My HP network Laser printers (BOTH!) won't connect to my cAP ac AP's anymore after upgrade from Wireless to WiFi (using "wifi-qcom-ac" package)

I recently upgraded my (3) MikroTik cAP ac AP’s from the original “Wireless” mode to the new “WiFi” mode by replacing the “Wireless” package by the new "wifi-qcom-ac" package. This results in much higher Tx and Rx rates (double!) but introduced the problem that (BOTH!) my HP network Laser Printers won’t connect anymore to their resp. AP’s… It’s seems that they try to connect every +/- 30sec as they do appear every 30sec in the “Registration” list (under WiFi/Registration) for about 6sec with the correct/expected WiFi parameters (“wpa2-PSK Auth Type and “2.4GHz N” Band). However for some reason they can’t get through the connectivity/auth process.

I use multiple (4) VLANs on each of them: one for Management and 3 for the 3 SSIDs. All three cAP ac APs use identical configurations. Each HP printer connects to a different SSID/VLAN and shows the same connectivity problem. I already set the “Multicast Enhance” parameter (under WiFi/Interface) to ‘enabled’ but that doesn’t seem to resolve the issue…

Any suggestions from the wiz kids here would be highly appreciated!

Greetz,

Bruno

# 2026-02-17 09:47:18 by RouterOS 7.21.3
# software id = RYND-HF3K
#
# model = RBcAPGi-5acD2nD
/interface bridge
add admin-mac=2C:C8:1B:C3:1F:41 auto-mac=no fast-forward=no frame-types=\
    admit-only-vlan-tagged name="Bridge 01 - (W)LAN" port-cost-mode=short \
    vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] name="Ether 01 - PoE IN | UpLink <=> PoE Swit\
    ch 01 [MikroTik CRS112-8P-4S] | ETH 06"
set [ find default-name=ether2 ] name=\
    "Ether 02 - PoE OUT | OFF Bridge Management Port"
/interface vlan
add interface="Bridge 01 - (W)LAN" name="VLAN 02 - Main VLAN" vlan-id=2
add interface="Bridge 01 - (W)LAN" name="VLAN 04 - Family VLAN" vlan-id=4
add interface="Bridge 01 - (W)LAN" name="VLAN 05 - Guest VLAN" vlan-id=5
add interface="Bridge 01 - (W)LAN" name="VLAN 88 - Management VLAN" vlan-id=\
    88
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wifi channel
add band=2ghz-n disabled=no name="Channel 01 - 2.4GHz" width=20/40mhz-eC
add band=5ghz-ac disabled=no name="Channel 02 - 5 GHz" width=20/40/80mhz
/interface wifi security
add authentication-types=wpa2-psk,wpa3-psk disabled=no encryption=\
    ccmp,gcmp,ccmp-256,gcmp-256 name="Security Profile 01 - Bruno" wps=\
    push-button
add authentication-types=wpa2-psk,wpa3-psk disabled=no encryption=\
    ccmp,gcmp,ccmp-256,gcmp-256 name="Security Profile 02 - Laurent" wps=\
    push-button
add authentication-types=wpa2-psk,wpa3-psk disabled=no encryption=\
    ccmp,gcmp,ccmp-256,gcmp-256 name="Security Profile 03 - Guest" wps=\
    push-button
/interface wifi configuration
add channel="Channel 01 - 2.4GHz" country=Belgium disabled=no hide-ssid=yes \
    installation=indoor mode=ap multicast-enhance=enabled name=\
