Stuck with new wifi-"capsman"

Hi,

I had 2 “wireless” (=older) devices running as accesspoints, my crs328 did the job as capsman (controller).
Now I wanted to switch to newer accesspoints and bought 2 cAPGi-5HaxD2HaxD
In one thread I read that I could use old and new capsman together, but it didn’t work, so I canceled capsman on the crs328 and started the new wifi package on my VM.
That worked so far, I come (with my configuration settings for wifi) to the point where my first accesspoint “knows” that it is managed by my capsman.
My problem now is, that the accesspoint doesn’t start showing the SSID, and both of the entries in chapter “WiFi” are empty so far; just showing wifi1 and wifi2, but empty.

On my first accesspoint:

[admin@MikroTik] /interface/wifi> export
# 2024-06-11 15:47:07 by RouterOS 7.15.1
# software id = 9J12-2RZ6
#
# model = cAPGi-5HaxD2HaxD
# serial number = ***
/interface wifi
# managed by CAPsMAN
set [ find default-name=wifi1 ] configuration.manager=capsman-or-local .mode=ap datapath=capdp
# managed by CAPsMAN
set [ find default-name=wifi2 ] configuration.manager=capsman datapath=capdp
/interface wifi cap
set caps-man-addresses=10.43.210.254 discovery-interfaces=LAN-Bridge enabled=yes slaves-datapath=capdp
/interface wifi datapath
add bridge=LAN-Bridge comment=defconf disabled=no name=capdp

On the VM:

# 2024-06-11 15:48:56 by RouterOS 7.15
# software id = 
#
/interface wifi
add name=cap-wifi1 radio-mac=D4:01:C3:94:99:A2
add name=cap-wifi2 radio-mac=D4:01:C3:94:99:A1
/interface wifi channel
add band=5ghz-n disabled=no frequency=2300-7300 name=channel1 skip-dfs-channels=all width=20mhz
add band=2ghz-n disabled=no frequency=2300-7300 name=channel2 skip-dfs-channels=all width=20mhz
/interface wifi datapath
add bridge=LAN-Bridge disabled=no name=datapath1 vlan-id=1
/interface wifi security
add authentication-types=wpa2-psk disabled=no name=R403-Wifi6-security
/interface wifi configuration
add channel=channel1 country=Austria datapath=datapath1 datapath.bridge=LAN-Bridge disabled=no manager=capsman mode=ap name=R403-Wifi6 security=R403-Wifi6-security security.ft=no ssid=R403-Wifi6
add channel=channel2 country=Austria datapath=datapath1 disabled=no mode=ap name=R403-Wifi.alt security=R403-Wifi6-security ssid=R403-Wifi.alt
/interface wifi capsman
set ca-certificate=auto certificate=auto enabled=yes interfaces=LAN-Bridge package-path="" require-peer-certificate=no upgrade-policy=none
/interface wifi provisioning
add action=create-enabled disabled=no master-configuration=R403-Wifi6 radio-mac=00:00:00:00:00:00

I compared the config with a lot of guides, but I cannot see “the” mistake. I know there can be improvements, but at first I wanted to see wifi and do a first simple test with my enduser devices.

added
(1) on the capsman controller I see the accesspoint under “remote cap”
(2) instead provisioning as “create enabled” I also tested dynamically
(3) on the controller I also see 2 cap-interfaces cap-wifi1 and cap-wifi2
(4) this vm is my main router / firewall / … I have a rule to allow any traffic within the subnet, so incoming and outgoing within the local lan is (should be, if I didn’t a mistake) allowed.

I’m thankful for anykind of help!
Erik

oh, just as additional info: the second config “r403.alt” (english “old”) is deactivated at the moment (not in provisioning list). Wanted to narrow down, but I’m not sure if this is useful.

Tha CAPs config isn’t complete, did you remove anything from it?
If not, please reset the device to CAPS Mode (/system/reset configuration).
Otherwise, please post full config.

