I’m struggling a bit and could use some help and guidance.
Right Now I have: RB4011 as a Router, 2 - cAP ac, and 2 - hAP AC3. No Wifi on the 4011. Currently, I use the old CAPsMan (V2) to provision all the devices as APs with 3 separate VLANs on each. On the 4011, each VLAN has their own separate IP space / DHCP server /DNS. Everything works great, system is secure and robust. These APs are all capable of using the Wifi-Qcom-AC driver package, and I’d like to take advantage of WPA3 and the roaming features.
Here’s what I found, often the hard way!
I planned to provision one cAP ac with the new wifi drivers to test out the new features, and keep the other APs on the older drivers. I was planning on running the new and old CAPsMan side by side. I’d provision the ‘test’ cAP ac by MAC address. The cAP ac only has room for one wifi driver package. You must remove the old wifi driver and then install the new one. Makes it hard to ‘go back’ to the old drivers.
hAP AC3 has room for both drivers, You can disable one and then install the other. Easier to deactivate one and reactivate the other.
I struggled mightily with the V3 cAPsMan, but I did get the wifi-qcom-ac drivers to work on the cAP ac. I provisioned it successfully by MAC address, and the 5GHz connection was very fast! I tried adding the VLANs as slave configuration to the master config, and it crapped out with an error.
Online searches gave me the impression that CAPsMan v3 and provisioning a VLAN don’t play well together.
Any help on any step in this process? I learned CAPsMan V3 procedure basically by trial and error using online examples, and making every possible mistake.
One other odd thing. After I established the fast 5 GHz connection, the SSID was hidden. I had not set this, and I turned "Hide SSID’ on and off a few times, but the SSID was always hidden.
I will share the export for both the CAPsMan and the CAP. I’ll have to reconfigure them first. I abandoned them to go back to the old working configuration.
Here are the config file for the CAPsMan controller and the CAP (Cap AC). I successfully provisioned the 5 GHz interface. The 5GHz slave interface did not provision. The 2.4 GHz interface did not provision either.
you (edit: meant to refer to OP here, but it's probably the same problem in both cases) are using "datapath.vlan-id" in your wifi configuration on CAPsMAN, but this is not supported with CAPs running wifi-qcom-ac. you have to manually add the wifi interface(s) to the bridge on every CAP with the appropriate pvid. after doing that it does work, or at least did when i tested it.
see the sample configuration for wifi-qcom-ac here and in particular the note: "Passing datapaths "MAIN/GUEST" from the start of the example to "wifi-qcom-ac" CAP would be misconfiguration, make sure to use datapath without "vlan-id" specified to such devices".
I haven't tried with multiple slave configs, but one slave is working perfecly.
As mentioned in the link I posted before, there are some additional manual configuration you have to add to the CAP to get it to work. Especially on this part: WiFi - RouterOS - MikroTik Documentation Basically it consists of adding virtual interfaces, vlan filtering on the bridge and removing VLAN from datapath in CAPsMAN. Your current wifi config is far from complete, can't say anything yet on the non-wifi part of the CAPs config.
I looked at the references mentioned previously, and spent another few hours on this, but still no luck. I assume that Mikrotik had good reasons for doing things they way they did, but messing with VLAN IDs on the ports and bridge of the CAP?!? I’m taking a break until a few more months have passed and people smarter than I am have some experience with this. For now, back to the old CAPsMan / old WiFi drivers and rock solid, straight forward configuration. Tx to all for trying to help!
I wrote this script to work around it.
After changing CAP policy to static and CAPsMAN provisioning to create enabled, I manually created datapaths on each AP and scheduled this script to run every 5 minutes.
It's still terrible and I still hate that this bug exists but at least I don't have to log in to every single AP and modify almost every interface every time there's a change on CAPsMAN side. https://gitlab.com/-/snippets/4883800
