Hi everyone!
I’m a newby here but I use MikroTik devices since 2014 (with basically configurations only).
I’ve a problem with capsman configuration on my RouterOS.
I’m actually trying to configure CAPsMAN on RB5009 (without antennas) and push the confguration on a NetMetal AX.
Both devices have v7.16.2 firmware version (updated today).
After the standard configuration (network, firewalling, DHCPs, ecc..) I start to configure CAPsMAN on RB5009 but I’ve 2 problems:
- if I try to configure “WIFI” section on /interface/wifi the router print me this error: “Error in Master - selection expected”
- If I skip on RB5009 the previous section and push “provision” on “Remote CAP” I’ve no error, but the report didn’t receive any configuration except the “Identity”.
Could someone help me?
If needed I can paste here the entire configuration
Thanks in advance to anyone who reply,
Paolo
You know what to do then … both sides, please.
Well, this is the RB5009 router configuration (the CAPsMAN)
# 2024-12-16 14:49:34 by RouterOS 7.16.2
# software id = ADJ5-9KR2
#
# model = RB5009UG+S+
# serial number = HH40A0QETMS
/interface bridge
add admin-mac=F4:1E:57:4D:27:7D auto-mac=no name=Bridge-LAN
add name=Bridge-MNG
/interface ethernet
set [ find default-name=ether1 ] name=ether1-WAN
set [ find default-name=ether2 ] name=ether2-LAN
set [ find default-name=ether3 ] name=ether3-LAN
set [ find default-name=ether8 ] name=ether8-SYNC
/interface vrrp
add interface=Bridge-LAN name=vrrp-LAN priority=110 vrid=2
add interface=Bridge-MNG name=vrrp-MNG priority=110 vrid=3
add interface=ether1-WAN name=vrrp-WAN priority=110
/interface vlan
add interface=ether2-LAN name=vlan10_eth2 vlan-id=10
add interface=ether3-LAN name=vlan10_eth3 vlan-id=10
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wifi channel
add band=2ghz-ax disabled=no name=channel_2GHz skip-dfs-channels=all width=20/40mhz
add band=5ghz-ax disabled=no name=channel_5GHz width=20/40/80mhz
/interface wifi datapath
add bridge=Bridge-LAN disabled=no name=datapath_2GHz
add bridge=Bridge-LAN disabled=no name=datapath_5GHz
/interface wifi security
add authentication-types=wpa-psk,wpa2-psk,wpa3-psk disabled=no encryption=tkip name=security_2GHz
add authentication-types=wpa-psk,wpa2-psk,wpa3-psk disabled=no encryption=tkip name=security_5GHz
/interface wifi configuration
add channel=channel_2GHz country="United Kingdom" datapath=datapath_2GHz datapath.bridge=Bridge-LAN disabled=no manager=capsman-or-local mode=ap name=configuration_2GHz security=security_2GHz ssid=3CX_2GHz
add channel=channel_5GHz country="United Kingdom" datapath=datapath_5GHz disabled=no manager=capsman-or-local mode=ap name=configuration_5GHz security=security_5GHz ssid=3CX_5GHz
/disk settings
set auto-media-interface=Bridge-LAN auto-media-sharing=yes auto-smb-sharing=yes
/interface bridge port
add bridge=Bridge-LAN interface=ether2-LAN
add bridge=Bridge-LAN interface=ether3-LAN
add bridge=Bridge-LAN interface=ether4
add bridge=Bridge-LAN interface=ether5
add bridge=Bridge-LAN interface=ether6
add bridge=Bridge-LAN interface=ether7
add bridge=Bridge-MNG interface=vlan10_eth2
add bridge=Bridge-MNG interface=vlan10_eth3
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add interface=Bridge-LAN list=LAN
add interface=ether1-WAN list=WAN
/interface wifi capsman
set enabled=yes interfaces=Bridge-MNG package-path="" require-peer-certificate=no upgrade-policy=none
/interface wifi provisioning
add action=create-dynamic-enabled disabled=no master-configuration=configuration_2GHz supported-bands=2ghz-ax
add action=create-dynamic-enabled disabled=no master-configuration=configuration_5GHz supported-bands=5ghz-ax
/ip address
add address=192.168.185.202/24 interface=ether1-WAN network=192.168.185.0
add address=192.168.100.250/24 interface=Bridge-LAN network=192.168.100.0
