Packages and configs on L009UiGS and cAPGi-5HaxD2HaxD

gferen · May 10, 2024, 4:05pm

Hello all,

Might be pretty basic question, but here it is.

I have L009UiGS, 3X cAPGi-5HaxD2HaxD. I control (at least I think so) with CAPsMAN
L009 have packages routeros and wireless
AP’s have routeros and wifi-qcom
All are version 7.14.3
Is that correct packages for WIFI?

As well i am noticing, that on Random occasions internet is just gone… 5-10 ping timeouts and then i comes back.
There is nothing in log files, but i guess AP’s might be fighting in betwen then.
But i see there are some settings with default IP’s of 192.168.88.x on DNS, on POOL’s…

The AP’s were configured by CAPsMAN.

This is router confing:

# 2024-05-09 19:37:23 by RouterOS 7.14.3
# software id = xxxxxxxx
#
# model = L009UiGS
# serial number = xxxxxxxx
/caps-man configuration
add country=bulgaria datapath.local-forwarding=yes .vlan-id=100 .vlan-mode=\
    use-tag name=V100 security.authentication-types=wpa-psk,wpa2-psk ssid=\
    V100
add country=bulgaria datapath.local-forwarding=yes .vlan-id=200 .vlan-mode=\
    use-tag name=Desktop security.authentication-types=wpa-psk,wpa2-psk ssid=\
    Desktop
add country=bulgaria datapath.local-forwarding=yes .vlan-id=800 .vlan-mode=\
    use-tag name=RENAME-huawei security.authentication-types=wpa-psk,wpa2-psk \
    ssid=RENAME-huawei
add country=bulgaria datapath.local-forwarding=yes .vlan-id=666 .vlan-mode=\
    use-tag name=Config_GUEST security.authentication-types=wpa-psk,wpa2-psk \
    ssid=WiFi_GUEST
/interface bridge
add admin-mac=7xxxxxxxxE auto-mac=no mtu=1500 name=TrunkBridge \
    protocol-mode=none pvid=100 vlan-filtering=yes
/interface vlan
add interface=TrunkBridge name="Desktop V200" vlan-id=200
add interface=TrunkBridge name=GUEST vlan-id=666
add interface=TrunkBridge name="IOT V800" vlan-id=800
add interface=TrunkBridge name="MGMT V100" vlan-id=100
add interface=TrunkBridge name="VMWare V1000" vlan-id=1000
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wifi datapath
add disabled=no name=GUEST vlan-id=666
add disabled=no name=Desktop vlan-id=200
add disabled=no name=IOT vlan-id=800
/interface wifi security
add authentication-types=wpa2-psk,wpa3-psk disabled=no group-encryption=ccmp \
    name=Guest_sec
add authentication-types=wpa2-psk,wpa3-psk disabled=no group-encryption=ccmp \
    name=Desktop_sec
add authentication-types=wpa2-psk,wpa3-psk disabled=no group-encryption=ccmp \
    name=IOT_sec
/interface wifi configuration
add datapath=GUEST datapath.vlan-id=666 disabled=no interworking.hotspot20=no \
    .network-type=private name=Config_GUEST security=Guest_sec \
    security.authentication-types=wpa2-psk,wpa3-psk .ft=yes .ft-over-ds=yes \
    .group-encryption=ccmp ssid=WiFi_GUEST
add datapath=Desktop datapath.vlan-id=200 disabled=no interworking.hotspot20=\
    no .network-type=private name=Desktop security=Desktop_sec \
    security.authentication-types=wpa2-psk,wpa3-psk .ft=yes .ft-over-ds=yes \
    ssid=Desktop
add datapath=IOT datapath.vlan-id=800 disabled=no interworking.hotspot20=no \
    .network-type=private name=IOT security=IOT_sec \
    security.authentication-types=wpa2-psk,wpa3-psk .ft=yes .ft-over-ds=yes \
    ssid=HxxxxxxxxE
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name="MGMT pool" ranges=192.168.250.111-192.168.250.122
add name="IOT pool" ranges=192.168.8.10-192.168.8.150
add name="vmware pool" ranges=192.168.200.50-192.168.200.90
add name="desktop pool" ranges=192.168.10.105-192.168.10.200
add name=GUEST ranges=10.20.30.100-10.20.30.200
/ip dhcp-server
add add-arp=yes address-pool="MGMT pool" interface="MGMT V100" name=\
    "MGMT 250 dhcp"
add add-arp=yes address-pool="IOT pool" interface="IOT V800" name=\
    "IOT 8 DHCP"
add add-arp=yes address-pool="vmware pool" interface="VMWare V1000" name=\
    "vmware V1000 DHCP"
add add-arp=yes address-pool="desktop pool" interface="Desktop V200" name=\
    "Desktop V200 DHCP"
add add-arp=yes address-pool=GUEST interface=GUEST name=GUEST
/ip smb users
set [ find default=yes ] disabled=yes
/port
set 0 name=serial0
/user group
add name=hass policy="reboot,read,write,policy,test,winbox,api,!local,!telnet,\
    !ssh,!ftp,!password,!web,!sniff,!sensitive,!romon,!rest-api"
/caps-man manager interface
set [ find default=yes ] forbid=yes
add disabled=no interface=TrunkBridge
/interface bridge port
add bridge=TrunkBridge frame-types=admit-only-vlan-tagged interface=ether5
add bridge=TrunkBridge frame-types=admit-only-vlan-tagged interface=ether6
add bridge=TrunkBridge frame-types=admit-only-vlan-tagged interface=ether7
add bridge=TrunkBridge frame-types=admit-only-vlan-tagged interface=ether8
add bridge=TrunkBridge frame-types=admit-only-untagged-and-priority-tagged \
    ingress-filtering=no interface=ether2 pvid=200
add bridge=TrunkBridge frame-types=admit-only-untagged-and-priority-tagged \
    interface=ether3 pvid=200
add bridge=TrunkBridge frame-types=admit-only-untagged-and-priority-tagged \
    interface=ether4 pvid=200
add bridge=TrunkBridge frame-types=admit-only-untagged-and-priority-tagged \
    interface=ether1 pvid=200
/ip firewall connection tracking
set udp-timeout=10s
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface bridge vlan
add bridge=TrunkBridge tagged=TrunkBridge,ether5,ether6,ether7,ether8 \
    untagged=ether1,ether2,ether3,ether4 vlan-ids=200
add bridge=TrunkBridge tagged=TrunkBridge,ether5,ether6,ether7,ether8 \
    untagged=ether1,ether2,ether3,ether4 vlan-ids=100