In regards to your server, start from a bare minimum:

#create a security profile
/interface wifi security
add authentication-types=wpa2-psk name=sec1 passphrase=*****************
 
#create configuraiton profiles to use for provisioning
/interface wifi configuration
add country=Austria name=config security=sec1 ssid=R403-Wifi6
 
#configure provisioning rules, configure band matching as needed
/interface wifi provisioning
add action=create-dynamic-enabled master-configuration=config supported-bands=5ghz-n
# might be redundant when leaving supported-bands behind, not sure if possible
add action=create-dynamic-enabled master-configuration=config supported-bands=2ghz-n 

#enable CAPsMAN service
/interface wifi capsman
set ca-certificate=auto enabled=yes

The documentation might be usefull:
https://help.mikrotik.com/docs/display/ROS/WiFi#WiFi-CAPsMAN-CAPsimpleconfigurationexample:

Hi Erlinden,

Thanks for the link to the manual, I used it as the primary source for my work… so I don’t see where I made the mistake…

yes, both CAPS are just bought, out of the box, reset to CAPS mode, and configured like the manual says (of course with my IP etc..)

(The second isn’t even visible for winbox, but that’s another issue.)

The config from the one that I can manage:

[admin@MikroTik] > export verbose 
# 2024-06-12 08:49:16 by RouterOS 7.15.1
# software id = 9J12-2RZ6
#
# model = cAPGi-5HaxD2HaxD
# serial number = ***
/interface bridge
add admin-mac=D4:01:C3:94:99:9F ageing-time=5m arp=enabled arp-timeout=auto auto-mac=no comment=defconf dhcp-snooping=no disabled=no \
    fast-forward=yes forward-delay=15s igmp-snooping=no max-message-age=20s mtu=auto mvrp=no name=bridgeLocal port-cost-mode=long priority=\
    0x8000 protocol-mode=rstp transmit-hold-count=6 vlan-filtering=no
/interface ethernet
set [ find default-name=ether1 ] advertise=10M-baseT-half,10M-baseT-full,100M-baseT-half,100M-baseT-full,1G-baseT-half,1G-baseT-full arp=\
    enabled arp-timeout=auto auto-negotiation=yes bandwidth=unlimited/unlimited disabled=no l2mtu=1568 loop-protect=default \
    loop-protect-disable-time=5m loop-protect-send-interval=5s mac-address=D4:01:C3:94:99:9F mtu=1500 name=ether1 orig-mac-address=\
    D4:01:C3:94:99:9F rx-flow-control=off tx-flow-control=off
set [ find default-name=ether2 ] advertise=10M-baseT-half,10M-baseT-full,100M-baseT-half,100M-baseT-full,1G-baseT-half,1G-baseT-full arp=\
    enabled arp-timeout=auto auto-negotiation=yes bandwidth=unlimited/unlimited disabled=no l2mtu=1568 loop-protect=default \
    loop-protect-disable-time=5m loop-protect-send-interval=5s mac-address=D4:01:C3:94:99:A0 mtu=1500 name=ether2 orig-mac-address=\
    D4:01:C3:94:99:A0 poe-out=auto-on poe-priority=10 power-cycle-interval=none !power-cycle-ping-address power-cycle-ping-enabled=no \
    !power-cycle-ping-timeout rx-flow-control=off tx-flow-control=off
/queue interface
set bridgeLocal queue=no-queue
/interface ethernet switch
set 0 !cpu-flow-control mirror-source=none mirror-target=none name=switch1
/interface ethernet switch port
set 0 default-vlan-id=0
set 1 default-vlan-id=0
set 2 default-vlan-id=0
/interface ethernet switch port-isolation
set 0 !forwarding-override
set 1 !forwarding-override
set 2 !forwarding-override
/interface list
set [ find name=all ] comment="contains all interfaces" exclude="" include="" name=all
set [ find name=none ] comment="contains no interfaces" exclude="" include="" name=none
set [ find name=dynamic ] comment="contains dynamic interfaces" exclude="" include="" name=dynamic
set [ find name=static ] comment="contains static interfaces" exclude="" include="" name=static
/interface lte apn
set [ find default=yes ] add-default-route=yes apn=internet authentication=none default-route-distance=2 ip-type=auto name=default \
    use-network-apn=yes use-peer-dns=yes
/interface macsec profile
set [ find default-name=default ] name=default server-priority=10
/interface wifi datapath
add bridge=bridgeLocal comment=defconf disabled=no name=capdp
/interface wifi
# no connection to CAPsMAN
add arp-timeout=auto configuration.manager=capsman datapath=capdp disabled=yes mac-address=D4:01:C3:94:99:A1 name=wifi1 radio-mac=\
    D4:01:C3:94:99:A1
# no connection to CAPsMAN
add arp-timeout=auto configuration.manager=capsman datapath=capdp disabled=yes mac-address=D4:01:C3:94:99:A2 name=wifi2 radio-mac=\
    D4:01:C3:94:99:A2
/ip dhcp-client option
set clientid_duid code=61 name=clientid_duid value="0xff\$(CLIENT_DUID)"
