Hi.
I just started playing with multi-passphrase on Mikrotik and had some issues with some passwords working and some not
In my lab I have an RB1100 running capsman and a hapac3 (all running ROS7.18)
heres my config
/interface wifi channel
add disabled=no frequency=2412,2437,2462 name=2.4ghz width=20mhz
add disabled=no frequency=5180,5260,5500,5580,5660,5745 name=5ghz width=20/40/80mhz
/interface wifi configuration
add channel=5ghz country="South Africa" disabled=no mode=ap name=cfg-5ghz security.authentication-types=wpa2-psk .multi-passphrase-group=test ssid=TEST
/interface wifi
# operated by CAP 08:55:31:E2:FD:1A%bridge1, traffic processing on CAP
# DFS channel availability check (1 min)
add configuration=cfg-5ghz disabled=no name=Room1-5ghz radio-mac=08:55:31:E2:FD:20
/interface wifi configuration
add channel=2.4ghz country="South Africa" datapath.bridge=bridge1 disabled=no mode=ap name=cfg-2.4ghz security.authentication-types=wpa2-psk .multi-passphrase-group=test ssid=TEST
/interface wifi
# operated by CAP 08:55:31:E2:FD:1A%bridge1, traffic processing on CAP
add configuration=cfg-2.4ghz disabled=no name=Room1-2.4ghz radio-mac=08:55:31:E2:FD:1F
/interface wifi capsman
set ca-certificate=auto certificate=auto enabled=yes interfaces=bridge1 package-path="" require-peer-certificate=no upgrade-policy=none
/interface wifi provisioning
add action=create-enabled disabled=no master-configuration=cfg-5ghz name-format=%I-5ghz supported-bands=5ghz-a
add action=create-enabled disabled=no master-configuration=cfg-2.4ghz name-format=%I-2.4ghz supported-bands=2ghz-g
/interface wifi security multi-passphrase
add disabled=no expires="2025-01-07 23:59:59" group=test passphrase=bluebird
add disabled=no expires="2025-02-07 23:59:59" group=test passphrase=browbeat
add disabled=no expires="2025-03-07 23:59:59" group=test passphrase=business
add disabled=no expires="2025-04-07 23:59:59" group=test passphrase=blinkard
...
add disabled=no expires="2042-08-07 23:59:59" group=test passphrase=unfreeze
...
add disabled=no expires="2044-12-07 23:59:59" group=test passphrase=borealis
for brevity i removed a lot of the passphrases, I have a total of 240 - which is a lot less than the 10000 limit.
After this i re-provisioned the CAP and waited like 20 minutes.
but in this example blinkard works but unfreeze did not.
I ran some more tests and it looks like its the expires parameter. Seems as though there is some sort of limit, i can set it to around “2038-02-02 02:07:59” until it stops working
set expires=“2038-02-02 02:07:59” numbers=0 #works
set expires=“2038-02-02 02:08:59” numbers=0 # doesnt work
If I wait a few minutes then set expires="2038-02-02 02:08:59" numbers=0 starts to work. So there seems to be some upper-limit thats relative the routers clock.
Obviously I wouldn’t store things like this for real, but would be great to get an error if the date is too far ahead or document the upper limit.