CAPsMAN not working on 7.13.4

fabio · February 19, 2024, 1:02am

Hi all,

I’ve 2 devices, an L009UiGS-2HaxD with CAPsMAN enabled with 2 cfg for 2ghz and 5Ghz 802.11ax radios and a C53UiG+5HPaxD2HPaxD with CAP client enabled.

The client connects to the capsman but no radio are listed in the proper section. The other strange thing is that on remote CAP i see the device connected but with no IP.
(on IP → Neighbors i see that device with the IP, BTW these devices are on the same subnet)
Screenshot 2024-02-19 alle 01.56.29.jpg
Any idea on what’s happening?

It’s the 1st wifi-qcom and capsman configuration.

With past wireless and capsman i never seen this kind of problem.

holvoetn · February 19, 2024, 7:39am

Have you tried clearing out all certificates ?

fabio · February 19, 2024, 8:09am

yes, I’ve tried also to leave default (blank) on Cert and CA fields with the same result.

Question: the CAP client hasn’t a cert and doesn’t generate a new one. I’ve to create it manually and set on Wifi → CAP settings?

holvoetn · February 19, 2024, 11:20am

Personally I don’t use certificates.
I don’t see the benefit from using it in my own LAN environment.

fabio · February 19, 2024, 12:25pm

me too but leaving blank the related fields or setting to “auto” makes no differences, the cert will be autogenerate (and i suppose used)

fabio · February 19, 2024, 12:26pm

I don’t know if my steps are wrong or not.

video of all steps done:
https://youtu.be/LHnmF4_-Da0

erlinden · February 19, 2024, 12:31pm

There is no video attached (yet).

Could you please share both configs of CAPS and of CAPsMAN?

/export file=anynameyoulike

Remove serial and any other personal information. If you post the config in between code tags (by using the </> button) it will be more readable.

fabio · February 19, 2024, 12:55pm

Main (L009UiGS-2HaxD):

# 2024-02-19 13:39:28 by RouterOS 7.13.4
#
# model = L009UiGS-2HaxD
/disk
set usb1 type=hardware
/interface bridge
add name=bridge-local
/interface ethernet
set [ find default-name=ether1 ] name=ether1
set [ find default-name=ether2 ] name=ether2
set [ find default-name=ether3 ] name=ether3
set [ find default-name=ether4 ] name=ether4
set [ find default-name=ether5 ] name=ether5
set [ find default-name=ether6 ] name=ether6
set [ find default-name=ether7 ] name=ether7
set [ find default-name=ether8 ] name=ether8
set [ find default-name=sfp1 ] name=sfp1-AP
/interface list
add exclude=dynamic name=discover
add name=mactel
add name=mac-winbox
add name=WANs
add name=LANs
/interface wifi channel
add band=2ghz-ax disabled=no name=channel1
/interface wifi datapath
add bridge=bridge-local disabled=no name=datapath1
/interface wifi security
add authentication-types=wpa3-psk disabled=no encryption=ccmp \
    group-encryption=ccmp name=sec1
/interface wifi configuration
add channel=channel1 country=Switzerland datapath=datapath1 disabled=no mode=\
    ap name=cfg1 security=sec1 ssid=Test1234
/port
set 0 name=serial0
/zerotier
set zt1 comment="ZeroTier Central controller - https://my.zerotier.com/" \
    disabled=yes disabled=yes name=zt1 port=9993
/interface wifi
set [ find default-name=wifi1 ] configuration=*1 configuration.mode=ap
/interface bridge port
add bridge=bridge-local ingress-filtering=no interface=ether2
add bridge=bridge-local ingress-filtering=no interface=ether6
add bridge=bridge-local ingress-filtering=no interface=ether4
add bridge=bridge-local ingress-filtering=no interface=ether3
add bridge=bridge-local ingress-filtering=no interface=ether5
add bridge=bridge-local ingress-filtering=no interface=ether7
add bridge=bridge-local interface=ether8
add bridge=bridge-local interface=sfp1-AP
/interface detect-internet
set detect-interface-list=WANs internet-interface-list=WANs \
    lan-interface-list=LANs wan-interface-list=WANs
/interface wifi cap
set certificate=request discovery-interfaces=bridge-local enabled=yes
/interface wifi capsman
set ca-certificate=auto certificate=auto enabled=yes interfaces=bridge-local \
    package-path="" require-peer-certificate=no upgrade-policy=none
/ip address
add address=192.168.88.1/24 comment="default configuration" interface=\
    bridge-local network=192.168.88.0
/system identity
set name=Main
/system logging
add topics=caps,debug
/system note
set show-at-login=no
/system routerboard settings
set enter-setup-on=delete-key

AP1 (C53UiG+5HPaxD2HPaxD):

# 2024-02-19 13:38:58 by RouterOS 7.13.4
#
# model = C53UiG+5HPaxD2HPaxD
/interface bridge
add name=bridge1
/zerotier
set zt1 comment="ZeroTier Central controller - https://my.zerotier.com/" \
    disabled=yes disabled=yes name=zt1 port=9993
/interface bridge port
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether1
/interface wifi cap
set certificate=request discovery-interfaces=bridge1 enabled=yes \
    lock-to-caps-man=no
/interface wifi capsman
set package-path="" require-peer-certificate=no upgrade-policy=none
/ip dhcp-client
add interface=bridge1
/system identity
set name=AP1
/system logging
add topics=caps,debug
/system note
set show-at-login=no

holvoetn · February 19, 2024, 1:11pm

L009:

/interface wifi
set [ find default-name=wifi1 ] configuration=*1 configuration.mode=ap
Where is the missing configuration ?