set clientid code=61 name=clientid value="0x01\$(CLIENT_MAC)"
set hostname code=12 name=hostname value="\$(HOSTNAME)"
/ip hotspot profile
set [ find default=yes ] dns-name="" hotspot-address=0.0.0.0 html-directory=hotspot html-directory-override="" http-cookie-lifetime=3d \
    http-proxy=0.0.0.0:0 install-hotspot-queue=no login-by=cookie,http-chap name=default smtp-server=0.0.0.0 split-user-domain=no use-radius=\
    no
/ip hotspot user profile
set [ find default=yes ] add-mac-cookie=yes address-list="" idle-timeout=none !insert-queue-before keepalive-timeout=2m mac-cookie-timeout=3d \
    name=default !parent-queue !queue-type shared-users=1 status-autorefresh=1m transparent-proxy=no
/ip ipsec mode-config
set [ find default=yes ] name=request-only responder=no use-responder-dns=exclusively
/ip ipsec policy group
set [ find default=yes ] name=default
/ip ipsec profile
set [ find default=yes ] dh-group=modp2048,modp1024 dpd-interval=2m dpd-maximum-failures=5 enc-algorithm=aes-128,3des hash-algorithm=sha1 \
    lifetime=1d name=default nat-traversal=yes proposal-check=obey
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha1 disabled=no enc-algorithms=aes-256-cbc,aes-192-cbc,aes-128-cbc lifetime=30m name=default \
    pfs-group=modp1024
/ip smb users
set [ find default=yes ] disabled=no name=guest read-only=yes
/ppp profile
set *0 address-list="" !bridge !bridge-horizon bridge-learning=default !bridge-path-cost !bridge-port-priority change-tcp-mss=yes !dns-server \
    !idle-timeout !incoming-filter !insert-queue-before !interface-list !local-address name=default on-down="" on-up="" only-one=default \
    !outgoing-filter !parent-queue !queue-type !rate-limit !remote-address !session-timeout use-compression=default use-encryption=default \
    use-ipv6=yes use-mpls=default use-upnp=default !wins-server
set *FFFFFFFE address-list="" !bridge !bridge-horizon bridge-learning=default !bridge-path-cost !bridge-port-priority change-tcp-mss=yes \
    !dns-server !idle-timeout !incoming-filter !insert-queue-before !interface-list !local-address name=default-encryption on-down="" on-up="" \
    only-one=default !outgoing-filter !parent-queue !queue-type !rate-limit !remote-address !session-timeout use-compression=default \
    use-encryption=yes use-ipv6=yes use-mpls=default use-upnp=default !wins-server
/queue type
set 0 kind=pfifo name=default pfifo-limit=50
set 1 kind=pfifo name=ethernet-default pfifo-limit=50
set 2 kind=sfq name=wireless-default sfq-allot=1514 sfq-perturb=5
set 3 kind=red name=synchronous-default red-avg-packet=1000 red-burst=20 red-limit=60 red-max-threshold=50 red-min-threshold=10
set 4 kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=5
set 5 kind=pcq name=pcq-upload-default pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=10s pcq-classifier=src-address \
    pcq-dst-address-mask=32 pcq-dst-address6-mask=128 pcq-limit=50KiB pcq-rate=0 pcq-src-address-mask=32 pcq-src-address6-mask=128 \
    pcq-total-limit=2000KiB
set 6 kind=pcq name=pcq-download-default pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=10s pcq-classifier=dst-address \
    pcq-dst-address-mask=32 pcq-dst-address6-mask=128 pcq-limit=50KiB pcq-rate=0 pcq-src-address-mask=32 pcq-src-address6-mask=128 \
    pcq-total-limit=2000KiB
set 7 kind=none name=only-hardware-queue
set 8 kind=mq-pfifo mq-pfifo-limit=50 name=multi-queue-ethernet-default
set 9 kind=pfifo name=default-small pfifo-limit=10
/queue interface
set ether1 queue=only-hardware-queue
set ether2 queue=only-hardware-queue
# no connection to CAPsMAN
set wifi1 queue=wireless-default
# no connection to CAPsMAN
set wifi2 queue=wireless-default
/routing bgp template
set default as=65530 name=default
/snmp community
set [ find default=yes ] addresses=::/0 authentication-protocol=MD5 disabled=no encryption-protocol=DES name=public read-access=yes security=\
    none write-access=no
/system logging action
set 0 memory-lines=1000 memory-stop-on-full=no name=memory target=memory
set 1 disk-file-count=2 disk-file-name=log disk-lines-per-file=1000 disk-stop-on-full=no name=disk target=disk
set 2 name=echo remember=yes target=echo
set 3 bsd-syslog=no name=remote remote=0.0.0.0 remote-port=514 src-address=0.0.0.0 syslog-facility=daemon syslog-severity=auto \
    syslog-time-format=bsd-syslog target=remote
/user group
set read name=read policy=local,telnet,ssh,reboot,read,test,winbox,password,web,sniff,sensitive,api,romon,rest-api,!ftp,!write,!policy skin=\
    default
