How to gradually migrate CAPs to wifi-qcom-ac and fix 'Country unknown' on cAP AC.

Hello,

I have a production setup with the following hardware:

CAPsMAN: CCR2004

CAPs: 100x cAP ac (RBcAPGi-5acD2nD) and cAP XL ac

Current state: All CAPs are running the legacy wireless package and are managed by CAPsMAN on the CCR2004.

I would like to migrate to the new wifi-qcom-ac package gradually. I have two questions:

Question 1 – Phased migration

Can I migrate my CAPs in stages (e.g., 10 units per week) while keeping the rest on the wireless package?

Specifically:

Can the same CCR2004 run both the legacy CAPsMAN (for wireless) and the new CAPsMAN (for wifi-qcom-ac) at the same time?

Will both groups of CAPs simply provide connectivity during the migration period? (I understand Fast Roaming between groups is not expected — I will enable it after full migration. I just need both groups to work simultaneously.)

Question 2 – Country "unknown" on wifi-qcom-ac

After flashing a cAP AC to the wifi-qcom-ac package, in WiFi → Configuration → Country I only see "unknown" — no countries are listed.

This issue does NOT exist on the wireless package.

How can I fix this on wifi-qcom-ac?

1. yes
   Your CAPsMAN device (CCR2004) has to run ROS v7 (as it introduces new WiFi CAPsMAN) and has to have the (optional) wireless package installed. This package brings both legacy wireless drivers (not relevant on CCR devices) and legacy CAPsMAN functionality.
   You'll have to configure both CAPsMANs separately, they don't share config. So you'll have to make settings for both parts of your network similar manually.
   Since both parts of your network will be controlled by different CAPsMAN entities, there won't be any cooperation between them. But that's the same as it is when using legacy (wireless) CAPsMAN alone. So I suggest you to migrate bunches of APs which have overlapping coverage to enable enhanced mobility (802.11 r/k/v) at least between those APs.

2. I don't see the same. My AP running wifi-qcom-ac shows quite a lengthy list of countries available (both via CLI and via WinBox 4.0.1 for Linux). My CAPsMAN and CAP devices is running ROS 7.20.8.

BTW Do you use VLANs (see lost features )?

https://help.mikrotik.com/docs/spaces/ROS/pages/224559120/WiFi#WiFi-Replacing'wireless'package

I have made some progress and now I have both CAPsMAN versions running simultaneously, but I am stuck with a connection issue on the new wifi-qcom-ac driver.
What I configured on the test CAP (via new WiFi CAPsMAN Wave2):
Same SSID as before
Same passphrase (WPA2-PSK)
Same channel settings (2.4 GHz and 5 GHz)
Datapath: without vlan-id (I do not use VLANs in this setup — it's a simple flat network)
Bridge: I am using the exact same bridge that was working perfectly with the legacy wireless package

When I try to connect a client device (tested with several clients — laptops, smartphones), the client fails to connect. It either times out or shows "authentication failed" even though the passphrase is correct.
The same SSID and passphrase work immediately when I roll back to the legacy wireless package on the same CAP.
What could be wrong?

Post your configuration (anonymized) for review, instructions here:
Forum rules - #5 by gigabyte091

I only have one Wave2 access point and one wireless (legacy) access point. Both are configured on the same controller and have identical configurations (SSID, datapath, etc.)

I have the wireless package installed on my ccr2004. If I remove it, the interface-capsman option will disappear and the old access points won't work.

/interface wifi
# operated by CAP D0:EA:11:28:3A:69%Bridge VLAN-111
add name=cap-wifi1 radio-mac=D0:EA:11:28:3A:6C
/interface wifi channel
add band=2ghz-n frequency=2442 name="2.4 GHz 7 Ch"
/interface wifi datapath
add bridge="Bridge VLAN-110" name="Datapath VID110"
/interface wifi security
add authentication-types=wpa2-psk disabled=no group-encryption=ccmp \
    group-key-update=30m name=Test_C1_IT
/interface wifi configuration
add channel="2.4 GHz 7 Ch" country=Latvia datapath="Datapath VID110" \
    disabled=no hide-ssid=no installation=indoor interworking.realms-raw="" \
    name=Test_C1_IT security=Test_C1_IT ssid=c1-uclass
/interface wifi capsman
set ca-certificate=CA_GW1_CAPsMAN certificate=Cert_GW1_CAPsMAN enabled=yes \
    interfaces="Bridge VLAN-111" package-path=/firmware upgrade-policy=\
    require-same-version
/interface wifi provisioning
add action=create-dynamic-enabled comment="" disabled=no master-configuration=Test_C1_IT name-format=\
    "%I - 2.4GHz " radio-mac=D0:EA:11:28:3A:6B

/caps-man channel
add band=2ghz-b/g/n frequency=2442 name="2.4 GHz 7 Ch"
/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm \
    group-key-update=45m name=Test_C1_IT
/caps-man configuration
add channel="2.4 GHz 7 Ch" country=latvia datapath="Datapath VID202" \
    hide-ssid=no installation=indoor name=Test_C1_IT security=\
    Test_C1_IT ssid=c1-uclass
/caps-man datapath
add bridge="Bridge VLAN-110" name="Datapath VID110"
/caps-man interface
add configuration=Test_C1_IT disabled=no l2mtu=1600 mac-address=\
    7A:9A:18:09:8B:3A master-interface="K1F1_SCH-SCH\\12-12-1" name=\
    "K1F1_SCH-SCH\\12-12-1-1" radio-mac=00:00:00:00:00:00 radio-name=\
    7A9A18098B3A
/caps-man manager
set ca-certificate=CA_GW1_CAPsMAN certificate=Cert_GW1_CAPsMAN enabled=yes \
    package-path=/firmware upgrade-policy=suggest-same-version
/caps-man manager interface
set [ find default=yes ] forbid=yes
add disabled=no interface="Bridge VLAN-111"
/caps-man provisioning
add action=create-enabled comment="K1F1_SCH-SCH\\12-12" master-configuration=\
    Test_C1_IT name-format=identity radio-mac=78:9A:18:09:8B:3A \

