CapsmMan / AirServer

MrHae · November 9, 2023, 9:54am

Hallo Leute,

ich versuche es erstmal auf Deutsch da ich das Problem auf Englisch wahrscheinlich nicht sauber beschrieben bekomme.

Ich habe eine WLan Umgebung mit 14 Access Points (CAP AC und CAP XL) und einem RB5009 als Capsman.

Die Ausleuchtung mit Tamo ergab das ich keinerlei Platz für 2,4 GHz habe, daher habe ich das Gast WLAN (V3) über alle APs ins 2,4Ghz gelegt.

Im 5GHz habe ich dann für jeden AP und die Produktiv wichtigen WLan (Mitarbeiter und Dozenten) die Kanäle nach Ausmessung manuell festgelegt.
Bandbreite 20Mhz (mit 40MHz gab es auch schonwieder nur Probleme)

Distance indoors
Country germany
Installation indoors
und Kanäle im Spektrum 5180,5200,5220,5240,5260,5280,5300,5320 jeweils manuell provisioniert.

Nun zum Hauptproblem. Wir haben Displays im Einsatz an welchen per HDMI ein Airserver angeschlossen ist, die AirServer befinden sich im Dozenzen WLAN (5GHz), die Notebooks befinden sich auch im Dozenten WLan.
Die Sendestärke ist so konfiguriert das sich die Geräte auch zum passenden AP im zugehörigen RAUM verbinden.

Das funktioniert auch alles, Verbindungen sehen Klasse aus ABER in unregelmäßigen kappt es die Verbindung zum Airserver und der Dozent kann seine Präsentation nicht fortführen.

Im LOG finde ich in passenden Zeitabschnitten immer diese Meldungen:
E0:0A:F6:C5:66:CB@R01-1-1 disconnected, received deauth: class 3 frame received (7), signal strength -45
E0:0A:F6:C5:5D:41@R03-1-1 disconnected, received deauth: no activity (4), signal strength -38
E0:0A:F6:C5:5D:41@R03-1-1 disconnected, received deauth: class 3 frame received (7), signal strength -37

Alles mit E0:0A:F6… sind dann die Airserver.

Ich verstehe es nicht mehr, laut Spektrumsscan ist im betroffenen Bereich, bzw. am ganzen Komplex 5GHz technisch alles perfekt ausgeleuchtet und die Kanäle korrekt frei und nicht überlagert.

Manchmal funktioniert es auch wieder über Stunden Problemlos dann wieder 2-3 mal pro Stunde nur Abbrüche.

Die obigen Logseinträge habe ich versucht zu erörtern und zu beheben ich komme aber nicht weiter.

Hat jemand einen Tipp für mich was ich noch tun könnte?

erlinden · November 9, 2023, 10:04am

Everyone can use Google translate:

Hello folks,

I’ll try it in German first because I probably won’t be able to describe the problem clearly in English.

I have a WiFi environment with 14 access points (CAP AC and CAP XL) and an RB5009 as Capsman.

The illumination with Tamo showed that I had no space for 2.4 GHz, so I set the guest WLAN (V3) to 2.4 GHz across all APs.

In the 5GHz I then manually defined the channels for each AP and the productively important WiFi (employees and lecturers) after measuring.
Bandwidth 20Mhz (with 40MHz there were problems again)

Distance indoors
Country Germany
Indoor installation
and channels in the spectrum 5180,5200,5220,5240,5260,5280,5300,5320 each manually provisioned.

Now to the main problem. We use displays to which an air server is connected via HDMI, the air servers are in the lecturer’s WiFi (5GHz), and the notebooks are also in the lecturer’s WiFi.
The transmission strength is configured so that the devices also connect to the appropriate AP in the associated ROOM.

This all works, connections look great BUT in irregular cases the connection to the air server is cut off and the lecturer cannot continue his presentation.

In the LOG I always find these messages at appropriate time periods:
E0:0A:F6:C5:66:CB@R01-1-1 disconnected, received deauth: class 3 frame received (7), signal strength -45
E0:0A:F6:C5:5D:41@R03-1-1 disconnected, received deauth: no activity (4), signal strength -38
E0:0A:F6:C5:5D:41@R03-1-1 disconnected, received deauth: class 3 frame received (7), signal strength -37

Everything with E0:0A:F6… are then the air servers.

