hAP ax2 station mode

RouterOS Wireless Networking
1

Hi

I’m trying to setup a new hAP ax2 running 7.14.1 in a ‘station’ mode in the office where wifi is the default connection method.
I’ve completely deleted the configuration on the device and configured a bare minimum for the connection to be established, but the router keeps jumping between ‘Scanning’ and ‘Connecting’ modes and not establishing a connection.
Here is the config:

# software id = DSQQ-JU0R
#
# model = C52iG-5HaxD2HaxD
/interface wifi
set [ find default-name=wifi1 ] configuration.country=\
    Netherlands .mode=station .ssid=WIFI-PUB security.authentication-types=\
    wpa2-psk
/system logging
add topics=wireless,debug
/system note
set show-at-login=no

There is also a passphrase configured as well, but it is not reflected in the export.

So far I’ve tried to connect to a couple of other wireless networks/SSIDs and it worked just fine - one was my phone acting as a modem, the other was my personal hotspot. I’ve connected a cheap Keenetic device in Wireless ISP mode to this particular SSID to make sure there are no restrictions for wireless routers as stations and it worked fine. I’ve mimicked the SSID and passphrase on the phone to make sure there are no ‘special characters’ issues or something. I’ve even changed the MAC on the ax2 wireless interface to my iPhone’s MAC address just in case. Changed it back once it did not help.
Wireless debug logging does not catch the connection attempts ax2 is making, no information at all. I’m stuck for a full day now experimenting and looking for root cause with no luck.
I’ve tried the other 2.4GHz interface with no luck too.

I have no idea where to look anymore. What can be the root cause?

2

Do you have a passphrase configured?
Is this the complete config?

3

Yes. Ive double-checked it.

4

I ran into such a situation once when the radio I tried to connect to was running with 40MHz bandwidth (2.4GHz).
Can you supply all information about the radio you want to connect to?

5

It is out of my control. All I know is that it is a Cisco AP. Here is the scan result

Wireless Scan Results

Device identity: MikroTik
Interface: wifi1
Frequencies: 5180,5200,5220,5240,5260,5280,5300,5320,5500,5520,5540,5560,5580,5600,5620,5640,5660,5680,5700,5720,5745,5765,5785,5805,5825,5845,5865,
Time: 2024-03-20 12:06:44

ADDRESS,SSID,CHANNEL,SECURITY,SIGNAL,NOISE-FLOOR,LAST-SEEN-[s],
F0:1D:2D:xx:xx:xx,WIFI-PUB,5660/ax/Ce,WPA2-PSK,-73,0,2.90,
F0:1D:2D:xx:xx:xx,WIFI-PUB,5180/ax/Ce,WPA2-PSK,-61,0,8.10,
F0:1D:2D:xx:xx:xx,WIFI-PUB,5280/ax/eC,WPA2-PSK,-53,0,6.31,
F0:1D:2D:xx:xx:xx,WIFI-PUB,5320/ax/eC,WPA2-PSK,-74,0,5.73,
F0:1D:2D:xx:xx:xx,WIFI-PUB,5220/ax/Ce,WPA2-PSK,-83,0,21.47,
6

Can you give it a try with fixed channel and bandwidth?

7

Same behaviour.
If I /interfaces/wifi/monitor wifi1, I get this and it keeps attempting, but falls back to scanning

# 2024-03-20 12:30:25 by RouterOS 7.14.1
# software id = DSQQ-JU0R
#
               state: scanning
  available-channels: 5200/ax/eC,5240/ax/eC,5280/ax/eC,5320/ax/eC,5520/ax/eC,
                      5560/ax/eC,5600/ax/eC,5640/ax/eC,5680/ax/eC,5720/ax/eC,
                      5765/ax/eC,5805/ax/eC,5845/ax/eC
# 2024-03-20 14:30:33 by RouterOS 7.14.1
# software id = DSQQ-JU0R
#
               state: connecting
          ap-address: F0:1D:2D:xx:xx:xx
  available-channels: 5200/ax/eC,5240/ax/eC,5280/ax/eC,5320/ax/eC,5520/ax/eC,
                      5560/ax/eC,5600/ax/eC,5640/ax/eC,5680/ax/eC,5720/ax/eC,
                      5765/ax/eC,5805/ax/eC,5845/ax/eC

