Hello,
“I’m having the same issue with constant disconnects. I’ve already tried enabling band steering, but the disconnections keep happening consistently. Has anyone found a solution yet?”
1 Like
Yes. Upgrading helps a lot (what RouterOS and firmware version are you running?). Also disabling FT and only selecting WPA2-PSK seems to have a lot of improvement.
Can you share your config to be able to provide some meaningful feedback?
/export file=anynameyoulike
Remove serial and any other provate info, post between preformatted text tags by using the </> button.
1 Like
If you suffer from this issue currently no setting will help you. Issue is that AP, for some reason, at some point, sends deauth frames to specific stations connected. Also MT own devices are affected if connected as stations (like PTP links). This issue is relevant to ax lineup.
1 Like
Capsman Configuration
/interface bridge
add name=Local_Bridge port-cost-mode=short
add name=Bridge_2_Bridge
add name=br port-cost-mode=short vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] comment=“Connected to Router1”
set [ find default-name=ether2 ] comment=“Connected to Router2”
set [ find default-name=ether3 ] comment=“Connected to Production Switch”
set [ find default-name=ether5 ] comment=“Bridge_2_Network 5 -10 port”
set [ find default-name=sfp1 ] comment=“Connected to Poe Switch”
/interface vlan
add interface=br name=VLAN20 vlan-id=20
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wifi channel
add disabled=no frequency=2412 name=2Ghz_01_Service
add disabled=no frequency=2437 name=2Gh_G_02_Finance
add disabled=no frequency=2467 name=2Ghz_G_03_Kitchen
add disabled=no frequency=2447 name=“2Ghz_G_04_Meeting Room”
add disabled=no frequency=2457 name=2Ghz_G_05_CEO
add disabled=no frequency=2417 name=2Ghz_G_06_Marketing
add disabled=no frequency=2452 name=2Gh_G_07_Legal
add disabled=no frequency=2472 name=2Ghz_G_08_RnD
add disabled=no frequency=5180 name=5Ghz_G_01_Service
add disabled=no frequency=5785 name=5Ghz_G_02_Finance
add disabled=no frequency=5825 name=“5Ghz_G_04_Meeting Room”
add disabled=no frequency=5700 name=5Ghz_G_05_CEO
add disabled=no frequency=5240 name=5Ghz_G_06_Marketing
add disabled=no frequency=5620 name=5Ghz_G_07_Legal
add disabled=no frequency=5500 name=5Ghz_G_08_RnD
add disabled=no frequency=5540 name=5Ghz_G_03_Kitchen
/interface wifi datapath
add bridge=br disabled=no name=VLAN20 vlan-id=20
add bridge=br disabled=no name=Production
/interface wifi steering
add disabled=no name=steering_Mobile neighbor-group=
“dynamic- Mobile-3aba6bfe” rrm=yes wnm=yes
add disabled=no name=steering_test_Patra_Patra neighbor-group=
“dynamic- Patra-7b637063” rrm=yes wnm=yes
/interface wifi configuration
add channel.frequency=5180 datapath=VLAN20 disabled=no name=
5Ghz_main_G_01_Service security.authentication-types=wpa2-psk,wpa3-psk
ssid=" Mobile" steering=steering_Mobile
add datapath=Production disabled=no name=5Ghz_main_P_01_Service
security.authentication-types=wpa2-psk,wpa3-psk ssid=
" Patra" steering=steering_test_Patra_Patra
add channel.frequency=2412 datapath=VLAN20 disabled=no name=
2Ghz_main_G_01_Service security.authentication-types=wpa2-psk,wpa3-psk
ssid=" Mobile" steering=steering_Mobile tx-power=15
add datapath=Production disabled=no name=2Ghz_main_P_01_Service
security.authentication-types=wpa2-psk,wpa3-psk ssid=
" Patra" steering=steering_test_Patra_Patra
add datapath=Production disabled=no name=5Ghz_main_P_02_Finance
security.authentication-types=wpa2-psk,wpa3-psk ssid=
" Patra" steering=steering_test_Patra_Patra
add channel.frequency=5785 datapath=VLAN20 disabled=no name=
5Ghz_main_G_02_Finance security.authentication-types=wpa2-psk,wpa3-psk
ssid=" Mobile" steering=steering_Mobile
add datapath=Production disabled=no name=2Ghz_main_P_02_Finance
security.authentication-types=wpa2-psk,wpa3-psk ssid=
" Patra" steering=steering_test_Patra_Patra
add channel.frequency=2437 datapath=VLAN20 disabled=no name=
2Ghz_main_G_02_Finance security.authentication-types=wpa2-psk,wpa3-psk
ssid=" Mobile" steering=steering_Mobile tx-power=15
add datapath=Production disabled=no name=5Ghz_main_P_03_Kitchen
security.authentication-types=wpa2-psk,wpa3-psk ssid=
" Patra" steering=steering_test_Patra_Patra
add channel.frequency=5540 datapath=VLAN20 disabled=no name=
5Ghz_main_G_03_Kitchen security.authentication-types=wpa2-psk,wpa3-psk
ssid=" Mobile" steering=steering_Mobile
add datapath=Production disabled=no name=2Ghz_main_P_03_Kitchen
security.authentication-types=wpa2-psk,wpa3-psk ssid=
" Patra" steering=steering_test_Patra_Patra
add channel.frequency=2467 datapath=VLAN20 disabled=no name=
2Ghz_main_G_03_Kitchen security.authentication-types=wpa2-psk,wpa3-psk
ssid=" Mobile" steering=steering_Mobile tx-power=15
add datapath=Production disabled=no name=“5Ghz_main_P_04_Meeting Room”
security.authentication-types=wpa2-psk,wpa3-psk ssid=
" Patra" steering=steering_test_Patra_Patra
add channel.frequency=5825 datapath=VLAN20 disabled=no name=
“5Ghz_main_G_04_Meeting Room” security.authentication-types=
wpa2-psk,wpa3-psk ssid=" Mobile" steering=steering_Mobile
add datapath=Production disabled=no name=2Ghz_main_P_04_Meeting_Room
security.authentication-types=wpa2-psk,wpa3-psk ssid=
" Patra" steering=steering_test_Patra_Patra
add channel.frequency=2447 datapath=VLAN20 disabled=no name=
“2Ghz_main_G_04_Meeting Room” security.authentication-types=
wpa2-psk,wpa3-psk ssid=" Mobile" steering=steering_Mobile
tx-power=15
add datapath=Production disabled=no name=5Ghz_main_P_05_CEO
security.authentication-types=wpa2-psk,wpa3-psk ssid=
" Patra" steering=steering_test_Patra_Patra
add channel.frequency=5700 datapath=VLAN20 disabled=no name=
5Ghz_main_G_05_CEO security.authentication-types=wpa2-psk,wpa3-psk ssid=
" Mobile" steering=steering_Mobile
add datapath=Production disabled=no name=2Ghz_main_P_05_CEO
security.authentication-types=wpa2-psk,wpa3-psk ssid=
" Patra" steering=steering_test_Patra_Patra
add channel.frequency=2457 datapath=VLAN20 disabled=no name=
2Ghz_main_G_05_CEO security.authentication-types=wpa2-psk,wpa3-psk ssid=
" Mobile" steering=steering_Mobile tx-power=15
add datapath=Production disabled=no name=5Ghz_main_P_06_Marketing
security.authentication-types=wpa2-psk,wpa3-psk ssid=
" Patra" steering=steering_test_Patra_Patra
add channel.frequency=5240 datapath=VLAN20 disabled=no name=
5Ghz_main_G_06_Marketing security.authentication-types=wpa2-psk,wpa3-psk
ssid=" Mobile" steering=steering_Mobile
add datapath=Production disabled=no name=2Ghz_main_P_06_Marketing
security.authentication-types=wpa2-psk,wpa3-psk ssid=
" Patra" steering=steering_test_Patra_Patra
add channel.frequency=2417 datapath=VLAN20 disabled=no name=
2Ghz_main_G_06_Marketing security.authentication-types=wpa2-psk,wpa3-psk
ssid=" Mobile" steering=steering_Mobile tx-power=15
add datapath=Production disabled=no name=5Ghz_main_P_07_Legal
security.authentication-types=wpa2-psk,wpa3-psk ssid=
" Patra" steering=steering_test_Patra_Patra
