Capsclient does not use SSID

RouterOS Wireless Networking
1

Dear all.,

I have CAPS Manager running on a RB1100X4 Dude as a main router. There are 5 HAP Light Router, as CAPS client.
Internet is going via ethernet1 into main router, the HAP light Routers are connected with the other Ethernet ports of the main, which are connected via bridge on ehter2-10.

All of them showing up in the CAPS Manager and get connected to CAPS. But two of the fives Light Router do not get the SSID and the settings from the CAPS main.

I changed already the ethernet ports and cables, where the CAPS clients are connected, I used a backup from a working CAPS client to one, which does not work. The issue remains connected to the two routers and is independet from the cables and ports used to connect the clients to main.

I tested also, if the WLAN modules of this routers are working without CAPS, what is the case.

Hopefully somebody has an idea to help me.

Best regards

Michael

2

Can you please share the config of both CAPsMAN and a working CAP?

/export file=anynameyouwish

Remove serial and any other info and post between code tags by using the </> button.

If the CAPs has default CAP config, you could consider resetting the non working CAP’s:
https://help.mikrotik.com/docs/spaces/ROS/pages/24805498/Reset+Button

Enabling CAPs mode
To connect this device to a wireless network managed by CAPsMAN, keep holding the button for 5 more seconds, LED turns solid, release now to turn on CAPs mode. It is also possible to enable CAPs mode via the command line, to do so run the command “/system reset-configuration caps-mode=yes”;

