iPhones and iPads unable to connect, MacBooks work fine

I have a CapAx and iPhones and IPads specifically will not connect, MacBooks and all other devices connect fine. The setup is simple, I’ve got a bridge on eth1 and other devices connect and can access the internet fine. I haven’t posted my config yet because I have tried just about everything and I keep resetting and tweaking. There must be others experiencing this?

The devices just hang at “joining”.

Latest ROS 7.20

Things I’ve tried

• Disable PKMID
• Group encryption ccmp, cmac and other variants
• Group management timeout 1hr,00:55:00
• WPA-PSK 2/3 exclusively and together
• DHCP lease time to one day on router
• All combinations of encryption type (ccmp,gcmp,ccmp-256,gcmp-256)
• Channel widths 20 Mhz, 20/40 Mhz Ce, 20/40 Mhz eC
• Installation = Indoor
• Mode AP
• Country is set
• Skip-dfs I’ve tried all combinations
• Security management protection allowed
• No TKIP

I’ve just about run out of ideas and I’m about to give up on this AP and bridge a unifi or similar. I have followed Apples router settings page and every thread I could find here and on reddit about Apple devices and MikroTik APs. I am seriously starting to wonder if there is bad driver code for handshakes or something.

When everything else works but something doesn't,
it's usually the device that doesn't work that has crappy software,
not the other way around (MikroTik not use own driver, but manufacturer one).

Why does everything else work? What's the difference?
It's not up to MikroTik to find a loophole every time to make other crappy software work.

Ask Apple to fix the problem.

If you have FT enabled, setup a slave with FT disabled and try again. Or disable FT for a moment.

Works for me anyway. Is it a proper solution NO but hey if it works…

I know that Apple devices are very strict in regard to DTIM value, it should be equal to 3 or higher.

There’s nothing to tweak or dance around regarding macOS/ iOS/ iPadOS devices and AX MikroTik devices/ AP’s.
They work, roam between 2.4GHz/ 5Ghz, roam between AP etc. just fine. You can tweak some values of DKIM like mentioned, but I haven’t notice any benefits.

Suggestion: leave encryption untouched unless you know what you’re doing.

That is the most useless, childish answer I’ve seen given in a forum in a long time. Take your superiority complex elsewhere, schools use iPads these days and I’m not going to dictate what devices people in my home have to use.

I tried this, vanilla config (defaults to ccmp when you check the config file). Unfortunately no luck

Not enabled but good to know, appreciate it!

Interesting, I will experiment with this now, thanks.

Try disabling 160 MHz on the 5 GHz band. If the OS isn’t up-to-date, Apple devices may report their Wi-Fi capabilities incorrectly due to a known Apple bug in older versions.

Nevermind just read that you use an cap ax

Since I have some spare time on my hands; a perfectly working config from my home:

default-name="wifi2" name="wifi-2ghz" l2mtu=1560 mac-address=XX:XX:XX:XX:XX:XX arp-timeout=auto radio-mac=XX:XX:XX:XX:XX:XX 
        configuration=wifi-2ghz 
        configuration.mode=ap .ssid="<REDACTED-SSID>" .country=Poland .dtim-period=3 
        security.authentication-types=wpa2-psk,wpa3-psk .group-key-update=1h .passphrase="<REDACTED-PASSWORD>" .management-protection=allowed 
        .wps=disable .ft=yes .ft-over-ds=yes .connect-priority=0/1 
        channel.frequency=2412,2437,2462 .width=20mhz .skip-dfs-channels=disabled .reselect-interval=11h..12h 
        steering.2g-probe-delay=yes 

default-name="wifi1" name="wifi-5ghz" l2mtu=1560 mac-address=XX:XX:XX:XX:XX:XX arp-timeout=auto radio-mac=XX:XX:XX:XX:XX:XX 
        configuration=wifi-5ghz 
        configuration.mode=ap .ssid="<REDACTED-SSID>" .country=Poland .dtim-period=3 
        security.authentication-types=wpa2-psk,wpa3-psk .group-key-update=1h .passphrase="<REDACTED-PASSWORD>" .management-protection=allowed 
        .wps=disable .ft=yes .ft-over-ds=yes .connect-priority=0/1 
        channel.frequency=5500-5600:20,5260-5340:20,5180-5260:20 .width=20/40/80mhz .skip-dfs-channels=10min-cac .reselect-interval=1d..1d1h 
        steering.2g-probe-delay=yes

Try to set a fixed channel and see how that helps. Heard several times before that channel 1 and 13 on 2.4 might cause issues with Apple devices.

Checking whether the issue can be isolated to 2.4Ghz and/or 5Ghz might also provide some useful information. Just disable f.e. 5Ghz and see if that changes anything.

Here are the best Practice Channels for Wifi Installations(Content from my wiki)

• 2.4Ghz

  • Name: 2.4GHz

  • Channel Width: 20Mhz

  • Frequency: 2402-2422; 2427-2447; 2452-2472

  • Reselect Time: 06:00:00...07:30:00

• 5Ghz

  • Name: 5GHz

  • Frequency: 5170-5190; 5190-5210; 5210-5230; 5230-5260

  • Reselect Time: 06:00:00...07:30:00

disabling FT Preserve VLAN ID could solve this. It worked for our environment but the devices weren’t only apple

This was the case...long time ago. Nowadays Apple removed this advice and therefor DTIM=1 is perfectly fine.

That is unduly dismissive for what on the face of it looks like a basic configuration problem. Or is there a known problem you haven’t referenced?

Unfortunately this exact configuration doesn’t work for me, I’m very confused now. Stuck at joining still.

No luck unfortunately, MacBook connects fine, all other devices are fine. Two iPhones and an iPad will not connect. Stuck at joining

Did you try restarting the iPhones and iPads?

Did you try testing other iPhones?

Do you have other APs on your network? Or, in your home?

Did you try 7.20.2?

Post your config (sanitized export) so others can continue to try to help.

I did, two iPhones and an iPad, restarted, forgot networks etc. MacBook works fine. I’ll post config now.

7.20.2 with latest wave2 package installed also, no other APs. MikroTik L009 and CRS328 are the only other network equipment

I repeat, if the others work, AS YOU YOURSELF WRITE, ask Apple why those two don't...

If the others work, why should it be a RouterOS problem?