Randomly lost lan connectivity

OKNET · March 31, 2025, 2:03pm

Super easy scenario :

Wifi on hAP AX3 side works fine.
Lan machines can always reach both cAP and hAP bridge ip address
On cAP AX side , wifi clients (that result registered on cAP wifi) lose randomly connectivity to LAN machines, but they can still ping cAP bridge ip address.
cAP and hAP are located in different rooms and they have the same SSID/security.
wifi interface are bridged directly to ethernet but I also configured bridge1 as wifi datapath (with bridge dynamic creation of those ports) same issue.
I used this basic configuration sometimes with no issue at all.
Any suggestion please?

erlinden · March 31, 2025, 2:11pm

Can you please share configs?

OKNET · March 31, 2025, 3:03pm

hAP-AX3 :

/interface bridge
add name=bridge1 protocol-mode=none

/interface wifi channel
add disabled=no name=NONDFS skip-dfs-channels=all
/interface wifi datapath
add bridge=bridge1 disabled=no name=datapath1
/interface wifi security
add authentication-types=wpa2-psk disabled=no name=sec1
/interface wifi configuration
add channel=NONDFS country=Italy datapath=datapath1 disabled=no mode=ap name=cfg1 security=sec1 ssid=SSID1
/interface wifi
set [ find default-name=wifi1 ] configuration=cfg1 configuration.mode=ap disabled=no
set [ find default-name=wifi2 ] configuration=cfg1 configuration.mode=ap disabled=no

/ip pool
add name=dhcp_pool_1 ranges=192.168.1.101-192.168.1.200
/ip dhcp-server
add address-pool=dhcp_pool_1 interface=bridge1 lease-time=6h name=dhcp1

/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
/ip address
add address=192.168.1.1/24 interface=bridge1 network=192.168.1.0

/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1

/ip dhcp-client
add interface=ether1
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=192.168.1.1,8.8.8.8 gateway=192.168.1.1

/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4


cAP-AX :

/interface bridge
add name=bridge1 protocol-mode=none

/interface wifi channel
add disabled=no name=NONDFS skip-dfs-channels=all
/interface wifi datapath
add bridge=bridge1 disabled=no name=datapath1
/interface wifi security
add authentication-types=wpa2-psk disabled=no name=sec1
/interface wifi configuration
add channel=NONDFS country=Italy datapath=datapath1 disabled=no mode=ap name=cfg1 security=sec1 ssid=SSID1
/interface wifi
set [ find default-name=wifi1 ] configuration=cfg1 configuration.mode=ap disabled=no
set [ find default-name=wifi2 ] configuration=cfg1 configuration.mode=ap disabled=no

/interface bridge port
add bridge=bridge1 interface=ether1

/ip address
add address=192.168.1.251/24 interface=bridge1 network=192.168.1.0

/ip dns
set servers=192.168.1.1

/ip route
add disabled=no dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-table=main suppress-hw-offload=no

mkx · March 31, 2025, 4:14pm

I think (it could have changed in very recent ROS versions) that when manually configuring wifi interfaces (as opposed to using CAPsMAN), they have to be made btidge ports manually as well.

OKNET · March 31, 2025, 8:44pm

As said it’s an already used rOS 7.1x config without any similar issue, anyway I already configured manually bridge ports without improvement…
I was thinking to a radio side issue but cAP bridge is perfectly pingable once wireless device is registered to cAP itself.
The only (troublesome?) thing is an overlap Wifi area where sometimes same wireless device is registered both sides (hAP And cAP) despite issue is present with device closer to cAP with a much stronger RSSI.

maigonis · April 1, 2025, 2:10pm

STP issues? I see you have turned STP off, but switch in the middle might have it on. We have little to no info about that switch.

OKNET · April 1, 2025, 7:28pm

Switch is an Aruba JL683B with its default configuration, and RSTP enabled.
I never had issues (also with MT devices having STP turned off).