Issue with CAPsMAN v2 managing its own device

I have CAPsMAN running on AX^3 successfully managing three AX^2 CAPs. However, when I attempt to use CAPsMAN to manage the AX^3’s CAP, there is no signal.

Wireless>WiFi Wave2 shows wifi1 and wifi2 as “—managed by CAPsMAN”, but the mode, SSID, and channel line never appears.

On AX^2 CAPs:

On AX^3:

Client devices do see any wifi from the AX^3.

CAPsMAN config is very basic:

/interface wifiwave2 security
add authentication-types=wpa2-psk,wpa3-psk name=testsec passphrase=*******
/interface wifiwave2 configuration
add name=5G security=testsec ssid=MALINIA-5ghz
add name=2G security=testsec ssid=MALINIA
/interface wifiwave2 provisioning
add action=create-enabled master-configuration=5G supported-bands=5ghz-n
add action=create-enabled master-configuration=2G supported-bands=2ghz-n
/interface wifiwave2 capsman
set ca-certificate=no enabled=yes

CAP config:

/interface/wifiwave2/cap set enabled=yes
/interface/wifiwave2/set wifi1,wifi2 configuration.manager=capsman

I also manually set the CAPsMAN IP Address in Wireless > WiFi Wave2 > CAP. I have added a firewall rule to accept local traffic.

If I simply switch Manager to “local”, signal is immediately available.

Any help will be GREATLY appreciated as I have struggling with this for days…

Officially CAPsMAN can not manage local wireless. Since wave2/wifi for local configuration uses same configuration subtree as CAPsMAN, it’s no need to force CAPsMAN management on local wireless. Also mobility functions work between local and capsman-managed APs as they are all managed by same wave2/wifi instance.

In plain english, the setup for wifi on the device hosting capsman is different or separate from the wifi settings within capsman for the external devices.???

In plain english: you can use same security profile for both capsman provisioning and for local device. You can use the rest of profiles in both places as well if they apply unaltered (datapath, channel, what not). The config is actually shared between local manually provisioned wireless interfaces and capsman.
So you don’t have to force local wireless interface to connect capsman just to share same settings. But you have to use profiles! (don’t set things on interdace directly … e.g. use of constructs with dot, like security.password, is forbidden, you have to set up a security profile and then use that in configuration).

And the above is the big difference from legacy capsman, which has a completely separate settings and, if one wanted to have same settings for local wireless and caps, it was necessary to (painfully) copy settings between both places.

I just may hire you to setup my wifi… I just cannot afford the postage and cost of envelope to send the cheque.

95% of the setup is done in the same menus.
The only real difference is for local radio you assign config to radio and use local as manager.. For caps you use provisioning and use capsman as manager.

The rest is about the same.

Good common sense information here!!!
Should go in your ‘article’ Holvoe, when the move is done.

Thank you, mkx, for the quick reply and the helpful information.

My main concern was that the CAPsMAN host’s wifi being independent of CAPsMAN may impact the roaming efficiency, because my understanding based on various docs online is that for efficient roaming, all CAPs need to be managed by the same CAPsMAN.

But if I understand what you are saying correctly, because the local Wifi is, in fact, being managed by the same OS instance as the rest of the CAPs, as long as I manually apply the same configuration and security profile in the local wifi config, roaming should be fine.

Thank you!

Yes, exactly.