Requests wrong RSN group cipher

RouterOS Wireless Networking
1

Hello,

I have setup capsman with hap ac^2 devices and a couple of devices connect fine to the wireless network(s).
However my macbook seems to be triggering one odd thing… “2.4Ghz-AP_Basement-1-1 rejected, requests wrong RSN group cipher”.

Google doesn’t say much about that - what can I do ?

Thank you

2

same problem


13:51:55 caps,info 8C:0D:76:F9:AE:3E@cap2-SXT Lite2-1 disconnected, extensive data loss
13:53:25 caps,info 8C:0D:76:F9:AE:3E@cap2-SXT Lite2-1 rejected, requests wrong RSN group cipher
13:53:34 caps,info 8C:0D:76:F9:AE:3E@cap2-SXT Lite2-1 rejected, requests wrong RSN group cipher
13:53:44 caps,info 8C:0D:76:F9:AE:3E@cap2-SXT Lite2-1 rejected, requests wrong RSN group cipher
13:53:54 caps,info 8C:0D:76:F9:AE:3E@cap2-SXT Lite2-1 rejected, requests wrong RSN group cipher
13:54:14 caps,info 8C:0D:76:F9:AE:3E@cap2-hAP lite-1 rejected, requests wrong RSN group cipher
13:54:24 caps,info 8C:0D:76:F9:AE:3E@cap2-hAP lite-1 rejected, requests wrong RSN group cipher
13:54:24 caps,info 8C:0D:76:F9:AE:3E@cap2-SXT Lite2-1 rejected, requests wrong RSN group cipher
13:54:34 caps,info 8C:0D:76:F9:AE:3E@cap2-hAP lite-1 rejected, requests wrong RSN group cipher
13:54:44 caps,info 8C:0D:76:F9:AE:3E@cap2-hAP lite-1 rejected, requests wrong RSN group cipher
13:54:44 caps,info 8C:0D:76:F9:AE:3E@cap2-SXT Lite2-1 rejected, requests wrong RSN group cipher
13:54:56 caps,info 8C:0D:76:F9:AE:3E@cap2-hAP lite-1 rejected, requests wrong RSN group cipher
13:54:56 caps,info 8C:0D:76:F9:AE:3E@cap2-SXT Lite2-1 rejected, requests wrong RSN group cipher
13:55:10 caps,info 8C:0D:76:F9:AE:3E@cap2-hAP lite-1 rejected, requests wrong RSN group cipher
13:55:10 caps,info 8C:0D:76:F9:AE:3E@cap2-SXT Lite2-1 rejected, requests wrong RSN group cipher
13:55:20 caps,info 8C:0D:76:F9:AE:3E@cap2-hAP lite-1 rejected, requests wrong RSN group cipher
13:55:20 caps,info 8C:0D:76:F9:AE:3E@cap2-SXT Lite2-1 rejected, requests wrong RSN group cipher
13:55:30 caps,info 8C:0D:76:F9:AE:3E@cap2-hAP lite-1 rejected, requests wrong RSN group cipher
13:55:30 caps,info 8C:0D:76:F9:AE:3E@cap2-SXT Lite2-1 rejected, requests wrong RSN group cipher
13:55:40 caps,info 8C:0D:76:F9:AE:3E@cap2-hAP lite-1 rejected, requests wrong RSN group cipher
13:55:40 caps,info 8C:0D:76:F9:AE:3E@cap2-SXT Lite2-1 rejected, requests wrong RSN group cipher
13:55:50 caps,info 8C:0D:76:F9:AE:3E@cap2-hAP lite-1 rejected, requests wrong RSN group cipher
13:55:50 caps,info 8C:0D:76:F9:AE:3E@cap2-SXT Lite2-1 rejected, requests wrong RSN group cipher

3

same problem also to me:

20:08:42 caps,info 30:35:AD:AC:28:08@Local-5GHz rejected, requests wrong RSN group cipher 
20:08:42 caps,info 30:35:AD:AC:28:08@Local-2GHz rejected, requests wrong RSN group cipher

My config:
RouterBOARD 962UiGS-5HacT2HnT
RouterOS version: 6.43.14


/caps-man channel
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=XXXX frequency=5320 name=5GHz
add band=2ghz-onlyn control-channel-width=20mhz frequency=2467 name=2GHz
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=XXXX frequency=5180 name=5180
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=Ce frequency=5200 name=5200
/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm,tkip group-encryption=tkip name=key passphrase=b1122334455m
4

@planetcaravan:

Please dont use tkip as cipher if you are using only wpa/wpa2.

Set encryption=aes-ccm and group-encryption=aes-ccm and check if that solves your problem.

@others:
We need to see your configuration. Otherwise we are just guessing into the blue which doesnt help you and just wastes everyones time :wink:

Edit: Just saw this is an older thread. So just ignore the second part..

