Problems with DHCP and multiple simple APs

RouterOS Beginner Basics
1

Hi there.

I’m having issues with my network. I have an AX3 as my main router, an AX2 running as an AP (reset with no default config and no capsman), and a couple of consumer wifi routers running in ap/bridge mode.

All SSIDs are different. Initially, when switching from one SSID to another, 90% of the time, I was unable to connect due to being unable to get an IP address. If I did manage to connect, 50% of the time I was “connected with no internet”.

After resetting the AX2 with no default config, 90% of the time I am able to manually roam between the AX3 and the AX2 with no issue. But I am almost never able to jump over to the other 2 APs which are consumer grade. If I have not been connected to any of the WiFis for a while or an indeterminate (possibly random) amount of time has passed while on a specific SSID, I am able to jump over to another AP perhaps 70% of the time but then I will not be able to jump back till that amount of time has elapsed again.

Setting my devices to use a random MAC allows me to connect without issue to any of them and jump freely albeit there is the corresponding increase in leases for the same device albeit with different MAC addresses.

Looking at the logs when I roam, it says ‘lease exists, extending’ but my device seems to never get the IP (till that time has elapsed).

I’m thinking it has something to do with DHCP and/or ARP. What could be the issue?

2

(Seamless) roaming requires identical SSID, password, encryption and network segments. It would make sense to use CAPsMAN for having roaming available in the best way (at least for the MikroTiks).
What made you choose to have different SSID’s?

Have you enabled DHCP debug logging? This might give some insights on the reason not getting an IP address.

Can you share your AX3’s config?

/export file=anynameyoulike

Remove serial and any other private info, post between code tags by using the </> button.

3

I certainly can.

The different APs are mostly there due to the horrible antennas (antennae?) on most of my IoT devices on 2.4GHz. The environment here is also pretty bad; I see a couple of neighbours APs as stronger than my Mikrotiks :frowning:

Specific devices are given the credentials to specific APs. The only auto roaming I would look forward to would be my portable devices which are specific to the 5GHz band; but it’s not critical to me at all.

Almost gave CAPsMAN a shot but I read it won’t work on my AC2 (still in storage) and obviously it won’t work on the consumer routers so I gave this a shot first.

Hope I’ve redacted enough info (left the firewall rules in). I did also remove the leases but I can add that back in if it’s helpful.

I enabled the DHCP debug logs and that’s where I saw the lease extending message but nothing else that I caught; I did see the “host” as being the commercial router’s names though.

# 2025-01-06 10:46:36 by RouterOS 7.16.2
# software id = 656F-F0UA
#
# model = C53UiG+5HPaxD2HPaxD
/interface bridge
add admin-mac=48:A9:8A:AA:BB:CC ageing-time=1h auto-mac=no comment=defconf \
    igmp-snooping=yes name=bridge port-cost-mode=short
/interface wifi
set [ find default-name=wifi1 ] channel.reselect-interval=3h..12h \
    .skip-dfs-channels=all configuration.antenna-gain=5 .country=Singapore \
    .mode=ap .ssid=Wifi1 .tx-power=26 disabled=no \
    security.authentication-types=wpa2-psk,wpa3-psk .connect-priority=0 .wps=\
    disable
set [ find default-name=wifi2 ] channel.band=2ghz-n .frequency=2452 \
    .reselect-interval=3h..12h .skip-dfs-channels=disabled .width=20mhz \
    configuration.antenna-gain=7 .country=Singapore .mode=ap .ssid=Wifi2 \
    .tx-power=25 disabled=no security.authentication-types=wpa2-psk,wpa3-psk \
    .connect-priority=0 .wps=disable
add configuration.ssid=Wifi1-Guest disabled=no mac-address=\
    4A:A9:8A:AA:BB:C1 master-interface=wifi1 name=wifi3
add configuration.ssid=Wifi2-Guest disabled=no mac-address=\
    4A:A9:8A:AA:BB:C2 master-interface=wifi2 name=wifi4
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/iot lora servers
add address=eu.mikrotik.thethings.industries name=TTN-EU protocol=UDP
add address=us.mikrotik.thethings.industries name=TTN-US protocol=UDP
add address=eu1.cloud.thethings.industries name="TTS Cloud (eu1)" protocol=\
    UDP
add address=nam1.cloud.thethings.industries name="TTS Cloud (nam1)" protocol=\
    UDP
add address=au1.cloud.thethings.industries name="TTS Cloud (au1)" protocol=\
    UDP
add address=eu1.cloud.thethings.network name="TTN V3 (eu1)" protocol=UDP
add address=nam1.cloud.thethings.network name="TTN V3 (nam1)" protocol=UDP
add address=au1.cloud.thethings.network name="TTN V3 (au1)" protocol=UDP
/ip pool
add comment="Default Pool" name=dhcp ranges=192.168.79.101-192.168.79.254
add name="Portable Devices 79.1 - 79.100" ranges=192.168.79.1-192.168.79.100
/ip dhcp-server
add add-arp=yes address-pool=dhcp interface=bridge lease-time=7h name=defconf
/zerotier
set zt1 comment="ZeroTier Central controller - https://my.zerotier.com/" \
    name=zt1 port=9993
/zerotier interface
add allow-default=no allow-global=no allow-managed=yes instance=zt1 name=\
    zerotier1 network=redacted
/interface bridge filter
add action=drop chain=forward in-interface=wifi3
add action=drop chain=forward out-interface=wifi3
add action=drop chain=forward in-interface=wifi4
add action=drop chain=forward out-interface=wifi4
/interface bridge port
add bridge=bridge comment=defconf interface=ether2 internal-path-cost=10 \
    path-cost=10 trusted=yes
add bridge=bridge comment=defconf interface=ether3 internal-path-cost=10 \
    path-cost=10
add bridge=bridge comment=defconf interface=ether4 internal-path-cost=10 \
    path-cost=10
add bridge=bridge comment=defconf interface=ether5 internal-path-cost=10 \
    path-cost=10
add bridge=bridge comment=defconf interface=wifi1 internal-path-cost=10 \
    path-cost=10
add bridge=bridge comment=defconf interface=wifi2 internal-path-cost=10 \
    path-cost=10
add bridge=bridge interface=wifi3 internal-path-cost=10 path-cost=10
add bridge=bridge interface=wifi4 internal-path-cost=10 path-cost=10
/ip firewall connection tracking
set udp-timeout=10s
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface detect-internet
set detect-interface-list=all
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/interface wifi cap
set discovery-interfaces=LAN enabled=yes
/ip address
add address=192.168.77.1/22 comment=defconf interface=bridge network=\
    192.168.76.0
/ip dhcp-client
add comment=defconf interface=ether1
/ip dhcp-server network
add address=192.168.76.0/22 comment=defconf dns-server=192.168.77.1,1.1.1.1 \
    gateway=192.168.77.1 netmask=22
/ip dns
set allow-remote-requests=yes servers=1.1.1.1
/ip dns static
add address=192.168.77.1 comment=defconf name=router.lan type=A
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat comment="HA Let's Encrypt" dst-port=80 \
    in-interface-list=WAN protocol=tcp to-addresses=192.168.77.18 to-ports=80
add action=dst-nat chain=dstnat comment="HA Http" dst-port=443 \
    in-interface-list=WAN protocol=tcp to-addresses=192.168.77.18 to-ports=\
    443
add action=dst-nat chain=dstnat comment="Hairpin Nat 1" dst-address-list=\
    !router dst-address-type=local dst-port=443 protocol=tcp to-addresses=\
    192.168.77.18 to-ports=443
add action=masquerade chain=srcnat comment="Hairpin NAT 2" dst-address=\
    192.168.77.18 dst-port=443 out-interface=bridge protocol=tcp src-address=\
    192.168.76.0/22
/ip ipsec profile
set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=bridge type=internal
add interface=ether1 type=external
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=\
    icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=\
    33434-33534 protocol=udp
add action=accept chain=input comment=\
    "defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\
    udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \
    protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=\
    ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\
    ipsec-esp
add action=accept chain=input comment=\
    "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment=\
    "defconf: drop everything else not coming from LAN" in-interface-list=\
    !LAN
add action=accept chain=forward comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment=\
    "defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \
    hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\
    icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=\
    500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\
    ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\
    ipsec-esp
add action=accept chain=forward comment=\
    "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment=\
    "defconf: drop everything else not coming from LAN" in-interface-list=\
    !LAN
/system logging
add disabled=yes topics=dhcp
/system note
set show-at-login=no
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/user group
add comment="homeassistant perms" name=HAPerms policy="reboot,read,write,polic\
    y,test,api,!local,!telnet,!ssh,!ftp,!winbox,!password,!web,!sniff,!sensiti\
    ve,!romon,!rest-api"
4