See:
IOS 26 and Mikrotik 7.22.x Wifi - bad relationship?
(this should affect iPhones and similar IOS devices)

I'm still digging. Deleting the option didn't help.
I was able to connect, but there's no received traffic. The device isn't receiving a DHCP address, and it's not working with static data, so there's no response. Under the WiFi option, "Registration," there's no Tx Rate line, but there is an Rx Rate line.

That would point to a mis-configured DHCP server?
Or possibly it is not attached to the right interface/VLAN?

I currently have Legacy Capsman configured. I want to install Wave2 alongside Legacy to seamlessly migrate from Legacy to Wave2. Everything works fine with Legacy, but Wave2 doesn't. I'm using an existing, working datapath. DHCP works in the datapath (it works in Legacy). I tried setting the IP address manually and pinging the datapath, but nothing happened. Wireshark only shows packets being sent, not received. Could this be because both Capsman instances are running simultaneously?

No, running both is a common case when people has some old (non-ax or non wifi-qcom-ac upgradable) devices and some new ax devices.

You should post your FULL configuration for review, some of the more expert members may then be able to notivce what causes the issue.

I've set up a test rig.

1 - hapAC2 - controller (local WiFi is not used)

2 - cap XL ac - wifi-qcom-ac

3 - cap XL ac - wireless

hapAC2 - 2 bridge.

1 - lan - main network, addresses and DHCP are assigned from here

2 - capsman - caspman network (my own DHCP is set up to assign AP addresses)

Wireless caspman is configured along with wifi-qcom-ac:

"wireless caspman" - everything works

"wifi-qcom-ac (wave2)" - doesn't work (same problem as in production)

What I've tried: 1 - Remove the wireless package and install wifi-qcom-ac - no result

2 - Disable wireless caspman - no result I'm attaching the controller configuration:

/interface bridge
add name=Caspman-BR
add name=Lan
/interface wifi
# operated by CAP D0:EA:11:28:43:1C%Caspman-BR
add name=cap-wifi2 radio-mac=D0:EA:11:28:43:1F
set [ find default-name=wifi1 ] configuration.mode=ap
/interface wifi channel
add band=2ghz-n disabled=no frequency=2452 name=2.4GHZ-11ch width=20/40mhz-Ce
/interface wifi datapath
add bridge=Lan disabled=no name=caspman
/interface wifi security
add authentication-types=wpa2-psk disabled=no group-encryption=ccmp \
    group-key-update=30m name=test_wifi_ac
/interface wifi configuration
add channel=2.4GHZ-11ch country=Russia datapath=caspman disabled=no \
    interworking.realms-raw="" mode=ap name=test-wifi-ac security=\
    test_wifi_ac ssid=test-wifi-ac
/ip pool
add name=caspman-pool ranges=10.123.123.3-10.123.123.10
/ip dhcp-server
add address-pool=caspman-pool interface=Caspman-BR lease-time=20h30m name=\
    caspman
/interface bridge port
add bridge=Lan interface=ether2
add bridge=Caspman-BR interface=ether3
add bridge=Caspman-BR interface=ether4
add bridge=Caspman-BR interface=ether5
add bridge=Lan interface=ether1
/interface wifi capsman
set ca-certificate=auto certificate=auto enabled=yes interfaces=Caspman-BR \
    upgrade-policy=require-same-version
/interface wifi provisioning
add action=create-dynamic-enabled disabled=no master-configuration=\
    test-wifi-ac radio-mac=D0:EA:11:28:43:1E
/ip address
add address=10.123.123.1/26 interface=Caspman-BR network=10.123.123.0
/ip dhcp-client
add default-route-tables=main interface=Lan name=client1
/ip dhcp-server network
add address=10.123.123.0/26 dns-none=yes gateway=10.123.123.1 netmask=26 \
    ntp-none=yes
/system clock
set time-zone-name=Europe/Moscow
/system identity
set name=CASPMAN
/system ntp client
set enabled=yes
/system ntp client servers
add address=ntp3.ntp-servers.net

Caspman is another kind of controller, probably local to the shores of Caspian Sea

It doesn't matter, of course , but for a moment I thought I was having dislexia .

The question is closed. This is impossible to do. Capsman forward is not supported.

We need to make vlan.

Information from the instructions.

https://help.mikrotik.com/docs/spaces/ROS/pages/224559120/WiFi#WiFi-CAPusing%22wifi-qcom-ac%22package%3A

There are 2 major forwarding/traffic-processing modes: local forwarding mode (traffic-processing=on-cap), where CAP is locally forwarding data to and from wireless interface; CAPsMAN forwarding mode (traffic-processing=on-capsman), where CAP sends to CAPsMAN all data received over wireless and only sends out the wireless data received from CAPsMAN. CAPsMAN forwarding is only possible starting with 7.21beta2 version. On older versions, only CAP forwarding is supported. CAPsMAN forwarding is not supported by wifi-qcom-ac devices (wifi-qcom-ac drivers only support local forwarding).