set write name=write policy=local,telnet,ssh,reboot,read,write,test,winbox,password,web,sniff,sensitive,api,romon,rest-api,!ftp,!policy skin=\
    default
set full name=full policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,rest-api skin=\
    default
/certificate settings
set crl-download=no crl-store=ram crl-use=no
/console settings
set sanitize-names=no
/disk settings
set auto-media-interface=none auto-media-sharing=no auto-smb-sharing=no auto-smb-user=guest
/ip smb
set comment=MikrotikSMB domain=MSHOME enabled=auto interfaces=all
/interface bridge port
add auto-isolate=no bpdu-guard=no bridge=bridgeLocal broadcast-flood=yes comment=defconf disabled=no edge=auto fast-leave=no frame-types=\
    admit-all horizon=none hw=yes ingress-filtering=yes interface=ether1 !internal-path-cost learn=auto multicast-router=temporary-query \
    mvrp-applicant-state=normal-participant mvrp-registrar-state=normal !path-cost point-to-point=auto priority=0x80 pvid=1 restricted-role=no \
    restricted-tcn=no tag-stacking=no trusted=no unknown-multicast-flood=yes unknown-unicast-flood=yes
add auto-isolate=no bpdu-guard=no bridge=bridgeLocal broadcast-flood=yes comment=defconf disabled=no edge=auto fast-leave=no frame-types=\
    admit-all horizon=none hw=yes ingress-filtering=yes interface=ether2 !internal-path-cost learn=auto multicast-router=temporary-query \
    mvrp-applicant-state=normal-participant mvrp-registrar-state=normal !path-cost point-to-point=auto priority=0x80 pvid=1 restricted-role=no \
    restricted-tcn=no tag-stacking=no trusted=no unknown-multicast-flood=yes unknown-unicast-flood=yes
/interface bridge port-controller
# disabled
set bridge=none cascade-ports="" switch=none
/interface bridge port-extender
# disabled
set control-ports="" excluded-ports="" switch=none
/interface bridge settings
set allow-fast-path=yes use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=no
/ip firewall connection tracking
set enabled=auto generic-timeout=10m icmp-timeout=10s loose-tcp-tracking=yes tcp-close-timeout=10s tcp-close-wait-timeout=10s \
    tcp-established-timeout=1d tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s tcp-max-retrans-timeout=5m tcp-syn-received-timeout=5s \
    tcp-syn-sent-timeout=5s tcp-time-wait-timeout=10s tcp-unacked-timeout=5m udp-stream-timeout=3m udp-timeout=30s
/ip neighbor discovery-settings
set discover-interface-list=static lldp-mac-phy-config=no lldp-max-frame-size=no lldp-med-net-policy-vlan=disabled lldp-poe-power=yes mode=\
    tx-and-rx protocol=cdp,lldp,mndp
/ip settings
set accept-redirects=no accept-source-route=no allow-fast-path=yes arp-timeout=30s icmp-rate-limit=10 icmp-rate-mask=0x1818 ip-forward=yes \
    max-neighbor-entries=16384 rp-filter=no secure-redirects=yes send-redirects=yes tcp-syncookies=no
/ipv6 settings
set accept-redirects=yes-if-forwarding-disabled accept-router-advertisements=yes-if-forwarding-disabled disable-ipv6=no forward=yes \
    max-neighbor-entries=14336
/interface detect-internet
set detect-interface-list=none internet-interface-list=none lan-interface-list=none wan-interface-list=none
/interface l2tp-server server
set accept-proto-version=all accept-pseudowire-type=all allow-fast-path=no authentication=pap,chap,mschap1,mschap2 caller-id-type=ip-address \
    default-profile=default-encryption enabled=no keepalive-timeout=30 l2tpv3-circuit-id="" l2tpv3-cookie-length=0 l2tpv3-digest-hash=md5 \
    !l2tpv3-ether-interface-list max-mru=1450 max-mtu=1450 max-sessions=unlimited mrru=disabled one-session-per-host=no use-ipsec=no
/interface lte settings
set firmware-path=firmware mode=auto
/interface ovpn-server server
set auth=sha1,md5,sha256,sha512 certificate=*0 cipher=blowfish128,aes128-cbc default-profile=default enable-tun-ipv6=no enabled=no \
    ipv6-prefix-len=64 keepalive-timeout=60 mac-address=FE:2C:AD:71:C5:94 max-mtu=1500 mode=ip netmask=24 port=1194 protocol=tcp push-routes=\
    "" redirect-gateway=disabled reneg-sec=3600 require-client-certificate=no tls-version=any tun-server-ipv6=::
/interface pptp-server server
# PPTP connections are considered unsafe, it is suggested to use a more modern VPN protocol instead
set authentication=mschap1,mschap2 default-profile=default-encryption enabled=no keepalive-timeout=30 max-mru=1450 max-mtu=1450 mrru=disabled
/interface sstp-server server
set authentication=pap,chap,mschap1,mschap2 certificate=none ciphers=aes256-sha,aes256-gcm-sha384 default-profile=default enabled=no \
