CAP - no connections to CAPSMan

RouterOS Wireless Networking
1

Hi,
I returned to Mikrotik after some time switching from Openwrt and trying to get running CAPSMAN.

I have main router RB960PGS, and 2 APs connected over Ethernet - cAPGi-5HaxD2HaxD - all running on 7.12.1 and would like to enable 802.11r with Capsman. What ever I do, I get only state : No Connections to CAPSMAN.
Torch shows me it tries to communicate with RB960PGS on given ports 5246 / 5247 and also tried to disable completely firewall, adding inputs rules for UDP 5246 / 5247 etc. = nothing worked.

I’m obviously missing some key element here - can someone please advice ?
Thank you.

RB960PGS
mikroup.png

# 2023-12-07 23:39:34 by RouterOS 7.12.1
# software id = S5MY-N4ZX
#
# model = RB960PGS

/interface bridge
add admin-mac=78:9A:18:4D:75:6F arp=proxy-arp auto-mac=no name=bridge
/interface ethernet
set [ find default-name=ether1 ] arp=proxy-arp
set [ find default-name=ether2 ] arp=proxy-arp comment="AP DOWN"
set [ find default-name=ether3 ] arp=proxy-arp comment="AP UP"
set [ find default-name=ether4 ] arp=proxy-arp
set [ find default-name=ether5 ] arp=proxy-arp
set [ find default-name=sfp1 ] comment=\
    mac-address=E0:5A:9F:60:0D:2C name="sfp1 IGN WAN"
/caps-man datapath
add bridge=bridge client-to-client-forwarding=yes local-forwarding=yes name=\
    capdp
/caps-man configuration
add channel.band=2ghz-g/n .control-channel-width=40mhz-turbo .save-selected=\
    no country="czech republic" datapath=capdp datapath.arp=proxy-arp \
    .bridge=bridge mode=ap name=Config24 rates.basic="" \
    security.authentication-types=wpa2-psk .disable-pmkid=yes ssid=apmikro
add channel.frequency=5180 country="czech republic" datapath=capdp \
    datapath.arp=proxy-arp .bridge=bridge mode=ap name=Cong5Ghz \
    security.authentication-types=wpa2-psk .disable-pmkid=no ssid=apmikro
/caps-man manager
set ca-certificate=auto certificate=auto enabled=yes
/caps-man provisioning
add action=create-dynamic-enabled master-configuration=Config24 radio-mac=\
    78:9A:18:51:0E:5F
add action=create-dynamic-enabled master-configuration=Cong5Ghz radio-mac=\
    78:9A:18:51:0E:5E
add action=create-dynamic-enabled master-configuration=Cong5Ghz radio-mac=\
    78:9A:18:51:0E:0E
add action=create-dynamic-enabled master-configuration=Config24 radio-mac=\
    78:9A:18:51:0E:0F
/interface bridge port
add bridge=bridge comment=defconf ingress-filtering=no interface=ether2 \
    trusted=yes
add bridge=bridge comment=defconf ingress-filtering=no interface=ether3 \
    trusted=yes
add bridge=bridge comment=defconf ingress-filtering=no interface=ether4 \
    trusted=yes
add bridge=bridge comment=defconf ingress-filtering=no interface=ether5 \
    trusted=yes
/interface bridge settings
set use-ip-firewall-for-pppoe=yes use-ip-firewall-for-vlan=yes
/ip firewall connection tracking
set icmp-timeout=30s loose-tcp-tracking=no udp-stream-timeout=6m udp-timeout=\
    30s
/interface list member
add interface=bridge list=LAN
add interface="sfp1 IGN WAN" list=WAN
/interface wireless cap
set bridge=bridge
/ip address
add address=10.0.0.1/24 interface=bridge network=10.0.0.0
/ip dhcp-client
add interface="sfp1 IGN WAN"

cAPGi-5HaxD2HaxD
main.png

# 2023-12-07 23:39:24 by RouterOS 7.12.1
# software id = 51IY-2PA5
#
# model = cAPGi-5HaxD2HaxD

/interface bridge
add add-dhcp-option82=yes admin-mac=78:9A:18:51:0E:0C arp=proxy-arp auto-mac=\
    no dhcp-snooping=yes igmp-snooping=yes name=bridgeDown
/interface wifiwave2
# no connection to CAPsMAN, managed locally
set [ find default-name=wifi1 ] channel.band=5ghz-ax .frequency=5180 \
    .skip-dfs-channels=all .width=20/40/80mhz configuration.country=Czech \
    .manager=capsman-or-local .mode=ap .multicast-enhance=enabled .ssid=\
    apmikro disabled=no security.authentication-types=wpa2-psk,wpa3-psk .ft=\
    yes .ft-over-ds=yes
# no connection to CAPsMAN, managed locally
set [ find default-name=wifi2 ] channel.band=2ghz-ax .skip-dfs-channels=\
    10min-cac .width=20/40mhz configuration.country=Czech .manager=\
    capsman-or-local .mode=ap .ssid=apmikro disabled=no \
    security.authentication-types=wpa2-psk .disable-pmkid=yes .ft=yes \
    .ft-over-ds=yes
/interface list
add name=LAN
add name=WAN
/interface wifiwave2 datapath
add bridge=bridgeDown disabled=no name=capdp
/interface bridge port
add bridge=bridgeDown comment=WAN interface=ether1 trusted=yes
add bridge=bridgeDown comment=LAN interface=ether2 trusted=yes
add bridge=bridgeDown interface=wifi1 trusted=yes
add bridge=bridgeDown interface=wifi2 trusted=yes
/interface detect-internet
set detect-interface-list=all
/interface list member
add interface=ether1 list=WAN
add interface=bridgeDown list=LAN
/interface wifiwave2 cap
set caps-man-addresses=10.0.0.1 discovery-interfaces=ether1 enabled=yes
/ip dhcp-client
add interface=bridgeDown
/ip dhcp-relay
add dhcp-server=10.0.0.1 disabled=no interface=bridgeDown local-address=\
    10.0.0.2 name=relay1
2

Problem is that you are mixing two versions of CAPsMAN.

On your RB960 you have v1 and on your cAP ax you have v2.

You need to install wifiwave2 package on your router but for MIPSBE i don’t think it’s available.

3

Thank you, is there any way for me to check it ? I mean versions… was trying to find this out but…

Also installing 7.13rc3 would not help ?

I guess then I would need to enable CAPSMAN on one of the AP directly, yet I was hoping that the RB960 would be able to do it.

4

I think with 7.13 you should be able to use new Capsman via /inteface/wifi config.

5

Yes, upgraded to 7.13 and seem now CAPSMAN exists on two places = then one in GUI is not working-V1, while the one reachable via /inteface/wifi works… oh dear, OK, at least some progress. A pity I can’t migrate the settings, the structure seems to be different but let me dive into it.
update seems I got both versions available via GUI, so basically the Capsman v2 is available in Wireless-Capsman. So I transferred settings from v1 and … seems to be running !

Thanks for hints :wink: