Okay, I got wifi-capsman configured and I got my 3 APs upgraded to wifi-qcom-ac-7.15.npk. All three APs connect and I can see in the Wifi table that all 6 radios are provisioned. In the Interface list I see them all as type “Wifi” but there’s no traffic.
My wifi devices can connect to the APs and I can see in the AP interface that they’re sending and receiving packets to the devices. But the APs aren’t forwarding any of those packets to the router – the devices can’t get IP addresses and aren’t able to talk to wired devices inside my network (or the internet).
I must be missing one last simple step, but I can’t figure it out and the documentation isn’t giving me any hints.
Can anyone point out my lapse?
Thanks,
Brian
Well, many words spoken. Let’s see your config please.
/interface/wifi/export file=anynameyouwish
From wifi-capsman on the server:
# 2024-06-09 09:15:03 by RouterOS 7.15
# software id = I3YE-F7UJ
#
# model = RB1100Dx4
# serial number = 735B07491A91
/interface wifi channel
add band=5ghz-ac disabled=no name="5Ghz (AC)"
add band=2ghz-n disabled=no name=2Ghz
add band=5ghz-ax disabled=no name="5Ghz (AX)"
/interface wifi datapath
add bridge=bridge1 client-isolation=yes disabled=no name=datapath1
/interface wifi security
add authentication-types=wpa2-psk,wpa3-psk disabled=no name="Security 1" wps=\
push-button
/interface wifi steering
add disabled=no name=steering1
/interface wifi configuration
add channel=2Ghz country="United States" datapath=datapath1 datapath.bridge=\
bridge1 disabled=no mode=ap name="Wireless 2Ghz" security="Security 1" \
ssid=Tropicana steering=steering1
add channel="5Ghz (AC)" country="United States" datapath=datapath1 disabled=\
no mode=ap name="Wireless 5Ghz (AC)" security="Security 1" ssid=Tropicana \
steering=steering1
add channel="5Ghz (AX)" country="United States" datapath=datapath1 disabled=\
no manager=capsman-or-local mode=ap name="Wireless 5Ghz (AX)" security=\
"Security 1" ssid=Tropicana steering=steering1
/interface wifi capsman
set ca-certificate=none enabled=yes interfaces=all package-path="" \
require-peer-certificate=no upgrade-policy=suggest-same-version
/interface wifi provisioning
add action=create-dynamic-enabled disabled=no master-configuration=\
"Wireless 5Ghz (AC)" name-format="%I 5Ghz (AC)" supported-bands=\
5ghz-a,5ghz-n,5ghz-ac
add action=create-dynamic-enabled disabled=no master-configuration=\
"Wireless 2Ghz" name-format="%I 2Ghz" supported-bands=2ghz-n
add action=create-dynamic-enabled disabled=no master-configuration=\
"Wireless 5Ghz (AX)" name-format="%I 5Ghz (AX)"
neki
June 9, 2024, 6:56pm
4
We need to see both ends… CAP configs too, at least one AC and one AX…
From one of the CAP ACs. I don’t have an AX CAP yet:
# 2024-06-10 08:34:11 by RouterOS 7.15
# software id = TV11-UX8B
#
# model = RBcAPGi-5acD2nD
# serial number = 819808D09F75
/interface wifi
# managed by CAPsMAN
# mode: AP, SSID: Tropicana, channel: 2412/n/Ce
set [ find default-name=wifi1 ] configuration.manager=capsman .mode=ap \
datapath.bridge=bridgeLocal disabled=no
# managed by CAPsMAN
# mode: AP, SSID: Tropicana, channel: 5180/ac/Ceee
set [ find default-name=wifi2 ] configuration.manager=capsman .mode=ap \
datapath.bridge=bridgeLocal disabled=no
/interface wifi cap
set caps-man-addresses=192.168.1.1 enabled=yes
neki
June 10, 2024, 2:53pm
6
This is all? Or did you reducted everything apart of serial number?
…sympthoms seems like misconfigured bridge, so you have to post whole config, or if this is it you have to configure the bridge (and please don’t name it bridgeLocal)
Neki,
I did as requested and posted the results of “/interface/wifi/export file=anynameyouwish” from both devices. I’m happy to show whatever you ask for.
I didn’t configure or name the bridge When I bought these devices I initialized them to the default AP configuration and set them up in capsman.
Also, please remember that if I switch from the wifi-qcom driver back to the wireless driver it starts up and works perfectly again.
B
neki
June 10, 2024, 5:28pm
8
Now I see… we need whole config… not just wifi (/interface/wifi/export)
Use (both devices)
export file=filename
Router:
# 2024-06-10 13:40:00 by RouterOS 7.15
# software id = I3YE-F7UJ
#
# model = RB1100Dx4
# serial number = ****
/caps-man channel
add band=5ghz-n/ac control-channel-width=20mhz name="5 Ghz Channel" \
reselect-interval=23h save-selected=yes
add band=2ghz-b/g/n control-channel-width=20mhz frequency=2437,2412,2462 \
name="2 GHz" reselect-interval=23h save-selected=yes
/interface bridge
add name=bridge1 port-cost-mode=short
/caps-man datapath
add bridge=bridge1 name=datapath1
/caps-man security
add authentication-types=wpa-psk,wpa2-psk name=security1
/caps-man configuration
add channel="5 Ghz Channel" channel.band=5ghz-a/n/ac country="united states" \
datapath=datapath1 distance=indoors installation=indoor multicast-helper=\
full name="Wireless 5Ghz" security=security1 ssid=Tropicana
add channel="2 GHz" channel.band=2ghz-b/g/n country="united states" datapath=\
datapath1 distance=indoors installation=indoor multicast-helper=full \
name="Wireless 2Ghz" security=security1 ssid=Tropicana
/disk
set sata1 media-interface=none media-sharing=no
/interface list
add name=WAN
add name=LAN
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wifi channel
add band=5ghz-ac disabled=no name="5Ghz (AC)"
add band=2ghz-n disabled=no name=2Ghz
add band=5ghz-ax disabled=no name="5Ghz (AX)"
/interface wifi datapath
add bridge=bridge1 client-isolation=yes disabled=no name=datapath1
/interface wifi security
add authentication-types=wpa2-psk,wpa3-psk disabled=no name="Security 1" wps=\
push-button
/interface wifi steering
add disabled=no name=steering1
/interface wifi configuration
add channel=2Ghz country="United States" datapath=datapath1 datapath.bridge=\
bridge1 disabled=no mode=ap name="Wireless 2Ghz" security="Security 1" \
ssid=Tropicana steering=steering1
add channel="5Ghz (AC)" country="United States" datapath=datapath1 disabled=\
no mode=ap name="Wireless 5Ghz (AC)" security="Security 1" ssid=Tropicana \
steering=steering1
add channel="5Ghz (AX)" country="United States" datapath=datapath1 disabled=\
no manager=capsman-or-local mode=ap name="Wireless 5Ghz (AX)" security=\
"Security 1" ssid=Tropicana steering=steering1
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.1.100-192.168.1.200
/ip dhcp-server
add address-pool=dhcp interface=bridge1 lease-time=10m name=dhcp1
/ip smb users
set [ find default=yes ] disabled=yes
/port
set 0 name=serial0
set 1 name=serial1
/routing bgp template
set default disabled=no output.network=bgp-networks
/routing ospf instance
add disabled=no name=default-v2
/routing ospf area
add disabled=yes instance=default-v2 name=backbone-v2
/routing rip instance
add name=rip-instance-4 route-gc-timeout=120 route-timeout=180 routing-table=\
main update-interval=30
/caps-man manager
set enabled=yes upgrade-policy=suggest-same-version
/caps-man manager interface
set [ find default=yes ] forbid=yes
add disabled=no interface=bridge1
/caps-man provisioning
add action=create-dynamic-enabled hw-supported-modes=an,ac \
master-configuration="Wireless 5Ghz" name-format=prefix-identity \
name-prefix=5
add action=create-dynamic-enabled hw-supported-modes=gn,b,g \
master-configuration="Wireless 2Ghz" name-format=prefix-identity \
name-prefix=2
/interface bridge port
add bridge=bridge1 ingress-filtering=no interface=ether2 internal-path-cost=\
10 path-cost=10
add bridge=bridge1 ingress-filtering=no interface=ether3 internal-path-cost=\
10 path-cost=10
add bridge=bridge1 ingress-filtering=no interface=ether4 internal-path-cost=\
10 path-cost=10
add bridge=bridge1 ingress-filtering=no interface=ether5 internal-path-cost=\
10 path-cost=10
add bridge=bridge1 ingress-filtering=no interface=ether6 internal-path-cost=\
10 path-cost=10
add bridge=bridge1 ingress-filtering=no interface=ether7 internal-path-cost=\
10 path-cost=10
add bridge=bridge1 ingress-filtering=no interface=ether8 internal-path-cost=\
10 path-cost=10
add bridge=bridge1 ingress-filtering=no interface=ether9 internal-path-cost=\
10 path-cost=10
add bridge=bridge1 ingress-filtering=no interface=ether10 internal-path-cost=\
10 path-cost=10
add bridge=bridge1 ingress-filtering=no interface=ether11 internal-path-cost=\
10 path-cost=10
add bridge=bridge1 ingress-filtering=no interface=ether12 internal-path-cost=\
10 path-cost=10
add bridge=bridge1 ingress-filtering=no interface=ether13 internal-path-cost=\
10 path-cost=10
/ip firewall connection tracking
set udp-timeout=10s
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface list member
add interface=ether1 list=WAN
add interface=bridge1 list=LAN
/interface ovpn-server server
set auth=sha1,md5
/interface wifi capsman
set ca-certificate=none enabled=yes interfaces=all package-path="" \
