I was just the opposite,Set peramble-mode in wireless interface to short and check all clients connections.
فرستاده شده از FRD-L09ِ من با Tapatalk
Don't forget that Apple have some advice on the matter.u can tray this metode
in interface wlan
at frecuency mode change to regulatory-domain
select country u base
I have couple sites with "iphone problem" and some other sites that have apple products, but there is no problem, with the same hardware (wap or wap ac). The problem occurs randomly and present itself as "there is a phone connection to SSID, but there's no internet". You can see sometimes "disassoc sending station leaving" in log. I use WPA2 only everywhere, DHCP lease is 24 hrs. Tried to disable RSTP, IGMP spoofing etc. Tried basically everything - problem is still there. With cheap soap routers like dlink\asus there is no problem, so it's pretty hard to explain a customer why mikrotik is better there. Asked Uldis at Moscow MUM - he need specific data to reproduce in lab environment to deal with this stuff and I understand him, but the problem occurs randomly during the day and there's nothing in log to report to support. And because of that one customer just asks for HP OfficeConnect AP instead of mikrotik, that's sad.you need to have WPA2 w/ AES only in your security profiles and apple devices will work again.
/caps-man channel
add band=2ghz-b/g/n control-channel-width=20mhz extension-channel=XX name=2.4-auto save-selected=yes skip-dfs-channels=yes tx-power=19
add band=5ghz-a/n/ac extension-channel=XXXX name=5-auto save-selected=yes skip-dfs-channels=yes tx-power=22
/caps-man datapath
add arp=enabled bridge=bridge-lan client-to-client-forwarding=yes local-forwarding=no name=datapath-lan
/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm group-key-update=1h name=WhiteHouse passphrase=12345678
/caps-man configuration
add channel=2.4-auto country=russia3 datapath=datapath-lan distance=indoors guard-interval=any hw-protection-mode=rts-cts hw-retries=15 keepalive-frames=enabled mode=\
ap multicast-helper=full name=WhiteHouse rx-chains=0,1,2 security=WhiteHouse ssid=WhiteHouse tx-chains=0,1,2
add channel=5-auto country=russia3 datapath=datapath-lan distance=indoors guard-interval=any hw-protection-mode=rts-cts hw-retries=15 keepalive-frames=enabled mode=ap \
multicast-helper=full name=WhiteHouse@5 rx-chains=0,1,2 security=WhiteHouse ssid=WhiteHouse@5 tx-chains=0,1,2
/caps-man access-list
add action=reject allow-signal-out-of-range=10s disabled=no interface=any signal-range=-120..-81 ssid-regexp=""
/caps-man manager
set enabled=yes package-path=/usbflash upgrade-policy=suggest-same-version
/caps-man manager interface
set [ find default=yes ] forbid=yes
add disabled=no interface=vlan2
/caps-man provisioning
add action=create-dynamic-enabled hw-supported-modes=a,an,ac master-configuration=WhiteHouse@5 name-format=identity
add action=create-dynamic-enabled hw-supported-modes=gn master-configuration=WhiteHouse name-format=identity
I do not understand why Apple does not follow any standard. It seems that it tries to invent all stuff by it self.The iPhone disconnects approx after 5-7 minutes (little more than half of the DHCP lease time).
Disable wpa authentication and password, leave only wpa2 and disable management protection. If someone wants wpa then he should travel back in time.Have problem with Mikrotik Groove A52 and all Iphone devices
Before installing Mikrotik have worked TP-link, no problems with wi-fi
We install Mikrotik and iPhone stops work normaly Internet after a while. I wrote many times tickets, tech support does not help.
