Hello everyone
I have added a Cap AX with the new Capsmann (Wifi) to a running Mikrotik system with some Caps, managed with Capsmann and VLANs.
The SSID is generated. The connection setup is aborted with the error “no connection possible”.
The log entries for the error message are attached.
The configuration is also attached.
What is wrong with the configuration?
Thank you very much for your feedback
Best regards, Chris
# 2025-01-04 16:59:10 by RouterOS 7.16.2
# software id =
#
# model = L009UiGS
/caps-man channel
add name=channel_Power_50% tx-power=-3
add name=channel_Power_25% tx-power=-6
add band=5ghz-n/ac name=channel_Power_5GHz_25% tx-power=-6
add band=2ghz-g/n comment="-6 = 25%, -3dbm ist 50% der default Leistung" \
name=channel_Power_2GHz_25% tx-power=-6
add band=2ghz-g/n comment="-6 = 25%, -3dbm ist 50% der default Leistung" \
name=channel_Power_2GHz_50% tx-power=-3
add band=5ghz-n/ac name=channel_Power_5GHz_50% tx-power=-3
add name=channel_Power_10% tx-power=-8
/interface bridge
add name=bridge1 port-cost-mode=short vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] name=ether1_WAN
set [ find default-name=ether2 ] name=ether2_Trunk
set [ find default-name=ether3 ] name=ether3_MnG
set [ find default-name=ether4 ] name=ether4_TrunkCap
set [ find default-name=ether5 ] name=ether5_TrunkCap
set [ find default-name=ether6 ] name=ether6_TrunkCap
set [ find default-name=ether7 ] name=ether7_CAP
set [ find default-name=ether8 ] name=ether8_POE_CAP poe-out=forced-on
set [ find default-name=sfp1 ] auto-negotiation=no disabled=yes name=\
sfp1_Trunk speed=1G-baseT-full
/caps-man interface
add disabled=no mac-address= master-interface=none name=cap3 \
radio-mac= radio-name=
/interface vlan
add interface=bridge1 name=VL10_Gast vlan-id=10
add interface=bridge1 name=VL20_SmartHome vlan-id=20
add interface=bridge1 name=VL40_Home vlan-id=40
add interface=bridge1 name=VL50_Work vlan-id=50
add interface=bridge1 name=VL60_Wallbox vlan-id=60
/caps-man datapath
add bridge=bridge1 client-to-client-forwarding=yes local-forwarding=yes name=\
datap_Guest vlan-id=10 vlan-mode=use-tag
add bridge=bridge1 client-to-client-forwarding=yes local-forwarding=yes name=\
datap_Home vlan-id=40 vlan-mode=use-tag
add bridge=bridge1 client-to-client-forwarding=yes local-forwarding=yes name=\
datap_SmartHome vlan-id=20 vlan-mode=use-tag
add bridge=bridge1 client-to-client-forwarding=yes local-forwarding=yes name=\
datap_Work vlan-id=50 vlan-mode=use-tag
add bridge=bridge1 client-to-client-forwarding=yes local-forwarding=yes name=\
datap_Wallbox vlan-id=60 vlan-mode=use-tag
/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm name=sec_Guest
add authentication-types=wpa2-psk encryption=aes-ccm name=sec_Home
add authentication-types=wpa2-psk encryption=aes-ccm name=sec_Work
add authentication-types=wpa2-psk encryption=aes-ccm name=sec_SmartHome
add authentication-types=wpa2-psk encryption=aes-ccm name=sec_Wallbox
/caps-man configuration
add channel=channel_Power_25% comment="CAP in OG----------------------------" \
country=switzerland datapath=datap_Guest datapath.local-forwarding=no \
distance=indoors hide-ssid=no installation=indoor mode=ap \
multicast-helper=full name=config2_OG_Gast_TxP25% security=sec_Guest \
ssid=ocGast
add channel=channel_Power_50% country=switzerland datapath=datap_SmartHome \
datapath.local-forwarding=no distance=indoors hide-ssid=no installation=\
indoor mode=ap multicast-helper=full name=config3_UG_SmartHome_TxP50% \
security=sec_SmartHome ssid=ocSmHo
add channel=channel_Power_25% country=switzerland datapath=datap_Home \
datapath.local-forwarding=no distance=indoors hide-ssid=no installation=\
indoor mode=ap multicast-helper=full name=config2_OG_Home_TxP25% \
security=sec_Home ssid=ocHome