I don’t understand it anymore, according to the spectrum scan, everything in the affected area or the entire 5GHz complex is technically perfectly illuminated and the channels are correctly free and not overlaid.

Sometimes it works again for hours without any problems, then again 2-3 times an hour it only crashes.

I’ve tried to discuss and fix the log entries above, but I can’t get any further.

Does anyone have any tips for me as to what else I could do?

Can you please add the CAPsMAN config:

/export file=anynameyoulike

Make sure to remove serial and any other private information.

By searching the forum I found this topic (might be usefull?):
http://forum.mikrotik.com/t/received-deauth-class-3-frame-received-7-using-capsman-no-problem/150963/1

MrHae · November 9, 2023, 10:26am

Everyone can use Google translate:

Hello folks,

I'll try it in German first because I probably won't be able to describe the problem clearly in English.

I have a WiFi environment with 14 access points (CAP AC and CAP XL) and an RB5009 as Capsman.

The illumination with Tamo showed that I had no space for 2.4 GHz, so I set the guest WLAN (V3) to 2.4 GHz across all APs.

In the 5GHz I then manually defined the channels for each AP and the productively important WiFi (employees and lecturers) after measuring.
Bandwidth 20Mhz (with 40MHz there were problems again)

Distance indoors
Country Germany
Indoor installation
and channels in the spectrum 5180,5200,5220,5240,5260,5280,5300,5320 each manually provisioned.

Now to the main problem. We use displays to which an air server is connected via HDMI, the air servers are in the lecturer's WiFi (5GHz), and the notebooks are also in the lecturer's WiFi.
The transmission strength is configured so that the devices also connect to the appropriate AP in the associated ROOM.

This all works, connections look great BUT in irregular cases the connection to the air server is cut off and the lecturer cannot continue his presentation.

In the LOG I always find these messages at appropriate time periods:
E0:0A:F6:C5:66:CB@R01-1-1 disconnected, received deauth: class 3 frame received (7), signal strength -45
E0:0A:F6:C5:5D:41@R03-1-1 disconnected, received deauth: no activity (4), signal strength -38
E0:0A:F6:C5:5D:41@R03-1-1 disconnected, received deauth: class 3 frame received (7), signal strength -37

Everything with E0:0A:F6... are then the air servers.

I don't understand it anymore, according to the spectrum scan, everything in the affected area or the entire 5GHz complex is technically perfectly illuminated and the channels are correctly free and not overlaid.

Sometimes it works again for hours without any problems, then again 2-3 times an hour it only crashes.

I've tried to discuss and fix the log entries above, but I can't get any further.

Does anyone have any tips for me as to what else I could do?

Can you please add the CAPsMAN config:
/export file=anynameyoulike
Make sure to remove serial and any other private information.

By searching the forum I found this topic (might be usefull?):
received deauth: class 3 frame received (7) -> using capsman no problem

Yeah i already found this Post and, like i wrote i set this settings.