3

The following code ist from the CAPS Manager

# 2025-01-12 16:35:11 by RouterOS 7.16.2
# software id = GPPW-PYP5
#
# model = RB1100Dx4
# serial number = xxxxxxxx
/caps-man channel
add band=5ghz-a/n/ac name=WLAN50
add band=2ghz-b/g/n extension-channel=Ce name=WLAN24
/interface bridge
add name=bridge_ethernet port-cost-mode=short
add name=bridge_service
/interface ethernet
set [ find default-name=ether1 ] comment="FritzBox Internet" mac-address=\
    D4:01:C3:FB:B2:2B
set [ find default-name=ether2 ] mac-address=D4:01:C3:FB:B2:2C
set [ find default-name=ether3 ] mac-address=D4:01:C3:FB:B2:2D
set [ find default-name=ether4 ] mac-address=D4:01:C3:FB:B2:2E
set [ find default-name=ether5 ] mac-address=D4:01:C3:FB:B2:2F
set [ find default-name=ether6 ] mac-address=D4:01:C3:FB:B2:30
set [ find default-name=ether7 ] mac-address=D4:01:C3:FB:B2:31
set [ find default-name=ether8 ] mac-address=D4:01:C3:FB:B2:32
set [ find default-name=ether9 ] mac-address=D4:01:C3:FB:B2:33
set [ find default-name=ether10 ] mac-address=D4:01:C3:FB:B2:34
set [ find default-name=ether11 ] comment=Bypass mac-address=\
    D4:01:C3:FB:B2:35
set [ find default-name=ether12 ] comment=Bypass mac-address=\
    D4:01:C3:FB:B2:36
set [ find default-name=ether13 ] comment="Leer PPOE" mac-address=\
    D4:01:C3:FB:B2:37
/caps-man interface
add disabled=no l2mtu=1600 mac-address=08:55:31:47:C5:36 master-interface=\
    none name=cap1 radio-mac=08:55:31:47:C5:36 radio-name=08553147C536
add disabled=no l2mtu=1600 mac-address=08:55:31:47:C5:37 master-interface=\
    none name=cap2 radio-mac=08:55:31:47:C5:37 radio-name=08553147C537
add disabled=no l2mtu=1600 mac-address=08:55:31:48:CE:2E master-interface=\
    none name=cap3 radio-mac=08:55:31:48:CE:2E radio-name=08553148CE2E
add disabled=no l2mtu=1600 mac-address=08:55:31:48:CE:2F master-interface=\
    none name=cap4 radio-mac=08:55:31:48:CE:2F radio-name=08553148CE2F
/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm name=security
/disk
set sata1 comment=Intern1SSD media-interface=none media-sharing=no
set sd1 comment="externe SD-Karte" media-interface=none media-sharing=no
/interface list
add name=WAN
add name=LAN
add name=caps_interfaces
/caps-man datapath
add bridge=bridge_ethernet bridge-cost=5 client-to-client-forwarding=yes \
    interface-list=caps_interfaces local-forwarding=yes name=datapath1
/caps-man configuration
add channel=WLAN50 country="germany 5.8 ap" datapath=datapath1 distance=\
    dynamic installation=outdoor max-sta-count=250 mode=ap name=cfg50 \
    security=security ssid=SSID
add channel=WLAN24 country=germany datapath=datapath1 distance=dynamic \
    installation=outdoor max-sta-count=250 mode=ap name=cfg24 security=\
    security ssid=SSID
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip dhcp-server
add interface=ether1 name=server1
/ip pool
add name=dhcp_Master ranges=\
    192.110.0.1-192.110.10.0,192.110.10.2-192.110.15.254
add name=dhcp_pool2 ranges=170.205.20.1-170.205.20.253
/ip dhcp-server
add address-pool=dhcp_Master interface=bridge_ethernet lease-time=5m name=\
    dhcp2
add address-pool=dhcp_pool2 interface=bridge_service name=dhcp1
/port
set 0 name=serial0
set 1 name=serial1
/system logging action
add disk-file-count=20 disk-file-name=sd1/Log/logfile disk-lines-per-file=\
    65535 disk-stop-on-full=yes name=Meldung target=disk
/caps-man manager
set enabled=yes upgrade-policy=require-same-version
/caps-man manager interface
set [ find default=yes ] forbid=yes
add comment=Ethernet disabled=no interface=bridge_ethernet
/caps-man provisioning
add action=create-dynamic-enabled hw-supported-modes=ac master-configuration=\
    cfg50
add action=create-dynamic-enabled hw-supported-modes=gn master-configuration=\
    cfg24
/interface bridge port
add bridge=bridge_ethernet interface=ether2 internal-path-cost=10 path-cost=\
    10
add bridge=bridge_ethernet interface=ether3 internal-path-cost=10 path-cost=\
    10
add bridge=bridge_ethernet interface=ether4 internal-path-cost=10 path-cost=\
    10
add bridge=bridge_ethernet interface=ether12 internal-path-cost=10 path-cost=\
    10
add bridge=bridge_service interface=ether11 internal-path-cost=10 path-cost=\
    10
add bridge=bridge_ethernet interface=ether5 internal-path-cost=10 path-cost=\
    10
add bridge=bridge_ethernet interface=ether6 internal-path-cost=10 path-cost=\
    10
add bridge=bridge_ethernet interface=ether7 internal-path-cost=10 path-cost=\
    10
add bridge=bridge_ethernet interface=ether8 internal-path-cost=10 path-cost=\
    10
add bridge=bridge_ethernet interface=ether9 internal-path-cost=10 path-cost=\
    10
add bridge=bridge_ethernet interface=ether10 internal-path-cost=10 path-cost=\
    10
/ip firewall connection tracking
set udp-timeout=10s
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface list member
add interface=bridge_ethernet list=LAN
add interface=bridge_service list=LAN
add comment=Internet interface=ether1 list=WAN
add interface=bridge_ethernet list=caps_interfaces
/interface ovpn-server server
set auth=sha1,md5
/ip address
add address=192.110.10.1/20 interface=bridge_ethernet network=192.110.0.0
add address=170.205.20.254/24 comment="Service Port 11" interface=\
    bridge_service network=170.205.20.0
/ip dhcp-client
add interface=ether1
/ip dhcp-server lease
add address=192.110.9.240 client-id=1:40:ed:cf:51:1f:29 mac-address=\
    40:ED:CF:51:1F:29 server=dhcp2
add address=192.110.9.235 client-id=1:98:fc:84:12:b:18 mac-address=\
    98:FC:84:12:0B:18 server=dhcp2
/ip dhcp-server network
add address=170.205.20.0/24 dns-server=192.168.178.1,192.110.10.1 gateway=\
    170.205.20.254
add address=192.110.0.0/20 dns-server=192.110.10.1 gateway=192.110.10.1
/ip dns
set allow-remote-requests=yes servers=192.110.10.1
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input in-interface-list=LAN
add action=drop chain=input comment="drop all else"
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=accept chain=forward comment="allow internet traffic" \
    in-interface-list=LAN out-interface-list=WAN
add action=accept chain=forward comment="allow port forwarding" \
    connection-nat-state=dstnat
add action=drop chain=forward
/ip firewall nat
add action=masquerade chain=srcnat ipsec-policy=out,none out-interface-list=\
    WAN
/ip ipsec profile
set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5
/ip packing
add interface=ether12
/routing bfd configuration
add disabled=no interfaces=all min-rx=200ms min-tx=200ms multiplier=5
/system clock
set time-zone-name=Europe/Berlin
/system identity
set name=Mikrotik_Name
/system logging
set 0 action=Meldung
set 1 action=Meldung
set 2 action=Meldung
/system note
set show-at-login=no
/system ntp server
set broadcast=yes enabled=yes multicast=yes

This is the running client code:

# 2025-01-12 16:44:59 by RouterOS 7.16.2
# software id = XS3I-GXRB
#
# model = RB952Ui-5ac2nD
# serial number = xxxxxxxxx
/interface bridge
add admin-mac=08:55:31:47:D9:CE auto-mac=no comment=defconf name=\
    bridge_ethernet port-cost-mode=short
/interface wireless
# managed by CAPsMAN
# channel: 2412/20-Ce/gn(18dBm), SSID: SSIDXXX, local forwarding
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
    disabled=no distance=indoors frequency=auto installation=indoor mode=\
    bridge ssid=MikroTik-47D9D3 station-roaming=enabled wireless-protocol=\
    802.11
# managed by CAPsMAN
# channel: 5765/20-Ceee/ac(19dBm), SSID: SSIDXXX, local forwarding
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
    20/40/80mhz-XXXX disabled=no distance=indoors frequency=auto \
    installation=indoor mode=bridge ssid=MikroTik-XXXX station-roaming=\
    enabled wireless-protocol=802.11
/interface ethernet
set [ find default-name=ether1 ] comment="Input"
set [ find default-name=ether5 ] comment="Output"
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface bridge port
add bridge=bridge_ethernet interface=ether1
add bridge=bridge_ethernet interface=ether5
add bridge=bridge_ethernet interface=ether2
add bridge=bridge_ethernet interface=ether3
add bridge=bridge_ethernet interface=ether4
add bridge=bridge_ethernet interface=wlan2
add bridge=bridge_ethernet interface=wlan1
/ip firewall connection tracking
set udp-timeout=10s
/ip neighbor discovery-settings
set discover-interface-list=LAN
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface list member
add comment=defconf interface=ether1 list=WAN
add interface=ether2 list=LAN
add interface=ether3 list=LAN
add interface=ether4 list=LAN
add interface=ether5 list=LAN
add interface=wlan2 list=LAN
add interface=wlan1 list=LAN
/interface wireless cap
# 
set bridge=bridge_ethernet caps-man-addresses=192.110.10.1 enabled=yes \
    interfaces=wlan2,wlan1
/ip dhcp-client
add interface=bridge_ethernet
/ip dns
set allow-remote-requests=yes
/ip ipsec profile
set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5
/routing bfd configuration
add disabled=no interfaces=all min-rx=200ms min-tx=200ms multiplier=5
/system clock
set time-zone-name=Europe/Berlin
/system identity
set name="MikroTik-1"
/system note
set show-at-login=no
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN

The reset (including Factory settings) we did already.

When I made the files, I did also the one for the non running version. This file is much shorter, although the non running router was gernerated by a backup from the running one

# 2025-01-12 16:44:09 by RouterOS 7.16.2
# software id = 4NJY-2DE9
#
# model = RB952Ui-5ac2nD
# serial number = XXXXXXXXXX
/interface bridge
add name=bridge_ethernet
/interface wireless
# managed by CAPsMAN
# channel: 5785/20-eeCe/ac(28dBm), SSID: , CAPsMAN forwarding
set [ find default-name=wlan2 ] ssid=MikroTik
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk mode=dynamic-keys name=profile1 \
    supplicant-identity=""
/interface wireless
# managed by CAPsMAN
# channel: 2412/20-Ce/gn(28dBm), SSID: , CAPsMAN forwarding
set [ find default-name=wlan1 ] band=2ghz-b/g/n country=germany installation=\
    outdoor mode=ap-bridge security-profile=profile1 ssid=MikroTik wps-mode=\
    disabled
/interface bridge port
add bridge=bridge_ethernet interface=ether1
add bridge=bridge_ethernet interface=ether2
add bridge=bridge_ethernet interface=ether3
add bridge=bridge_ethernet interface=ether4
add bridge=bridge_ethernet interface=ether5
add bridge=bridge_ethernet interface=wlan1
add bridge=bridge_ethernet interface=wlan2
/interface wireless cap
# 
set bridge=bridge_ethernet caps-man-addresses=192.110.10.1 enabled=yes \
    interfaces=wlan2,wlan1
/ip dhcp-client
add interface=bridge_ethernet
/system clock
set time-zone-name=Europe/Berlin
/system identity
set name="MikroTik-5"
/system note
set show-at-login=no
4

Just as an addition:

On the CAPS-Client side, everythings looks absolute similar.

Only the Slave-Clients do nur run on the clients-
So in the CAPS-Cllient they ar noticed at Slave and Disabled and not Running

5

Just as an addition:

On the CAPS-Client side, everythings looks absolute similar.

Only the Slave-Clients do nur run on the clients-
So in the CAPS-Cllient they ar noticed at Slave and Disabled and not Running

6

Is this a copy-paste thing (I’m not familiar with this country)?

/caps-man configuration
add channel=WLAN50 country="germany 5.8 ap" datapath=datapath1 distance=\
    dynamic installation=outdoor max-sta-count=250 mode=ap name=cfg50 \
    security=security ssid=SSID

Can you also post the config of the non working CAP?
Do you see the non working CAP as Remote CAP on the CAPsMAN?
Or the wifi interfaces on the non working CAP enabled?
Anything in the logging

?

7

Thanks for your support.

[quote/]


[code/]

caps-man configuration
add channel=WLAN50 country=“germany 5.8 ap” datapath=datapath1 distance=
dynamic installation=outdoor max-sta-count=250 mode=ap name=cfg50
security=security ssid=SSID[/code]

[code/]



[quote/]

Yes, these settings are normal and are also so same on the router, which are working.

[quote/]

Can you also post the config of the non working CAP?
Do you see the non working CAP as Remote CAP on the CAPsMAN?

[quote/]

Yes

[quote/]

Or the wifi interfaces on the non working CAP enabled?

[quote/]

They are enabled but not running

[quote/]

Anything in the logging

?
[/quote]

Following you find the infos from the running caps client.