    keepalive-timeout=60 max-mru=1500 max-mtu=1500 mrru=disabled pfs=no port=443 tls-version=any verify-client-certificate=no
/interface wifi cap
set caps-man-addresses=10.43.210.254 certificate=request discovery-interfaces=bridgeLocal enabled=yes slaves-datapath=capdp
/interface wifi capsman
set enabled=no
/ip cloud
set back-to-home-vpn=revoked-and-disabled ddns-enabled=no ddns-update-interval=none update-time=yes
/ip cloud advanced
set use-local-address=no
/ip dhcp-client
add add-default-route=yes comment=defconf default-route-distance=1 dhcp-options=hostname,clientid disabled=no interface=bridgeLocal \
    use-peer-dns=yes use-peer-ntp=yes
/ip dhcp-server config
set accounting=yes interim-update=0s radius-password=empty store-leases-disk=5m
/ip dns
set address-list-extra-time=0s allow-remote-requests=no cache-max-ttl=1w cache-size=2048KiB doh-max-concurrent-queries=50 \
    doh-max-server-connections=5 doh-timeout=5s max-concurrent-queries=100 max-concurrent-tcp-sessions=20 max-udp-packet-size=4096 \
    query-server-timeout=2s query-total-timeout=10s servers="" use-doh-server="" verify-doh-cert=no vrf=main
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=yes ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061 sip-direct-media=yes sip-timeout=1h
set pptp disabled=no
set rtsp disabled=yes ports=554
set udplite disabled=no
set dccp disabled=no
set sctp disabled=no
/ip hotspot service-port
set ftp disabled=no ports=21
/ip hotspot user
set [ find default=yes ] comment="counters and limits for trial users" disabled=no name=default-trial
/ip ipsec policy
set 0 disabled=no dst-address=::/0 group=default proposal=default protocol=all src-address=::/0 template=yes
/ip ipsec settings
set accounting=yes interim-update=0s xauth-use-radius=no
/ip media settings
set thumbnails=""
/ip nat-pmp
set enabled=no
/ip proxy
set always-from-cache=no anonymous=no cache-administrator=webmaster cache-hit-dscp=4 cache-on-disk=no cache-path=web-proxy enabled=no \
    max-cache-object-size=2048KiB max-cache-size=unlimited max-client-connections=600 max-fresh-time=3d max-server-connections=600 \
    parent-proxy=:: parent-proxy-port=0 port=8080 serialize-connections=no src-address=::
/ip service
set telnet address="" disabled=no port=23 vrf=main
set ftp address="" disabled=no port=21
set www address="" disabled=no port=80 vrf=main
set ssh address="" disabled=no port=22 vrf=main
set www-ssl address="" certificate=none disabled=yes port=443 tls-version=any vrf=main
set api address="" disabled=no port=8728 vrf=main
set winbox address="" disabled=no port=8291 vrf=main
set api-ssl address="" certificate=none disabled=no port=8729 tls-version=any vrf=main
/ip smb shares
set [ find default=yes ] directory=pub disabled=yes invalid-users="" name=pub read-only=no require-encryption=no valid-users=""
/ip socks
set auth-method=none connection-idle-timeout=2m enabled=no max-connections=200 port=1080 version=4 vrf=main
/ip ssh
set allow-none-crypto=no always-allow-password-login=no forwarding-enabled=no host-key-size=2048 host-key-type=rsa strong-crypto=no
/ip tftp settings
set max-block-size=4096
/ip traffic-flow
set active-flow-timeout=30m cache-entries=128k enabled=no inactive-flow-timeout=15s interfaces=all packet-sampling=no sampling-interval=0 \
    sampling-space=0
/ip traffic-flow ipfix
set bytes=yes dst-address=yes dst-address-mask=yes dst-mac-address=yes dst-port=yes first-forwarded=yes gateway=yes icmp-code=yes icmp-type=\
    yes igmp-type=yes in-interface=yes ip-header-length=yes ip-total-length=yes ipv6-flow-label=yes is-multicast=yes last-forwarded=yes \
    nat-dst-address=yes nat-dst-port=yes nat-events=no nat-src-address=yes nat-src-port=yes out-interface=yes packets=yes protocol=yes \
    src-address=yes src-address-mask=yes src-mac-address=yes src-port=yes sys-init-time=yes tcp-ack-num=yes tcp-flags=yes tcp-seq-num=yes \
    tcp-window-size=yes tos=yes ttl=yes udp-length=yes
/ip upnp
set allow-disable-external-interface=no enabled=no show-dummy-rule=yes
/ipv6 nd
set [ find default=yes ] advertise-dns=yes advertise-mac-address=yes disabled=no dns="" hop-limit=unspecified interface=all \
    managed-address-configuration=no mtu=unspecified other-configuration=no pref64="" ra-delay=3s ra-interval=3m20s-10m ra-lifetime=30m \
    ra-preference=medium reachable-time=unspecified retransmit-interval=unspecified
/ipv6 nd prefix default
set autonomous=yes preferred-lifetime=1w valid-lifetime=4w2d
/mpls settings
set allow-fast-path=yes dynamic-label-range=16-1048575 propagate-ttl=yes
