My network looks like this: Chateau LTE12 → cAP ax (1) → cAP ax (2). Everything on capsman.
Due to notorious wifi disconnects, i thought I would connect rb260gs to cAP AX (2) and would distribute network on laptops connecting to rb260gs.
So now I have Chateau LTE12 → cAP ax (1) → cAP ax (2) → rb260gs.
I connect my laptops to rb260gs but I get no internet connection. Is there some IP conflict on these devices? Shall I change some setup on rb260gs?
Check the logs of capsman device to see what is happening
When you get tired of capsman, I can help get it working… Its more pain that its worth IMHO. In fact it takes over the config like effing egg plant in a garden. 
Some newbies dislike CAPsMAN…I actually love it 
Let me be clear…I’ve learned a lot from @anav!
It’s a bit difficult to analyse by lack of info…how are the cAP AX’s configured? AFAIK, when they are reset to CAPS Mode, it should work. I think by sharing the config from CAPsMAN and both CAP’s, we would be able to explain:
/export file=anynameyoulike
Remove serials and any other private info, post between code tags by using the </> button.
Truth be told you are brave and I am a coward… when it comes to capsman implementation.
Also, you didnt learn anything from me as I dont know anything, but I have successfully passed on information other ‘real’ experts provide.
Just to add, if I connect my laptop directly to cAP 2 (no rb260gs in between) it works fine.
Chateau:
# 2025-04-12 07:50:56 by RouterOS 7.18.2
# software id =
#
# model =
# serial number =
/interface bridge
add admin-mac= auto-mac=no comment=defconf name=bridge
/interface lte
set [ find default-name=lte1 ] allow-roaming=no band=""
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wifi channel
add disabled=no frequency=2412 name=CH1_2412 width=20mhz
add disabled=no frequency=2437 name=CH6_2437 width=20mhz
add disabled=no frequency=2462 name=CH11_2462 width=20mhz
add disabled=no frequency=5180 name=CH36_5180 width=20/40/80mhz
add disabled=no frequency=5260 name=CH52_5260 width=20/40/80mhz
add disabled=no frequency=5500 name=CH100_5500 width=20/40/80mhz
/interface wifi security
add authentication-types=wpa2-psk disable-pmkid=yes disabled=no ft=yes \
ft-over-ds=yes name=sec1 wps=disable
/interface wifi configuration
add channel=CH11_2462 country=Poland disabled=no name=DZI_2462 security=sec1 \
ssid=MikroTik
add channel=CH100_5500 country=Poland disabled=no name=DZI_5500 security=sec1 \
ssid=MikroTik
add channel=CH6_2437 country=Poland disabled=no name=PRA_2437 security=sec1 \
ssid=MikroTik
add channel=CH52_5260 country=Poland disabled=no name=PRA_5260 security=sec1 \
ssid=MikroTik
add channel=CH1_2412 country=Poland disabled=no name=PRT_2412 security=sec1 \
ssid=MikroTik
add channel=CH36_5180 country=Poland disabled=no name=PRT_5180 security=sec1 \
ssid=MikroTik
/interface wifi
set [ find default-name=wifi1 ] configuration=PRT_5180 configuration.mode=ap \
disabled=no
set [ find default-name=wifi2 ] configuration=PRT_2412 configuration.mode=ap \
disabled=no
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp interface=bridge name=defconf
/queue type
add fq-codel-ecn=no kind=fq-codel name=fq-codel-ethernet-default
/queue interface
set ether1 queue=fq-codel-ethernet-default
set ether2 queue=fq-codel-ethernet-default
set ether3 queue=fq-codel-ethernet-default
set ether4 queue=fq-codel-ethernet-default
set ether5 queue=fq-codel-ethernet-default
/disk settings
set auto-media-interface=bridge auto-media-sharing=yes auto-smb-sharing=yes
/interface bridge port
add bridge=bridge comment=defconf interface=ether1
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=wifi1
add bridge=bridge comment=defconf interface=wifi2
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=lte1 list=WAN
/interface wifi capsman
set enabled=yes package-path="" require-peer-certificate=no upgrade-policy=\
none
/interface wifi provisioning
add action=create-dynamic-enabled disabled=no master-configuration=PRT_2412 \
radio-mac=
add action=create-dynamic-enabled disabled=no master-configuration=PRA_2437 \
radio-mac=
add action=create-dynamic-enabled disabled=no master-configuration=DZI_2462 \
radio-mac=
add action=create-dynamic-enabled disabled=no master-configuration=PRT_5180 \
radio-mac=
add action=create-dynamic-enabled disabled=no master-configuration=PRA_5260 \
radio-mac=
add action=create-dynamic-enabled disabled=no master-configuration=DZI_5500 \
radio-mac=
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=\
192.168.88.0
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 gateway=\
192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan type=A
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=\
icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" \
dst-port=33434-33534 protocol=udp
add action=accept chain=input comment=\
"defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\
udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \
protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=\
ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\
ipsec-esp
add action=accept chain=input comment=\
"defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment=\
"defconf: drop everything else not coming from LAN" in-interface-list=\
!LAN
add action=accept chain=forward comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment=\
"defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \
hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\
icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=\
500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\
ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\
ipsec-esp
add action=accept chain=forward comment=\
"defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment=\
"defconf: drop everything else not coming from LAN" in-interface-list=\
!LAN
/system clock
set time-zone-name=Europe/Warsaw
/system note
set show-at-login=no
/system routerboard mode-button
set enabled=yes on-event=dark-mode
/system routerboard wps-button
set enabled=yes on-event=wps-accept
/system script
add comment=defconf dont-require-permissions=no name=dark-mode owner=*sys \
policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
source="\r\
\n :if ([system leds settings get all-leds-off] = \"never\") do={\r\
\n /system leds settings set all-leds-off=immediate \r\
\n } else={\r\
\n /system leds settings set all-leds-off=never \r\
\n }\r\
\n "
add comment=defconf dont-require-permissions=no name=wps-accept owner=*sys \
policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
source="\r\
\n :foreach iface in=[/interface/wifi find where (configuration.mode=\"a\
p\" && disabled=no)] do={\r\
\n /interface/wifi wps-push-button \$iface;}\r\
\n "
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
cAP 1:
# 2025-04-12 07:54:00 by RouterOS 7.18.2
# software id =
#
# model = cAPGi-5HaxD2HaxD
# serial number =
/interface bridge
add admin-mac= auto-mac=no comment=defconf name=bridgeLocal
/interface wifi datapath
add bridge=bridgeLocal comment=defconf disabled=no name=capdp
/interface wifi
# managed by CAPsMAN %bridgeLocal, traffic processing on CAP
# mode: AP, SSID: MikroTik, channel: 5500/ax/Ceee/D
set [ find default-name=wifi1 ] configuration.manager=capsman datapath=capdp \
disabled=no
# managed by CAPsMAN :F8%bridgeLocal, traffic processing on CAP
# mode: AP, SSID: MikroTik, channel: 2462/ax
set [ find default-name=wifi2 ] configuration.manager=capsman datapath=capdp \
disabled=no
/interface bridge port
add bridge=bridgeLocal comment=defconf interface=ether1
add bridge=bridgeLocal comment=defconf interface=ether2
/interface wifi cap
set discovery-interfaces=bridgeLocal enabled=yes slaves-datapath=capdp
/ip dhcp-client
add comment=defconf interface=bridgeLocal
/system clock
set time-zone-name=Europe/Warsaw
/system note
set show-at-login=no
cAP 2:
# 2025-04-12 07:55:06 by RouterOS 7.18.2
# software id =
#
# model = cAPGi-5HaxD2HaxD
# serial number =
/interface bridge
add admin-mac= auto-mac=no comment=defconf name=bridgeLocal
/interface wifi datapath
add bridge=bridgeLocal comment=defconf disabled=no name=capdp
/interface wifi
# managed by CAPsMAN %bridgeLocal, traffic processing on CAP
# mode: AP, SSID: MikroTik, channel: 5260/ax/Ceee/DI
set [ find default-name=wifi1 ] configuration.manager=capsman datapath=capdp \
disabled=no
# managed by CAPsMAN %bridgeLocal, traffic processing on CAP
# mode: AP, SSID: MikroTik, channel: 2437/ax
set [ find default-name=wifi2 ] configuration.manager=capsman datapath=capdp \
disabled=no
/interface bridge port
add bridge=bridgeLocal comment=defconf interface=ether1
add bridge=bridgeLocal comment=defconf interface=ether2
/interface wifi cap
set discovery-interfaces=bridgeLocal enabled=yes slaves-datapath=capdp
/ip dhcp-client
add comment=defconf interface=bridgeLocal
/system clock
set time-zone-name=Europe/Warsaw
/system note
set show-at-login=no
By the fact that when you connect the laptop directly to CAP 2 everything works, but through RB260 does not work, you can understand that the problem lies in its settings. Show / see the settings of RB260, unfortunately it is SWOS and you can only show screenshots of settings. First of all check what IP address it has, you can see in winbox/neighbors
Here it is:
You have a conflict of IP addresses. change the rb260 address to any free one.
192.168.88.1 is the same address on the router.
I have changed the IP address of rb260gs to 192.168.88.246. Is this ok?
Other devices have different IPs:
Still no internet.
I have just noticed that the cAP I am connecting to got restarted in the meantime (the uptime is less than 2 minutes - I haven’t restarted it).
OK, I have now connected cAP2 to rb260gs through ether 5 instead of ether 1 and now it works.
ether1 on rb260gs seems to be a poe port and I am powering rb260gs with a separate charger. Somehow there must have been a conflict. cAP1 powers up cAP2 via poe and I guess it has not enough power to power up rb260gs, even though rb260gs is powered from charger.
Thanks for all advices and help!!