Devices don't communicate with each-other and CAPsMAN trouble.

I am unable to ping devices on my local network. Its a router for home that’s also a CapsMan.

Also I am unable to see neighboring devices in Winbox. And I am unable to add the local wlan1 as a Caps on my CapsMan.


What am I doing wrong?

# nov/21/2018 11:14:21 by RouterOS 6.43.4
# software id = VML1-ZBM7
#
# model = 951G-2HnD
# serial number = x
/caps-man channel
add band=2ghz-b/g/n control-channel-width=20mhz frequency=2412,2437,2462 name="2ghz (b/g/n)" reselect-interval=1h save-selected=yes skip-dfs-channels=yes
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=Ceee frequency=5180,5260,5500,5745 name="5ghz (a/n/ac)" reselect-interval=1h \
save-selected=yes skip-dfs-channels=yes
/interface bridge
add admin-mac=E4:8D:8C:82:16:8F auto-mac=no name=bridge_private
/interface wireless
# managed by CAPsMAN
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce distance=indoors frequency=auto mode=ap-bridge ssid=MikroTik-821693 \
wireless-protocol=802.11
/interface ethernet
set [ find default-name=ether1 ] name=ether1_wan
set [ find default-name=ether2 ] name=ether2_caps1
set [ find default-name=ether5 ] name=ether5_switch
/caps-man datapath
add bridge=bridge_private name=datapath_private
/caps-man security
add authentication-types=wpa-psk,wpa2-psk name=security_private passphrase=garden-HOOP45
/caps-man configuration
add channel="2ghz (b/g/n)" country=estonia datapath=datapath_private distance=dynamic mode=ap multicast-helper=default name=cfg_private_2ghz security=\
security_private ssid=NIKLS
add channel="5ghz (a/n/ac)" country=estonia datapath=datapath_private distance=dynamic mode=ap multicast-helper=default name=cfg_private_5ghz security=\
security_private ssid=NIKLS
/caps-man interface
add configuration=cfg_private_2ghz disabled=no l2mtu=1600 mac-address=CC:2D:E0:5A:CF:E6 master-interface=none name=cap1_private_main_2ghz radio-mac=\
CC:2D:E0:5A:CF:E6 radio-name=CC2DE05ACFE6
add configuration=cfg_private_5ghz disabled=no l2mtu=1600 mac-address=CC:2D:E0:5A:CF:E7 master-interface=none name=cap1_private_main_5ghz radio-mac=\
CC:2D:E0:5A:CF:E7 radio-name=CC2DE05ACFE7
add configuration=cfg_private_2ghz configuration.ssid=NIKLS@2GHz disabled=no l2mtu=1600 mac-address=CE:2D:E0:5A:CF:E6 master-interface=\
cap1_private_main_2ghz name=cap1_private_separate_2ghz radio-mac=00:00:00:00:00:00
add configuration=cfg_private_5ghz configuration.ssid=NIKLS@5GHz disabled=no l2mtu=1600 mac-address=CE:2D:E0:5A:CF:E7 master-interface=\
cap1_private_main_5ghz name=cap1_private_separate_5ghz radio-mac=00:00:00:00:00:00
/interface list
add name=list_wan
add name=list_lan
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=pool_private2 ranges=10.19.2.11-10.19.2.99
add name=pool_pivate1 next-pool=pool_private2 ranges=10.19.1.11-10.19.1.99
/ip dhcp-server
add address-pool=pool_pivate1 disabled=no interface=bridge_private lease-time=14w2d name=dhcp_private
/tool user-manager customer
set admin access=own-routers,own-users,own-profiles,own-limits,config-payment-gw
/tool user-manager profile
add name="30 Days" name-for-users="" override-shared-users=unlimited owner=admin price=0 starts-at=logon validity=4w2d
/tool user-manager profile limitation
add address-list="" download-limit=1073741824B group-name="" ip-pool="" name=30days owner=admin transfer-limit=1073741824B upload-limit=1073741824B \
uptime-limit=30m
/caps-man access-list
add action=accept allow-signal-out-of-range=10s disabled=no interface=any signal-range=-95..120 ssid-regexp=""
add action=reject allow-signal-out-of-range=10s disabled=no interface=any signal-range=-120..-96 ssid-regexp=""
add action=reject disabled=no interface=all ssid-regexp=""
/caps-man manager
set ca-certificate=auto certificate=auto enabled=yes package-path=/caps_versions upgrade-policy=suggest-same-version
/caps-man manager interface
set [ find default=yes ] forbid=yes
add disabled=no interface=bridge_private