add channel=channel_Power_25% country=switzerland datapath=datap_SmartHome \
datapath.local-forwarding=no distance=indoors hide-ssid=no installation=\
indoor mode=ap multicast-helper=full name=config2_OG_SmartHome_TxP25% \
security=sec_SmartHome ssid=ocSmHo
add channel=channel_Power_25% country=switzerland datapath=datap_Work \
datapath.local-forwarding=no distance=indoors hide-ssid=no installation=\
indoor mode=ap multicast-helper=full name=config2_OG_Work_TxP25% \
security=sec_Work ssid=ocWork
add comment="CAP in EG----------------------------" country=switzerland \
datapath=datap_Guest datapath.local-forwarding=no distance=indoors \
hide-ssid=no installation=indoor mode=ap multicast-helper=full name=\
config1_EG_Gast security=sec_Guest ssid=ocGast
add country=switzerland datapath=datap_Home datapath.local-forwarding=no \
distance=indoors hide-ssid=no installation=indoor mode=ap \
multicast-helper=full name=config1_EG_Home security=sec_Home ssid=ocHome
add country=switzerland datapath=datap_SmartHome datapath.local-forwarding=no \
distance=indoors hide-ssid=no installation=indoor mode=ap \
multicast-helper=full name=config1_EG_SmartHome security=sec_SmartHome \
ssid=ocSmHo
add country=switzerland datapath=datap_Work datapath.local-forwarding=no \
distance=indoors hide-ssid=no installation=indoor mode=ap \
multicast-helper=full name=config1_EG_Work security=sec_Work ssid=ocWork
add channel=channel_Power_25% comment="CAP in UG----------------------------" \
country=switzerland datapath=datap_Home datapath.local-forwarding=no \
distance=indoors hide-ssid=no installation=indoor mode=ap \
multicast-helper=full name=config3_UG_Home_TxP25% security=sec_Home ssid=\
ocHome
add channel=channel_Power_25% country=switzerland datapath=datap_SmartHome \
datapath.local-forwarding=no distance=indoors hide-ssid=no installation=\
indoor mode=ap multicast-helper=full name=config3_UG_SmartHome_TxP25% \
security=sec_SmartHome ssid=ocSmHo
add channel=channel_Power_25% country=switzerland datapath=datap_Wallbox \
datapath.local-forwarding=no distance=indoors hide-ssid=no installation=\
indoor mode=ap multicast-helper=full name=config1_EG_Wallbox_25% \
security=sec_Wallbox ssid=PowerUp
/interface list
add name=WAN
add name=LAN
add name=VL40
#
/interface wifi channel
add band=2ghz-n comment=2.4ghz disabled=no frequency=2412,2432,2462 name=\
2.4ghz skip-dfs-channels=disabled width=20mhz
add band=5ghz-ac comment=5ghz disabled=no frequency=5180,5260,5500 name=5ghz \
width=20/40/80mhz
/interface wifi datapath
add bridge=bridge1 client-isolation=yes disabled=no name=datap_Guest vlan-id=\
10
add bridge=bridge1 disabled=yes name=datap_SmartHome vlan-id=20
/interface wifi security
add authentication-types=wpa2-psk,wpa3-psk disable-pmkid=yes disabled=no ft=\
yes ft-over-ds=yes name=sec_Guest wps=disable
add authentication-types=wpa2-psk,wpa3-psk disabled=yes encryption="" name=\
SmartHome_Test wps=disable
/interface wifi configuration
add comment="CAP in EG----------------------------" country=Switzerland \
datapath=datap_Guest disabled=no hide-ssid=no name=config1_EG_Gast \
security=sec_Guest ssid=ocGast
add country=Switzerland datapath=datap_SmartHome disabled=yes hide-ssid=no \
name=SmartHomeTest security=SmartHome_Test ssid=ocSmHo
#
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip dhcp-server
add add-arp=yes authoritative=after-2sec-delay interface=VL40_Home name=\
dhcp_VL40_Home
/ip pool
add name=dhcp_pool_VL10 ranges=10.66.10.10-10.66.10.19
add name=dhcp_pool_VL20 ranges=10.66.20.117-10.66.20.119
add name=dhcp_pool_VL50 ranges=10.66.50.50-10.66.50.59
add name=dhcp_pool_VL40 ranges=10.77.10.73-10.77.40.75
add name=dhcp_pool_VL60 ranges=10.66.60.60-10.66.60.69
/ip dhcp-server
add add-arp=yes address-pool=dhcp_pool_VL10 authoritative=after-2sec-delay \