# 2023-11-09 11:19:57 by RouterOS 7.11.2

#
# model = RB5009UPr+S+

/caps-man channel
add band=2ghz-b/g/n control-channel-width=20mhz extension-channel=disabled \
    frequency=2412,2437,2462 name=24-AUTO reselect-interval=20m
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=disabled \
    frequency=5180,5200,5220,5240,5500,5520,5540,5560,5680,5700 name=5-AUTO \
    tx-power=5
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=disabled \
    frequency=5280 name=5-5280 tx-power=17
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=disabled \
    frequency=5220 name=5-5220 tx-power=9
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=disabled \
    frequency=5260 name=5-5260 tx-power=17
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=disabled \
    frequency=5300 name=5-5300 tx-power=17
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=disabled \
    frequency=5500 name=5-5500 tx-power=17
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=disabled \
    frequency=5540 name=5-5540 tx-power=17
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=disabled \
    frequency=5580 name=5-5580 tx-power=17
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=disabled \
    frequency=5620 name=5-5620 tx-power=17
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=disabled \
    frequency=5660 name=5-5660 tx-power=17
add band=2ghz-g/n control-channel-width=20mhz extension-channel=disabled \
    frequency=2412 name=24-2412
add band=2ghz-g/n control-channel-width=20mhz extension-channel=disabled \
    frequency=2437 name=24-2437
add band=2ghz-g/n control-channel-width=20mhz extension-channel=disabled \
    frequency=2462 name=24-2462
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=disabled \
    frequency=5200 name=5-5200 tx-power=9
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=disabled \
    frequency=5240 name=5-5240 tx-power=9
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=disabled \
    frequency=5180 name=5-5180 tx-power=9
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=disabled \
    frequency=5320 name=5-5320 tx-power=17
/interface bridge
add admin-mac=18:FD:74:06:91:A3 auto-mac=no comment=defconf name=Bridge \
    vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] name=eth1_ -WAN
set [ find default-name=ether2 ] name=eth2_Uplink_Switch
set [ find default-name=ether8 ] name=eth8_config

