Help With IOS and Capsman

RouterOS Wireless Networking
1

Hi there all I hope you are all well I am needing some help please I am having the following issue with Apple users:

I have a cpasman server on my main gateway that has 7 or so other CAP AC XL devices connected to it all these are on the 192.168.1.xxx range and when I connect with my android or windows based device everything is fine however when I connect an apple device it almost always gets a 192.168.0.xxx range IP of which nothing attached to the network has that IP address range attached to it am I missing something in my configuration ?

Sometimes when I switch off randomized MAC address it gets a correct address assigned by the dhcp server. and more info when the apple device connects it dosent automatically disconnect but they dont get internet.

2

So first thing is to post your configuration from the capsman controller. Without that it’s hard to say what is wrong.

3

Appologies please see config

2025-05-26 12:27:09 by RouterOS 7.12.1

software id = EEZ4-6C94

model = RB750Gr3

serial number = HEC08SP4AS3

/interface bridge
add fast-forward=no name="bridge1-Champs PC"
add name=bridge2
/interface ethernet
set [ find default-name=ether1 ] name="ether1 WAN"
set [ find default-name=ether2 ] name="ether2 To Switch"
set [ find default-name=ether3 ] name="ether3 To Champs"
set [ find default-name=ether4 ] name="ether4 Champs PC"
set [ find default-name=ether5 ] name="ether5 Graham hotel network"
/caps-man configuration
add country=etsi datapath.bridge=bridge2 installation=outdoor mode=ap name=
cfg1 security.authentication-types=wpa-psk,wpa2-psk ssid="Graham Hotel"
/interface pppoe-client
add add-default-route=yes disabled=no interface="ether1 WAN" name=pppoe-out1
use-peer-dns=yes user=is.grahamhotel.fff
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=192.168.1.50-192.168.1.254
add name=dhcp_pool1 ranges=192.168.2.80-192.168.2.180
/ip dhcp-server
add address-pool=dhcp_pool0 bootp-support=dynamic interface=bridge2
lease-time=10m name=default
add address-pool=dhcp_pool1 interface="ether3 To Champs" lease-time=10m name=
dhcp1
/port
set 0 name=serial0
/routing table
add fib name=route_guests
add fib name=route_champs
add fib name="Guest internet"
add fib name="Grahamhotel telkom line"
/caps-man manager
set enabled=yes
/caps-man manager interface
add disabled=no interface="ether2 To Switch"
/caps-man provisioning
add action=create-dynamic-enabled master-configuration=cfg1
/interface bridge port
add bridge="bridge1-Champs PC" ingress-filtering=no interface=
"ether4 Champs PC"
add bridge="bridge1-Champs PC" ingress-filtering=no interface=
"ether5 Graham hotel network"
add bridge=bridge2 ingress-filtering=no interface="ether2 To Switch"
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface ovpn-server server
set auth=sha1,md5
/ip address
add address=192.168.1.1/24 interface=bridge2 network=192.168.1.0
add address=192.168.2.254/24 interface="ether3 To Champs" network=192.168.2.0
add address=192.168.4.1/29 interface="ether5 Graham hotel network" network=
192.168.4.0
/ip dhcp-client
add add-default-route=no interface="bridge1-Champs PC"
/ip dhcp-server network
add address=192.168.1.0/24 gateway=192.168.1.1
add address=192.168.2.0/24 gateway=192.168.2.254
/ip firewall filter
add action=accept chain=forward protocol=tcp src-address=192.168.16.0/24
src-port=7892
/ip firewall mangle
add action=mark-routing chain=prerouting new-routing-mark=route_guests
passthrough=no src-address=192.168.1.0/24
add action=mark-routing chain=prerouting new-routing-mark=route_champs
passthrough=yes src-address=192.168.2.0/24
add action=mark-routing chain=prerouting new-routing-mark=route_guests
passthrough=yes src-address=192.168.3.0/24
add action=mark-routing chain=prerouting new-routing-mark="Guest internet"
passthrough=yes src-address=192.168.4.0/24
add action=mark-packet chain=prerouting new-packet-mark="Internet Packets"
passthrough=yes src-address=!192.168.0.0/16
add action=mark-packet chain=prerouting dst-address=!192.168.0.0/16
new-packet-mark="Internet Packets" passthrough=yes
add action=accept chain=prerouting dst-address=192.168.0.0/16 src-address=
192.168.0.0/16
add action=mark-routing chain=prerouting new-routing-mark=
"Grahamhotel telkom line" passthrough=yes src-address=192.168.4.2
/ip firewall nat
add action=masquerade chain=srcnat out-interface=pppoe-out1
add action=masquerade chain=srcnat out-interface="bridge1-Champs PC"
add action=masquerade chain=srcnat src-address=192.168.4.2
add action=netmap chain=dstnat dst-port=1723 in-interface=pppoe-out1
protocol=tcp to-addresses=192.168.4.2 to-ports=1723
add action=netmap chain=dstnat dst-port=1723 in-interface=pppoe-out1
protocol=udp to-addresses=192.168.4.2 to-ports=1723
add action=netmap chain=dstnat dst-port=1701 in-interface=pppoe-out1
protocol=udp to-addresses=192.168.4.2 to-ports=1701
add action=netmap chain=dstnat dst-port=1701 in-interface=pppoe-out1
protocol=tcp to-addresses=192.168.4.2 to-ports=1701
add action=netmap chain=dstnat dst-port=4500 in-interface=pppoe-out1
protocol=tcp to-addresses=192.168.4.2 to-ports=4500
add action=netmap chain=dstnat dst-port=4500 in-interface=pppoe-out1
protocol=udp to-addresses=192.168.4.2 to-ports=4500
add action=netmap chain=dstnat dst-port=500 in-interface=pppoe-out1 protocol=
udp to-addresses=192.168.4.2 to-ports=500
add action=netmap chain=dstnat dst-port=500 in-interface=pppoe-out1 protocol=
tcp to-addresses=192.168.4.2 to-ports=500
add action=netmap chain=dstnat in-interface=pppoe-out1 protocol=gre
to-addresses=192.168.4.2
/ip route
add disabled=no dst-address=192.168.16.0/24 gateway="bridge1-Champs PC"
scope=10
add disabled=no dst-address=0.0.0.0/0 gateway=pppoe-out1
/routing bfd configuration
add disabled=no interfaces=all min-rx=200ms min-tx=200ms multiplier=5
/system clock
set time-zone-name=Africa/Johannesburg
/system identity
set name="Ghotel Main"
/system note
set show-at-login=no