I'd recommend doing an export and provide the relevant Wi-Fi configuration you're actually using now and it not working.
I recently seen the defaults on ax2 work fine with modern iPad, so it's not wholesale broken. If the iPad are older, I'd recommend disabling WPA3 and using 1h as group update interval as a test to see if that works.
And are you using the latest stable version, and upgrade firmware to match (/system/routerboard/update)?
I don't understand the point of this, the users on the forum are not members of the MikroTik staff.
I wouldn't know how to answer you.
Here’s my config currently. Interestingly I was able to get one iPhone to connect by scanning the QR code on an iPhone from the wifi sharing menu on an Android device. Sharing wifi password from MacBook doesn’t work. I ruled out special characters in passwords etc.
/interface wifi
set [ find default-name=wifi1 ] channel.band=5ghz-ax .deprioritize-unii-3-4=\
no .frequency=5170-5190 .reselect-interval=1d..1d1m .reselect-time=\
06:00:00..07:30:00 .skip-dfs-channels=10min-cac .width=20/40/80mhz \
configuration.country=Australia .dtim-period=3 .installation=indoor \
.mode=ap .ssid=<redacted> disabled=no interworking.internet=yes \
.network-type=private security.authentication-types=\
wpa2-psk,wpa2-psk-sha2,wpa3-psk .disable-pmkid=yes .ft=no .ft-over-ds=no \
.group-key-update=1h .management-encryption=cmac .management-protection=\
allowed .wps=disable steering.rrm=yes .wnm=yes
set [ find default-name=wifi2 ] channel.band=2ghz-n .frequency=2402-2422 \
.reselect-time=06:00:00..07:30:00 .skip-dfs-channels=all .width=20mhz \
configuration.country=Australia .dtim-period=3 .installation=indoor \
.mode=ap .ssid=<redacted> disabled=no interworking.internet=yes \
.network-type=private security.authentication-types=\
wpa2-psk,wpa2-psk-sha2 .disable-pmkid=yes .encryption=ccmp,gcmp \
.group-encryption=ccmp .group-key-update=1h steering.rrm=yes .wnm=yesWell, that’s far from a default config, as you know.
And, yes, I understand this is the config you want and need, but I would say that troubleshooting would dictate that you start with a default config to make sure that works.
Then make individual changes.
Because those devices work perfectly fine with a unifi AP, ruckus AP, TP link AP. Should I go on? This is clearly configuration or implementation specific. Either I have misconfigured something or there is a vendor specific problem here. “Ask Apple” is entirely unhelpful. Should I just “ask Google” if I encounter issues with my Pixel or Google TV? Obviously not and I worked through the issue (encryption types).
Correct, I’ve spent hours doing that. One setting at a time, all possible options. I suspect there’s a golden configure here but the maths of multiple options for multiple settings is going to give to thousands of possible combinations. The current config is based on the suggestions in this thread. I tried default and had no luck just before creating the thread unfortunately. I’ve been at this for weeks.
If all the others work, there's definitely a poor implementation compared to the others.
What do the others have more? Why should the two that don't work have less?
I would insist that the manufacturer fix it, LIKE THE OTHERS,
rather than rely on tricks due to a poor software implementation
that poorly handles any configuration or software errors...
We all here truly understand the frustration.
I would suggest that letting that frustration come out here, directed at Mikrotik or forum users, is entirely counterproductive.
Do the iPhones connect with the CapEx configured with it’s default config?
So you don’t know if there is a known Apple problem. But you are quite adamant that there is. Perhaps we should leave you be today and hope you get out of bed on the right side tomorrow.
Just to be clear that’s not me, it’s some other guy in this thread. I’m pleasantly surprised and very appreciative of the help so far.
Firmware and packages all up to date (7.20.2), I just tried default config again but no luck, iPhones and iPad will not connect
Have you removed and added the wifi network on these devices after going back to defaults?
Apple advices a DHCP lease time of 8h.
I’ll try that now. I’ve tried 1h and 8h as per the Apple “recommended settings for WiFi routers” guide.
You've done a lot of testing, now paste this and see if everything works, then use it as a starting point...
/interface wifi
set [ find default-name=wifi1 ] channel.frequency=5180-5240:20 \
.skip-dfs-channels=disabled .width=20mhz configuration.mode=ap \
datapath.client-isolation=no disabled=no \
security.authentication-types=wpa2-psk .disable-pmkid=yes .encryption=ccmp \
.group-encryption=ccmp .group-key-update=1h .management-protection=disabled \
.wps=disable \
!channel.band !channel.deprioritize-unii-3-4 !channel.reselect-interval !channel.reselect-time \
!configuration.dtim-period !interworking.internet !interworking.network-type !security.ft \
!security.ft-over-ds !.management-encryption !steering.rrm !.wnm
set [ find default-name=wifi2 ] channel.frequency=2412-2462:5 \
.skip-dfs-channels=disabled .width=20mhz configuration.mode=ap \
datapath.client-isolation=no disabled=no \
security.authentication-types=wpa2-psk .disable-pmkid=yes .encryption=ccmp \
.group-encryption=ccmp .group-key-update=1h .management-protection=disabled \
.wps=disable \
!channel.band !channel.deprioritize-unii-3-4 !channel.reselect-interval !channel.reselect-time \
!configuration.dtim-period !interworking.internet !interworking.network-type !security.ft \
!security.ft-over-ds !.management-encryption !steering.rrm !.wnm
Appreciated, interestingly something in that configuration worked! The things that stand out are management protection and band, I always had a band selection previously but your config only specifies frequency
I've given you a way to get everything working first, now if you want to tinker, go ahead, you've got a basic configuration that works to fall back on.
The -1s are useless if given randomly without at least trying to understand the writer's concept...
That script defaults everything you've made, and sets up compatibility with everything I've tried so far.
channel.band=5ghz-ax mean ONLY ax, not backward compatible
channel.band=2ghz-n mean ONLY n, not backward compatible and also not ax compatible
security.authentication-types=wpa2-psk-sha2 iphone/iphad do not support new "sha2" (but MacOS and the others yes... strange...)
That is almost certainly the mistake I made then, thank you very much for the explaination. The wiki is vague on that with “Frequency band and wireless standard that will be used by the AP” - that makes it sound like the entire band will be used but I guess the key here is the standard is exclusive not inclusive. What a massive relief, thank you
So, can we say that these:
/interface wifi
set [ find default-name=wifi1 ] channel.frequency=5180-5240:20 \
.skip-dfs-channels=disabled .width=20mhz configuration.mode=ap \
datapath.client-isolation=no disabled=no \
security.authentication-types=wpa2-psk .disable-pmkid=yes .encryption=ccmp \
.group-encryption=ccmp .group-key-update=1h .management-protection=disabled \
.wps=disable
set [ find default-name=wifi2 ] channel.frequency=2412-2462:5 \
.skip-dfs-channels=disabled .width=20mhz configuration.mode=ap \
datapath.client-isolation=no disabled=no \
security.authentication-types=wpa2-psk .disable-pmkid=yes .encryption=ccmp \
.group-encryption=ccmp .group-key-update=1h .management-protection=disabled \
.wps=disable
are good basic settings one can build on (if needed)?
Yes, if nothing else has been touched... in fact I had to undo all the other tweaks in the script
(regardless of whether they worked correctly or not), to have a solid base to start from.
Yep, I have seen all those !, but when starting from a freshly reset device the relevant settings are the first part only (of course is up to the user to delete/remove excess ones, if any).
Thanks.