Hi,

Just got myself a pair of HAP Ax3 routers running on OS v7.7. Been trying to get WiFiWave2 interfaces working on Capsman (configured via CLI as Winbox GUI does not have this option) but to no success. Interface recognized to be controlled by Capsman but no wifi clients can successfully login to the router.

Am using configuration profiles (specifying country, ssid) + channel profile (specifying band type and channel width) + security profile.

Seeking all the gurus here for comments and pointers if anyone has successfully gotten this to work.

I thought that was only in the beta?

7.7 is released as stable version.
We can discuss about the corectness of that label but it is what it is.

I have it working, but in my case it isn’t an ax3, but instead an RB4011 and an Audience. Share your config.

Thanks for the reply. How do I share the config ?

From the command line run: /export

and paste the results in here. By default it hides sensitive info from the export.

You can have the export only include the wifiwave2 config (as it is probably the only applicable section) if you run: /interface wifiwave2 export

Got some help from Mikrotik support directly and got pointers to correctly setup CAPSMAN with WiFiWave2… Thanks for help

And would you mind sharing that info for others ?

Now we definitely need a copy of
/ export file=CapswWave2

I would like to see that also. Actually, I don’t understand why Mikrotik doesn’t address this as well in their Wiki.
It doesn’t help anyone to provide features without any tools to configure them.

Verbatim reply from support - The configuration example in the documentation is written for a setup where CAPsMAN manages an interface, which is on a different device.

To manage an interface, which CAPsMAN is on the same device, just set
/interface wifiwave2 set wifi2 configuration.manager=local configuration=5gConfig(configuration profile which I setup)

For remote devices, I just have to follow the documentations to get it working e.g.
/interface wifiwave2 cap set enabled=yes
/interface wifiwave2 cap set caps-man-addresses=x.x.x.x
/interface wifiwave2 set wifi2 configuration.manager=capsman (or capsman-or-local)

Copied relevant sections of the export

CAPSMAN

/interface wifiwave2 channel
add band=5ghz-ax name=5gChannel skip-dfs-channels=all width=20/40/80mhz
add band=2ghz-ax name=2gChannel skip-dfs-channels=all width=20/40mhz

/interface wifiwave2 security
add authentication-types=wpaX name=secProfile

/interface wifiwave2 configuration
add channel=5gChannel country=XXX name=5gConfig security=secProfile ssid=XXX
add channel=2gChannel country=XXX name=2gConfig security=secProfile ssid=XXX

/interface wifiwave2 provisioning
add action=create-enabled master-configuration=5gConfig supported-bands=5ghz-ax
add action=create-enabled master-configuration=2gConfig supported-bands=2ghz-ax

/interface wifiwave2 cap
set caps-man-addresses=X.X.X.X discovery-interfaces=Bridge enabled=yes

/interface wifiwave2 capsman
set ca-certificate=auto enabled=yes interfaces=Bridge

/interface wifiwave2
add configuration=2gConfig configuration.mode=ap disabled=no name=cap-wifi-2g
add configuration=5gConfig configuration.mode=ap disabled=no name=cap-wifi-5g
set [ find default-name=wifi2 ] channel=2gChannel configuration=2gConfig configuration.manager=local .mode=ap
disabled=no name=wifi-2g security=secProfile
set [ find default-name=wifi1 ] channel=5gChannel configuration=5gConfig configuration.manager=local .mode=ap
disabled=no name=wifi-5g security=secProfile


CAP

/interface wifiwave2 cap
set caps-man-addresses=X.X.X.X discovery-interfaces=Bridge enabled=yes

Dear wiltonlee,

sorry if my questions will be stupid, but I’m a newbie…

1. For your config to work, shall I run

/system reset-configuration no-defaults=yes

on both devices before?

2. How the devices shall be physically connected? Can I do something like:

Internet ----------ETH1- Mikrotik CAPSMAN - ETH2 --------------- ETH1 - Mikrotik CAP

?

Kind regards

Tell me, did anyone check if such a configuration supports CAPs that do not know how to wave2? Or do they still need a separate CAPSMAN server for them?