add bridge=TrunkBridge tagged=TrunkBridge,ether5,ether6,ether7,ether8 \
    untagged=ether1,ether2,ether3,ether4 vlan-ids=1000
add bridge=TrunkBridge tagged=TrunkBridge,ether5,ether6,ether7,ether8 \
    untagged=ether1,ether2,ether3,ether4 vlan-ids=800
add bridge=TrunkBridge tagged=TrunkBridge,ether6,ether5,ether7,ether8 \
    untagged=ether1,ether2,ether3,ether4 vlan-ids=666
/interface list member
add interface=TrunkBridge list=LAN
add interface=sfp1 list=WAN
/interface wifi capsman
set ca-certificate=auto certificate=auto enabled=yes interfaces="MGMT V100" \
    package-path=/pub require-peer-certificate=no upgrade-policy=\
    suggest-same-version
/interface wifi provisioning
add action=create-dynamic-enabled disabled=no master-configuration=Desktop \
    slave-configurations=IOT,Config_GUEST
/ip address
add address=192.168.250.1/24 interface="MGMT V100" network=192.168.250.0
add address=192.168.8.1/24 interface="IOT V800" network=192.168.8.0
add address=192.168.200.1/24 interface="VMWare V1000" network=192.168.200.0
add address=192.168.10.1/24 interface="Desktop V200" network=192.168.10.0
add address=10.20.30.1/24 interface=GUEST network=10.20.30.0
/ip arp
add address=192.168.250.3 interface="MGMT V100" mac-address=08:36:C9:19:16:30
add address=192.168.250.4 interface="MGMT V100" mac-address=08:36:C9:19:16:64
add address=192.168.8.225 interface="IOT V800" mac-address=84:CC:A8:AF:97:EE
add address=192.168.250.113 interface="MGMT V100" mac-address=\
    48:A9:8A:BA:2E:F0
add address=192.168.250.115 interface="MGMT V100" mac-address=\
    48:A9:8A:C2:84:8D
/ip dhcp-client
add interface=sfp1
/ip dhcp-server lease
add address=192.168.8.104 client-id=1:xxxxxxxx comment=\
    "SolarEdge inverter" mac-address=xxxxxxxx server="IOT 8 DHCP"
add address=192.168.8.225 mac-address=8xxxxxxxxE server="IOT 8 DHCP"
add address=192.168.8.121 mac-address=0xxxxxxxx0 server="IOT 8 DHCP"
/ip dhcp-server network
add address=10.20.30.0/24 dns-server=192.168.8.252 gateway=10.20.30.1 \
    netmask=24
add address=192.168.8.0/24 dns-server=192.168.8.252 gateway=192.168.8.1 \
    netmask=24
add address=192.168.10.0/24 dns-server=192.168.8.252 gateway=192.168.10.1 \
    netmask=24
add address=192.168.200.0/24 dns-server=192.168.8.252 gateway=192.168.200.1 \
    netmask=24
add address=192.168.250.0/24 dns-server=192.168.8.252 gateway=192.168.250.1 \
    netmask=24
/ip dns
set allow-remote-requests=yes servers=192.168.8.252
/ip dns static
add address=192.168.8.252 comment=defconf name=router.lan
/ip firewall address-list
add address=acme-v02.api.letsencrypt.org list=LE
add address=acme-staging-v02.api.letsencrypt.org list=LE
add address=letsencrypt.org list=LE
add address=outbound1c.letsencrypt.org list=LE
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all  coming from WAN" \
    in-interface-list=WAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
add action=drop chain=input comment="drop ssh brute forcers" disabled=yes \
    dst-port=22 protocol=tcp src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist \
    address-list-timeout=1w3d chain=input connection-state=new disabled=yes \
    dst-port=22 protocol=tcp src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3 \
    address-list-timeout=1m chain=input connection-state=new disabled=yes \
    dst-port=22 protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 \
    address-list-timeout=1m chain=input connection-state=new disabled=yes \
    dst-port=22 protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 \
    address-list-timeout=1m chain=input connection-state=new disabled=yes \
    dst-port=22 protocol=tcp
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat dst-port=51820 protocol=udp to-addresses=\
    192.168.8.50 to-ports=51820
add action=dst-nat chain=dstnat comment="ENABLE FOR CERT RENEWAL" \
    dst-address-list=LE dst-port=80 log=yes log-prefix=LE protocol=tcp \
    to-addresses=192.168.8.50 to-ports=80
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes port=2200
set api-ssl disabled=yes
/ip smb shares
set [ find default=yes ] directory=/pub
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=\
    icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" \
    dst-port=33434-33534 protocol=udp
add action=accept chain=input comment=\
    "defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\
    udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \
    protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=\
    ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\
    ipsec-esp
add action=accept chain=input comment=\
    "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment=\
    "defconf: drop everything else not coming from LAN" in-interface-list=\
    !LAN
add action=accept chain=forward comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment=\
    "defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \
    hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\
    icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=\
    500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\
    ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\
    ipsec-esp
add action=accept chain=forward comment=\
    "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment=\
    "defconf: drop everything else not coming from LAN" in-interface-list=\
    !LAN
/system clock
set time-zone-name=Europe/Sofia
/system note
set show-at-login=no
/system routerboard settings
set enter-setup-on=delete-key
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN

And this is config for AP’s

# 2024-05-09 19:37:39 by RouterOS 7.14.3
# software id = xxxxxxxx
#
# model = cAPGi-5HaxD2HaxD
# serial number = xxxxxxxx
/interface bridge
add admin-mac=4xxxxxxxxD auto-mac=no comment=defconf name=bridge
/interface wifi
# managed by CAPsMAN
# mode: AP, SSID: Desktop, channel: 5500/ax/Ceee
set [ find default-name=wifi1 ] configuration.manager=capsman .mode=ap \
    disabled=no
# managed by CAPsMAN
# mode: AP, SSID: Desktop, channel: 2442/ax/eC
set [ find default-name=wifi2 ] configuration.manager=capsman .mode=ap \
    disabled=no
/interface vlan
add interface=bridge name="Desktop V200" vlan-id=200
add interface=bridge name=GUEST vlan-id=666
add interface=bridge name="IOT V800" vlan-id=800
add interface=bridge name="MGMT V100" vlan-id=100
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp disabled=yes interface=bridge lease-time=10m \
    name=defconf
/interface bridge port
add bridge=bridge interface=ether2
add bridge=bridge interface=ether1
add bridge=bridge interface=wifi1
add bridge=bridge interface=wifi2
add bridge=bridge interface=dynamic
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/interface wifi cap
set caps-man-addresses=192.168.250.1 certificate=request \
    discovery-interfaces="MGMT V100" enabled=yes
/interface wifi capsman
set interfaces=bridge package-path="" require-peer-certificate=no \
    upgrade-policy=none
/ip dhcp-client
# DHCP client can not run on slave or passthrough interface!
add comment=defconf interface=ether1
add interface="MGMT V100"
/ip dhcp-server network
add address=192.168.250.0/24 comment=defconf gateway=192.168.250.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    disabled=yes in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=\
    icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=\
    33434-33534 protocol=udp
add action=accept chain=input comment=\
    "defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\
    udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \
    protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=\
    ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\
    ipsec-esp
add action=accept chain=input comment=\
    "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment=\
    "defconf: drop everything else not coming from LAN" in-interface-list=\
    !LAN
add action=accept chain=forward comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment=\
    "defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \
    hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\
    icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=\
    500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\
    ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\
    ipsec-esp
add action=accept chain=forward comment=\
    "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment=\
    "defconf: drop everything else not coming from LAN" in-interface-list=\
    !LAN
/system clock
set time-zone-name=Europe/Sofia
/system identity
set name=Hisa1
/system note
set show-at-login=no
/system routerboard settings
# Firmware upgraded successfully, please reboot for changes to take effect!
set auto-upgrade=yes
/system routerboard mode-button
set enabled=yes on-event=dark-mode
/system script
add comment=defconf dont-require-permissions=no name=dark-mode owner=*sys \
    policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    source="\r\
    \n   :if ([system leds settings get all-leds-off] = \"never\") do={\r\
    \n     /system leds settings set all-leds-off=immediate \r\
    \n   } else={\r\
    \n     /system leds settings set all-leds-off=never \r\
    \n   }\r\
    \n "
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN

Many thanks in advance for suggestion.

mkx · May 10, 2024, 5:38pm

As you have ax cAPs, they are running wifi-qcom drivers. So on CAPsMAN (L009) you don’t need wireless package (on L009 it only provides support for legacy capsman which you don’t need). Basis routeros package already provides support for new capsman. And it’s configured exclusively in /interface/wifi configuration subtree …

gferen · May 11, 2024, 5:29am

Ohh OK, so i dont not need wireless package om L009 - honestly i think it came with it. I will remove it from there.
What is with random places of IP 192.168.88.1 ? Is there a way to get more detailed LOG’s. IF there will be any signs on why it just disconnects randomly.

