I have bought a RB4011iGS+5HacQ2HnD-IN without doing the prechecks
Not to experienced with Mikrotik product so sorry for novise questions.
Is it possible to get this device to support WPA3? From what I have found after searching is that the 2,4Ghz does not support WPA3, but can I disable the 2.4 and use WPA3 for the 5Ghz? I’m also setting up CAPsman as I have bought three CAP aX wifi 6 devices.
Updated to lates firmware, but not able to enable WPA3 under the capsman security config.
You may have to uninstall wireless driver on the RB4011 and add wifi-qcom-ac.
You will loose 2.4GHz radio on that device but 5GHz radio can be used as local radio with WPA3. Not within capsman. Just a minute …
It will also be able to be used as capsman controller for AX devices.
Now comes the nifty thing … since both local radio and capsman controller are on the same ROS instance (RB4011), seamless roaming between all radios will work.
I’m in the process of setting this up now and see that I forgot to mention that I also have a multi vlan and SSID setup. Is it possible to get the to work? I used same approach as for CAPSman, created a datapath (under WiFi men, missing the Wireless menu), but get a warning that "vlan-id configured, but interface does not support assigning vlans.
I have worked quite a bit with differen network equipment over the years, but struggeling to get my head around “the Mikroti way” of doing things.
Do I then need to create one bridge pr SSID and vlan? or how is the connection from wifi1 to the vlan? I see on my brigde–>port page that I have a interface “wifi1” with a pvid=1, but this is dynamic and I cannot remove or edit pvid.
And further on, I would like to use this RB4011 as CAPsman for several other CAP ax devices. But how to fix this when I don’t have access to CAPsman menu?
If the radio on your RB4011 is being listed as dynamic, it means you have it configured to use capsman ? Set it to manager=local.
For the cAP AX devices, no problem to use datapath pvid setting (provided those devices are set to caps mode, which does have some config changes which are required).
There is no separate capsman menu for wave2 radios. It’s all mixed with wifi settings.
That’s why you can also configure RB4011-5GHz radio local. 95% of the settings will be the same as for other caps devices.
The only difference is you do not set that radio to be capsman controlled and you do not provision.
The oddities are (in short):
Remote CAP - button with capsman to enable capsman function
provision tab - that’s where you set the needed configuration to the required radio
Trying with yet another question, I was finally able to find some time and do the setup of the local radio. I was able to get my primary SSID to run on the vlan I wanted to. But is it possible to have several SSID on different vlans with this setup?
Each slave radio needs to be attached to a master and will take over the physical properties but can have separate SSID and security.
Each of those slave radios will be an interface on its own and then the VLAN game can be applied again.
Just don’t overdo it because each virtual SSID will ultimately result in all SSIDs for that radio to become slower.
I don’t know anymore where I saw it but you really should stop around 10
Thanks for the helpful input, I finally got the radios “local” in my RB4011 to function as wanted. One SSID setup directly on the wifi1 interface and two others as slave config. Is this recommend or is it better to have all three as slaves?
And no I have a different question regarding CAPSman and different VLANs and SSIDs.
The plan is to have three different SSID on three different vlans
I have created all the vlans, ip addressing, DHCP scopes and stuff, verified by assigning each of them to ether port and connect.
In addition have created a fourth vlan for managent of devices. I have moved management of the RB4011 to this, I will in the end have no traffic on vlan1.