I tried to change the country, the channel, the band
winbox_2017-03-30_12-22-36.pngCode: Select all/interface wireless set [ find default-name=wlan1 ] adaptive-noise-immunity=ap-and-client-mode antenna-gain=12 band=2ghz-g/n country=russia disabled=no disconnect-timeout=15s frequency=2442 \ hw-protection-mode=rts-cts keepalive-frames=disabled mode=ap-bridge multicast-buffering=disabled name=neonmobile ssid=neonmobile.com.ua wds-ignore-ssid=yes wireless-protocol=\ unspecified wmm-support=enabled /interface wireless nstreme set neonmobile enable-polling=no /interface wireless security-profiles set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" group-key-update=1h mode=dynamic-keys wpa-pre-shared-key=22220000 wpa2-pre-shared-key=22220000 add authentication-types=wpa-psk,wpa2-psk eap-methods="" management-protection=allowed name=free supplicant-identity="" /interface wireless add disabled=no keepalive-frames=disabled mac-address=D6:CA:6D:F0:EE:E5 master-interface=neonmobile mode=ap-bridge multicast-buffering=disabled name=Free_neonmobile \ security-profile=free ssid="Free neonmobile.com.ua" wds-cost-range=0 wds-default-cost=0 wds-ignore-ssid=yes wps-mode=disabled
winbox_2017-03-30_12-25-10.png
i see the very same crap in my logs. did you find a solution?I have couple sites with "iphone problem" and some other sites that have apple products, but there is no problem, with the same hardware (wap or wap ac). The problem occurs randomly and present itself as "there is a phone connection to SSID, but there's no internet". You can see sometimes "disassoc sending station leaving" in log. I use WPA2 only everywhere, DHCP lease is 24 hrs. Tried to disable RSTP, IGMP spoofing etc. Tried basically everything - problem is still there. With cheap soap routers like dlink\asus there is no problem, so it's pretty hard to explain a customer why mikrotik is better there. Asked Uldis at Moscow MUM - he need specific data to reproduce in lab environment to deal with this stuff and I understand him, but the problem occurs randomly during the day and there's nothing in log to report to support. And because of that one customer just asks for HP OfficeConnect AP instead of mikrotik, that's sad.you need to have WPA2 w/ AES only in your security profiles and apple devices will work again.
Also there's unresolved problem with Android TVs which keep losing lease and connectivity every 5 min.
If anyone want to dig my config here it is:Code: Select all/caps-man channel add band=2ghz-b/g/n control-channel-width=20mhz extension-channel=XX name=2.4-auto save-selected=yes skip-dfs-channels=yes tx-power=19 add band=5ghz-a/n/ac extension-channel=XXXX name=5-auto save-selected=yes skip-dfs-channels=yes tx-power=22 /caps-man datapath add arp=enabled bridge=bridge-lan client-to-client-forwarding=yes local-forwarding=no name=datapath-lan /caps-man security add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm group-key-update=1h name=WhiteHouse passphrase=12345678 /caps-man configuration add channel=2.4-auto country=russia3 datapath=datapath-lan distance=indoors guard-interval=any hw-protection-mode=rts-cts hw-retries=15 keepalive-frames=enabled mode=\ ap multicast-helper=full name=WhiteHouse rx-chains=0,1,2 security=WhiteHouse ssid=WhiteHouse tx-chains=0,1,2 add channel=5-auto country=russia3 datapath=datapath-lan distance=indoors guard-interval=any hw-protection-mode=rts-cts hw-retries=15 keepalive-frames=enabled mode=ap \ multicast-helper=full name=WhiteHouse@5 rx-chains=0,1,2 security=WhiteHouse ssid=WhiteHouse@5 tx-chains=0,1,2 /caps-man access-list add action=reject allow-signal-out-of-range=10s disabled=no interface=any signal-range=-120..-81 ssid-regexp="" /caps-man manager set enabled=yes package-path=/usbflash upgrade-policy=suggest-same-version /caps-man manager interface set [ find default=yes ] forbid=yes add disabled=no interface=vlan2 /caps-man provisioning add action=create-dynamic-enabled hw-supported-modes=a,an,ac master-configuration=WhiteHouse@5 name-format=identity add action=create-dynamic-enabled hw-supported-modes=gn master-configuration=WhiteHouse name-format=identity
I've spent hours if not days trying to figure out the problem and it looks like it was a bridge stp config.I know it is old topic, but after many hours of struggle with 2 MacBook Pro not being able to get IP, complaining about IP already used by another device (when it's not) I was able to solve the problem by changing protocol-mode from rstp to stp:
/interface bridge> print
Flags: X - disabled, R - running
0 R name="bridge1" mtu=1500 actual-mtu=1500 l2mtu=1526 arp=enabled
arp-timeout=auto mac-address=XX:XX:XX:XX:XX:XX protocol-mode=stp
priority=0x8000 auto-mac=no admin-mac=XX:XX:XX:XX:XX:XX
max-message-age=20s forward-delay=15s transmit-hold-count=6
ageing-time=5m
Once changed, everything works like a charm.
For most if not all small Mikrotik setups no devices need any kind of STP and Wifi Radios certainly don't if they are just access points for clients. xSTP is only needed in systems where there is the risk of a loop because there are multiple L2 paths in the system. I always set STP to None on my access points as a rule because it's a redundant option and there's always a risk of it causing problems.Using all the recommended, in this and other threads, "tips and tricks", brought me to a point where wifi was finally working on Iphone X but not anymore on Galaxy S6. Thing was STP instead of RSTP in bridge config (for Iphone).