/ppp aaa
set accounting=yes enable-ipv6-accounting=no interim-update=0s use-circuit-id-in-nas-port-id=no use-radius=no
/radius incoming
set accept=no port=3799 vrf=main
/routing igmp-proxy
set query-interval=2m5s query-response-interval=10s quick-leave=no
/routing settings
set single-process=no
/snmp
set contact="" enabled=no engine-id-suffix="" location="" src-address=:: trap-community=public trap-generators=temp-exception trap-target="" \
    trap-version=1 vrf=main
/system clock
set time-zone-autodetect=yes time-zone-name=Europe/Vienna
/system clock manual
set dst-delta=+00:00 dst-end="1970-01-01 00:00:00" dst-start="1970-01-01 00:00:00" time-zone=+00:00
/system identity
set name=MikroTik
/system leds
set 0 disabled=no leds=poe-led type=poe-out
/system leds settings
set all-leds-off=never
/system logging
set 0 action=memory disabled=no prefix="" topics=info
set 1 action=memory disabled=no prefix="" topics=error
set 2 action=memory disabled=no prefix="" topics=warning
set 3 action=echo disabled=no prefix="" topics=critical
/system note
set note="" show-at-cli-login=no show-at-login=no
/system ntp client
set enabled=no mode=unicast servers="" vrf=main
/system ntp server
set auth-key=none broadcast=no broadcast-addresses="" enabled=no local-clock-stratum=5 manycast=no multicast=no use-local-clock=no vrf=main
/system resource irq
set 0 cpu=auto
set 1 cpu=auto
set 2 cpu=auto
set 3 cpu=auto
set 4 cpu=auto
set 5 cpu=auto
set 6 cpu=auto
set 7 cpu=auto
set 8 cpu=auto
set 9 cpu=auto
set 10 cpu=auto
set 11 cpu=auto
set 12 cpu=auto
set 13 cpu=auto
set 14 cpu=auto
set 15 cpu=auto
set 16 cpu=auto
set 17 cpu=auto
set 18 cpu=auto
set 19 cpu=auto
set 20 cpu=auto
set 21 cpu=auto
set 22 cpu=auto
set 23 cpu=auto
set 24 cpu=auto
set 25 cpu=auto
set 26 cpu=auto
set 27 cpu=auto
set 28 cpu=auto
set 29 cpu=auto
set 30 cpu=auto
set 31 cpu=auto
set 32 cpu=auto
set 33 cpu=auto
set 34 cpu=auto
set 35 cpu=auto
set 36 cpu=auto
set 37 cpu=auto
set 38 cpu=auto
set 39 cpu=auto
set 40 cpu=auto
set 41 cpu=auto
set 42 cpu=auto
set 43 cpu=auto
set 44 cpu=auto
set 45 cpu=auto
set 46 cpu=auto
set 47 cpu=auto
set 48 cpu=auto
/system resource irq rps
set ether1 disabled=yes
set ether2 disabled=yes
/system resource usb settings
set authorization=no
/system routerboard mode-button
set enabled=no hold-time=0s..1m on-event=""
/system routerboard reset-button
set enabled=no hold-time=0s..1m on-event=""
/system routerboard settings
set auto-upgrade=no boot-device=nand-if-fail-then-ethernet boot-protocol=bootp force-backup-booter=no preboot-etherboot=disabled \
    preboot-etherboot-server=any protected-routerboot=disabled reformat-hold-button=20s reformat-hold-button-max=10m silent-boot=no
/system upgrade mirror
set check-interval=1d enabled=no primary-server=0.0.0.0 secondary-server=0.0.0.0 user=""
/system watchdog
set auto-send-supout=no automatic-supout=yes ping-start-after-boot=5m ping-timeout=1m watch-address=none watchdog-timer=yes
/tool bandwidth-server
set allocate-udp-ports-from=2000 authenticate=yes enabled=yes max-sessions=100
/tool e-mail
set from=<> port=25 server=0.0.0.0 tls=no user="" vrf=main
/tool graphing
set page-refresh=300 store-every=5min
/tool mac-server
set allowed-interface-list=all
/tool mac-server mac-winbox
set allowed-interface-list=all
/tool mac-server ping
set enabled=yes
/tool romon
set enabled=no id=00:00:00:00:00:00
/tool romon port
set [ find default=yes ] cost=100 disabled=no forbid=no interface=all
/tool sms
set allowed-number="" channel=0 port=none receive-enabled=no sms-storage=sim
/tool sniffer
set file-limit=1000KiB file-name="" filter-cpu="" filter-direction=any filter-dst-ip-address="" filter-dst-ipv6-address="" \
    filter-dst-mac-address="" filter-dst-port="" filter-interface="" filter-ip-address="" filter-ip-protocol="" filter-ipv6-address="" \
    filter-mac-address="" filter-mac-protocol="" filter-operator-between-entries=or filter-port="" filter-size="" filter-src-ip-address="" \
    filter-src-ipv6-address="" filter-src-mac-address="" filter-src-port="" filter-stream=no filter-vlan="" memory-limit=100KiB memory-scroll=\
    yes only-headers=no quick-rows=20 quick-show-frame=no streaming-enabled=no streaming-server=0.0.0.0:37008
/tool traffic-generator
set latency-distribution-max=100us measure-out-of-order=no stats-samples-to-keep=100 test-id=0
/user aaa
set accounting=yes default-group=read exclude-groups="" interim-update=0s use-radius=no
/user settings
set minimum-categories=0 minimum-password-length=0