@erlinden not asked about why you have different APs rather why you have different SSIDs on those APs. Having a single SSID throughout your premises enables roaming and does not mean that you are not able to segregate the various devices on that single SSID (see the CAPsMAN - CAP VLAN configuration example section of the WiFi part of the documentation).

An important thing regarding building a wireless network is not using overlapping channels and setting fixed channel for each AP. To help you in that endeavour below are the list of those channels in Singapore as per the Info-communications Media Development Authority’s (IMDA) Spectrum Management Handbook (Table 3, pp28):

/interface wifi channel
add band=5ghz-a comment="SG IMDA SMH Issue 1 Rev 2.16 – June 2022 C7 T3 - max. EIRP: 23 dBm (20\
    0 mW) - channel width 20 MHz - 802.11a - channel #36" disabled=no \
    frequency=5180 name=wifi-channel-sg-5g-a-020-036 width=20mhz
add band=5ghz-a comment="SG IMDA SMH Issue 1 Rev 2.16 – June 2022 C7 T3 - max. EIRP: 23 dBm (20\
    0 mW) - channel width 20 MHz - 802.11a - channel #40" disabled=no \
    frequency=5200 name=wifi-channel-sg-5g-a-020-040 width=20mhz
add band=5ghz-a comment="SG IMDA SMH Issue 1 Rev 2.16 – June 2022 C7 T3 - max. EIRP: 23 dBm (20\
    0 mW) - channel width 20 MHz - 802.11a - channel #44" disabled=no \
    frequency=5220 name=wifi-channel-sg-5g-a-020-044 width=20mhz
add band=5ghz-a comment="SG IMDA SMH Issue 1 Rev 2.16 – June 2022 C7 T3 - max. EIRP: 23 dBm (20\
    0 mW) - channel width 20 MHz - 802.11a - channel #48" disabled=no \
    frequency=5240 name=wifi-channel-sg-5g-a-020-048 width=20mhz
add band=2ghz-g comment="SG IMDA SMH Issue 1 Rev 2.16 – June 2022 C7 T3 - max. EIRP: 23 dBm (200 mW)\
    \_- channel width 20 MHz - 802.11g - channel #1" disabled=no frequency=\
    2412 name=wifi-channel-sg-2.4g-g-20-01 width=20mhz
add band=2ghz-g comment="SG IMDA SMH Issue 1 Rev 2.16 – June 2022 C7 T3 - max. EIRP: 23 dBm (200 mW)\
    \_- channel width 20 MHz - 802.11g - channel #5" disabled=no frequency=\
    2432 name=wifi-channel-sg-2.4g-g-20-05 width=20mhz
add band=2ghz-g comment="SG IMDA SMH Issue 1 Rev 2.16 – June 2022 C7 T3 - max. EIRP: 23 dBm (200 mW)\
    \_- channel width 20 MHz - 802.11g - channel #9" disabled=no frequency=\
    2452 name=wifi-channel-sg-2.4g-g-20-09 width=20mhz
add band=2ghz-g comment="SG IMDA SMH Issue 1 Rev 2.16 – June 2022 C7 T3 - max. EIRP: 23 dBm (200 mW)\
    \_- channel width 20 MHz - 802.11g - channel #13" disabled=no frequency=\
    2472 name=wifi-channel-sg-2.4g-g-20-13 width=20mhz
add band=2ghz-n comment="SG IMDA SMH Issue 1 Rev 2.16 – June 2022 C7 T3 - max. EIRP: 23 dBm (200 mW)\
    \_- channel width 20 MHz - 802.11n - channel #1" disabled=no frequency=\
    2412 name=wifi-channel-sg-2.4g-n-20-01 width=20mhz
add band=2ghz-n comment="SG IMDA SMH Issue 1 Rev 2.16 – June 2022 C7 T3 - max. EIRP: 23 dBm (200 mW)\
    \_- channel width 20 MHz - 802.11n - channel #5" disabled=no frequency=\
    2432 name=wifi-channel-sg-2.4g-n-20-05 width=20mhz
add band=2ghz-n comment="SG IMDA SMH Issue 1 Rev 2.16 – June 2022 C7 T3 - max. EIRP: 23 dBm (200 mW)\
    \_- channel width 20 MHz - 802.11n - channel #9" disabled=no frequency=\
    2452 name=wifi-channel-sg-2.4g-n-20-09 width=20mhz
add band=2ghz-n comment="SG IMDA SMH Issue 1 Rev 2.16 – June 2022 C7 T3 - max. EIRP: 23 dBm (200 mW)\
    \_- channel width 20 MHz - 802.11n - channel #13" disabled=no frequency=\
    2472 name=wifi-channel-sg-2.4g-n-20-13 width=20mhz
add band=5ghz-n comment="SG IMDA SMH Issue 1 Rev 2.16 – June 2022 C7 T3 - max. EIRP: 23 dBm (20\
    0 mW) - channel width 40 MHz - 802.11n - channel #38" disabled=no \
    frequency=5180 name=wifi-channel-sg-5g-n-040-038 width=20/40mhz
