Hello,

I have a configuration utilizing CAPsMAN and multiple virtual-APs. I have an issue where, when I specify a group-key-update setting in the provisioning config, the group keys will be updated approximately every 30s-60s, regardless of what interval setting is actually configured. If, however, the group-key-update setting is unset, the group keys are updated every 5 minutes as expected.

All CAPsMAN clients and server are running 6.40.1

I know group-key-update through CAPsMAN is a relatively new setting. Does anyone know if this is a bug, or do I have something else that is possibly configured incorrectly?

Thanks,
-jon

I've also observed this with a CAPsMAN security config – with the group key update set to one hour, it seems to occur every 40s or so (watching in Wireshark). If I unset the value to restore the default, it happens every five minutes.

I noticed some related message in log. And the wireless and clients got disconnected during that time. Not understand why. Both Router (rb960pgs) and AP (wAP ac) are running on 6.40.5.

I expect the AP to run as stable as it could. Please suggest whether this is a bug or some configuration needs tuning? Thanks.

Hello,

I am having a very similar issue. I have been adjusting settings for weeks now, but without any success.

Here are my details: https://www.reddit.com/r/mikrotik/comme ... accepting/

Regards,
Aaron von Awesome

I've also observed this with a CAPsMAN security config – with the group key update set to one hour, it seems to occur every 40s or so (watching in Wireshark). If I unset the value to restore the default, it happens every five minutes.

@osmoticzest - is there a specific protocol that needs to be enabled in order to view the group key update packets in Wireshark? When I monitor my router, all I'm see relating to Mikrotik is the Mikrotik Neighbor Discovery Protocol (MNDP). I believe I'm having the same issue, but would like to confirm.

It would definitely seem to be a bug with CAPsMAN and group key update setting. After removing the group key update setting from the CAPsMAN "Security Cfg.", I do not receive any more "group key timeout" messages. Wireless client connections are happy I'm on latest Router OS 6.42.2.

Ich suggest to write an e-mail to Mikrotik's support with your findings.

My Bad - I had a Rouge DHCP/Server Power Box on the same Broadcast Domain/IOT Bridge I found the variable in the caps-man export and it sets as expected now in 6.44.
It would be great if anyone with experience would enlighten us on hints of what devices expect with the group key update setting best practices.
SOLVED- HELP - I tried to set the group-key-update on a security profile via winbox and now most clients can no longer connect to the Slave SSID ( ARM disk AP)
What's the Comand line in caps-man to check and reset the value for a particular security profile? This value does not seem to stick in the Winbox GUI
Perhaps I should delete the security profile and start over