm

Thanks

That's my config, iote is the network with recommended settings.
No success, samsung devices (fridge in this case) cannot connect

[admin@main] > /interface/wifi/configuration/print  
Flags: X - disabled 
 0   name="home-wifi" mode=ap ssid="home" manager=local security=home 
     security.authentication-types=wpa2-psk,wpa3-psk .passphrase="XXXXXXXXXXXXX" .ft=yes .ft-over-ds=yes 
     datapath=wifi_vlan_40 
     datapath.bridge=local .vlan-id=40 
     steering=80211kv-home 
     steering.neighbor-group=dynamic-home-93582c49 .rrm=yes .wnm=yes 

 1   name="iotl" mode=ap ssid="iotl" manager=local security=iotl 
     security.authentication-types=wpa-psk,wpa2-psk .passphrase="shiteasypass" .ft=yes .ft-over-ds=yes 
     datapath=iot_legacy_vlan_61 
     datapath.bridge=local .vlan-id=61 

 2   name="guest" mode=ap ssid="guest" manager=local security=guest 
     security.authentication-types=wpa2-psk,wpa3-psk .passphrase="XXX" .ft=yes .ft-over-ds=yes 
     datapath=guest_vlan_80 
     datapath.bridge=local .vlan-id=80 

 3   name="iot" mode=ap ssid="iot" manager=local security=iot 
     security.authentication-types=wpa-psk,wpa2-psk .passphrase="alsoshiteasy" .ft=yes .ft-over-ds=yes 
     datapath.bridge=local .vlan-id=60 
     steering=80211kv-iot 
     steering.neighbor-group=dynamic-iot-597bfb1e .rrm=yes .wnm=yes 

 4   name="iotl-open" mode=ap ssid="ioto" country=Poland manager=local datapath=iot_legacy_open_vlan_62 
     datapath.bridge=local .vlan-id=62 

 5 X name="home-wifi-local" mode=ap manager=local security=home 
     security.authentication-types=wpa2-psk,wpa3-psk .passphrase="XXXXXX" .ft=yes .ft-over-ds=yes 
     datapath=wifi_vlan_40_local 
     datapath.bridge=local .traffic-processing=on-cap .vlan-id=40 

 6   name="iote" mode=ap ssid="iote" manager=local security=iote 
     security.authentication-types=wpa2-psk .passphrase="shiteasypass" .management-protection=disabled .wps=disable .ft=no 
     datapath=iot_legacy_vlan_61 
     datapath.bridge=local .vlan-id=61 

[admin@main] > /interface/wifi/provisioning/print  
Flags: X - DISABLED
Columns: ACTION, MASTER-CONFIGURATION, SLAVE-CONFIGURATIONS
#    ACTION                  MASTER-CONFIGURATION  SLAVE-CONFIGURATIONS
;;; 5-cap
0    create-dynamic-enabled  home-wifi             guest               
;;; 2-cap
1    create-dynamic-enabled  home-wifi             guest               
                                                   iot                 
                                                   iotl                
                                                   iotl-open           
                                                   iote                
;;; 5ac
2 X  create-dynamic-enabled  home-wifi             guest               
                                                   iot                 
;;; experiments only
3 X  create-dynamic-enabled  *E                                        
;;; 5-hap
4    create-dynamic-enabled  guest                 home-wifi           
                                                   guest               
;;; 2-hap
5    create-dynamic-enabled  guest                 home-wifi           
                                                   guest               
                                                   iot                 
                                                   iotl                
                                                   iotl-open           
                                                   iote

jaclaz · November 4, 2025, 6:40pm

Not really, that is a view on a part of the configuration that you believe is related, there could be other settings elsewhere, seemingly unrelated, that could cause the connection problem.

Post your complete configuration for review:

nsarant · November 4, 2025, 8:20pm

It is also worth checking what frequency the 5G is running on. I have experienced similar issues of not being able to see SSID, because router os decided to use higher frequency (5800+) due to surrounding noise.

In that instance i could see the ssid from phone but not from laptop.

When i manually set to lower frequency, equivalent to 36-40 band (cant remember exact numbers), i was able to see the ssid when scanning.

Not all devices are able to use full 5g frequency range.