add band=5ghz-n comment="SG IMDA SMH Issue 1 Rev 2.16 – June 2022 C7 T3 - max. EIRP: 23 dBm (20\
    0 mW) - channel width 40 MHz - 802.11n - channel #46" disabled=no \
    frequency=5220 name=wifi-channel-sg-5g-n-040-046 width=20/40mhz
add band=5ghz-n comment="SG IMDA SMH Issue 1 Rev 2.16 – June 2022 C7 T3 - max. EIRP: 23 dBm (20\
    0 mW) - channel width 40 MHz - 802.11n - channel #54" disabled=no \
    frequency=5260 name=wifi-channel-sg-5g-n-040-054 skip-dfs-channels=\
    disabled width=20/40mhz
add band=5ghz-n comment="SG IMDA SMH Issue 1 Rev 2.16 – June 2022 C7 T3 - max. EIRP: 23 dBm (20\
    0 mW) - channel width 40 MHz - 802.11n - channel #62" disabled=no \
    frequency=5300 name=wifi-channel-sg-5g-n-040-062 skip-dfs-channels=\
    disabled width=20/40mhz
add band=5ghz-n comment="SG IMDA SMH Issue 1 Rev 2.16 – June 2022 C7 T3 - max. EIRP: 30 dBm (1000 mW)\
    \_- channel width 40 MHz - 802.11n - channel #102" disabled=no frequency=\
    5500 name=wifi-channel-sg-5g-n-040-102 skip-dfs-channels=disabled width=\
    20/40mhz
add band=5ghz-n comment="SG IMDA SMH Issue 1 Rev 2.16 – June 2022 C7 T3 - max. EIRP: 30 dBm (1000 mW)\
    \_- channel width 40 MHz - 802.11n - channel #110" disabled=no frequency=\
    5540 name=wifi-channel-sg-5g-n-040-110 skip-dfs-channels=disabled width=\
    20/40mhz
add band=5ghz-n comment="SG IMDA SMH Issue 1 Rev 2.16 – June 2022 C7 T3 - max. EIRP: 30 dBm (1000 mW)\
    \_- channel width 40 MHz - 802.11n - channel #118" disabled=no frequency=\
    5580 name=wifi-channel-sg-5g-n-040-118 skip-dfs-channels=disabled width=\
    20/40mhz
add band=5ghz-n comment="SG IMDA SMH Issue 1 Rev 2.16 – June 2022 C7 T3 - max. EIRP: 30 dBm (1000 mW)\
    \_- channel width 40 MHz - 802.11n - channel #126" disabled=no frequency=\
    5620 name=wifi-channel-sg-5g-n-040-126 skip-dfs-channels=disabled width=\
    20/40mhz
add band=5ghz-n comment="SG IMDA SMH Issue 1 Rev 2.16 – June 2022 C7 T3 - max. EIRP: 30 dBm (1000 mW)\
    \_- channel width 40 MHz - 802.11n - channel #134" disabled=no frequency=\
    5660 name=wifi-channel-sg-5g-n-040-134 skip-dfs-channels=disabled width=\
    20/40mhz
add band=5ghz-n comment="SG IMDA SMH Issue 1 Rev 2.16 – June 2022 C7 T3 - max. EIRP: 30 dBm (1000 mW)\
    \_- channel width 40 MHz - 802.11n - channel #142" disabled=no frequency=\
    5700 name=wifi-channel-sg-5g-n-040-142 skip-dfs-channels=disabled width=\
    20/40mhz
add band=5ghz-ac comment="SG IMDA SMH Issue 1 Rev 2.16 – June 2022 C7 T3 - max. EIRP: 23 dBm (2\
    00 mW) - channel width 40 MHz - 802.11ac - channel #38" disabled=no \
    frequency=5180 name=wifi-channel-sg-5g-ac-040-038 width=20/40mhz
add band=5ghz-ac comment="SG IMDA SMH Issue 1 Rev 2.16 – June 2022 C7 T3 - max. EIRP: 23 dBm (2\
    00 mW) - channel width 40 MHz - 802.11ac - channel #46" disabled=no \
    frequency=5220 name=wifi-channel-sg-5g-ac-040-046 width=20/40mhz
add band=5ghz-ac comment="SG IMDA SMH Issue 1 Rev 2.16 – June 2022 C7 T3 - max. EIRP: 23 dBm (2\
    00 mW) - channel width 40 MHz - 802.11ac - channel #54" disabled=no \
    frequency=5260 name=wifi-channel-sg-5g-ac-040-054 skip-dfs-channels=\
    disabled width=20/40mhz
add band=5ghz-ac comment="SG IMDA SMH Issue 1 Rev 2.16 – June 2022 C7 T3 - max. EIRP: 23 dBm (2\
    00 mW) - channel width 40 MHz - 802.11ac - channel #62" disabled=no \
    frequency=5300 name=wifi-channel-sg-5g-ac-040-062 skip-dfs-channels=\
    disabled width=20/40mhz
add band=5ghz-ac comment="SG IMDA SMH Issue 1 Rev 2.16 – June 2022 C7 T3 - max. EIRP: 30 dBm (1000 mW\
    ) - channel width 40 MHz - 802.11ac - channel #102" disabled=no \
    frequency=5500 name=wifi-channel-sg-5g-ac-040-102 skip-dfs-channels=\
    disabled width=20/40mhz
add band=5ghz-ac comment="SG IMDA SMH Issue 1 Rev 2.16 – June 2022 C7 T3 - max. EIRP: 30 dBm (1000 mW\