add channel.frequency=5620 datapath=VLAN20 disabled=no name=
5Ghz_main_G_07_Legal security.authentication-types=wpa2-psk,wpa3-psk
ssid=" Mobile" steering=steering_Mobile
add datapath=Production disabled=no name=2Ghz_main_P_07_Legal
security.authentication-types=wpa2-psk,wpa3-psk ssid=
" Patra" steering=steering_test_Patra_Patra
add channel.frequency=2452 datapath=VLAN20 disabled=no name=
2Ghz_main_G_07_Legal security.authentication-types=wpa2-psk,wpa3-psk
ssid=" Mobile" steering=steering_Mobile tx-power=15
add datapath=Production disabled=no name=5Ghz_main_P_08_RnD
security.authentication-types=wpa2-psk,wpa3-psk ssid=
" Patra" steering=steering_test_Patra_Patra
add channel.frequency=5500 datapath=VLAN20 disabled=no name=
5Ghz_main_G_08_RnD security.authentication-types=wpa2-psk,wpa3-psk ssid=
" Mobile" steering=steering_Mobile
add datapath=Production disabled=no name=2Ghz_main_P_08_RnD
security.authentication-types=wpa2-psk,wpa3-psk ssid=
" Patra" steering=steering_test_Patra_Patra
add channel.frequency=2472 datapath=VLAN20 disabled=no name=
2Ghz_main_G_08_RnD security.authentication-types=wpa2-psk,wpa3-psk ssid=
" Mobile" steering=steering_Mobile tx-power=15
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool4 ranges=192.168.20.2-192.168.20.254
add name=dhcp_pool5 ranges=192.168.30.2-192.168.30.254
/ip dhcp-server
add address-pool=dhcp_pool4 interface=VLAN20 name=dhcp2
add address-pool=dhcp_pool5 interface=Bridge_2_Bridge name=dhcp3
/ip smb users
set [ find default=yes ] disabled=yes
/port
set 0 name=serial0
/queue simple
add max-limit=100M/100M name=“network Bridge_2” target=192.168.30.0/24
/queue type
set 5 pcq-rate=150M
set 6 pcq-rate=150M
/queue simple
add max-limit=150M/150M name=“wifi mobile” queue=
pcq-upload-default/pcq-download-default target=192.168.20.0/24
/routing bgp template
set default disabled=no output.network=bgp-networks
/routing ospf instance
add disabled=no name=default-v2
/routing ospf area
add disabled=yes instance=default-v2 name=backbone-v2
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0
/interface bridge port
add bridge=Local_Bridge ingress-filtering=no interface=ether1
internal-path-cost=10 path-cost=10
add bridge=br interface=sfp1 internal-path-cost=10 path-cost=10
add bridge=br interface=ether3 internal-path-cost=10 path-cost=10
add bridge=Bridge_2_Bridge interface=ether6
add bridge=Bridge_2_Bridge interface=ether7
add bridge=Bridge_2_Bridge interface=ether8
add bridge=Bridge_2_Bridge interface=ether9
add bridge=Bridge_2_Bridge hw=no interface=ether10
add bridge=Bridge_2_Bridge interface=ether5
/ip firewall connection tracking
set udp-timeout=10s
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192 soft-max-neighbor-entries=8191
/interface bridge vlan
add bridge=br tagged=sfp1 vlan-ids=20
/interface ovpn-server server
add auth=sha1,md5 mac-address=FE:DC:EF:93:41:C7 name=ovpn-server1
/interface pptp-server server
PPTP connections are considered unsafe, it is suggested to use a more modern VPN protocol instead
set enabled=yes
/interface wifi access-list
add action=accept allow-signal-out-of-range=10s disabled=yes interface=all
signal-range=-79..120
add action=reject disabled=yes interface=all signal-range=-120..-80
/interface wifi capsman
set ca-certificate=auto enabled=yes interfaces=br package-path=“”
require-peer-certificate=no upgrade-policy=none
/interface wifi provisioning
add action=create-dynamic-enabled disabled=no master-configuration=