# 2025-01-12 16:44:59 by RouterOS 7.16.2
# software id = XS3I-GXRB
#
# model = RB952Ui-5ac2nD
# serial number = xxxxxxxxx
/interface bridge
add admin-mac=08:55:31:47:D9:CE auto-mac=no comment=defconf name=\
    bridge_ethernet port-cost-mode=short
/interface wireless
# managed by CAPsMAN
# channel: 2412/20-Ce/gn(18dBm), SSID: SSIDXXX, local forwarding
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
    disabled=no distance=indoors frequency=auto installation=indoor mode=\
    bridge ssid=MikroTik-47D9D3 station-roaming=enabled wireless-protocol=\
    802.11
# managed by CAPsMAN
# channel: 5765/20-Ceee/ac(19dBm), SSID: SSIDXXX, local forwarding
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
    20/40/80mhz-XXXX disabled=no distance=indoors frequency=auto \
    installation=indoor mode=bridge ssid=MikroTik-XXXX station-roaming=\
    enabled wireless-protocol=802.11
/interface ethernet
set [ find default-name=ether1 ] comment="Input"
set [ find default-name=ether5 ] comment="Output"
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface bridge port
add bridge=bridge_ethernet interface=ether1
add bridge=bridge_ethernet interface=ether5
add bridge=bridge_ethernet interface=ether2
add bridge=bridge_ethernet interface=ether3
add bridge=bridge_ethernet interface=ether4
add bridge=bridge_ethernet interface=wlan2
add bridge=bridge_ethernet interface=wlan1
/ip firewall connection tracking
set udp-timeout=10s
/ip neighbor discovery-settings
set discover-interface-list=LAN
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface list member
add comment=defconf interface=ether1 list=WAN
add interface=ether2 list=LAN
add interface=ether3 list=LAN
add interface=ether4 list=LAN
add interface=ether5 list=LAN
add interface=wlan2 list=LAN
add interface=wlan1 list=LAN
/interface ovpn-server server
set auth=sha1,md5
/interface wireless cap
# 
set bridge=bridge_ethernet caps-man-addresses=192.110.10.1 enabled=yes \
    interfaces=wlan2,wlan1
/ip dhcp-client
add interface=bridge_ethernet
/ip dhcp-server network
add address=0.0.0.0/24 comment=defconf dns-server=0.0.0.0 gateway=0.0.0.0 \
    netmask=24
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.169.10.1 comment=defconf name=router.lan type=A
/ip ipsec profile
set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5
/routing bfd configuration
add disabled=no interfaces=all min-rx=200ms min-tx=200ms multiplier=5
/system clock
set time-zone-name=Europe/Berlin
/system identity
set name="MikroTik-1"
/system note
set show-at-login=no
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN

By the way, all devices have the same firmware, system etc. (stable version)

8

Forgot:
This is the log of the caps client, which does not find the SSID. Looks normal.
Log.pdf (155 KB)

9

There is an error message in the log of the CAPS-Manager:

removing stale connection [::ffff:192.110.9.215:50383,Run,[08:55:31:48:CE:29]] because of ident conflict with [::ffff:192.110.9.215:54463,Join,[08:55:31:48:CE:29]]

10

There are a couple of items I was not expecting in the config:

/interface ethernet
set [ find default-name=ether1 ] comment="Input"
set [ find default-name=ether5 ] comment="Output"
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN

/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=ether1 list=WAN
add interface=ether2 list=LAN
add interface=ether3 list=LAN
add interface=ether4 list=LAN
add interface=ether5 list=LAN
add interface=wlan2 list=LAN
add interface=wlan1 list=LAN

/ip dhcp-server network
add address=0.0.0.0/24 comment=defconf dns-server=0.0.0.0 gateway=0.0.0.0 \
    netmask=24
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.169.10.1 comment=defconf name=router.lan type=A

Are these items added manually?
Sure this device is reset to CAPS Mode?
Could there be a MAC address copied to the new device?

11

Thanks for your support!

Are these items added manually?
Yes
Sure this device is reset to CAPS Mode?
Yes, done more than one time
Could there be a MAC address copied to the new device?
No.

I did together with a friend a lot of trials, testing cables connections using backups. We changed the not running with the running clients. At the end it looks for us, that it is a hardware issue. I had a power loss in my house for some minutes and it seems, that these two routers have been affected by this. I have another router, which looses the Flash storage. So I assume, that this is the root cause for the issue.

Maby there is another idea, but most probably I will send the router back to the supplier (they are still in warranty)