/interface vlan
add interface=Bridge name=V2-Lehrkraft vlan-id=2
add interface=Bridge name=V3-Gast vlan-id=3
/caps-man datapath
add bridge=Bridge client-to-client-forwarding=yes local-forwarding=yes name=\
    KUNDEXYZ
add bridge=Bridge client-to-client-forwarding=yes local-forwarding=yes name=\
    KUNDEXYZ-Gast vlan-id=3 vlan-mode=use-tag
add bridge=Bridge client-to-client-forwarding=yes local-forwarding=yes name=\
    KUNDEXYZ-Lehrkraft vlan-id=2 vlan-mode=use-tag
/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm name=KUNDEXYZ
add authentication-types=wpa2-psk encryption=aes-ccm name=KUNDEXYZ-GAST
add authentication-types=wpa2-psk encryption=aes-ccm name=KUNDEXYZ-Lehrkraft
add authentication-types=wpa2-psk encryption=aes-ccm name=KUNDEXYZ-GB
/caps-man configuration
add channel=24-AUTO datapath=KUNDEXYZ name=KUNDEXYZ-24 security=KUNDEXYZ ssid=KUNDEXYZ
add channel.control-channel-width=20mhz .extension-channel=Ce \
    .skip-dfs-channels=yes country=germany datapath=KUNDEXYZ installation=indoor \
    name=KUNDEXYZ-5 security=KUNDEXYZ ssid=KUNDEXYZ
add channel.control-channel-width=20mhz .extension-channel=Ce \
    .skip-dfs-channels=yes country=germany datapath=KUNDEXYZ-Lehrkraft \
    installation=indoor name=KUNDEXYZ-Lehrkraft-5 security=KUNDEXYZ-Lehrkraft ssid=\
    KUNDEXYZ-Lehrkraft
add channel.control-channel-width=20mhz .extension-channel=Ce \
    .skip-dfs-channels=yes country=germany datapath=KUNDEXYZ-Lehrkraft \
    installation=indoor name=KUNDEXYZ-GB-5 security=KUNDEXYZ-GB ssid=KUNDEXYZ-GB
add channel=5-5280 datapath=KUNDEXYZ-Gast name=KUNDEXYZ-Gast-5-5180 security=KUNDEXYZ-GAST \
    ssid=KUNDEXYZ-Gast
add channel=5-5220 datapath=KUNDEXYZ-Gast name=KUNDEXYZ-Gast-5-5220 security=KUNDEXYZ-GAST \
    ssid=KUNDEXYZ-Gast
add channel=5-5260 datapath=KUNDEXYZ-Gast name=KUNDEXYZ-Gast-5-5260 security=KUNDEXYZ-GAST \
    ssid=KUNDEXYZ-Gast
add channel=5-5300 datapath=KUNDEXYZ-Gast name=KUNDEXYZ-Gast-5-5300 security=KUNDEXYZ-GAST \
    ssid=KUNDEXYZ-Gast
add channel=24-2412 datapath=KUNDEXYZ-Gast name=KUNDEXYZ-Gast-24-2412 security=KUNDEXYZ-GAST \
    ssid=KUNDEXYZ-Gast
add channel=24-2437 datapath=KUNDEXYZ-Gast name=KUNDEXYZ-Gast-24-2437 security=KUNDEXYZ-GAST \
    ssid=KUNDEXYZ-Gast
add channel=24-2462 datapath=KUNDEXYZ-Gast name=KUNDEXYZ-Gast-24-2462 security=KUNDEXYZ-GAST \
    ssid=KUNDEXYZ-Gast
add channel=24-AUTO datapath=KUNDEXYZ-Lehrkraft name=KUNDEXYZ-GB-24 security=KUNDEXYZ-GB \
    ssid=KUNDEXYZ-GB
add channel=5-5180 country=germany datapath=KUNDEXYZ distance=indoors \
    installation=indoor name=KUNDEXYZ-5180 security=KUNDEXYZ ssid=KUNDEXYZ
add channel=5-5220 country=germany datapath=KUNDEXYZ distance=indoors \
    installation=indoor name=KUNDEXYZ-5220 security=KUNDEXYZ ssid=KUNDEXYZ
add channel=5-5260 country=germany datapath=KUNDEXYZ distance=indoors \
    installation=indoor name=KUNDEXYZ-5260 security=KUNDEXYZ ssid=KUNDEXYZ
add channel=5-5300 country=germany datapath=KUNDEXYZ distance=indoors \
    installation=indoor name=KUNDEXYZ-5300 security=KUNDEXYZ ssid=KUNDEXYZ
add channel=5-5500 country=germany datapath=KUNDEXYZ distance=indoors \
    installation=indoor name=KUNDEXYZ-5500 security=KUNDEXYZ ssid=KUNDEXYZ
add channel=5-5540 country=germany datapath=KUNDEXYZ distance=indoors \
    installation=indoor name=KUNDEXYZ-5540 security=KUNDEXYZ ssid=KUNDEXYZ
add channel=5-5580 country=germany datapath=KUNDEXYZ distance=indoors \
    installation=indoor name=KUNDEXYZ-5580 security=KUNDEXYZ ssid=KUNDEXYZ
add channel=5-5620 country=germany datapath=KUNDEXYZ distance=indoors \
    installation=indoor name=KUNDEXYZ-5620 security=KUNDEXYZ ssid=KUNDEXYZ
add channel=5-5180 country=germany datapath=KUNDEXYZ-Lehrkraft distance=indoors \
    installation=indoor name=KUNDEXYZ-GB-5180 security=KUNDEXYZ-GB ssid=KUNDEXYZ-GB
add channel=5-5220 country=germany datapath=KUNDEXYZ-Lehrkraft distance=indoors \
    installation=indoor name=KUNDEXYZ-GB-5220 security=KUNDEXYZ-GB ssid=KUNDEXYZ-GB
add channel=5-5260 country=germany datapath=KUNDEXYZ-Lehrkraft distance=indoors \
    installation=indoor name=KUNDEXYZ-GB-5260 security=KUNDEXYZ-GB ssid=KUNDEXYZ-GB
add channel=5-5300 country=germany datapath=KUNDEXYZ-Lehrkraft distance=indoors \
    installation=indoor name=KUNDEXYZ-GB-5300 security=KUNDEXYZ-GB ssid=KUNDEXYZ-GB
add channel=5-5500 country=germany datapath=KUNDEXYZ-Lehrkraft distance=indoors \
    installation=indoor name=KUNDEXYZ-GB-5500 security=KUNDEXYZ-GB ssid=KUNDEXYZ-GB
add channel=5-5540 country=germany datapath=KUNDEXYZ-Lehrkraft distance=indoors \
    installation=indoor name=KUNDEXYZ-GB-5540 security=KUNDEXYZ-GB ssid=KUNDEXYZ-GB
add channel=5-5580 country=germany datapath=KUNDEXYZ-Lehrkraft distance=indoors \
    installation=indoor name=KUNDEXYZ-GB-5580 security=KUNDEXYZ-GB ssid=KUNDEXYZ-GB
add channel=5-5620 country=germany datapath=KUNDEXYZ-Lehrkraft distance=indoors \
