Virtual guest Wi-Fi interface does not appear

RouterOS Wireless Networking
1

When creating a guest Wi-Fi network with CAPsMAN enabled, the virtual guest Wi-Fi interface does not appear.
When creating a guest Wi-Fi network, I first added a bridge, then configured an address pool for the future network and enabled DHCP for it. After that, in CAPsMAN, I added the configuration in the ‘Configuration’ tab, created a new ‘datapath’ for the guest network, configured security settings, and in ‘Provisioning,’ I added a configuration where I specified my ‘Slave configuration.’ Afterward, I went to ‘Remote CAP,’ selected all my access points, and clicked ‘Provision’ CAPsMAN restarts, but the guest Wi-Fi still doesn’t appear. Please advise on what I might have missed or done incorrectly?

2

Too much unknowns …

  • What device are we talking about (capsman controller and caps) ?
  • What ROS version ?
  • What are you doing with bridge where ??

Might be easier to make a small diagram with your setup.
Explain clearly what you are trying to do where.
And then an export of config of both capsman controller and cap device as they are configured when it doesn’t work.

Open terminal
/export file=anynamyouwish
move file to your pc
edit file to obfuscate sensitive info (serial number, public wanip, …)
copy file between code quotes for easier readability
repeat for other device.

3

I tried to remove all mac and wan-addresses, leaving up-to-date information.

# sep/25/2023 09:11:58 by RouterOS 6.49.6
#
# model = RB951Ui-2nD

/caps-man channel
add band=2ghz-g/n control-channel-width=20mhz name=ch_2.4_Auto_40mhz \
    secondary-frequency=disabled tx-power=20
/interface bridge
add admin-mac= auto-mac=no comment=today name=bridge
add name=bridge-GUEST
add name=bridge-wifi

/caps-man datapath
add bridge=bridge client-to-client-forwarding=yes name=datapath_luch
add bridge=bridge-GUEST client-to-client-forwarding=no local-forwarding=no \
    name=datapath-guest
/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm group-key-update=5m \
    name=luch_security passphrase=1234567890
add disable-pmkid=yes name=security-wlan-guest
/caps-man configuration
add channel=ch_2.4_Auto_40mhz country=russia3 datapath=datapath_luch mode=ap \
    name=cfg_2.4G_luch rx-chains=0,1,2 security=luch_security ssid=tk-luch \
    tx-chains=0,1,2
add channel=ch_2.4_Auto_40mhz country=russia3 datapath=datapath-guest mode=ap \
    name=cfg-2.4GHz-guest rx-chains=0,1,2,3 security=security-wlan-guest \
    ssid=guest-luch tx-chains=0,1,2,3
/caps-man interface
add channel.secondary-frequency=disabled configuration=cfg_2.4G_luch \
    disabled=no l2mtu=1600 mac-address= master-interface=\
    none name=nekras-1 radio-mac= radio-name=\
    