    "Configuration 01 - 2.4 GHz - Bruno" security=\
    "Security Profile 01 - Bruno" ssid=Bruno
add channel="Channel 02 - 5 GHz" country=Belgium disabled=no hide-ssid=no \
    installation=indoor mode=ap name="Configuration 05 - 5 GHz - Laurent" \
    security="Security Profile 02 - Laurent" ssid=Laurent
add channel="Channel 01 - 2.4GHz" country=Belgium disabled=no hide-ssid=no \
    installation=indoor mode=ap name="Configuration 03 - 2.4 GHz - Guest" \
    security="Security Profile 03 - Guest" ssid=Guest
add channel="Channel 02 - 5 GHz" country=Belgium disabled=no hide-ssid=yes \
    installation=indoor mode=ap name="Configuration 04 - 5 GHz - Bruno" \
    security="Security Profile 01 - Bruno" ssid=Bruno
add channel="Channel 01 - 2.4GHz" country=Belgium disabled=no hide-ssid=no \
    installation=indoor mode=ap name="Configuration 02 - 2.4 GHz - Laurent" \
    security="Security Profile 02 - Laurent" ssid=Laurent
add channel="Channel 02 - 5 GHz" country=Belgium disabled=no hide-ssid=no \
    installation=indoor mode=ap name="Configuration 06 - 5 GHz - Guest" \
    security="Security Profile 03 - Guest" ssid=Guest
/interface wifi
set [ find default-name=wifi1 ] configuration=\
    "Configuration 01 - 2.4 GHz - Bruno" configuration.mode=ap disabled=no \
    mac-address=2C:C8:1B:C3:1F:51 name="WLAN 01 - 2.4 GHz - Bruno"
add configuration="Configuration 02 - 2.4 GHz - Laurent" configuration.mode=\
    ap mac-address=2E:C8:1B:C3:1F:53 master-interface=\
    "WLAN 01 - 2.4 GHz - Bruno" name="WLAN 01.02 - 2.4 GHz - Laurent"
add configuration="Configuration 03 - 2.4 GHz - Guest" configuration.mode=ap \
    disabled=no mac-address=2E:C8:1B:C3:1F:54 master-interface=\
    "WLAN 01 - 2.4 GHz - Bruno" name="WLAN 01.03 - 2.4 GHz - Guest"
set [ find default-name=wifi2 ] configuration=\
    "Configuration 04 - 5 GHz - Bruno" configuration.mode=ap disabled=no \
    mac-address=2C:C8:1B:C3:1F:52 name="WLAN 02 - 5 GHz - Bruno"
add configuration="Configuration 05 - 5 GHz - Laurent" configuration.mode=ap \
    disabled=no mac-address=2E:C8:1B:C3:1F:55 master-interface=\
    "WLAN 02 - 5 GHz - Bruno" name="WLAN 02.02 - 5 GHz - Laurent"
add configuration="Configuration 06 - 5 GHz - Guest" configuration.mode=ap \
    mac-address=2E:C8:1B:C3:1F:56 master-interface="WLAN 02 - 5 GHz - Bruno" \
    name="WLAN 02.03 - 5 GHz - Guest"
/ip pool
add name="DHCP Pool 01 - OFF Bridge Management Port Client IP Address" \
    ranges=192.168.89.2
/interface bridge port
add bridge="Bridge 01 - (W)LAN" frame-types=admit-only-vlan-tagged interface="\
    Ether 01 - PoE IN | UpLink <=> PoE Switch 01 [MikroTik CRS112-8P-4S] | ETH\
    \_06" internal-path-cost=10 path-cost=10
add bridge="Bridge 01 - (W)LAN" frame-types=\
    admit-only-untagged-and-priority-tagged interface=\
    "WLAN 01 - 2.4 GHz - Bruno" pvid=2
add bridge="Bridge 01 - (W)LAN" frame-types=\
    admit-only-untagged-and-priority-tagged interface=\