add disabled=no interface=ether2_caps1
add disabled=no interface=wlan1
/caps-man provisioning
add action=create-dynamic-enabled disabled=yes master-configuration=cfg_private_2ghz name-format=identity
/interface bridge port
add bridge=bridge_private comment=defconf interface=ether2_caps1
add bridge=bridge_private comment=defconf interface=ether3
add bridge=bridge_private comment=defconf interface=ether4
add bridge=bridge_private comment=defconf interface=ether5_switch
add bridge=bridge_private comment=defconf interface=wlan1
/ip neighbor discovery-settings
set discover-interface-list=list_lan
/interface list member
add interface=bridge_private list=list_lan
add interface=ether1_wan list=list_wan
/interface wireless cap
#
set caps-man-addresses=127.0.0.1 certificate=request discovery-interfaces=bridge_private enabled=yes interfaces=wlan1
/ip address
add address=10.19.0.1/16 comment=defconf interface=bridge_private network=10.19.0.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether1_wan
/ip dhcp-server network
add address=10.19.0.0/16 dns-server=1.1.1.1,1.0.0.1 domain=nikls.net gateway=10.19.0.1 netmask=16 ntp-server=129.6.15.28,132.163.97.1,132.163.96.1
/ip dns static
add address=192.168.88.1 name=router.lan
/ip firewall filter
add action=accept chain=input comment="CAPs to CAPsMAN" dst-port=5246,5247 protocol=udp src-address=127.0.0.1
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!list_lan
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=\
list_wan
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=list_wan
add action=masquerade chain=srcnat src-address=10.19.0.0/16
/ip route rule
add action=lookup-only-in-table dst-address=10.19.0.0/16 table=main
/ip service
set www disabled=yes
/ip upnp
set enabled=yes show-dummy-rule=no
/ip upnp interfaces
add interface=bridge_private type=internal
add interface=wlan1 type=internal
add interface=cap1_private_main_2ghz type=internal
add interface=cap1_private_main_5ghz type=internal
add interface=ether1_wan type=internal
add interface=ether3 type=internal
add interface=ether2_caps1 type=internal
add interface=ether4 type=internal
add interface=ether5_switch type=internal
/system clock
set time-zone-autodetect=no time-zone-name=Europe/Skopje
/system identity
set name=nikls_pp_capsman
/system lcd
set contrast=0 enabled=no port=parallel type=24x4
/system lcd page
set time disabled=yes display-time=5s
set resources disabled=yes display-time=5s
set uptime disabled=yes display-time=5s
set packets disabled=yes display-time=5s
set bits disabled=yes display-time=5s
set version disabled=yes display-time=5s
set identity disabled=yes display-time=5s
set bridge_private disabled=yes display-time=5s
set cap1_private_main_2ghz disabled=yes display-time=5s
set cap1_private_main_5ghz disabled=yes display-time=5s
set cap1_private_separate_2ghz disabled=yes display-time=5s
set wlan1 disabled=yes display-time=5s
set ether1_wan disabled=yes display-time=5s
set ether2_caps1 disabled=yes display-time=5s
set ether3 disabled=yes display-time=5s
set ether4 disabled=yes display-time=5s
set ether5_switch disabled=yes display-time=5s
set cap1_private_separate_5ghz disabled=yes display-time=5s
/system ntp client
set enabled=yes primary-ntp=129.6.15.28 secondary-ntp=132.163.97.1
/system routerboard settings
set auto-upgrade=yes silent-boot=no
/tool mac-server
set allowed-interface-list=list_lan
/tool mac-server mac-winbox
set allowed-interface-list=list_lan
/tool user-manager database
set db-path=user-manager
/tool user-manager router
add coa-port=1700 customer=admin disabled=no ip-address=127.0.0.1 log=auth-fail name=HotSpot-Vulco shared-secret=hyper use-coa=no

What is your primary router?
Do you have any other wifi devices attached?
(First thing I would do is turn capsman OFF and run it/get it working directly first)

This is my primary router. Its for home.
I have a CAPsAC attached. Caps on my CapsMan won’t work. Plus the devices not being able to see each other thing.