    ) - channel width 40 MHz - 802.11ac - channel #110" disabled=no \
    frequency=5540 name=wifi-channel-sg-5g-ac-040-110 skip-dfs-channels=\
    disabled width=20/40mhz
add band=5ghz-ac comment="SG IMDA SMH Issue 1 Rev 2.16 – June 2022 C7 T3 - max. EIRP: 30 dBm (1000 mW\
    ) - channel width 40 MHz - 802.11ac - channel #118" disabled=no \
    frequency=5580 name=wifi-channel-sg-5g-ac-040-118 skip-dfs-channels=\
    disabled width=20/40mhz
add band=5ghz-ac comment="SG IMDA SMH Issue 1 Rev 2.16 – June 2022 C7 T3 - max. EIRP: 30 dBm (1000 mW\
    ) - channel width 40 MHz - 802.11ac - channel #126" disabled=no \
    frequency=5620 name=wifi-channel-sg-5g-ac-040-126 skip-dfs-channels=\
    disabled width=20/40mhz
add band=5ghz-ac comment="SG IMDA SMH Issue 1 Rev 2.16 – June 2022 C7 T3 - max. EIRP: 30 dBm (1000 mW\
    ) - channel width 40 MHz - 802.11ac - channel #134" disabled=no \
    frequency=5660 name=wifi-channel-sg-5g-ac-040-134 skip-dfs-channels=\
    disabled width=20/40mhz
add band=5ghz-ac comment="SG IMDA SMH Issue 1 Rev 2.16 – June 2022 C7 T3 - max. EIRP: 30 dBm (1000 mW\
    ) - channel width 40 MHz - 802.11ac - channel #142" disabled=no \
    frequency=5700 name=wifi-channel-sg-5g-ac-040-142 skip-dfs-channels=\
    disabled width=20/40mhz
add band=5ghz-ac comment="SG IMDA SMH Issue 1 Rev 2.16 – June 2022 C7 T3 - max. EIRP: 23 dBm (2\
    00 mW) - channel width 80 MHz - 802.11ac - channel #42" disabled=no \
    frequency=5180 name=wifi-channel-sg-5g-ac-080-042 width=20/40/80mhz
add band=5ghz-ac comment="SG IMDA SMH Issue 1 Rev 2.16 – June 2022 C7 T3 - max. EIRP: 23 dBm (2\
    00 mW) - channel width 80 MHz - 802.11ac - channel #58" disabled=no \
    frequency=5260 name=wifi-channel-sg-5g-ac-080-058 skip-dfs-channels=\
    disabled width=20/40/80mhz
add band=5ghz-ac comment="SG IMDA SMH Issue 1 Rev 2.16 – June 2022 C7 T3 - max. EIRP: 30 dBm (1000 mW\
    ) - channel width 80 MHz - 802.11ac - channel #106" disabled=no \
    frequency=5500 name=wifi-channel-sg-5g-ac-080-106 skip-dfs-channels=\
    disabled width=20/40/80mhz
add band=5ghz-ac comment="SG IMDA SMH Issue 1 Rev 2.16 – June 2022 C7 T3 - max. EIRP: 30 dBm (1000 mW\
    ) - channel width 80 MHz - 802.11ac - channel #122" disabled=no \
    frequency=5580 name=wifi-channel-sg-5g-ac-080-122 skip-dfs-channels=\
    disabled width=20/40/80mhz
add band=5ghz-ac comment="SG IMDA SMH Issue 1 Rev 2.16 – June 2022 C7 T3 - max. EIRP: 30 dBm (1000 mW\
    ) - channel width 80 MHz - 802.11ac - channel #138" disabled=no \
    frequency=5660 name=wifi-channel-sg-5g-ac-080-138 skip-dfs-channels=\
    disabled width=20/40/80mhz
add band=2ghz-ax comment="SG IMDA SMH Issue 1 Rev 2.16 – June 2022 C7 T3 - max. EIRP: 23 dBm (200 mW\
    ) - channel width 20 MHz - 802.11ax - channel #1" disabled=no frequency=\
    2412 name=wifi-channel-sg-2.4g-ax-20-01 width=20mhz
add band=2ghz-ax comment="SG IMDA SMH Issue 1 Rev 2.16 – June 2022 C7 T3 - max. EIRP: 23 dBm (200 mW\
    ) - channel width 20 MHz - 802.11ax - channel #5" disabled=no frequency=\
    2432 name=wifi-channel-sg-2.4g-ax-20-05 width=20mhz
add band=2ghz-ax comment="SG IMDA SMH Issue 1 Rev 2.16 – June 2022 C7 T3 - max. EIRP: 23 dBm (200 mW\
    ) - channel width 20 MHz - 802.11ax - channel #9" disabled=no frequency=\
    2452 name=wifi-channel-sg-2.4g-ax-20-09 width=20mhz
add band=2ghz-ax comment="SG IMDA SMH Issue 1 Rev 2.16 – June 2022 C7 T3 - max. EIRP: 23 dBm (200 mW\
    ) - channel width 20 MHz - 802.11ax - channel #13" disabled=no frequency=\
    2472 name=wifi-channel-sg-2.4g-ax-20-13 width=20mhz
add band=5ghz-ax comment="SG IMDA SMH Issue 1 Rev 2.16 – June 2022 C7 T3 - max. EIRP: 23 dBm (2\
    00 mW) - channel width 40 MHz - 802.11ax - channel #38" disabled=no \
    frequency=5180 name=wifi-channel-sg-5g-ax-040-038 width=20/40mhz