    "WLAN 01.02 - 2.4 GHz - Laurent" pvid=4
add bridge="Bridge 01 - (W)LAN" frame-types=\
    admit-only-untagged-and-priority-tagged interface=\
    "WLAN 01.03 - 2.4 GHz - Guest" pvid=5
add bridge="Bridge 01 - (W)LAN" frame-types=\
    admit-only-untagged-and-priority-tagged interface=\
    "WLAN 02 - 5 GHz - Bruno" pvid=2
add bridge="Bridge 01 - (W)LAN" frame-types=\
    admit-only-untagged-and-priority-tagged interface=\
    "WLAN 02.02 - 5 GHz - Laurent" pvid=4
add bridge="Bridge 01 - (W)LAN" frame-types=\
    admit-only-untagged-and-priority-tagged interface=\
    "WLAN 02.03 - 5 GHz - Guest" pvid=5
/ip firewall connection tracking
set udp-timeout=10s
/ip neighbor discovery-settings
set discover-interface-list=none
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface bridge vlan
add bridge="Bridge 01 - (W)LAN" tagged="Bridge 01 - (W)LAN,Ether 01 - PoE IN |\
    \_UpLink <=> PoE Switch 01 [MikroTik CRS112-8P-4S] | ETH 06" untagged=\
    "WLAN 01 - 2.4 GHz - Bruno,WLAN 02 - 5 GHz - Bruno" vlan-ids=2
add bridge="Bridge 01 - (W)LAN" tagged="Bridge 01 - (W)LAN,Ether 01 - PoE IN |\
    \_UpLink <=> PoE Switch 01 [MikroTik CRS112-8P-4S] | ETH 06" untagged=\
    "WLAN 01.02 - 2.4 GHz - Laurent,WLAN 02.02 - 5 GHz - Laurent" vlan-ids=4
add bridge="Bridge 01 - (W)LAN" tagged="Bridge 01 - (W)LAN,Ether 01 - PoE IN |\
    \_UpLink <=> PoE Switch 01 [MikroTik CRS112-8P-4S] | ETH 06" untagged=\
    "WLAN 01.03 - 2.4 GHz - Guest,WLAN 02.03 - 5 GHz - Guest" vlan-ids=5
add bridge="Bridge 01 - (W)LAN" tagged="Bridge 01 - (W)LAN,Ether 01 - PoE IN |\
    \_UpLink <=> PoE Switch 01 [MikroTik CRS112-8P-4S] | ETH 06" vlan-ids=88
/interface ovpn-server server
add auth=sha1,md5 mac-address=FE:30:95:21:96:98 name=ovpn-server1
/ip address
add address=192.168.89.1/30 comment=\
    "OFF Bridge Management IP Address (GENERIC)" interface=\
    "Ether 02 - PoE OUT | OFF Bridge Management Port" network=192.168.89.0
/ip dhcp-client
add interface="VLAN 88 - Management VLAN"
/ip dhcp-server
# Interface not running
add address-pool=\
    "DHCP Pool 01 - OFF Bridge Management Port Client IP Address" interface=\
    "Ether 02 - PoE OUT | OFF Bridge Management Port" lease-time=1d name=\
    "DHCP Server 01 - OFF Bridge Management Port"
/ip dhcp-server network
add address=192.168.89.0/30 comment="OFF Bridge Management Port Subnet" \
    gateway=192.168.89.1
/ip dns
set servers=192.168.88.1
/ip ipsec profile
set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5
/ip route
add disabled=no dst-address=0.0.0.0/0 gateway=192.168.88.1
/ip service
set ftp disabled=yes
set ssh disabled=yes
set telnet disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ipv6 nd
set [ find default=yes ] advertise-dns=yes
/routing bfd configuration
add disabled=no
/system clock
set time-zone-name=Europe/Brussels
/system identity
set name="AP 06 - Zolder"
/system ntp client
set enabled=yes mode=broadcast