Current config is

/interface wifi
set [ find default-name=wifi1 ] channel.band=5ghz-ax .width=20/40mhz-eC \
    configuration.country=Netherlands .mode=station .ssid=WIFI-PUB disabled=\
    no security.authentication-types=wpa2-psk
/system logging
add topics=wireless,debug
/system note
set show-at-login=no
8

There are no errors in the logs or anywhere even if I purposefully enter a wrong passphrase. I guess things don’t hook up wvwn before the passphrase is to be checked.
I don’t know it this can be helpful in any way, I don’t have any other bright ideas to troubleshoot this. First time ever I must say that there is lack of logs in a Mikrotik router :laughing:

9

Just throwing in some random idea: can you unset channel.band and channel.width? I guess that without setting these two, device would act in a more flexible way and would thus have better chances to successfully connect to AP.

10

I used to be able to get hAP AC2s to join the network of just about anything back in 6.x.

But I couldn’t run it as straight “bridge”. I always ended up having to make the WLAN a WAN feed and make a LAN subnet.

11

That’s the config I’ve started with up in this thread - as flexible as possible, nothing set besides auth method, ssid and passkey. Setting channel parameters was the most recent experiment we’ve tried with @erlinden.

12

Technically 802.11 was not designed for bridges. It is all about access points, thus a single client is expected at the far end, not a whole network. You have to make the network look like a client, so you make your router a client and hide a LAN subnet behind it.
This is partly the reason why there are so many ‘implementations’ of this wireless ‘bridging’.

All that said, it has nothing to do with my Mikrotik not communicating with this Cisco AP..

13

Thanks for investing your time in trying to help me! I appreciate it. I guess you are out of ideas as I am?

14

Last thing I can think of is setting frequency as well as bandwidth. And then I’m out of ideas.

15

I think I was supposed to use WDS or something if I needed a straight up bridge.

But found the Ubnt AirOS stuff to be easier to deal with. So there are a lot of ancient Picos out there working as a “wifi to Ethernet adapter”.

But then again… Directed DHCP. That caused me to just connect as a single client and route my LAN.

But back to where I was going with that…

A lot of features went away with the WAVE2 driver initially.

Could this be one of the “quirks”?

16

Packet capture could help. Can you get a monitor mode capture on that channel which is failing? Might indicate where the fault lies.

No idea in this particular case, but certain settings can trigger this type of behavior - for example, if AP indicates to use PMF, or if multiple types of authentication are supported, etc., it can cause clients to not even try and authenticate.

17

I don’t think so as ax^2 works fine and does what I want it to do with other wireless networks. It’s connecting to my iPhone sharing data over wifi just fine. I took it to another WISP network and it did just fine there too. It’s only this one that causes me trouble. On the other hand, a cheapo Keenetic hooked up to this network in a blink of an eye. I can’t pinpoint the requirement that is not met in this combination.

I’ll try the packet inspection route.

18

I could not find a way to set up packet capture on this level. I honestly never dealt with a Layer 1-2 issue ever before. May I ask for your help setting up this capture you are referring to? Just being a little more specific would help a ton. I will dig into details then

19

If you have never done monitor mode capture before, it may be a steep learning curve. Here are Wireshark’s instructions: https://wiki.wireshark.org/CaptureSetup/WLAN. Do you have a Macbook? That is likely the fastest way to get there for an external capture system.

Mikrotik devices can do some capture as well, but I always recommend to not analyze with the system that is failing, so you would want a different device to capture while the primary system is failing. A v7.7 HAPac device has ‘Wireless Sniffer’ button in the Wireless Tables section of Winbox but with the change in wireless drivers, there could be some impact to this capability which is why I listed the HW and SW version as capabilities can and do change.

Someone created instructions: https://networktik.com/mikrotik-wireless-sniffer-tool/ on how to do this if you are interested.

20

I don’t have a macbook with me today, but I’ve given it a shot and tried to sniff with ax2 itself. I definitely don’t know what I’m looking for, but I thought I’d ask. Would a broadcast packet from AP be sufficient to understand what AP is expecting of a client trying to connect to it? I will probably be able to record the whole communication tomorrow or early next week, but in the meantime, I’ve attached the broadcast pcap file with that single broadcast packet that seems to be repeated a lot. In case it really does mean something for an expert.

The reason I’m asking is that I see some capabilities encoded in there.
wireshark.png
broadcast.pcap.zip (508 Bytes)