    installation=indoor name=KUNDEXYZ-GB-5620 security=KUNDEXYZ-GB ssid=KUNDEXYZ-GB
add channel=5-5180 country=germany datapath=KUNDEXYZ-Lehrkraft distance=indoors \
    installation=indoor name=KUNDEXYZ-LK-5180 security=KUNDEXYZ-Lehrkraft ssid=\
    KUNDEXYZ-Lehrkraft
add channel=5-5220 country=germany datapath=KUNDEXYZ-Lehrkraft distance=indoors \
    installation=indoor name=KUNDEXYZ-LK-5220 security=KUNDEXYZ-Lehrkraft ssid=\
    KUNDEXYZ-Lehrkraft
add channel=5-5260 country=germany datapath=KUNDEXYZ-Lehrkraft distance=indoors \
    installation=indoor name=KUNDEXYZ-LK-5260 security=KUNDEXYZ-Lehrkraft ssid=\
    KUNDEXYZ-Lehrkraft
add channel=5-5300 country=germany datapath=KUNDEXYZ-Lehrkraft distance=indoors \
    installation=indoor name=KUNDEXYZ-LK-5300 security=KUNDEXYZ-Lehrkraft ssid=\
    KUNDEXYZ-Lehrkraft
add channel=5-5500 country=germany datapath=KUNDEXYZ-Lehrkraft distance=indoors \
    installation=indoor name=KUNDEXYZ-LK-5500 security=KUNDEXYZ-Lehrkraft ssid=\
    KUNDEXYZ-Lehrkraft
add channel=5-5540 country=germany datapath=KUNDEXYZ-Lehrkraft distance=indoors \
    installation=indoor name=KUNDEXYZ-LK-5540 security=KUNDEXYZ-Lehrkraft ssid=\
    KUNDEXYZ-Lehrkraft
add channel=5-5580 country=germany datapath=KUNDEXYZ-Lehrkraft distance=indoors \
    installation=indoor name=KUNDEXYZ-LK-5580 security=KUNDEXYZ-Lehrkraft ssid=\
    KUNDEXYZ-Lehrkraft
add channel=5-5620 country=germany datapath=KUNDEXYZ-Lehrkraft distance=indoors \
    installation=indoor name=KUNDEXYZ-LK-5620 security=KUNDEXYZ-Lehrkraft ssid=\
    KUNDEXYZ-Lehrkraft
add channel=5-5660 country=germany datapath=KUNDEXYZ distance=indoors \
    installation=indoor name=KUNDEXYZ-5660 security=KUNDEXYZ ssid=KUNDEXYZ
add channel=5-5660 country=germany datapath=KUNDEXYZ-Lehrkraft distance=indoors \
    installation=indoor name=KUNDEXYZ-GB-5660 security=KUNDEXYZ-GB ssid=KUNDEXYZ-GB
add channel=5-5660 country=germany datapath=KUNDEXYZ-Lehrkraft distance=indoors \
    installation=indoor name=KUNDEXYZ-LK-5660 security=KUNDEXYZ-Lehrkraft ssid=\
    KUNDEXYZ-Lehrkraft
add channel=24-AUTO datapath=KUNDEXYZ-Gast name=KUNDEXYZ-GAST-24-AUTO security=KUNDEXYZ-GAST \
    ssid=KUNDEXYZ-Gast
add channel=5-5240 country=germany datapath=KUNDEXYZ distance=indoors \
    installation=indoor name=KUNDEXYZ-5240 security=KUNDEXYZ ssid=KUNDEXYZ
add channel=5-5200 country=germany datapath=KUNDEXYZ-Lehrkraft distance=indoors \
    installation=indoor name=KUNDEXYZ-GB-5200 security=KUNDEXYZ-GB ssid=KUNDEXYZ-GB
add channel=5-5240 country=germany datapath=KUNDEXYZ-Lehrkraft distance=indoors \
    installation=indoor name=KUNDEXYZ-GB-5240 security=KUNDEXYZ-GB ssid=KUNDEXYZ-GB
add channel=5-5200 country=germany datapath=KUNDEXYZ distance=indoors \
    installation=indoor name=KUNDEXYZ-5200 security=KUNDEXYZ ssid=KUNDEXYZ
add channel=5-5200 country=germany datapath=KUNDEXYZ-Lehrkraft distance=indoors \
    installation=indoor name=KUNDEXYZ-LK-5200 security=KUNDEXYZ-Lehrkraft ssid=\
    KUNDEXYZ-Lehrkraft
add channel=5-5240 country=germany datapath=KUNDEXYZ-Lehrkraft distance=indoors \
    installation=indoor name=KUNDEXYZ-LK-5240 security=KUNDEXYZ-Lehrkraft ssid=\
    KUNDEXYZ-Lehrkraft
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
add name=V2-Lehrkraft ranges=192.168.110.10-192.168.110.254
add name=V3-Gast ranges=192.168.111.10-192.168.111.254
/ip dhcp-server
add address-pool=default-dhcp interface=eth8_config lease-time=10m name=\
    defconf
add address-pool=V2-Lehrkraft interface=V2-Lehrkraft lease-time=10m name=\
    V2-Lehrkraft
add address-pool=V3-Gast interface=V3-Gast lease-time=10m name=V3-Gast
/queue simple
add disabled=yes max-limit=10M/50M name=queue1 target=192.168.111.0/24
/queue type
add kind=pcq name=pcq-download pcq-classifier=dst-address pcq-rate=5M
add kind=pcq name=pcq-upload pcq-classifier=src-address pcq-rate=5M
/caps-man access-list
add allow-signal-out-of-range=10s comment="NB TEST" disabled=no \
    mac-address=F4:46:37:3B:05:06 ssid-regexp=""
add allow-signal-out-of-range=10s comment="KUNDEXYZ-NBDO-12 (R06)" disabled=no \
    mac-address=A0:29:42:77:8B:9D ssid-regexp=""
add allow-signal-out-of-range=10m comment="AS R03" disabled=no mac-address=\
    E0:0A:F6:C5:5D:41 ssid-regexp=""
add allow-signal-out-of-range=10s comment="AS R10" disabled=no mac-address=\
    E0:0A:F6:C5:70:F5 ssid-regexp=""
/caps-man manager
set ca-certificate=auto certificate=auto enabled=yes package-path=/capsman \
    upgrade-policy=suggest-same-version
/caps-man manager interface
set [ find default=yes ] forbid=yes
add disabled=no interface=Bridge
/caps-man provisioning
add action=create-dynamic-enabled hw-supported-modes=ac identity-regexp=R01 \
    master-configuration=KUNDEXYZ-5180 name-format=identity slave-configurations=\
    KUNDEXYZ-GB-5180,KUNDEXYZ-LK-5180
add action=create-dynamic-enabled hw-supported-modes=ac identity-regexp=R02 \
    master-configuration=KUNDEXYZ-5200 name-format=identity slave-configurations=\
