Community discussions

 
zakaan
just joined
Topic Author
Posts: 2
Joined: Mon Oct 01, 2018 5:41 pm

Connection between Capsman and CAPs

Mon Oct 01, 2018 5:52 pm

First of all, please, forgive me my English.

Second:

does anybody explain to me how Capsman and CAPs makes connection?

I have a central controller: CCR-1009-7G with 37 cAP and some 2011 in cAPs mode. I use Capsman forwarding mode.

Sometime some or all of the CAPs disconnects at random times and my log is not too chatty for me. It is very annoying, because all of the CAPs turn off their radio, drops all of the clients.

From the Capsman side:

"removing stale connection because of identity conflict..." (same CAPs MAC address with different port numbers

From the CAP side:

"send max keepalive packets without response.."

My inner network is stabile, with Cisco switches, there is no packet loss.

How can i modify the maximum of keepalive packets? Can the problem root is temporary high CPU loading? How can i start the debug? I use Wireshark to monitor the network, but i didn't notice any serious problem.

Thanks,
Zakaan
 
dgrififth
just joined
Posts: 8
Joined: Sat Oct 15, 2016 10:35 am

Re: Connection between Capsman and CAPs

Tue Oct 02, 2018 1:16 am

Are they behind a NAT? That is, all your access points have the same IP address with different port numbers?

If that's the case, maybe it's something with Nat connection timeouts.

Another faint possibility is the Cisco gear is doing proxy ARP for access points behind them, which would present Cisco MAC addresses to capsman. This would be fairly noticeable in Capsman though as there would be duplicate Cisco MAC addresses in the radio table.
 
zakaan
just joined
Topic Author
Posts: 2
Joined: Mon Oct 01, 2018 5:41 pm

Re: Connection between Capsman and CAPs

Tue Oct 02, 2018 2:34 pm

Are they behind a NAT? That is, all your access points have the same IP address with different port numbers?

If that's the case, maybe it's something with Nat connection timeouts.

Another faint possibility is the Cisco gear is doing proxy ARP for access points behind them, which would present Cisco MAC addresses to capsman. This would be fairly noticeable in Capsman though as there would be duplicate Cisco MAC addresses in the radio table.
Capsman and CAPs is in LAN, with private IP-addresses. All of the CAPs are on the same subnet, with one port of Capsman.

I will check the proxy ARP, but in my radio table i can see the proper MAC addresses for CAPs.
 
mohamads
just joined
Posts: 6
Joined: Mon Oct 09, 2017 5:38 pm

Re: Connection between Capsman and CAPs

Fri Oct 05, 2018 4:02 pm

We can't help without your config export. Check your access-list if there is any if you have roaming enabled please check also if you have a bridge added in your datapath and have stp or rstp enabled on that bridge.
 
User avatar
mask
just joined
Posts: 1
Joined: Sat Mar 09, 2019 3:47 am
Location: Warsaw, Poland

Re: Connection between Capsman and CAPs

Sun Mar 10, 2019 2:57 pm

Dear CAPsMan Users,
I have found several threads on this forum, describing a problem similar to that posted by @zakaan and most of the threads are still waiting for solution.
All users have stable networks with all error counters equal to 0 but their CAPs disconnect every couple of minutes with the message in log:
"caps,info CAP sent max keepalives without response"
Of course all wireless clients connections also get dropped, the CAPs reselect and join the CAPsMan but in a few minutes the problem reappears.
I have read tens of suggestions, made hundreds of parameter values combinations and examined all available RouterOS versions (from 6.42 to 6.45beta) without success.
But when I tried to sniff the handshake packets between CAPs and the controller, I have also noticed another strange behaviour - all the problematic CAPs were sending flood of DNS requests for "cloud.mikrotik.com". The requests were sent twice per second (!) to the Google public DNS server at IP 8.8.8.8, regardless of the CAPs DNS settings. Turning all Cloud services off and placing the static DNS entry in local CAPs table did not helped.
In another thread @Normis and @Strods from MikroTik Technical Support explained many possible reasons of that behaviour. In my case it was enough to turn the Detect_Internet feature off. The DNS flood has stopped immediately and the CAPs disconnection problem also gone definitively!
Hope it helps in your efforts and may force MikroTik Technical Support team to think about the dangerous side effects of their Detect_Internet feature implementation.

Have a nice day

Who is online

Users browsing this forum: MSN [Bot] and 34 guests