@sjoukes would you be so kind and let me have a look at your "fixed" settings where the group exchange timeout doesn't happen any more?
While running 6.42.9 I didn't have any issues the last months on a hap ac^2, while shit is driving my nuts on a cap ac.
Both access points are connected to the same router still.
I'm so disapointed of MT after I bought the new ARM devices whole router os on wifi devices is just sh***. While it was rock solid over all the last years.
All my setups are based on Capsman implementations.
We use the following combinations:
RB2011RM + wAP AC + Capsman
RB3011 + wAP AC + Capsman
RB2011UiAS-2HnD-IN + Capsman
RB2011UiAS-2HnD-IN + cAP 2n + Capsman
RB2011UiAS-2HnD-IN + wAP AC + Capsman
hap ac^2 + Capsman
hap ac^2 + wAP AC + Capsman
After the upgrade to 6.43.8 I did not see any structural group key time-outs on updated clients.
I double checked our central monitoring system and I only see massive group key timeouts at clients with software below 6.43.8.
Some incidental group-key and 4-way handshake timeouts on 6.43.8. but they could all be caused by low signal strengt and or people walking in and out of buildings.
So all has been stable since the update.
I use the following basic setup ( I left out some parts like guest networks, VLAN tagging, multiple bridges etc.)
/caps-man manager
set ca-certificate=auto certificate=auto enabled=yes package-path=/firmware upgrade-policy=suggest-same-version
/caps-man channel
add band=2ghz-b/g/n control-channel-width=20mhz extension-channel=disabled frequency=2462 name=2GHz-11 save-selected=yes skip-dfs-channels=no tx-power=20
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=disabled name=5GHz save-selected=yes skip-dfs-channels=yes tx-power=25
add band=2ghz-b/g/n control-channel-width=20mhz extension-channel=disabled frequency=2412 name=2GHz-01 save-selected=yes skip-dfs-channels=no tx-power=20
add band=2ghz-b/g/n control-channel-width=20mhz extension-channel=disabled frequency=2437 name=2GHz-06 save-selected=yes tx-power=20
/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm group-key-update=1h name=Customername passphrase=CustomerPassword
#####
## Guest network disabled client-to-client forwarding
#####
/caps-man datapath
add bridge=Customerbridge client-to-client-forwarding=yes local-forwarding=no name=Customername
/caps-man configuration
add channel=2GHz-01 country=netherlands datapath=Customername mode=ap name=2.4GHz-01 security=Customername ssid=Customername-2G
add channel=2GHz-06 country=netherlands datapath=Customername mode=ap name=2.4GHz-06 security=Customername ssid=Customername-2G
add channel=2GHz-11 country=netherlands datapath=Customername mode=ap name=2.4GHz-11 security=Customername ssid=Customername-2G
add channel=5GHz country=netherlands datapath=Customername mode=ap name=5GHz-Only security=Customername ssid=Customername
#####
## Create a profile per MAC address with fixed 2.4GHz channel, 5GHz does not need this.
#####
/caps-man provisioning
add action=create-dynamic-enabled comment="Generic 5GHz" hw-supported-modes=ac master-configuration=5GHz name-format=prefix-identity name-prefix=5G
add action=create-dynamic-enabled comment="Generic 2.4GHz" hw-supported-modes=gn master-configuration=2.4GHz-06 name-format=prefix-identity name-prefix=2G
#####
##### Kick devices with low SNR in high density environments
##/caps-man access-list
##add action=accept disabled=yes signal-range=-80..120 ssid-regexp=""
##add action=reject disabled=yes signal-range=-120..-81 ssid-regexp=""
##### Apple support wmm / Wi-Fi Calling
##/ip firewall mangle add action=set-priority chain=postrouting comment="Set priority for WMM" new-priority=from-dscp-high-3-bits passthrough=yes
@Kerbia Would you please share your configration?
What type of clients are disconnecting and what is theire average signal strenght while this happens?