add band=5ghz-ax comment="SG IMDA SMH Issue 1 Rev 2.16 – June 2022 C7 T3 - max. EIRP: 23 dBm (2\
    00 mW) - channel width 40 MHz - 802.11ax - channel #46" disabled=no \
    frequency=5220 name=wifi-channel-sg-5g-ax-040-046 width=20/40mhz
add band=5ghz-ax comment="SG IMDA SMH Issue 1 Rev 2.16 – June 2022 C7 T3 - max. EIRP: 23 dBm (2\
    00 mW) - channel width 40 MHz - 802.11ax - channel #54" disabled=no \
    frequency=5260 name=wifi-channel-sg-5g-ax-040-054 skip-dfs-channels=\
    disabled width=20/40mhz
add band=5ghz-ax comment="SG IMDA SMH Issue 1 Rev 2.16 – June 2022 C7 T3 - max. EIRP: 23 dBm (2\
    00 mW) - channel width 40 MHz - 802.11ax - channel #62" disabled=no \
    frequency=5300 name=wifi-channel-sg-5g-ax-040-062 skip-dfs-channels=\
    disabled width=20/40mhz
add band=5ghz-ax comment="SG IMDA SMH Issue 1 Rev 2.16 – June 2022 C7 T3 - max. EIRP: 30 dBm (1000 mW\
    ) - channel width 40 MHz - 802.11ax - channel #102" disabled=no \
    frequency=5500 name=wifi-channel-sg-5g-ax-040-102 skip-dfs-channels=\
    disabled width=20/40mhz
add band=5ghz-ax comment="SG IMDA SMH Issue 1 Rev 2.16 – June 2022 C7 T3 - max. EIRP: 30 dBm (1000 mW\
    ) - channel width 40 MHz - 802.11ax - channel #110" disabled=no \
    frequency=5540 name=wifi-channel-sg-5g-ax-040-110 skip-dfs-channels=\
    disabled width=20/40mhz
add band=5ghz-ax comment="SG IMDA SMH Issue 1 Rev 2.16 – June 2022 C7 T3 - max. EIRP: 30 dBm (1000 mW\
    ) - channel width 40 MHz - 802.11ax - channel #118" disabled=no \
    frequency=5580 name=wifi-channel-sg-5g-ax-040-118 skip-dfs-channels=\
    disabled width=20/40mhz
add band=5ghz-ax comment="SG IMDA SMH Issue 1 Rev 2.16 – June 2022 C7 T3 - max. EIRP: 30 dBm (1000 mW\
    ) - channel width 40 MHz - 802.11ax - channel #126" disabled=no \
    frequency=5620 name=wifi-channel-sg-5g-ax-040-126 skip-dfs-channels=\
    disabled width=20/40mhz
add band=5ghz-ax comment="SG IMDA SMH Issue 1 Rev 2.16 – June 2022 C7 T3 - max. EIRP: 30 dBm (1000 mW\
    ) - channel width 40 MHz - 802.11ax - channel #134" disabled=no \
    frequency=5660 name=wifi-channel-sg-5g-ax-040-134 skip-dfs-channels=\
    disabled width=20/40mhz
add band=5ghz-ax comment="SG IMDA SMH Issue 1 Rev 2.16 – June 2022 C7 T3 - max. EIRP: 30 dBm (1000 mW\
    ) - channel width 40 MHz - 802.11ax - channel #142" disabled=no \
    frequency=5700 name=wifi-channel-sg-5g-ax-040-142 skip-dfs-channels=\
    disabled width=20/40mhz
add band=5ghz-ax comment="SG IMDA SMH Issue 1 Rev 2.16 – June 2022 C7 T3 - max. EIRP: 23 dBm (2\
    00 mW) - channel width 80 MHz - 802.11ax - channel #42" disabled=no \
    frequency=5180 name=wifi-channel-sg-5g-ax-080-042 width=20/40/80mhz
add band=5ghz-ax comment="SG IMDA SMH Issue 1 Rev 2.16 – June 2022 C7 T3 - max. EIRP: 23 dBm (2\
    00 mW) - channel width 80 MHz - 802.11ax - channel #58" disabled=no \
    frequency=5260 name=wifi-channel-sg-5g-ax-080-058 skip-dfs-channels=\
    disabled width=20/40/80mhz
add band=5ghz-ax comment="SG IMDA SMH Issue 1 Rev 2.16 – June 2022 C7 T3 - max. EIRP: 30 dBm (1000 mW\
    ) - channel width 80 MHz - 802.11ax - channel #106" disabled=no \
    frequency=5500 name=wifi-channel-sg-5g-ax-080-106 skip-dfs-channels=\
    disabled width=20/40/80mhz
add band=5ghz-ax comment="SG IMDA SMH Issue 1 Rev 2.16 – June 2022 C7 T3 - max. EIRP: 30 dBm (1000 mW\
    ) - channel width 80 MHz - 802.11ax - channel #122" disabled=no \
    frequency=5580 name=wifi-channel-sg-5g-ax-080-122 skip-dfs-channels=\
    disabled width=20/40/80mhz
add band=5ghz-ax comment="SG IMDA SMH Issue 1 Rev 2.16 – June 2022 C7 T3 - max. EIRP: 30 dBm (1000 mW\
    ) - channel width 80 MHz - 802.11ax - channel #138" disabled=no \
    frequency=5660 name=wifi-channel-sg-5g-ax-080-138 skip-dfs-channels=\
    disabled width=20/40/80mhz