gferen · May 11, 2024, 5:41am

does this tells me something… basically disconnects are cca every hour…

01:53:01 system,info,account user admin logged in from 192.168.10.198 via winbox
 02:05:47 dhcp,info IOT 8 DHCP deassigned 192.168.8.148 for DC:29:19:E3:B5:98 
 02:05:48 dhcp,info IOT 8 DHCP assigned 192.168.8.148 for DC:29:19:E3:B5:98 
 02:52:21 wireless,info E8:16:56:11:39:C4@cap-wifi5 disconnected, connection lost, signal strength -24
 02:52:21 wireless,info E8:16:56:11:39:C4@cap-wifi5 connected, signal strength -26
 02:52:21 dhcp,info IOT 8 DHCP deassigned 192.168.8.145 for E8:16:56:11:39:C4 BL-11-39-c4
 02:52:21 dhcp,info IOT 8 DHCP assigned 192.168.8.145 for E8:16:56:11:39:C4 BL-11-39-c4
 02:52:46 system,info,account user admin logged in from 192.168.10.198 via winbox
 02:52:46 system,info,account user admin logged in from 192.168.10.198 via winbox
 02:52:46 system,info,account user admin logged in from 192.168.10.198 via winbox
 02:52:51 system,info,account user admin logged out from 192.168.10.198 via winbox
 02:52:51 system,info,account user admin logged out from 192.168.10.198 via winbox
 02:52:51 system,info,account user admin logged out from 192.168.10.198 via winbox
 03:52:24 wireless,info E8:16:56:11:39:C4@cap-wifi5 disconnected, connection lost, signal strength -24
 03:52:24 wireless,info E8:16:56:11:39:C4@cap-wifi5 connected, signal strength -30
 03:52:25 dhcp,info IOT 8 DHCP deassigned 192.168.8.145 for E8:16:56:11:39:C4 BL-11-39-c4
 03:52:25 dhcp,info IOT 8 DHCP assigned 192.168.8.145 for E8:16:56:11:39:C4 BL-11-39-c4
 03:52:44 system,info,account user admin logged out from 192.168.10.198 via winbox
 03:52:44 system,info,account user admin logged out from 192.168.10.198 via winbox
 03:52:44 system,info,account user admin logged out from 192.168.10.198 via winbox
 03:52:49 system,info,account user admin logged in from 192.168.10.198 via winbox
 03:52:49 system,info,account user admin logged in from 192.168.10.198 via winbox
 03:52:49 system,info,account user admin logged in from 192.168.10.198 via winbox
 04:52:28 wireless,info E8:16:56:11:39:C4@cap-wifi5 disconnected, connection lost, signal strength -24
 04:52:28 wireless,info E8:16:56:11:39:C4@cap-wifi5 connected, signal strength -30
 04:52:28 dhcp,info IOT 8 DHCP deassigned 192.168.8.145 for E8:16:56:11:39:C4 BL-11-39-c4
 04:52:28 dhcp,info IOT 8 DHCP assigned 192.168.8.145 for E8:16:56:11:39:C4 BL-11-39-c4
 04:52:57 system,info,account user admin logged out from 192.168.10.198 via winbox
 04:52:57 system,info,account user admin logged out from 192.168.10.198 via winbox
 04:52:57 system,info,account user admin logged out from 192.168.10.198 via winbox
 04:53:22 wireless,info F4:8C:50:F7:7C:6D@cap-wifi1 connected, signal strength -54
 04:53:23 system,info,account user admin logged in from 192.168.10.198 via winbox
 04:53:23 system,info,account user admin logged in from 192.168.10.198 via winbox
 04:53:23 system,info,account user admin logged in from 192.168.10.198 via winbox
 04:53:24 dhcp,info Desktop V200 DHCP assigned 192.168.10.187 for F4:8C:50:F7:7C:6D fujitsu