    KUNDEXYZ-GB-5200,KUNDEXYZ-LK-5200
add action=create-dynamic-enabled hw-supported-modes=ac identity-regexp=R03 \
    master-configuration=KUNDEXYZ-5220 name-format=identity slave-configurations=\
    KUNDEXYZ-GB-5220,KUNDEXYZ-LK-5220
add action=create-dynamic-enabled hw-supported-modes=ac identity-regexp=R04 \
    master-configuration=KUNDEXYZ-5240 name-format=identity slave-configurations=\
    KUNDEXYZ-LK-5240,KUNDEXYZ-LK-5240
add action=create-dynamic-enabled hw-supported-modes=ac identity-regexp=R05 \
    master-configuration=KUNDEXYZ-5180 name-format=identity slave-configurations=\
    KUNDEXYZ-GB-5180,KUNDEXYZ-LK-5180
add action=create-dynamic-enabled hw-supported-modes=ac identity-regexp=R06 \
    master-configuration=KUNDEXYZ-5200 name-format=identity slave-configurations=\
    KUNDEXYZ-GB-5200,KUNDEXYZ-LK-5200
add action=create-dynamic-enabled hw-supported-modes=ac identity-regexp=R07 \
    master-configuration=KUNDEXYZ-5220 name-format=identity slave-configurations=\
    KUNDEXYZ-GB-5220,KUNDEXYZ-LK-5220
add action=create-dynamic-enabled hw-supported-modes=ac identity-regexp=R08 \
    master-configuration=KUNDEXYZ-5180 name-format=identity slave-configurations=\
    KUNDEXYZ-GB-5180,KUNDEXYZ-LK-5180
add action=create-dynamic-enabled hw-supported-modes=ac identity-regexp=R09 \
    master-configuration=KUNDEXYZ-5220 name-format=identity slave-configurations=\
    KUNDEXYZ-GB-5220,KUNDEXYZ-GB-5220
add action=create-dynamic-enabled hw-supported-modes=ac identity-regexp=R10 \
    master-configuration=KUNDEXYZ-5200 name-format=identity slave-configurations=\
    KUNDEXYZ-GB-5200,KUNDEXYZ-LK-5200
add action=create-dynamic-enabled hw-supported-modes=ac identity-regexp=R11 \
    master-configuration=KUNDEXYZ-5180 name-format=identity slave-configurations=\
    KUNDEXYZ-GB-5180,KUNDEXYZ-LK-5180
add action=create-dynamic-enabled hw-supported-modes=ac identity-regexp=\
    R-Empfang master-configuration=KUNDEXYZ-5240 name-format=identity \
    slave-configurations=KUNDEXYZ-GB-5240,KUNDEXYZ-LK-5240
add action=create-dynamic-enabled disabled=yes hw-supported-modes=ac \
    identity-regexp=Gast-Raum04 master-configuration=KUNDEXYZ-Gast-5-5180 \
    name-format=prefix-identity name-prefix=5_
add action=create-dynamic-enabled disabled=yes hw-supported-modes=ac \
    identity-regexp=Gast-Raum08 master-configuration=KUNDEXYZ-Gast-5-5220 \
    name-format=prefix-identity name-prefix=5_
add action=create-dynamic-enabled disabled=yes hw-supported-modes=ac \
    identity-regexp=Gast-Raum10 master-configuration=KUNDEXYZ-Gast-5-5300 \
    name-format=prefix-identity name-prefix=5_
add action=create-dynamic-enabled disabled=yes hw-supported-modes=ac \
    identity-regexp=Gast-Raum05 master-configuration=KUNDEXYZ-Gast-5-5260 \
    name-format=prefix-identity name-prefix=5_
add action=create-dynamic-enabled disabled=yes hw-supported-modes=gn \
    identity-regexp=Gast-Raum05 master-configuration=KUNDEXYZ-Gast-24-2437 \
    name-format=prefix-identity name-prefix=24_
add action=create-dynamic-enabled disabled=yes hw-supported-modes=gn \
    identity-regexp=Gast-Raum10 master-configuration=KUNDEXYZ-Gast-24-2412 \
    name-format=prefix-identity name-prefix=24_
add action=create-dynamic-enabled disabled=yes hw-supported-modes=gn \
    identity-regexp=Gast-Raum08 master-configuration=KUNDEXYZ-Gast-24-2462 \
    name-format=prefix-identity name-prefix=24_
add action=create-dynamic-enabled disabled=yes hw-supported-modes=gn \
    identity-regexp=Gast-Raum04 master-configuration=KUNDEXYZ-Gast-24-2412 \
    name-format=prefix-identity name-prefix=24_
add action=create-dynamic-enabled hw-supported-modes=b,gn identity-regexp=\
    R-Empfang master-configuration=KUNDEXYZ-24 name-format=prefix-identity \
    name-prefix=24_
add action=create-dynamic-enabled hw-supported-modes=b,gn \
    master-configuration=KUNDEXYZ-GAST-24-AUTO name-format=prefix-identity \
    name-prefix=GAST_
add action=create-dynamic-enabled disabled=yes hw-supported-modes=ac \
    master-configuration=KUNDEXYZ-5 name-format=prefix-identity name-prefix=5_ \
    slave-configurations=KUNDEXYZ-Lehrkraft-5,KUNDEXYZ-GB-5
/interface bridge port
add bridge=Bridge comment=defconf interface=eth2_Uplink_Switch
add bridge=Bridge comment=defconf interface=ether3
add bridge=Bridge comment=defconf interface=ether4
add bridge=Bridge comment=defconf interface=ether5
add bridge=Bridge comment=defconf interface=ether6
add bridge=Bridge comment=defconf interface=ether7
add bridge=Bridge comment=defconf interface=sfp-sfpplus1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface bridge vlan
add bridge=Bridge tagged=Bridge,eth2_Uplink_Switch vlan-ids=2,3
/interface list member
add comment=defconf interface=Bridge list=LAN
add comment=defconf interface=eth1_-WAN list=WAN
add interface=eth8_config list=LAN
add interface=V2-Lehrkraft list=LAN
add interface=V3-Gast list=LAN
/interface wireguard peers