5Ghz_main_G_01_Service name-format=5G-%I radio-mac=48:A9:8A:C0:3E:B2
slave-configurations=5Ghz_main_P_01_Service supported-bands=5ghz-ax
add action=create-dynamic-enabled disabled=no master-configuration=
2Ghz_main_G_01_Service name-format=2G-%I radio-mac=48:A9:8A:C0:3E:B3
slave-configurations=2Ghz_main_P_01_Service supported-bands=2ghz-ax
add action=create-dynamic-enabled disabled=no master-configuration=
5Ghz_main_G_02_Finance name-format=5G-%I radio-mac=48:A9:8A:C0:2A:9E
slave-configurations=5Ghz_main_P_02_Finance supported-bands=5ghz-ax
add action=create-dynamic-enabled disabled=no master-configuration=
2Ghz_main_G_02_Finance name-format=2G-%I radio-mac=48:A9:8A:C0:2A:9F
slave-configurations=2Ghz_main_P_02_Finance supported-bands=2ghz-ax
add action=create-dynamic-enabled disabled=no master-configuration=
5Ghz_main_G_03_Kitchen name-format=5G-%I radio-mac=48:A9:8A:C0:41:62
slave-configurations=5Ghz_main_P_03_Kitchen supported-bands=5ghz-ax
add action=create-dynamic-enabled disabled=no master-configuration=
2Ghz_main_G_03_Kitchen name-format=2G-%I radio-mac=48:A9:8A:C0:41:63
slave-configurations=2Ghz_main_P_03_Kitchen supported-bands=2ghz-ax
add action=create-dynamic-enabled disabled=no master-configuration=
“5Ghz_main_G_04_Meeting Room” name-format=5G-%I radio-mac=
48:A9:8A:C0:32:EA slave-configurations=“5Ghz_main_P_04_Meeting Room”
supported-bands=5ghz-ax
add action=create-dynamic-enabled disabled=no master-configuration=
“2Ghz_main_G_04_Meeting Room” name-format=2G-%I radio-mac=
48:A9:8A:C0:32:EB slave-configurations=2Ghz_main_P_04_Meeting_Room
supported-bands=2ghz-ax
add action=create-dynamic-enabled disabled=no master-configuration=
5Ghz_main_G_05_CEO name-format=5G-%I radio-mac=48:A9:8A:C0:3B:E6
slave-configurations=5Ghz_main_P_05_CEO supported-bands=5ghz-ax
add action=create-dynamic-enabled disabled=no master-configuration=
2Ghz_main_G_05_CEO name-format=2G-%I radio-mac=48:A9:8A:C0:3B:E7
slave-configurations=2Ghz_main_P_05_CEO supported-bands=2ghz-ax
add action=create-dynamic-enabled disabled=no master-configuration=
5Ghz_main_G_06_Marketing name-format=5G-%I radio-mac=48:A9:8A:C0:31:2E
slave-configurations=5Ghz_main_P_06_Marketing supported-bands=5ghz-ax
add action=create-dynamic-enabled disabled=no master-configuration=
2Ghz_main_G_06_Marketing name-format=2G-%I radio-mac=48:A9:8A:C0:31:2F
slave-configurations=2Ghz_main_P_06_Marketing supported-bands=2ghz-ax
add action=create-dynamic-enabled disabled=no master-configuration=
5Ghz_main_G_07_Legal name-format=5G-%I radio-mac=48:A9:8A:C0:42:D6
slave-configurations=5Ghz_main_P_07_Legal supported-bands=5ghz-ax
add action=create-dynamic-enabled disabled=no master-configuration=
2Ghz_main_G_07_Legal name-format=2G-%I radio-mac=48:A9:8A:C0:42:D7
slave-configurations=2Ghz_main_P_07_Legal supported-bands=2ghz-ax
add action=create-dynamic-enabled disabled=no master-configuration=
5Ghz_main_G_08_RnD name-format=5G-%I radio-mac=48:A9:8A:C0:31:32
slave-configurations=5Ghz_main_P_08_RnD supported-bands=5ghz-ax
add action=create-dynamic-enabled disabled=no master-configuration=
2Ghz_main_G_08_RnD name-format=2G-%I radio-mac=48:A9:8A:C0:31:33
slave-configurations=2Ghz_main_P_08_RnD supported-bands=2ghz-ax
/ip address
add address=10.0.0.1/23 interface=ether2 network=10.0.0.0
add address=192.168.20.1/24 interface=VLAN20 network=192.168.20.0
add address=192.168.30.1/24 interface=Bridge_2_Bridge network=192.168.30.0
add address=192.168.40.2/24 interface=Local_Bridge network=192.168.40.0