5

Is it ok?

/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm \
    name=chiave passphrase=b1122334455m
6

As far as i can say: yes. You most likely need to re-provision the clients.

Ps.: Your wpa-passphrase is visible in both of your posts. You maybe want to remove it.

7

Thanks for answer.
The password was fake.
Do I have to remove wifi settings on the clients and add again to the network?

8

I dont think this will be necessary on your client-devices (smartphones, tablets, computers and so on) but on your mikrotik cap-clients. Restarting the caps should be enough. You can always check if the changes have applied on your capsman with the command

/caps-man actual print detail
9

I’ve changed as you suggested:

/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm \
    name=chiave passphrase=b1122334455m

but still got this RSN error:

12:46:08 caps,info D4:F4:6F:BA:01:D6@A-2GHz connected, signal strength -68 
12:59:24 caps,info 30:35:AD:AC:28:08@Local-5GHz rejected, requests wrong RSN group cipher 
12:59:51 caps,info 30:35:AD:AC:28:08@Local-5GHz rejected, requests wrong RSN group cipher 
12:59:51 caps,info 30:35:AD:AC:28:08@Local-2GHz rejected, requests wrong RSN group cipher 
12:59:51 caps,info 30:35:AD:AC:28:08@B-2GHz rejected, requests wrong RSN group cipher
10

Does the actual-interface-configuration show the applied changes? Can you please try to remove the network from one of these wifi-client-devices (for example the apple device 30:35:AD:AC:28:08) and readd it? Just to make sure we are not running after a ghost :slight_smile:

11

Just did what you said. Let’s wait!

12

I have the same problem:
Have 2 devices: RB4011 and wAP AC.
on 4011 log:
caps, info . wAP AC 5g: rejected, requests wrong RSN group cipher

I’m use only WPA2 PSK and aes ccn encryption


/caps-man channel
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=Ce name=\
    channel_5G reselect-interval=1d
add band=2ghz-b/g/n control-channel-width=20mhz name=channel_2G \
    reselect-interval=1d tx-power=15

/caps-man datapath
add bridge=bridge client-to-client-forwarding=yes local-forwarding=no name=\
    datapath1

/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm \
    group-key-update=1h name=security1 passphrase=%PASSWORD%

/caps-man configuration
add channel=channel_2G country=russia datapath=datapath1 mode=ap name=cfg_2G \
    rx-chains=0,1,2,3 security=security1 ssid=MikroTik tx-chains=0,1,2,3
add channel=channel_5G channel.reselect-interval=1d country=russia datapath=\
    datapath1 mode=ap name=cfg_5G rx-chains=0,1,2,3 security=security1 ssid=\
    MikroTik tx-chains=0,1,2,3

/caps-man provisioning
add action=create-dynamic-enabled hw-supported-modes=b,gn \
    master-configuration=cfg_2G
add action=create-dynamic-enabled hw-supported-modes=an,ac \
    master-configuration=cfg_5G




1044	Jan/16/2020 17:26:48	memory	caps, info	00:16:CB:00:2A:68@wAP ac-5G rejected, requests wrong RSN group cipher	
1045	Jan/16/2020 17:27:15	memory	caps, info	00:16:CB:00:2A:68@wAP ac-5G rejected, requests wrong RSN group cipher	
1046	Jan/16/2020 17:28:17	memory	caps, info	00:16:CB:00:2A:68@wAP ac-5G rejected, requests wrong RSN group cipher	
1047	Jan/16/2020 17:28:24	memory	caps, info	00:16:CB:00:2A:68@wAP ac-5G rejected, requests wrong RSN group cipher	
1048	Jan/16/2020 17:29:25	memory	caps, info	00:16:CB:00:2A:68@wAP ac-5G rejected, requests wrong RSN group cipher	
1049	Jan/16/2020 17:31:01	memory	caps, info	00:16:CB:00:2A:68@wAP ac-5G rejected, requests wrong RSN group cipher	
1050	Jan/16/2020 17:31:35	memory	caps, info	00:16:CB:00:2A:68@wAP ac-5G rejected, requests wrong RSN group cipher	
1051	Jan/16/2020 17:32:23	memory	caps, info	00:16:CB:00:2A:68@wAP ac-5G rejected, requests wrong RSN group cipher	
1052	Jan/16/2020 17:33:45	memory	caps, info	00:16:CB:00:2A:68@wAP ac-5G rejected, requests wrong RSN group cipher	
1053	Jan/16/2020 17:34:13	memory	caps, info	00:16:CB:00:2A:68@wAP ac-5G rejected, requests wrong RSN group cipher	
1054	Jan/16/2020 17:34:19	memory	caps, info	00:16:CB:00:2A:68@wAP ac-5G rejected, requests wrong RSN group cipher