So you may select the right channels.




Actually hAP ac^2 can be used with the new (previously called wifiwave2) package (wifi-qcom-ac) as per the Wireless part of the documentation. However for as painless transmission to it Netinstall is advised (before that back up your configuration and also export it with export verbose show-sensitive file=the-name-you-want-to-give-to-the-file ), with an empty configuration (-e switch in the GNU/Linux version of the netinstall-cli) and provide not just the main, but also the wifi-qcom-ac package too (so in the GNU/Linux version the command would end with (in case of the latest testing version at the time of writing) routeros-7.17rc7-arm.npk wifi-qcom-ac-7.17rc7-arm.npk ). After this you will have to add the basic configuration for AP usage, something like this:

/interface bridge
add ageing-time=5m arp=\
    enabled arp-timeout=auto auto-mac=no comment=\
    "All 7 (5+2) ports are bridged" dhcp-snooping=no disabled=no ether-type=\
    0x8100 fast-forward=no forward-delay=15s frame-types=admit-all \
    igmp-snooping=no ingress-filtering=yes \
    last-member-interval=1s last-member-query-count=2 max-hops=20 \
    max-learned-entries=auto max-message-age=20s membership-interval=4m20s \
    mtu=auto multicast-querier=no multicast-router=\
    temporary-query mvrp=yes name=myhome-hapac2-01_-_bridge_all \
    port-cost-mode=long priority=0x9000 protocol-mode=rstp \
    vlan-filtering=no
/interface ethernet
set [ find default-name=ether1 ] advertise="10M-baseT-half,10M-baseT-full,100M\
    -baseT-half,100M-baseT-full,1G-baseT-half,1G-baseT-full" arp=enabled \
    arp-timeout=auto auto-negotiation=yes bandwidth=unlimited/unlimited \
    comment="ETH1 (PoE in) - Uplink to hAX^3" disabled=no l2mtu=9124 loop-protect=default \
    loop-protect-disable-time=5m loop-protect-send-interval=5s mtu=\
    9000 name=ether1 \
    rx-flow-control=off tx-flow-control=off
set [ find default-name=ether2 ] advertise="10M-baseT-half,10M-baseT-full,100M\
    -baseT-half,100M-baseT-full,1G-baseT-half,1G-baseT-full" arp=enabled \
    arp-timeout=auto auto-negotiation=yes bandwidth=unlimited/unlimited \
    comment="" disabled=no l2mtu=9124 loop-protect=default \
    loop-protect-disable-time=5m loop-protect-send-interval=5s mtu=\
    9000 name=ether2 \
    rx-flow-control=off tx-flow-control=off
set [ find default-name=ether3 ] advertise="10M-baseT-half,10M-baseT-full,100M\
    -baseT-half,100M-baseT-full,1G-baseT-half,1G-baseT-full" arp=enabled \
    arp-timeout=auto auto-negotiation=yes bandwidth=unlimited/unlimited \
    comment="" disabled=no l2mtu=9124 loop-protect=default \
    loop-protect-disable-time=5m loop-protect-send-interval=5s mtu=\
    9000 name=ether3 \
    rx-flow-control=off tx-flow-control=off
set [ find default-name=ether4 ] advertise="10M-baseT-half,10M-baseT-full,100M\
    -baseT-half,100M-baseT-full,1G-baseT-half,1G-baseT-full" arp=enabled \
    arp-timeout=auto auto-negotiation=yes bandwidth=unlimited/unlimited \
    comment="" disabled=no l2mtu=9124 loop-protect=default \
    loop-protect-disable-time=5m loop-protect-send-interval=5s mtu=\
    9000 name=ether4 \
    rx-flow-control=off tx-flow-control=off
set [ find default-name=ether5 ] advertise="10M-baseT-half,10M-baseT-full,100M\
    -baseT-half,100M-baseT-full,1G-baseT-half,1G-baseT-full" arp=enabled \
    arp-timeout=auto auto-negotiation=yes bandwidth=unlimited/unlimited \
    comment="" disabled=no l2mtu=9124 loop-protect=default \
    loop-protect-disable-time=5m loop-protect-send-interval=5s mtu=\
    9000 name=ether5 \
    rx-flow-control=off tx-flow-control=off
/interface list
add comment=LAN exclude="" include="" name=LAN
add comment="WiFi" exclude="" include="" name=WIFI
add comment="VLAN" exclude="" include="" name=VLAN
add comment="Local interfaces" exclude="" include="LAN,WIFI,VLAN" name=LAN-VLAN-WIFI
/interface wifi datapath
add bridge=myhome-hapac2-01_-_bridge_all comment=defconf bridge-cost=20000 disabled=\
    no name=capdp
/ip dhcp-client option
set clientid_duid code=61 name=clientid_duid value="0xff\$(CLIENT_DUID)"
set clientid code=61 name=clientid value="0x01\$(CLIENT_MAC)"
set hostname code=12 name=hostname value="\$(HOSTNAME)"
/interface bridge settings
set allow-fast-path=yes use-ip-firewall=no use-ip-firewall-for-pppoe=no \
    use-ip-firewall-for-vlan=no
/ip settings
set accept-redirects=no accept-source-route=no allow-fast-path=yes \
    arp-timeout=30s icmp-errors-use-inbound-interface-address=no \
    icmp-rate-limit=10 icmp-rate-mask=0x1818 ip-forward=yes \
    ipv4-multipath-hash-policy=l3 max-neighbor-entries=2048 rp-filter=no \
    secure-redirects=yes send-redirects=yes tcp-syncookies=no tcp-timestamps=\
    random-offset
/interface detect-internet
set detect-interface-list=none internet-interface-list=none \
    lan-interface-list=none wan-interface-list=none
/interface wifi
set [ find default-name=wifi1 ] configuration.manager=capsman disabled=no
set [ find default-name=wifi2 ] configuration.manager=capsman disabled=no
add disabled=no  master-interface=wifi1 name=wifi1-s
add disabled=no  master-interface=wifi2 name=wifi2-s
/interface bridge port
add auto-isolate=no bpdu-guard=no bridge=myhome-hapac2-01_-_bridge_all \
    broadcast-flood=yes comment="Trunk Mikrotik hAP AX^3 eth5" disabled=no \
    edge=auto fast-leave=no frame-types=admit-all horizon=none hw=yes \
    ingress-filtering=yes interface=ether1 internal-path-cost=20000 learn=\
    auto multicast-router=temporary-query mvrp-applicant-state=\
    normal-participant mvrp-registrar-state=normal path-cost=20000 \
    point-to-point=auto priority=0x80 pvid=1 restricted-role=no \
    restricted-tcn=no tag-stacking=no trusted=yes unknown-multicast-flood=yes \
    unknown-unicast-flood=yes
add auto-isolate=no bpdu-guard=no bridge=myhome-hapac2-01_-_bridge_all \