add address=192.168.1.250/24 interface=br network=192.168.1.0
/ip dhcp-server network
add address=192.168.20.0/24 dns-server=208.67.222.222,208.67.220.220 gateway=
192.168.20.1
add address=192.168.30.0/24 dns-server=1.1.1.1,8.8.8.8 gateway=192.168.30.1
/ip dns
set allow-remote-requests=yes servers=208.67.222.222,208.67.220.220
/ip firewall nat
add action=masquerade chain=srcnat out-interface=Local_Bridge src-address=
192.168.20.0/24
add action=masquerade chain=srcnat out-interface=ether2 src-address=
192.168.20.0/24
add action=masquerade chain=srcnat out-interface=Local_Bridge src-address=
192.168.30.0/24
add action=masquerade chain=srcnat out-interface=ether2 src-address=
192.168.30.0/24
/ip ipsec profile
set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5
/ip route
add check-gateway=ping comment=
“Airmagic Internet - disable this route if you want Cosmote internet”
disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.40.1
routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add check-gateway=ping comment=“Cosmote Internet” disabled=no distance=2
dst-address=0.0.0.0/0 gateway=10.0.0.2 routing-table=main scope=30
suppress-hw-offload=no target-scope=10
/ip service
set telnet disabled=yes
set api-ssl disabled=yes
set www port=10000
set ssh port=65534
/ip smb shares
set [ find default=yes ] directory=/pub
/radius
add address=172.16.1.2 require-message-auth=no service=ppp,login,dhcp
src-address=10.52.10.2 timeout=300ms
/routing bfd configuration
add disabled=no interfaces=all min-rx=200ms min-tx=200ms multiplier=5
/snmp
set enabled=yes location=“Server Room” trap-generators=interfaces
trap-interfaces=all
/system clock
set time-zone-name=Europe/Athens
/system identity
set name=Capsman_Router
/system note
set show-at-login=no
/system ntp client
set enabled=yes
/system ntp client servers
add address=194.177.210.54
/system package update
set channel=development
/tool graphing interface
add
/user aaa
set use-radius=yes
Cap Configuration
/interface bridge
add name=bridgeLocal port-cost-mode=short
/interface wifi datapath
add bridge=bridgeLocal comment=defconf disabled=no name=bridge
/interface wifi
set [ find default-name=wifi2 ] configuration.manager=capsman datapath=bridge disabled=no
/interface bridge port
add bridge=bridgeLocal comment=defconf interface=ether1 internal-path-cost=10 path-cost=10
add bridge=bridgeLocal comment=defconf interface=ether2 internal-path-cost=10 path-cost=10
/ip firewall connection tracking
set udp-timeout=10s
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface ovpn-server server
add mac-address=FE:27:E3:E3:B0:CB name=ovpn-server1
/interface wifi cap
set caps-man-addresses=192.168.1.250 discovery-interfaces=bridgeLocal enabled=yes
slaves-datapath=bridge
/ip address
add address=192.168.30.13/24 disabled=yes interface=bridgeLocal network=192.168.30.0
add address=192.168.1.243/24 interface=ether1 network=192.168.1.0
/ip dns
set allow-remote-requests=yes servers=1.1.1.1
/ip ipsec profile
set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5
/ip route
add check-gateway=ping disabled=no dst-address=0.0.0.0/0 gateway=192.168.30.1 routing-table=main
suppress-hw-offload=no
add check-gateway=ping disabled=no dst-address=0.0.0.0/0 gateway=192.168.1.254 routing-table=main
suppress-hw-offload=no
/ip service
set ftp disabled=yes
set telnet disabled=yes
set www disabled=yes
set api disabled=yes
set api-ssl disabled=yes
set ssh port=65534
/system identity
set name=Cap_03
/system note
set show-at-login=no