CAP with Wifiwave2

keskol · October 1, 2023, 10:27am

Hi together,
I’m having issues with the capsman on wifiwave2 interface (hap ax3 as capsman and interfaces as cap and hap ax2 als cap).
The wifi interfaces just don’t seem to go up when I use capsman. Only when I switch the config to locally managed instead of capsman is when the interfaces enable.

I would appreciate a lot, if someone could take a look over my redacted config:

# 2023-10-01 12:19:47 by RouterOS 7.12beta9
# software id = VCEN-2DRI
#
# model = C53UiG+5HPaxD2HPaxD
# serial number = 
/interface bridge
add name=bridge_lan
/interface wireguard
redacted
/interface list
add name=WAN
add name=LAN
/interface wifiwave2 channel
add band=2ghz-ax disabled=no name=ch-2ghz width=20/40mhz
add band=5ghz-ax disabled=no name=ch-5ghz width=20/40/80mhz
add band=2ghz-ax disabled=no frequency=2412,2437,2462 name=channel1 width=\
    20mhz
add band=5ghz-ax disabled=no frequency=5170-5330 name=channel2 width=\
    20/40/80mhz
/interface wifiwave2 datapath
add bridge=bridge_lan disabled=no name=datapath-lan
/interface wifiwave2 security
add authentication-types=wpa2-psk,wpa3-psk disabled=no ft=yes ft-over-ds=yes \
    name=Internet-Sec wps=disable
/interface wifiwave2 configuration
add channel=ch-5ghz country=Germany datapath=datapath-lan disabled=no \
    manager=capsman mode=ap name=Internet-5G security=Internet-Sec ssid=\
    Internet
add channel=ch-2ghz country=Germany datapath=datapath-lan disabled=no \
    manager=capsman mode=ap name=Internet-2G security=Internet-Sec ssid=\
    Internet
/interface wifiwave2
# managed by CAPsMAN
set [ find default-name=wifi2 ] configuration=Internet-2G disabled=no name=\
    cap-wifi1
# managed by CAPsMAN
add configuration=Internet-2G disabled=no name=cap-wifi2 radio-mac=\
    redacted
# managed by CAPsMAN
add configuration=Internet-5G disabled=no name=cap-wifi3 radio-mac=\
    redacted
# managed by CAPsMAN
set [ find default-name=wifi1 ] configuration=Internet-5G disabled=no
/ip pool
add name=dhcp_pool0 ranges=10.100.10.10-10.100.10.100
/ip dhcp-server
add address-pool=dhcp_pool0 interface=bridge_lan name=dhcp1

/interface bridge port
add bridge=bridge_lan interface=ether4
add bridge=bridge_lan interface=ether2
add bridge=bridge_lan interface=ether3
add bridge=bridge_lan interface=ether1
/interface list member
add interface=ether1 list=WAN
add interface=bridge_lan list=LAN
/interface wifiwave2 cap
set discovery-interfaces=bridge_lan enabled=yes
/interface wifiwave2 capsman
set enabled=yes interfaces=bridge_lan package-path="" \
    require-peer-certificate=no upgrade-policy=require-same-version
/interface wifiwave2 provisioning
add action=create-enabled disabled=no master-configuration=Internet-5G \
    supported-bands=5ghz-ax
add action=create-enabled disabled=no master-configuration=Internet-2G \
    supported-bands=2ghz-ax

/ip address
add address=10.100.10.1/24 interface=bridge_lan network=10.100.10.0
add address=10.200.0.17/24 interface=wireguard1 network=10.200.0.0
/ip cloud
set ddns-enabled=yes ddns-update-interval=1m
/ip dhcp-client
add interface=ether5 use-peer-dns=no use-peer-ntp=no
/ip dhcp-server network
add address=10.100.10.0/24 dns-server=10.100.10.1 gateway=10.100.10.1
/ip dns
set allow-remote-requests=yes cache-size=16000KiB max-concurrent-queries=1000 \
    max-concurrent-tcp-sessions=100 servers=10.200.0.1

/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=ether1 type=external
add interface=bridge_lan type=internal
/system clock
set time-zone-name=Europe/Berlin
/system identity
set name=DE-FRA-W45
/system note
set show-at-login=no
/system package update
set channel=testing
/tool bandwidth-server
set authenticate=no enabled=no

holvoetn · October 1, 2023, 11:24am

First things first:
cAP as in regular cAP ? Not cAP AX ? Will not work on wifiwave2. Only with legacy wifi capsman.

And what do you mean with “interfaces don’t come up” ? Where don’t they come up ?
On AX3 ? That’s normal. Capsman for wifiwave2 can not manage local interfaces but for roaming it will work since it is the same ROS instance managing the interfaces (local and capsman-controlled).

AX2 ? Are you sure it is in caps mode ?

erlinden · October 1, 2023, 11:32am

I think the “CAP” refers to its mode. Only hAP ax2 and hAP ax3 involved.

@keskol: is this your complete configuration? Is the C53UiG+5HPaxD2HPaxD public facing? I’m missing the firewall part.

And why ffs use UPnP

holvoetn · October 1, 2023, 11:33am

On second read, you may be correct there.
Rest of the responses are still valid then.

But then I also wonder why one would be using capsman for only 2 APs ?

keskol · October 1, 2023, 7:03pm

Thank you for your replies @holvoetn and @erlinden!

Just to clarify, CAP is refering to the mode, yes.
And the Config is redacted, therefore the firewall rules are missing. I am exploring Mikrotik and testing and this is no way yet a productive config.

When I look at the status of an interface managed by capsman, it says “disabled” and I indeed cannot find the SSID

I was not aware of this, thanks for the insight! Could you please provide me with the idea on how to proceed then? Should I setup the AX3 as locally managed and AX2 as CAPsMAN managed? And leave the config as is with roaming set up under security?, or is further config necessary?

2 more AX2s will be added in the future

holvoetn · October 1, 2023, 8:53pm

AX3 locally managed.
Keep security as is.
Roaming will work then.

keskol · October 1, 2023, 9:50pm

P

Perfect! I’ve got it to work. Tested roaming and can confirm functionality. Thanks!!!