/interface wifi cap
set certificate=request discovery-interfaces=bridge-local enabled=yes
You can not enable caps mode on local interfaces for wave2 device. You need to configure them locally (using 90% the same settings as you would for capsman).

fabio · February 19, 2024, 1:27pm

I don’t know, i’ve exported and cut only routes, dhcp-server, dns, etc
All steps done are shown in this video: https://youtu.be/LHnmF4_-Da0

Yes I agree, i’ve done it for seeing if there’re differences between a remote cap client.

fabio · February 19, 2024, 8:55pm

Tried also with 7.13.5 with no success

ips · February 20, 2024, 7:25am

My suggestions:

disable CAP mode on main
apply cfg1 to interface wifi1 on main
disable detect internet on main
disable capsman on AP1
remove “certificate=request” on cap configuration of AP1

Probably, resetting AP1 to CAP mode is the best option (instead of points 4-5).
And please remember that L009UiGS does not have 5GHz radio, AFAIK.

ips · February 20, 2024, 7:34am

Side note: the L009 is much less powerful than the hAP ax3. Have you considered to switch the two device roles?

fabio · February 20, 2024, 8:47am

to be honest i’ve already tried to switch role of 2 RBs with same result.
I’ve done video and config dump when in the 2nd scenario but doesn’t matter at the moment.

The main problem is that new wifi CAPsMAN is not working following official wiki.

ips · February 20, 2024, 8:49am

Have you tried my suggestions 1-5? Can you post the full configs after you applied them?

fabio · February 20, 2024, 8:55am

done with no changes

skipped because i’m not interested on L009 wifi

why? internet detection is enabled on other interfaces different to local bridge

done, with no changes on capsman, no dynamic remote radio created…
Screenshot 2024-02-20 alle 09.52.40.jpg

Yes, it’s only a 2.4 GHZ 802.11ax interface, but at the moment i’m not interested on using it. My goal is to make wifi-qcom CAPsMAN working for adding more HAP ax3 with one as CAPsMAN Main and other 2 pcs as CAP clients.

fabio · February 20, 2024, 9:00am

Main:

# 2024-02-20 09:58:59 by RouterOS 7.13.5
#
# model = L009UiGS-2HaxD
/interface wifi channel
add band=2ghz-ax disabled=no name=channel1
/interface wifi security
add authentication-types=wpa3-psk disabled=no encryption=ccmp \
    group-encryption=ccmp name=sec1
/interface wifi
set [ find default-name=wifi1 ] configuration=*1 configuration.mode=ap
/interface wifi capsman
set ca-certificate=auto certificate=auto enabled=yes interfaces=bridge-local \
    package-path="" require-peer-certificate=no upgrade-policy=none
/interface wifi configuration
add channel=channel1 country=Switzerland datapath=datapath1 disabled=no mode=\
    ap name=cfg1 security=sec1 ssid=Test1234
/interface wifi datapath
add bridge=bridge-local disabled=no name=datapath1

AP1:

# 2024-02-20 09:57:37 by RouterOS 7.13.5
#
# model = C53UiG+5HPaxD2HPaxD
/interface bridge
add name=bridge1
/zerotier
set zt1 comment="ZeroTier Central controller - https://my.zerotier.com/" \
    disabled=yes disabled=yes name=zt1 port=9993
/interface bridge port
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether1
/interface wifi cap
set discovery-interfaces=bridge1 enabled=yes lock-to-caps-man=no
/interface wifi capsman
set package-path="" require-peer-certificate=no upgrade-policy=none
/ip dhcp-client
add interface=bridge1
/system clock
set time-zone-name=Europe/Rome
/system identity
set name=AP1
/system logging
add topics=caps,debug
/system note
set show-at-login=no

ips · February 20, 2024, 9:04am

To properly troubleshoot problems it is often useful to reduce potential factors that interferes.
We are trying to help and I never got you were not interested in configuring wifi on L009.

My impression is that your config lacks of provisioning rules.
https://help.mikrotik.com/docs/display/ROS/WiFi#WiFi-WiFiCAPsMAN

holvoetn · February 20, 2024, 9:12am

… which also raises the question:
why use capsman with only ONE Access point ??

fabio · February 20, 2024, 9:18am

I never told that this is the final scenario.
My final config has 3 x HAP ax3 and 1 x L009