add channel.secondary-frequency=disabled configuration=cfg_2.4G_luch \
    disabled=no l2mtu=1600 mac-address= master-interface=\
    none name=nekras-Cap-01-1 radio-mac= \
    radio-name=
add channel.secondary-frequency=disabled configuration=cfg_2.4G_luch \
    disabled=no l2mtu=1600 mac-address= master-interface=\
    none name=nekras-Cap-02-1 radio-mac= \
    radio-name=
/interface list
add comment="WAN interface list" name=WAN
add comment="LAN interface list" name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk eap-methods="" \
    management-protection=allowed mode=dynamic-keys name=luch_security \
    supplicant-identity="" wpa-pre-shared-key=1234567890 wpa2-pre-shared-key=\
    1234567890
/interface wireless
# managed by CAPsMAN
# channel: 2432/20-Ce/gn(18dBm), SSID: tk-luch, CAPsMAN forwarding
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
    country=russia distance=indoors frequency=auto installation=indoor mode=\
    ap-bridge security-profile=luch_security ssid=tk-luch wireless-protocol=\
    802.11
/ip pool
add name=dhcp ranges=192.168.21.10-192.168.21.100
add name=pool-wifi ranges=192.167.21.10-192.167.21.100
add name=dhcp_pool-guest ranges=192.166.21.11-192.166.21.199
add name=dhcp_pool3 ranges=192.166.21.10-192.166.21.100
/ip dhcp-server
add add-arp=yes address-pool=dhcp disabled=no interface=bridge name=\
    default-local
add address-pool=pool-wifi disabled=no interface=bridge-wifi name=dhcp-wifi
add address-pool=dhcp_pool3 disabled=no interface=bridge-GUEST name=\
    dhcp_guest
/queue simple
add max-limit=10M/10M name=guest-wifi-limit target=bridge-GUEST
/caps-man access-list
add action=accept allow-signal-out-of-range=10s disabled=no signal-range=\
    -78..120 ssid-regexp=""
add action=reject allow-signal-out-of-range=5s disabled=no signal-range=\
    -120..-79 ssid-regexp=""
/caps-man manager
set enabled=yes
/caps-man provisioning
add action=create-dynamic-enabled hw-supported-modes=gn master-configuration=\
    cfg_2.4G_luch slave-configurations=cfg-2.4GHz-guest
add action=create-dynamic-enabled hw-supported-modes=gn master-configuration=\
    cfg_2.4G_luch slave-configurations=cfg-2.4GHz-guest
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge-wifi comment=defconf interface=wlan1
add bridge=bridge-wifi interface=nekras-1
add bridge=bridge-wifi interface=nekras-Cap-02-1
add bridge=bridge-wifi interface=nekras-Cap-01-1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add interface=bridge list=LAN
add interface=ether1 list=WAN
add list=WAN
add interface=bridge-wifi list=LAN
/interface wireless cap
# 
set caps-man-addresses=127.0.0.1 discovery-interfaces=ether1 enabled=yes \
    interfaces=wlan1
/ip address
add address=192.168.21.1/24 comment=defconfig interface=bridge network=\
    192.168.21.0
add address= interface=ether1 network=
add address=192.167.21.1/24 interface=bridge-wifi network=192.167.21.0
add address=192.166.21.1/24 interface=bridge-GUEST network=192.166.21.0
/ip dhcp-client
add comment="ISP1: First ISP Name" default-route-distance=10 interface=ether1
/ip dhcp-server lease

/ip dhcp-server network
add address=192.166.21.0/24 comment=guest-wifi dns-server=8.8.8.8,8.8.4.4 \
    gateway=192.166.21.1
add address=192.167.21.0/24 comment=wifi-main dns-server=8.8.8.8,8.8.4.4 \
    gateway=192.167.21.1
add address=192.168.21.0/24 comment=defconfig dns-server=192.168.21.1 \
    gateway=192.168.21.1 netmask=24
/ip dns
set allow-remote-requests=yes cache-max-ttl=1d servers=\
    8.8.8.8,8.8.4.4
/ip dns static
add address=192.168.21.1 comment=defconf name=router.lan
/ip firewall address-list
add address=192.166.21.0/24 comment="Guest NET" list=GuestNet
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=accept chain=input comment="Allow Winbox From pptp" dst-port=\
    22,8291,8729 in-interface=l2tp-chel protocol=tcp
add action=accept chain=input comment="snmp for zabbix" dst-port=161 \
    in-interface=l2tp-chel protocol=udp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat comment="guest wifi" out-interface-list=\
    WAN src-address-list=GuestNet
/ip route
add distance=3 gateway=
add distance=1 dst-address=/23 gateway=l2tp-chel

/system identity
set name=nekras
/system routerboard settings
set auto-upgrade=yes
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN

If it’s more clear, I can take screenshots.

First, as I described above, I added a new bridge for the future guest network - then I added a pool of addresses and dhcp, then created the configuration in the config tab in the capsman, then in the datapath I created a config and specified the slave config of the guest Wi-Fi, security, provisioning. After that, I highlighted the points and clicked Provision, and guest wi-fi doesn’t appear

4

Sorry for late reply. For some odd reason I did not get a notification…

You only need ONE bridge.
If you’re not using vlan, you also don’t need to touch datapath section.