 04:54:56 wireless,info F4:8C:50:F7:7C:6D@cap-wifi1 disconnected, connection lost, signal strength -59
 05:16:38 dhcp,info IOT 8 DHCP deassigned 192.168.8.149 for DC:29:19:E3:B8:41 
 05:16:38 dhcp,info IOT 8 DHCP assigned 192.168.8.149 for DC:29:19:E3:B8:41 
 05:23:24 dhcp,info Desktop V200 DHCP deassigned 192.168.10.187 for F4:8C:50:F7:7C:6D fujitsu
 05:49:14 dhcp,info IOT 8 DHCP deassigned 192.168.8.148 for DC:29:19:E3:B5:98 
 05:49:14 dhcp,info IOT 8 DHCP assigned 192.168.8.148 for DC:29:19:E3:B5:98 
 05:52:31 wireless,info E8:16:56:11:39:C4@cap-wifi5 disconnected, connection lost, signal strength -24
 05:52:31 wireless,info E8:16:56:11:39:C4@cap-wifi5 connected, signal strength -30
 05:52:31 dhcp,info IOT 8 DHCP deassigned 192.168.8.145 for E8:16:56:11:39:C4 BL-11-39-c4
 05:52:31 dhcp,info IOT 8 DHCP assigned 192.168.8.145 for E8:16:56:11:39:C4 BL-11-39-c4
 05:52:51 system,info,account user admin logged out from 192.168.10.198 via winbox
 05:52:51 system,info,account user admin logged out from 192.168.10.198 via winbox
 05:52:51 system,info,account user admin logged out from 192.168.10.198 via winbox
 05:52:56 system,info,account user admin logged in from 192.168.10.198 via winbox
 05:52:57 system,info,account user admin logged in from 192.168.10.198 via winbox
 05:52:57 system,info,account user admin logged in from 192.168.10.198 via winbox
 05:56:32 wireless,info 8E:08:FD:FB:19:3F@cap-wifi4 disconnected, connection lost, signal strength -60
 05:56:34 wireless,info 8E:08:FD:FB:19:3F@cap-wifi4 connected, signal strength -59
 06:46:29 dhcp,info IOT 8 DHCP deassigned 192.168.8.149 for DC:29:19:E3:B8:41 
 06:46:29 dhcp,info IOT 8 DHCP assigned 192.168.8.149 for DC:29:19:E3:B8:41 
 06:52:34 wireless,info E8:16:56:11:39:C4@cap-wifi5 disconnected, connection lost, signal strength -25
 06:52:35 wireless,info E8:16:56:11:39:C4@cap-wifi5 connected, signal strength -29
 06:52:35 dhcp,info IOT 8 DHCP deassigned 192.168.8.145 for E8:16:56:11:39:C4 BL-11-39-c4
 06:52:35 dhcp,info IOT 8 DHCP assigned 192.168.8.145 for E8:16:56:11:39:C4 BL-11-39-c4
 06:53:04 system,info,account user admin logged out from 192.168.10.198 via winbox
 06:53:04 system,info,account user admin logged out from 192.168.10.198 via winbox
 06:53:04 system,info,account user admin logged out from 192.168.10.198 via winbox
 06:53:32 system,info,account user admin logged in from 192.168.10.198 via winbox
 06:53:33 system,info,account user admin logged in from 192.168.10.198 via winbox
 06:53:33 system,info,account user admin logged in from 192.168.10.198 via winbox
 07:52:38 wireless,info E8:16:56:11:39:C4@cap-wifi5 disconnected, connection lost, signal strength -25
 07:52:38 wireless,info E8:16:56:11:39:C4@cap-wifi5 connected, signal strength -30
 07:52:38 dhcp,info IOT 8 DHCP deassigned 192.168.8.145 for E8:16:56:11:39:C4 BL-11-39-c4
 07:52:38 dhcp,info IOT 8 DHCP assigned 192.168.8.145 for E8:16:56:11:39:C4 BL-11-39-c4
 07:52:57 system,info,account user admin logged out from 192.168.10.198 via winbox