interface=VL10_Gast name=dhcp_VL10_GastWLan
add add-arp=yes address-pool=dhcp_pool_VL20 authoritative=after-2sec-delay \
interface=VL20_SmartHome name=dhcp_VL20_SmartHome
add add-arp=yes address-pool=dhcp_pool_VL50 authoritative=after-2sec-delay \
interface=VL50_Work name=dhcp_VL50_Work
add add-arp=yes address-pool=dhcp_pool_VL60 authoritative=after-2sec-delay \
interface=VL60_Wallbox name=dhcp_VL60_Wallbox
/caps-man manager
set ca-certificate=auto certificate=auto enabled=yes package-path=/FW
/caps-man manager interface
set [ find default=yes ] forbid=yes
add disabled=no interface=ether8_POE_CAP
add disabled=no interface=ether7_CAP
add disabled=no interface=bridge1
add disabled=no interface=ether2_Trunk
add disabled=no interface=ether6_TrunkCap
add disabled=no interface=ether5_TrunkCap
add disabled=no interface=ether4_TrunkCap
/caps-man provisioning
add action=create-dynamic-enabled comment="EG Wohnen ##### 2GHz" \
master-configuration=config1_EG_Home name-format=identity radio-mac=\
slave-configurations=\
config1_EG_SmartHome,config1_EG_Work,config1_EG_Gast
add action=create-dynamic-enabled comment="EG Wohnen +++++ 5GHz" \
master-configuration=config1_EG_Home name-format=identity radio-mac=\
slave-configurations=\
config1_EG_SmartHome,config1_EG_Work,config1_EG_Gast
add action=create-dynamic-enabled comment=\
"OG Buero Chrigu ##### 2GHz --- hAPac2" master-configuration=\
config2_OG_Home_TxP25% name-format=identity radio-mac=B \
slave-configurations=\
config2_OG_SmartHome_TxP25%,config2_OG_Work_TxP25%,config2_OG_Gast_TxP25%
add action=create-dynamic-enabled comment=\
"OG Buero Chrigu +++++ 5GHz --- hAPac2--------------" \
master-configuration=config2_OG_Home_TxP25% name-format=identity \
radio-mac= slave-configurations=\
config2_OG_SmartHome_TxP25%,config2_OG_Work_TxP25%,config2_OG_Gast_TxP25%
add action=create-dynamic-enabled comment="UG Technikraum ##### 2GHz" \
master-configuration=config3_UG_SmartHome_TxP25% name-format=identity \
radio-mac= slave-configurations=config3_UG_Home_TxP25%
add action=create-dynamic-enabled comment="EG Garage ##### 2GHz" \
master-configuration=config1_EG_Wallbox_25% name-format=identity \
radio-mac= slave-configurations=\
config2_OG_SmartHome_TxP25%
add action=create-dynamic-enabled comment=\
"EG Garage +++++ 5GHz --- NICHT NOETIG" master-configuration=\
config1_EG_Wallbox_25% name-format=identity radio-mac=
add action=create-dynamic-enabled comment="UG Praxis ##### 2GHz --- hAPac2" \
master-configuration=config3_UG_Home_TxP25% name-format=identity \
radio-mac=
add action=create-dynamic-enabled comment="UG Praxis +++++ 5GHz --- hAPac2" \
master-configuration=config3_UG_Home_TxP25% name-format=identity \
radio-mac=
add action=create-dynamic-enabled comment="EG Geraeteraum ##### 2GHz APlite" \
master-configuration=config3_UG_SmartHome_TxP25% name-format=identity \
radio-mac=
/interface bridge port
add bridge=bridge1 interface=ether2_Trunk internal-path-cost=10 path-cost=10
add bridge=bridge1 interface=ether5_TrunkCap
add bridge=bridge1 interface=ether6_TrunkCap
add bridge=bridge1 interface=ether4_TrunkCap
/ip firewall connection tracking
set udp-timeout=10s
/ip neighbor discovery-settings
set discover-interface-list=Management
/ip settings
set max-neighbor-entries=14336
/ipv6 settings
set disable-ipv6=yes forward=no max-neighbor-entries=7168
/interface bridge vlan
add bridge=bridge1 tagged=\
ether2_Trunk,ether4_TrunkCap,ether5_TrunkCap,ether6_TrunkCap,bridge1 \
vlan-ids=10
add bridge=bridge1 tagged=\
ether2_Trunk,ether4_TrunkCap,ether5_TrunkCap,ether6_TrunkCap,bridge1 \
vlan-ids=20
add bridge=bridge1 tagged=\
ether2_Trunk,ether4_TrunkCap,ether5_TrunkCap,ether6_TrunkCap,bridge1 \
vlan-ids=40
add bridge=bridge1 tagged=\