Can you please do a standard export instead of verbose?

done. Checked the config in winbox, seems identical, but the accesspoints didn't see capsman anymore.
Played around with the interface, and at some point the accesspoint changed to "managed by capsman". But there's still no wifi.

Standard export from the cAP ax:

[admin@MikroTik] > export        
# 2024-06-12 09:14:20 by RouterOS 7.15.1
# software id = 9J12-2RZ6
#
# model = cAPGi-5HaxD2HaxD
# serial number = **
/interface bridge
add admin-mac=D4:01:C3:94:99:9F auto-mac=no comment=defconf name=bridgeLocal
/interface wifi datapath
add bridge=bridgeLocal comment=defconf disabled=no name=capdp
/interface wifi
# managed by CAPsMAN
set [ find default-name=wifi1 ] configuration.manager=capsman datapath=capdp
# managed by CAPsMAN
set [ find default-name=wifi2 ] configuration.manager=capsman datapath=capdp
/interface bridge port
add bridge=bridgeLocal comment=defconf interface=ether1
add bridge=bridgeLocal comment=defconf interface=ether2
/interface wifi cap
set caps-man-addresses=10.43.210.254 discovery-interfaces=bridgeLocal enabled=yes slaves-datapath=capdp
/ip dhcp-client
add comment=defconf interface=bridgeLocal
/system clock
set time-zone-name=Europe/Vienna
/system note
set show-at-login=no