I've the same problem with the mAP lite (STP is disabled). It is working for some time but then it stops working. The iPhone is connected to the WiFi but unable to reach anything. It is working for while again when I reboot the AP.For most if not all small Mikrotik setups no devices need any kind of STP and Wifi Radios certainly don't if they are just access points for clients. xSTP is only needed in systems where there is the risk of a loop because there are multiple L2 paths in the system. I always set STP to None on my access points as a rule because it's a redundant option and there's always a risk of it causing problems.Using all the recommended, in this and other threads, "tips and tricks", brought me to a point where wifi was finally working on Iphone X but not anymore on Galaxy S6. Thing was STP instead of RSTP in bridge config (for Iphone).
Before anyone jumps up and down on this STP rule you always have to exercise some judgement. Single ethernet devices like a mAP or wAP are very safe to disable STP on the bridge. Devices like a cAP have some risk if eth1 and eth2 end up being plugged into the same switch, and RBx011 or hAPs always run the risk of a looped back ethernet cable.
Just a fair warning for anyone considering to try this: Flashing OpenWRT to NAND flash will wipe ROS license from the device and replace bootloader, so it will not be possible to go back.If someone has an AC2 you're better running OpenWRT, it works out of the box with all kinds of WiFi clients unlike ROS.
The OpenWRT wiki clearly advices to save multiple backups of your ROS license from Winbox.Just a fair warning for anyone considering to try this: Flashing OpenWRT to NAND flash will wipe ROS license from the device and replace bootloader, so it will not be possible to go back.If someone has an AC2 you're better running OpenWRT, it works out of the box with all kinds of WiFi clients unlike ROS.
It's possible to test it by loading it just to RAM, as long as you don't touch the flash memory it's safe...
The alternative will be to use OpenWRT if it's supported by your device nor buying from another brand.There is no solution to this problem. Mikrotik devices are not certified by the Wi-Fi alliance.
Could you please post your 5GHz settings, omitting the SSID and Security part? I am currently having my iPad connecting to 5GHz, and it will not be able to access internet every 30 seconds. I am using 5GHz-onlyAC and eeCe on 5300.running ROS for a couple of years in an Apple only network (IOS/IPadOS/OSX)
using 10 pc of hAP AC (RB962UiGS-5HacT2HnT) and max 250 wireless devices.
Everything works fine, no problems.
Try 2048 AMSDU, mixed network mode and use the less congested channel (use the built-in frequency scanner). This won't make your WiFi any faster but you'll get a more reliable experience.Could you please post your 5GHz settings, omitting the SSID and Security part? I am currently having my iPad connecting to 5GHz, and it will not be able to access internet every 30 seconds. I am using 5GHz-onlyAC and eeCe on 5300.running ROS for a couple of years in an Apple only network (IOS/IPadOS/OSX)
using 10 pc of hAP AC (RB962UiGS-5HacT2HnT) and max 250 wireless devices.
Everything works fine, no problems.
Thank you.
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40mhz-Ce country=netherlands disabled=no frequency=5260 installation=indoor max-station-count=50 mode=ap-bridge preamble-mode=long radio-name=funny5 security-profile=funny ssid=funny station-roaming=enabled wireless-protocol=802.11 wps-mode=disabled
Try 2048 AMSDU, mixed network mode and use the less congested channel (use the built-in frequency scanner). This won't make your WiFi any faster but you'll get a more reliable experience.
almost default ...Code: Select allset [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40mhz-Ce country=netherlands disabled=no frequency=5260 installation=indoor max-station-count=50 mode=ap-bridge preamble-mode=long radio-name=funny5 security-profile=funny ssid=funny station-roaming=enabled wireless-protocol=802.11 wps-mode=disabled
Preamble = long is only needed for older devices (but still needed today for interop)
new products (like apple) prefer to use preamble=short.
So put in =both...
It might not help all your problems but can solve some.
PS: The less one touches Wifi settings, the better is my experience...
# aug/20/2020 22:51:22 by RouterOS 6.47.2
# model = RB4011iGS+5HacQ2HnD
/caps-man channel
add band=2ghz-b/g/n control-channel-width=20mhz extension-channel=eC frequency=\
2472 name=2chan
add band=5ghz-onlyac control-channel-width=20mhz extension-channel=eeCe \
frequency=5300 name=5chan
/caps-man datapath
add bridge=uniBridge name=datapath1
/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm name=cap_sec
/caps-man configuration
add channel=2chan country=china datapath=datapath1 installation=indoor mode=ap \
name=caps_cfg2 security=cap_sec ssid=Chapter
add channel=5chan country=china datapath=datapath1 installation=indoor mode=ap \
name=caps_cfg5 security=cap_sec ssid=Chapter_5
/caps-man access-list
add action=accept allow-signal-out-of-range=10s disabled=no signal-range=\
-80..120 ssid-regexp=""
add action=reject allow-signal-out-of-range=10s disabled=no signal-range=\
-120..-81 ssid-regexp=""
/caps-man manager
set enabled=yes upgrade-policy=require-same-version
/caps-man provisioning
add action=create-dynamic-enabled hw-supported-modes=ac master-configuration=\
caps_cfg5 name-format=identity
add action=create-dynamic-enabled hw-supported-modes=g master-configuration=\
caps_cfg2 name-format=identity
I think AMSDU is not configurable on Capsman mode but it's hardcoded to a lower value than the default 8192I can see the AMSDU option in normal wireless conf, but could not find it in caps conf.