require-peer-certificate=no upgrade-policy=suggest-same-version
/interface wifi provisioning
add action=create-dynamic-enabled disabled=no master-configuration=\
"Wireless 5Ghz (AC)" name-format="%I 5Ghz (AC)" supported-bands=\
5ghz-a,5ghz-n,5ghz-ac
add action=create-dynamic-enabled disabled=no master-configuration=\
"Wireless 2Ghz" name-format="%I 2Ghz" supported-bands=2ghz-n
add action=create-dynamic-enabled disabled=no master-configuration=\
"Wireless 5Ghz (AX)" name-format="%I 5Ghz (AX)"
/ip address
add address=192.168.1.1/24 interface=ether2 network=192.168.1.0
/ip dhcp-client
add interface=ether1
/ip dhcp-server lease
add address=192.168.1.195 client-id=1:b8:27:eb:57:94:34 mac-address=\
B8:27:EB:57:94:34 server=dhcp1
add address=192.168.1.193 client-id=1:b8:27:eb:30:1a:7b mac-address=\
B8:27:EB:30:1A:7B server=dhcp1
add address=192.168.1.163 client-id=1:4:e:3c:e7:e5:2a mac-address=\
04:0E:3C:E7:E5:2A server=dhcp1
add address=192.168.1.102 client-id=1:b8:27:eb:7d:59:e mac-address=\
B8:27:EB:7D:59:0E server=dhcp1
add address=192.168.1.111 client-id=1:dc:a6:32:c1:f6:fd mac-address=\
DC:A6:32:C1:F6:FD server=dhcp1
add address=192.168.1.107 mac-address=24:4B:FE:83:AB:0D server=dhcp1
add address=192.168.1.149 client-id=1:0:11:32:f4:ff:57 mac-address=\
00:11:32:F4:FF:57 server=dhcp1
add address=192.168.1.114 client-id=1:dc:2c:6e:61:9c:86 mac-address=\
DC:2C:6E:61:9C:86 server=dhcp1
add address=192.168.1.122 client-id=1:14:75:5b:ed:49:5a mac-address=\
14:75:5B:ED:49:5A server=dhcp1
add address=192.168.1.124 client-id=1:a0:36:bc:57:77:3a mac-address=\
A0:36:BC:57:77:3A server=dhcp1
add address=192.168.1.110 client-id=1:b8:a4:4f:80:2e:15 mac-address=\
B8:A4:4F:80:2E:15 server=dhcp1
add address=192.168.1.130 mac-address=48:A4:93:C9:6D:80 server=dhcp1
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=192.168.1.1 gateway=192.168.1.1 \
netmask=24
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.1.111 name=music.local
add address=192.168.1.149 name=nvr.local
add address=192.168.1.107 name=nas.local
add address=192.168.1.124 comment="Ricks tiny desktop" name=rick.local
add address=23.25.209.170 name=dev.creativelogistics.com
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
/ip service
set telnet address=192.168.1.0/24
set ftp address=192.168.1.0/24
set www address=192.168.1.0/24
set ssh address=192.168.1.0/24
set api address=192.168.1.0/24
set winbox address=192.168.1.0/24
set api-ssl address=192.168.1.0/24
/ip smb shares
set [ find default=yes ] directory=/pub
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote
/routing bfd configuration
add disabled=no
/system clock
set time-zone-name=America/Chicago
/system logging
set 0 disabled=yes
set 2 disabled=yes
/system note
set show-at-login=no
/tool romon
set enabled=yes
/tool romon port
add forbid=yes interface=ether1
CAP:
# 2024-06-10 13:41:40 by RouterOS 7.15
# software id = TV11-UX8B
#
# model = RBcAPGi-5acD2nD
# serial number = ****
/interface bridge
add admin-mac=CC:2D:E0:10:10:20 auto-mac=no comment=defconf name=bridgeLocal \
port-cost-mode=short
/interface wifi
# managed by CAPsMAN
set [ find default-name=wifi1 ] configuration.manager=capsman .mode=ap \
datapath.bridge=bridgeLocal disabled=no
# managed by CAPsMAN
set [ find default-name=wifi2 ] configuration.manager=capsman .mode=ap \
datapath.bridge=bridgeLocal disabled=no
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/port
set 0 name=serial0
/interface bridge port
add bridge=bridgeLocal comment=defconf ingress-filtering=no interface=ether1 \
internal-path-cost=10 path-cost=10
add bridge=bridgeLocal comment=defconf ingress-filtering=no interface=ether2 \
internal-path-cost=10 path-cost=10
/ip firewall connection tracking
set udp-timeout=10s
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface detect-internet
set detect-interface-list=all
/interface ovpn-server server
set auth=sha1,md5
/interface wifi cap
set caps-man-addresses=192.168.1.1 enabled=yes
/ip dhcp-client
add comment=defconf interface=bridgeLocal
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote
/routing bfd configuration
add disabled=no
/system clock
set time-zone-name=America/Chicago
/system identity
set name="WAP 1"
/system note
set show-at-login=no
/tool romon
set enabled=yes
It looks like you’ve got all the pieces set up individually, they just need to be tied together on that bridge. Frustrating when it’s the “last step” keeping it from working!
I would suggest resetting your CAP to CAPS Mode (/System/Reset Configuration), there are a couple of unnecessary items which could interfere.
Hi,
This!
This suggestion is what worked for me. Reset the configurations on the CAPs after upgrading them to the new qcom package, re-attached them to wifi-capsman and it worked.
Thanks for your help erlinden!
B