Did you do this manually on the CAPsMAN?

/interface wifi
add name=cap-wifi1 radio-mac=D4:01:C3:94:99:A2
add name=cap-wifi2 radio-mac=D4:01:C3:94:99:A1

no.
Those are the 2 mac adresses from the first cAP ax... in the gui they appeared after the ap sees the capsman...

Try to remove radio-mac

/interface wifi provisioning
add action=create-enabled disabled=no master-configuration=R403-Wifi6 radio-mac=00:00:00:00:00:00

radio-mac (MAC address) MAC address of radio to be matched. No default value.

???
//EDIT: I understand, you took that info from the original configuration, which I replaced with the suggested simple one. In the current config is no 00:…00 anymore. It’s empty.

[admin@VM-Router-R403] /interface/wifi/provisioning> export
# 2024-06-12 09:32:31 by RouterOS 7.15
# software id = 
#
/interface wifi provisioning
add action=create-dynamic-enabled master-configuration=config supported-bands=\
    5ghz-n
[admin@VM-Router-R403] /interface/wifi/provisioning>

same issue here as with TO - tried your solution with removing mac but no luck still

Hi cbka, which device do you use as capsman?

I saw it here…

ok neki, I got it. Was a little confused because that was an “older” config.

HAP AX^3

ok, so we can say, it doesn’t make a difference if the capsman has its own wireless integrated, or, like my situation, the capsman is a vm with just 2 ethernetports and no own wireless cards.

Can you follow this link by the letter to see if you get it to work:
https://youtu.be/37aff6d14Xk?feature=shared

Can you make all changes and report if it gave a solution, together with the latest config?
And make sure that CAPs can reach the CAPsMAN.

https://youtu.be/37aff6d14Xk?feature=shared

nothing new, I used that source of knowledge as well.
Still I have “SSID not set” in both wifis

SOLUTION (for me)…
on the capsman (!):

• enable capsman as client and set itself as the capsman
• under wifi - wifi delete the 2 wifi entries. They are now recreated automatically, and instantly it gets its own configuration, and the same config moves to the accesspoint.

Now I see my wifi, on 2 and 5 GHz (I didn’t separate the 2 configs for channels, bands or anything, just left everything blank).
But THE trick for me was to delete the 2 entries in wifi → wifi

Now I can play with datapath etc, because I don’t get an ip address…