/ip address
add address=192.168.88.1/24 comment=defconf interface=eth8_config network=\
    192.168.88.0
add address=192.168.110.1/24 interface=V2-Lehrkraft network=192.168.110.0
add address=192.168.111.1/24 interface=V3-Gast network=192.168.111.0
add address=192.168.100.1/24 interface=Bridge network=192.168.100.0
add address=213.187.73.77/30 interface=eth1_ -WAN network=213.187.73.76
add address=192.168.100.240/24 interface=Bridge network=192.168.100.0
add address=10.255.255.1/24 interface=WG-Clients network=10.255.255.0
add address= disabled=yes interface=eth1_ -WAN network=\
    
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add comment=defconf interface=eth1_ -WAN
/ip dhcp-server lease

/ip dns
set allow-remote-requests=yes servers=1.1.1.1,1.0.0.1
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall address-list
add address=192.168.110.0/24 disabled=yes list=VLANS
add address=192.168.111.0/24 list=VLANS
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=accept chain=input src-address=10.255.255.0/24
add action=accept chain=input dst-port=13231 protocol=udp
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=reject chain=forward comment="VLANS only WAN" out-interface=\
    !eth1_ -WAN reject-with=icmp-network-unreachable src-address-list=\
    VLANS
add action=reject chain=forward dst-address-list=VLANS reject-with=\
    icmp-network-unreachable src-address=192.168.100.0/24
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall mangle
add action=mark-connection chain=prerouting in-interface=V3-Gast \
    new-connection-mark=ConnectionGast passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN

/ip firewall service-port
set sip disabled=yes
/ip route
add disabled=no dst-address=0.0.0.0/0 gateway=45445445454 routing-table=\
    main suppress-hw-offload=no

/snmp
set enabled=yes
/system clock
set time-zone-name=Europe/Berlin
/system identity
set name=Gateway
/system logging
add topics=caps
/system note
set show-at-login=no
/system routerboard settings
set auto-upgrade=yes
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN

MrHae · November 27, 2023, 9:39am

No one any Ideas?

holvoetn · November 27, 2023, 9:46am

With the release of 7.13 BETA ( ! be careful if you want to use this in production environment ! ) cap AC and cap XL AC devices are able to use wifiwave2 drivers.
Is it an option for you to set up a test environment using those wifiwave2 drivers as capsman ?
You would also need a controller using those same drivers but one of the APs itself can serve that function in that test setup.

MrHae · November 27, 2023, 10:47am

So you mean with

7.13 I can manage wifiwave2 and ac APs with one controller, cause I have both, testing is very difficult

holvoetn · November 27, 2023, 11:00am

Yes but since you can not test it in a separate environment, I advise NOT to implement this in production with a beta version.
These new drivers are too new, still some quirks to be ironed out and no real long-term feedback yet as far as stability is concerned (though the first responses I’ve seen here and from personal experience with a couple of devices where I implemented it, are promising).