My 5GHz channels are totally empty, no congested channel at all.
Some clients require the AP to advertise all the data rates A/N/AC otherwise they would refuse to connect, btw my S10e which is WiFi 6 refuses to connect with Mikrotik's short preamble mode but it works with other vendors/OpenWRT short preamble setting.Before posting this, I have done some research. It seems that all the problem with apple device happens on 802.11ac mode. I suspect when selecting mixed modes, my iPad pro gen4 will use A/N, not AC for the full speed. Is there any way to check it?
Below is the link about the ac mode problem.
viewtopic.php?t=139608
Thanks again.
My problem was in the authentication type in my security profile.
The iPad Pro doesn't like WPA2 EAP
If you start from default Wifi settings and change the following you will be ok when it comes to stability (and you will be good to go):Right now we will test some more but will eventually have to bite the bullet; should we stay or should we go....
Strange that you need to use outdated/old TKIP and not AES to make iPhone to work.ON UPDATE IOS 14.4 THIS WI-FI CONFIG MAKE stable connection @ MY IPHONE
Lots of Iphones and macbook pro in the house my wifi settings are.If you start from default Wifi settings and change the following you will be ok when it comes to stability (and you will be good to go):Right now we will test some more but will eventually have to bite the bullet; should we stay or should we go....
2.4GHz5GHz
- 2ghz-g/n
- Disable extension channel
- Reduce power to required
- Use fixed channel
Security
- 5ghz-n/ac
- Extension channel Ce
- Reduce power to required
- Use fixed channel
Rates
- WAP2-AES
Datapath
- 12M & 24M basic
- 12M, 18M, 24M, 36M, 48M, 54M supported
- Enable local forwarding
Unfortunately, that can't be it, because I have HW protection already set to None. I would suspect, all the mentions being really old, that now it is the other way around perhaps?The theme in this thread is most people showing their configs are using RTS/CTS.
There are a few blog posts from 2012 that show that Apple products do weird stuff with CTS.
I had major issues with Apple, and it seems they stopped when I stopped using RTS/CTS.
So anyone having issues with Apple and Mikrotik, turn off RTS/CTS completely and see if the problem goes away.
So you've set this for all ios clients too? How did you do this?adaptive noise isolation on AP and client
AC V1 driver.I have been using Apple and Mikrotik for years and there are only a few things needed to get a stable result..... all have been mentioned here in various locations before.....
The below assumes starting with all default Wireless AP/Bridge settings - if you have been tinkering I'd reset the wireless interface(s) and start from scratch....and dont forget to specify your country correctly, regulatory-mode and protocol=802.11 in the wireless settings.
1. DHCP Lease Time - Apple's wireless disconnects at 1/2 DHCP Lease Time. So if you leave the default to 00:10:00 it drops every 5 minutes. Increase to suitable time such as 1d 00:00:00 for a home/office or maybe 02:00:00 for a hotspot.
2. Security Profile - DO NOT USE TKIP - it drops the speed of data transfer. Only use WPA2-PSK - have not tested WPA2-EAP as that requires an external Radius. WPA is legacy and should be avoided if possible.
3. Security Profile - Group Key Update - set to 01:00:00
4. Wireless - 2.4GHZ - use only 2412, 2437 or 2462 20MHz channel for best stability. Scan and choose least congested channel.
5. Wireless - 5 GHz - avoid DFS channels, use 20.40 or 80 based on your needs. Scan and choose least congested channel.
5. Wireless and CAPSMAN - enable default forwarding/client-to-client - unless specifically not needed. This allows devices to talk directly via WiFi and is required by Sonos, Chromecast etc
Lastly, when using multiple AP's remember clients hang on to an AP until the signal is completly crap. Use Access Lists on your AP's/CAPSMAN to force clients to find a better AP.
/interface wireless access-list
add signal-range=-80..120
add authentication=no forwarding=no
/caps-man access-list
add action=accept allow-signal-out-of-range=10s client-to-client-forwarding=yes \
disabled=no interface=any signal-range=-80..120 ssid-regexp=""
add action=reject allow-signal-out-of-range=10s disabled=no interface=any \
signal-range=-120..120 ssid-regexp=""