cAP ac config.rsc (8.1 KB)

Registration1252×618 143 KB

Would help if you share the current config of one of the cAP ac's.:

/export file=anynameyoulike

Remove serial and any other private info, post as Preformatted text by using the </> button.

What RouterOS version are you running?
Out of curiosity, why aren't they connected through cable?
Anything in the logging (you can add debug logging)?
Any reason why you don't use CAPsMAN?

Thanks for reaching out erlinden!

I’m using RouterOS 7.21.3 (upgraded all my cAP ac’s earlier this week to see if that would fix the problem).

I’m not using cable as I don’t have Ethernet ports available where the printers are located. If I use cable everything works just fine so I can always ‘fall back’ on that, but i really would line to have the wireless connection working…

There’s nothing in the standard logging, but I might try debug logging if that’s required (need to figure out how to enable it but that can’t be too hard…)

I’ve tried CAPsMAN in the past but was unsuccesful… I’m also using 2 different AP’s in my network (3 x cAP ac and 1 x cAP ax). Each cAP has identical config, but on each I disable some of the Interfaces as I don’t need all SSID’s on each location. I also have serious problems to get the cAP ax working ‘at full speed’ (I currently have much lower Rx/Tx values on the cAP ax as compared to the (WiFi upgraded) cAP ac’s, but that’s another topic…

I already uploaded the config file, but I’ll try the </> button instead…

Just to home in on the problem a bit more, does anything else [mobile phone?] work on these SSIDs - and if they fail, how far do they get with connecting?

Can you give WPA2-PSK and CCMP a try (at least as a test):

/interface wifi security
add authentication-types=wpa2-psk disabled=no encryption=ccmp name="Security Profile 01 - Bruno" wps=push-button
add authentication-types=wpa2-psk disabled=no encryption=ccmp name="Security Profile 02 - Laurent" wps=push-button
add authentication-types=wpa2-psk disabled=no encryption=ccmp name="Security Profile 03 - Guest" wps=push-button

From the above, encryption is my suspect of your problems. authentication-types is personal preference. If you want to keep the letter, unset encryption or set it to ccmp.

ALL other wireless devices (smartphones, PC/notebooks, PlayStation,…) connect and work w/o any problem (see also the screen shot from the Registrartion window: there are 3 devices connected and working properly

Ooops, sorry double post.

Well, those three don't really count IMHO.

They are all connected to the 5 GHz and with wpa3-psk, whilst the HP printer attempts (and fails) to connect to the 2.4 GHz and with wpa2-psk.

I already tried that some time before, but I’ll give it another try… I will only change the security profile for the ‘Bruno’ SSID as that’s the one that is used by the HP printer on this floor…

After I changed to wp2-psk (only) and ccmp (only) the printer doesn’t even appear at all anymore in the Registration list… So that didn’t solve the problem…

That is actually quite common with printers. They often have old unmaintained software that is badly written in that it does not recognize new options and parameters introduced with newer WiFi standards.

So once you deploy a WiFi with “modern” stuff like 802.11k/r/v or 802.11d they are confused and act up.

The new drivers use some of these features and that can cause problems.

When I got this issue at work years ago (with Unifi wireless) I decided to run a cable to the printer. Later, a newer printer was bought and it worked on the WiFi.

Try to enable also TKIP in encryption, I had issues with some of my devices unable to connect when TKIP was disabled. And it was weird because it wasn’t enough to enable TKIP in WinBox, but I had to completely unset the encryption parameter - this was on wAP ax.

That is correct… All my ‘other devices’ support 5GHz and wpa3-psk auth, but the HP printer only supports 2,4GHz and wpa2-psk… But the problem is not in the 2,4GHz and/or wpa2-psk as when I disable the 5GHz Interfaces and wpa3-pask all my other devices connect just fine on 2,4GHz and wpa2-psk as you can see in the screenshot below

Screenshot 2026-02-17 1050311246×609 67 KB

Set management protection to disabled.

Yep, I only pointed out that the earlier screenshot didn't prove that.

The double (wpa2-psk/wpa3-psk) authentication has been reported to sometimes create issues, but if it doesn't work with just wpa2-psk, then it must be something else.

Which models are the HP printers?

The problem is not with the AP, but with the printer! Most likely, the printer has a problem with seeing WPA3 and not WPA2-only.

Try creating a separate IoT SSID with only WPA2-CCMP, disable 802.11k/r/v, disable management protection, and see what happens.

I have a “HP LaserJet Pro 400 color MFP M475dw” (that’s a really old guy…) and a newer “HP Color Laser MFP 179fnw”…

You could check if there is a firmware update for the printer. But first google around a bit to check if newer firmware does not introduce unwanted side-effects (like insisting on “genuine toner”)!

That did the trick!!! I put “Management Protection” explicitely to ‘disabled’ and then I got an error that I can’t do that when I use both wpa2-psk AND wpa3-psk, so I also disabled wpa3-psk and after that the printer connects correctly!!!

Thanks for the suggestion Znevna!

Never mind, I was posting while OP was reporting success.

Nice suggestion!