mkx · May 11, 2024, 12:05pm

wireless package on L009 probably came with upgrade from pre-7.13 to current version. Previously wireless was integrsl verdion of routeros package and upgrade (blindly) installs it (unless wifiwave2 driver was installed previously).

The station disconnects seem to be caused by station devices themselves. Some do tgat if they become unhappy with DHCP lease (e.g. if it expires sooner than device would like). Check DHCP lease settings and if (half)lifetime is the same as interval between disconnects, try to set it longer. Generally there’s nothing wrong with 24h lifetime (shorter settings are mostly useful in places with many stations connecting for shorter time, e.g. a caffe, library or some such, but not in networks where clients don’t join and leave frequently).

And IMO signal strength, mentioned with those disconnect/reconnect logs (around -30dBm), is uncomgortably strong, some devices might self-induce noise in receiver and thus perform much worse than with sigbal strengths around -40dBm or -50dBm.

gferen · May 14, 2024, 7:00am

Thanks, wireless package removed successfuly from L009.

The disconnects of Wifi clients is not considered.
As what i meant for disconnects are “problematic” the network. LAN actually does not disconnects, but i have runned constant ping to 1.1.1.1 on laptop.
So:

constant Ping to 1.1.1.1
Winbox opened (checking logs) to router and each AP
playing YT video

every hour at same time 55-th minute → Ping time out (5 to 10 timeouts), winbox - disconects on router and all AP’s , YT starts buffering and fails to load anything (as well any other website).

After those 5 to 10 timeouts → Ping returns, Winbox connectes back to all devices, web pages needs refresh (sometimes it video reloads on it self)

gferen · May 20, 2024, 6:31am

currently all points to a faulty LAN card on the laptop. as well second USB to LAN adapter is doing the same. works ok on WiFi only. more tests will be conducted. but i am almost sure problem goes from 1 specific laptop.
Is there a way to turn logging only for 1 port - where laptop is connected to MT?