add address=10.10.10.1/30 interface=ether8-SYNC network=10.10.10.0
add address=192.168.185.200/24 interface=vrrp-WAN network=192.168.185.0
add address=192.168.100.254/24 interface=vrrp-LAN network=192.168.100.0
add address=172.16.60.2/24 interface=Bridge-MNG network=172.16.60.0
add address=172.16.60.1/24 interface=vrrp-MNG network=172.16.60.0
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan type=A
/ip firewall address-list
add address=192.168.0.0/16 list=MNG
add address=10.10.10.0/30 list=MNG
add address=172.16.60.0/24 list=AccessPoint
add address=192.168.100.0/24 list=Clients
add address=172.16.60.0/24 list=MNG
/ip firewall filter
add action=accept chain=input src-address-list=MNG
add action=accept chain=input connection-state=established,related
add action=drop chain=input
/ip firewall nat
add action=masquerade chain=srcnat out-interface=vrrp-WAN src-address-list=Clients
add action=masquerade chain=srcnat out-interface=vrrp-WAN src-address-list=AccessPoint
/ip ipsec profile
set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5
/ip route
add disabled=no dst-address=0.0.0.0/0 gateway=192.168.185.254 routing-table=main suppress-hw-offload=no
/system identity
set name=MK-3CX_Master
/system note
set show-at-login=no
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool netwatch
add disabled=no down-script="/interface/vrrp set vrrp-MNG priority=90 /interface/vrrp set vrrp-WAN priority=90\
\n/interface/vrrp set vrrp-LAN priority=90" host=8.8.8.8 http-codes="" src-address=192.168.185.202 test-script="" type=icmp up-script=\
"/interface/vrrp set vrrp-MNG priority=110\
\n/interface/vrrp set vrrp-WAN priority=110\
\n/interface/vrrp set vrrp-LAN priority=110"
and this is the AP configuration (NetMetal AX)
# 2024-12-16 14:53:44 by RouterOS 7.16.2
# software id = 4DRZ-601C
#
# model = L23UGSR-5HaxD2HaxD
# serial number = HH30A3CYPC2
/interface bridge
add admin-mac=F4:1E:57:44:E7:70 auto-mac=no name=Bridge-LAN
add name=Bridge-MNG
/interface wifi
# SSID not set
set [ find default-name=wifi1 ] configuration.mode=ap disabled=no mtu=1500 name=wifi_2GHz
# no supported channels
set [ find default-name=wifi2 ] channel.band=5ghz-ax .skip-dfs-channels=all .width=20/40/80mhz configuration.mode=ap disabled=no mtu=1500 name=wifi_5GHz security.authentication-types=wpa2-psk,wpa3-psk .ft=yes .ft-over-ds=yes
/interface vlan
add interface=ether1 name=vlan10_eth1 vlan-id=10
/interface bridge port
add bridge=Bridge-LAN comment=defconf interface=ether1
add bridge=Bridge-LAN interface=*9
add bridge=Bridge-LAN interface=wifi_5GHz
add bridge=Bridge-MNG interface=vlan10_eth1
/interface wifi cap
set caps-man-addresses=172.16.60.2 discovery-interfaces=Bridge-MNG enabled=yes
/interface wifi capsman
set certificate=WiFi-CAPsMAN-F41E5744E770 interfaces=vlan10_eth1 package-path="" require-peer-certificate=no upgrade-policy=none
/ip address
add address=172.16.60.100/24 interface=Bridge-MNG network=172.16.60.0
/ip dns
set servers=8.8.8.8,8.8.4.4
/ip firewall address-list
add address=172.16.60.0/24 list=MNG
add address=192.168.0.0/16 list=MNG
/ip firewall filter
add action=accept chain=input connection-state=established,related
add action=accept chain=input src-address-list=MNG
add action=drop chain=input
/ip ipsec profile
set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=172.16.60.1 routing-table=main scope=30 suppress-hw-offload=no target-scope=10
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/system identity
set name=ACCESS_POINT
/system note
set show-at-login=no
Why 2 bridges on RB5009 ?
Why 2 bridges on Netmetal ?
There is most likely your problem.
I’ve tryed to remove VLAN configuration and set both devices on the same VLAN 1 (IP 192.168.100.0/24) but never change.
Have you maybe a sample configuration for both to send me? Just for the wifi part, obv