    broadcast-flood=yes comment=defconf disabled=no edge=auto fast-leave=no \
    frame-types=admit-all horizon=none hw=yes ingress-filtering=yes \
    interface=ether2 internal-path-cost=20000 learn=auto multicast-router=\
    temporary-query mvrp-applicant-state=normal-participant \
    mvrp-registrar-state=normal path-cost=20000 point-to-point=auto priority=\
    0x80 pvid=1 restricted-role=no restricted-tcn=no tag-stacking=no trusted=\
    no unknown-multicast-flood=yes unknown-unicast-flood=yes
add auto-isolate=no bpdu-guard=no bridge=myhome-hapac2-01_-_bridge_all \
    broadcast-flood=yes comment=defconf disabled=no edge=auto fast-leave=no \
    frame-types=admit-all horizon=none hw=yes ingress-filtering=yes \
    interface=ether3 internal-path-cost=20000 learn=auto multicast-router=\
    temporary-query mvrp-applicant-state=normal-participant \
    mvrp-registrar-state=normal path-cost=20000 point-to-point=auto priority=\
    0x80 pvid=1 restricted-role=no restricted-tcn=no tag-stacking=no trusted=\
    no unknown-multicast-flood=yes unknown-unicast-flood=yes
add auto-isolate=no bpdu-guard=no bridge=myhome-hapac2-01_-_bridge_all \
    broadcast-flood=yes comment=defconf disabled=no edge=auto fast-leave=no \
    frame-types=admit-all horizon=none hw=yes ingress-filtering=yes \
    interface=ether4 internal-path-cost=20000 learn=auto multicast-router=\
    temporary-query mvrp-applicant-state=normal-participant \
    mvrp-registrar-state=normal path-cost=20000 point-to-point=auto priority=\
    0x80 pvid=1 restricted-role=no restricted-tcn=no tag-stacking=no trusted=\
    no unknown-multicast-flood=yes unknown-unicast-flood=yes
add auto-isolate=no bpdu-guard=no bridge=myhome-hapac2-01_-_bridge_all \
    broadcast-flood=yes comment=defconf disabled=no edge=auto fast-leave=no \
    frame-types=admit-all horizon=none hw=yes ingress-filtering=yes \
    interface=ether5 internal-path-cost=20000 learn=auto multicast-router=\
    temporary-query mvrp-applicant-state=normal-participant \
    mvrp-registrar-state=normal path-cost=20000 point-to-point=auto priority=\
    0x80 pvid=1 restricted-role=no restricted-tcn=no tag-stacking=no trusted=\
    no unknown-multicast-flood=yes unknown-unicast-flood=yes
add auto-isolate=no bpdu-guard=no bridge=myhome-hapac2-01_-_bridge_all \
    broadcast-flood=yes comment=defconf disabled=no edge=auto fast-leave=no \
    frame-types=admit-all horizon=none hw=yes ingress-filtering=yes \
    interface=wifi1 internal-path-cost=20000 learn=auto multicast-router=\
    temporary-query mvrp-applicant-state=normal-participant \
    mvrp-registrar-state=normal path-cost=20000 point-to-point=auto priority=\
    0x80 pvid=10 restricted-role=no restricted-tcn=no tag-stacking=no trusted=\
    no unknown-multicast-flood=yes unknown-unicast-flood=yes
add auto-isolate=no bpdu-guard=no bridge=myhome-hapac2-01_-_bridge_all \
    broadcast-flood=yes comment=defconf disabled=no edge=auto fast-leave=no \
    frame-types=admit-all horizon=none hw=yes ingress-filtering=yes \
    interface=wifi2 internal-path-cost=20000 learn=auto multicast-router=\
    temporary-query mvrp-applicant-state=normal-participant \
    mvrp-registrar-state=normal path-cost=20000 point-to-point=auto priority=\
    0x80 pvid=10 restricted-role=no restricted-tcn=no tag-stacking=no trusted=\
    no unknown-multicast-flood=yes unknown-unicast-flood=yes
add auto-isolate=no bpdu-guard=no bridge=myhome-hapac2-01_-_bridge_all \
    broadcast-flood=yes comment=defconf disabled=no edge=auto fast-leave=no \
    frame-types=admit-all horizon=none hw=yes ingress-filtering=yes \
    interface=wifi1-s internal-path-cost=20000 learn=auto multicast-router=\
    temporary-query mvrp-applicant-state=normal-participant \
    mvrp-registrar-state=normal path-cost=20000 point-to-point=auto priority=\
    0x80 pvid=20 restricted-role=no restricted-tcn=no tag-stacking=no trusted=\
    no unknown-multicast-flood=yes unknown-unicast-flood=yes
add auto-isolate=no bpdu-guard=no bridge=myhome-hapac2-01_-_bridge_all \
    broadcast-flood=yes comment=defconf disabled=no edge=auto fast-leave=no \
    frame-types=admit-all horizon=none hw=yes ingress-filtering=yes \
    interface=wifi2-s internal-path-cost=20000 learn=auto multicast-router=\
    temporary-query mvrp-applicant-state=normal-participant \
    mvrp-registrar-state=normal path-cost=20000 point-to-point=auto priority=\
    0x80 pvid=20 restricted-role=no restricted-tcn=no tag-stacking=no trusted=\
    no unknown-multicast-flood=yes unknown-unicast-flood=yes
/interface wifi cap
set discovery-interfaces=myhome-hapac2-01_-_bridge_all enabled=yes \
    slaves-static=yes
/interface wifi capsman
set enabled=no
/ip dhcp-client
add add-default-route=yes comment=defconf default-route-distance=1 \
    dhcp-options=hostname,clientid disabled=no interface=\
    myhome-hapac2-01_-_bridge_all use-peer-dns=yes use-peer-ntp=yes
/ip dns
set address-list-extra-time=0s allow-remote-requests=no cache-max-ttl=1w \
    cache-size=1024KiB doh-max-concurrent-queries=50 \
    doh-max-server-connections=5 doh-timeout=5s max-concurrent-queries=100 \
    max-concurrent-tcp-sessions=20 max-udp-packet-size=4096 \
    mdns-repeat-ifaces="" query-server-timeout=2s query-total-timeout=10s \
    servers="" use-doh-server="" verify-doh-cert=no vrf=main
/routing igmp-proxy
set query-interval=2m5s query-response-interval=10s quick-leave=no
/routing settings
set single-process=no
/system identity
set name=myhome-hapac2-01
/system ntp client
set enabled=yes mode=multicast servers="" vrf=main
/interface ethernet switch
set switch1 switch-all-ports=yes
/interface/ethernet/switch/port
set ether1 vlan-header=leave-as-is
set ether2 vlan-header=leave-as-is
set ether3 vlan-header=leave-as-is
set ether4 vlan-header=leave-as-is
set ether5 vlan-header=leave-as-is