ether2_Trunk,ether4_TrunkCap,ether5_TrunkCap,ether6_TrunkCap,bridge1 \
vlan-ids=50
add bridge=bridge1 tagged=\
ether2_Trunk,ether4_TrunkCap,ether5_TrunkCap,ether6_TrunkCap,bridge1 \
vlan-ids=60
/interface list member
add comment="Ethernet Port" interface=ether1_WAN list=WAN
add comment=VLAN interface=VL10_Gast list=LAN
add comment=VLAN interface=VL20_SmartHome list=LAN
add comment=VLAN interface=VL40_Home list=LAN
add comment=VLAN interface=VL50_Work list=LAN
add comment="Ethernet Port" interface=ether2_Trunk list=LAN
add comment="Ethernet Port" interface=ether3_MnG list=LAN
add comment="Ethernet Port" interface=ether4_TrunkCap list=LAN
add comment="Ethernet Port" interface=ether5_TrunkCap list=LAN
add comment="Ethernet Port" interface=ether6_TrunkCap list=LAN
add comment="Ethernet Port" interface=ether7_CAP list=LAN
add comment="Ethernet Port" interface=ether8_POE_CAP list=LAN
add interface=sfp1_Trunk list=LAN
add interface=VL40_Home list=VL40
add comment=VLAN interface=VL60_Wallbox list=LAN
/interface wifi capsman
set ca-certificate=auto enabled=yes interfaces=bridge1 package-path=/FW_AX \
require-peer-certificate=no upgrade-policy=none
/interface wifi provisioning
add action=create-dynamic-enabled comment="EG Wohnen AX ##### 2GHz test" \
disabled=no master-configuration=config1_EG_Gast name-format=2G-%I \
radio-mac=D4:01:C3:E2:7F:77 slave-name-format=%m-%v-
add action=create-dynamic-enabled comment="EG Wohnen AX +++++ 5GHz test" \
disabled=no master-configuration=config1_EG_Gast name-format=5G-%I \
radio-mac=D4:01:C3:E2:7F:76 slave-name-format=%m-%v-
/ip address
add address=10.66.10.1/24 interface=VL10_Gast network=10.66.10.0
add address=10.66.20.1/24 interface=VL20_SmartHome network=10.66.20.0
add address=10.77.40.1/24 interface=VL40_Home network=10.77.40.0
add address=10.66.50.1/24 interface=VL50_Work network=10.66.50.0
add address=10.66.60.1/24 interface=VL60_Wallbox network=10.66.60.0
/ip dhcp-client
add interface=ether1_WAN
/ip dhcp-server network
add address=10.66.10.0/24 dns-server=10.66.10.1 domain=VL10_Gast gateway=\
10.66.10.1 ntp-server=10.66.10.1 wins-server=10.66.10.1
add address=10.66.20.0/24 dns-server=10.66.20.1 domain=VL20_SmHo gateway=\
10.66.20.1 ntp-server=10.66.20.1 wins-server=10.66.20.1
add address=10.66.50.0/24 dns-server=10.66.50.1 domain=VL50_Work gateway=\
10.66.50.1 ntp-server=10.66.50.1 wins-server=10.66.50.1
add address=10.66.60.0/24 dns-server=10.66.60.1 domain=VL60_Wallbox gateway=\
10.66.60.1 ntp-server=10.66.60.1 wins-server=10.66.60.1
add address=10.77.40.0/24 dns-server=10.77.40.1 domain=VL40_Home gateway=\
10.77.40.1 ntp-server=10.77.40.1 wins-server=10.77.40.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip firewall address-list
add address=10.77.40.92 list=WLAN_Mobile
add address=10.77.40.81 list=WLAN_Tab_Statisch
add address=10.77.40.90 list=WLAN_Mobile
add address=10.66.20.100 list=InternetZensiert
add address=10.66.20.110 list=NoInternet
add address=10.77.40.70 list=NoInternet_ocHome
add address=10.66.20.40 list=SmartTVundCo
add address=10.66.20.120 list=IP_CAMs
add address=10.77.40.79 list=SonosDevices
add address=10.66.20.130 list=Shellys
/ip firewall nat
add action=masquerade chain=srcnat comment="Routing fuer alles. WAN Port(s) Li\
ste muss unter Interfase List zugeordnet sein" out-interface-list=WAN
/ip ipsec profile
set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5
/ip route
add disabled=yes distance=1 dst-address=192.168.0.0/16 gateway=192.168.0.1 \
pref-src="" routing-table=main scope=30 suppress-hw-offload=yes \
target-scope=10
/ip smb shares
set [ find default=yes ] directory=/pub
/system clock
set time-zone-name=Europe/Zurich
/system ntp client
set enabled=yes
/system ntp server
set enabled=yes multicast=yes
/system ntp client servers
add address=0.pool.ntp.org