You will need 2 capsman controllers in a mixed environment.
One for Wave2 devices, one for non-wave2 devices.

Really?

I see posts that don’t say this, and ones that do.

Current (in reality pre-beta) version of capsman2 doesn’t support legacy capsman clients and legacy capsman doesn’t (and never will) support wave2 clients.

However, in another thread some MT staffer wrote that MT will consider adding support for legacy capsman clients to capsman2. As usual, no commitment has been made and there’s certainly no ETA. But crowds (myself included) are thrilled by such a possibility and some even consider it “almost done”.

Hi, somhow i can not manage do capsman on hAP ax3 on its own interface.
My config:

# jan/20/2023 20:51:47 by RouterOS 7.8beta2
# software id = KVAM-7GMC

/interface wifiwave2
# managed by CAPsMAN
set [ find default-name=wifi1 ] configuration.manager=capsman-or-local .mode=ap disabled=no
# managed by CAPsMAN
set [ find default-name=wifi2 ] configuration.manager=capsman-or-local .mode=ap disabled=no
/interface wifiwave2 security
add authentication-types=wpa2-psk,wpa3-psk name=sec1
/interface wifiwave2 configuration
add channel.skip-dfs-channels=all country=Latvia name=5ghz security=sec1 ssid=CAPsMAN_5
add country=Latvia name=2ghz security=sec1 ssid=CAPsMAN2
add country=Latvia name=5ghz_v security=sec1 ssid=CAPsMAN5_v
/interface wifiwave2 cap
set caps-man-addresses=127.0.0.1 discovery-interfaces=bridge_LV enabled=yes
/interface wifiwave2 capsman
set ca-certificate=auto enabled=yes package-path="" require-peer-certificate=no upgrade-policy=none
/interface wifiwave2 provisioning
add action=create-dynamic-enabled disabled=no master-configuration=2ghz radio-mac=00:00:00:00:00:00 supported-bands=2ghz-n
add action=create-dynamic-enabled disabled=no master-configuration=5ghz radio-mac=00:00:00:00:00:00 slave-configurations=5ghz_v supported-bands=5ghz-ac

/interface/wifiwave2/capsman> print 
                   enabled: yes
            ca-certificate: auto
  require-peer-certificate: no
              package-path: 
            upgrade-policy: none
  generated-ca-certificate: CAPsMAN-CA-18FD74FE92C0
     generated-certificate: CAPsMAN-18FD74FE92C0

/interface/wifiwave2/capsman/remote-cap> print
Columns: ADDRESS, IDENTITY, STATE, BOARD-NAME, VERSION
#  ADDRESS    IDENTITY  STATE  BOARD-NAME           VERSION 
0  127.0.0.1  ax3       Ok     C53UiG+5HPaxD2HPaxD  7.8beta2

Standart FW including:

add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1

Looks like does provision, but still nothing happans.

What i am doning wrong?

Addad hAP ac3 with WifiWave2 as CAP controled by Capsman on hAP ax3 . Still dont wokr. All i can see:

on Capsman hAP ax3

/interface/wifiwave2/capsman/remote-cap> print
Columns: ADDRESS, IDENTITY, STATE, BOARD-NAME, VERSION
#  ADDRESS    IDENTITY  STATE  BOARD-NAME           VERSION 
0             MikroTik  Ok     RBD53iG-5HacD2HnD    7.7     
1  127.0.0.1  ax3       Ok     C53UiG+5HPaxD2HPaxD  7.8beta2

on cap hAP ac3

/interface/wifiwave2> print
Flags: M - MASTER; B - BOUND; I, R - RUNNING
Columns: NAME, CONFIGURATION.MODE
#     NAME         CONFIGURATION.MODE
;;; managed by CAPsMAN
0 MBI wifi1--2Ghz  ap                
;;; managed by CAPsMAN
1 MBI wifi2-5Ghz   ap

I really hope they’ll add support for capsman forwarding in the next release, not the best solution to add vxlan/eoip everywhere and bridge cap interfaces locally