Beware that above configuration uses long path cost.
VLAN 10: devices using the master interfaces (for example the non IoT devices)
VLAN 20: devices using the slave (virtual) interfaces (for example the IoT devices)

Edit: typo.

5

I have used the term AP and SSID interchangeably and incorrectly. My apologies.

While continually looking at the debug logs I came across this line:

lease offered, addressed to me

Could this be a routing issue then? While good practice, I don’t think setting vlans will solve the dhcp issue? Mostly because the consumer grade routers will not support it.

Excellent news on the ac2 support! I will definitely give that a go asap.

As an additional question, will setting the country as Singapore not automatically limit the power and frequencies to within regulations?

6

I’ve moved to CAPsMAN with separate SSIDs, as well as CAPsMAN using the same SSID and I’ve also done a full reset on all my boards, running on a plain install (for everything except the ip address), and I’ve also done a full reset with only restoring the main controller with selective script commands in the terminal (leases). The problem still persisted.

My understanding is that it’s an L2 routing problem based on some features that were added to prevent against an app called MacStealer.

What solved the problem for me was to change the Connect Priority in Wifi/Security from 0/0 to 0/1 and to disable WPA3 and rely solely on WPA2. I also disabled (unset) “Station Roaming” in Wifi/Configuration which should not have been a problem as it’s in AP mode but you never know. FT and FToverDS are also enabled.

It should be noted that this is still running via CAPsMAN .

In addition to that, while I am now using the same SSID for all my APs, via CAPsMAN, I am also running those old separate SSIDs while I transition my devices to the new one. The problem is not solved there. I repeat, roaming on ‘MyWifiSSID’ between APs now works but ‘MyWifiSSID-Kitchen’ to ‘MyWifiSSID-Bedroom’ still does not. The same issue with no DHCP being received remains. Setting the IP to static also does not work still. A not very long but decent amount of time must still pass for (I guess) the routing table to be updated.

Through Providence, I have managed to acquire another AX3 so right now, I’m running 2 AX3s, an AX2, and an AC2 (thank’s un9edsda) with this setup. I have managed to drop the the other TP-Links and Linksys routers from my install. I do have one more AP I need to install but I am ok with that being a completely separate SSID (to sidestep this routing issue) and manually manage it (if I can’t source another Mikrotik).

I am still convinced there is something wrong with my config but as starting from a near bare install still produced the same issue, I really am just relieved that it’s working now. I am quite disappointed that such a basic function requires such extensive research and configuration but I won’t dwell on it because it’s well past time to move on. If someone in the future figures out what went wrong, please do reply to this message.

The other solution for anyone reading this is to use randomised MAC addresses on your devices but say goodbye to your static assignments.