Hi,

Have CapsMan on CCR1009-8S-1S router.... fine.

new Mikrotik CAP AC units. Only a single CAP AC will connect. All other CAPS error out

"Request certificate, but failed to issue: a valid certificate with the same common name already exists!"

Why is this? The CAPS are generating the same certificate??? I scripted a .rsc to setup the CAP's as am using vlan-bridge interface config for vlan tagging, etc. Had the CAP's working on their own without CAPSMan, But wanted to bring it all together as there are 4+ AP's...

Any tips or suggestions how to resolve? I'm annoyed lol

Update:

Just noticed two(2) of the CAP Ap's have the same MAC address configured or displaying for wlans. Howd this happen? When the .rsc file used does not have any mac="" specified...

Further, these were brand new CAP AC's and I did reset routerboard with no-configuration save and no-default-config option. Then loaded a .rsc I created from another CAP AC Unit. Used it for all others and they are all reporting proper MAC addresses.

Ofcourse, now I'm off-site.

/interface wireless reset-configuration <wireless interface> did not work, wont give new mac address.

Sigh.. CAPs will join when I do 'none' for certificate. But this is not secure.

More problem, the cAPS keep dropping off. See screenshot

It is generally a very bad thing to have devices with non-unique MAC addresses in same L2 network (and different WAP interfaces sharing the same capsman controller and/or SSID count as such). So you really should resolve the MAC address conflict, not using certificates is not proper solution (as you discovered yourself).

If resetting wireless configuration doesn't give you distinct MAC addresses, you can "invent" MAC address. Any MAC address with second-to-LSB in first address octet set is a valid "locally administered address". Any MAC address whose first octet looks like x2, x6, xA or xE is such address.

My preferred solution, though, is to re-use MAC addresses from retired computers. I love seeing WAP manufacturer identified as some "Compal Electronics" (integrator of HP laptops, their wireless interfaces, including bluetooth, used MAC addresses belonging to that vendor ID) or Supermicro, or any other vendor who never produced WAPs.

What about the issue of the certificate error as well as 'removing stale connection' which happens constantly when not using certificate.

Have you restored configuration from another device, that you get mac conflict? If yes please you need to do MAC reset of interface

What about the issue of the certificate error as well as 'removing stale connection' which happens constantly when not using certificate.

Log mentions "ident collision" wich I assume is result of non-unique MAC addresses. As I wrote: recolve MAC conflicts and after that restart all involved devices (capsMan and cAPs).

Have you restored configuration from another device, that you get mac conflict? If yes please you need to do MAC reset of interface

Thanks, I will try this again. I tried the reset command, but the MAC stayed the same?

"/interface wireless reset-configuration <wireless interface>" Is this the wrong command?

I just did wireless reset on two of the AP's and now DHCP server on main router is going crazy, as if the eth1 interface is suddenly flapping and handing out address over and over and complaining of conflict or loop. I may roll back the CCR to 'long term' build, as thought was bug with release and upgraded to latest stable 6.44.3

If you have done reset form winbox just check caps mode!

Gotcha. Found the AP that was causing a loop/conflict. Mac address burned are so close :88:8E and 84:8E. But believe a config made them both the same. Removed AP, and all is fine.

However, using vlan-bridge and vlan tagging.

Dont the CAP AP's need to have their bridge interface configured and vlans configured prior to CAP manage? Unless CAPSman will do it all?

Ok, have two(2) access points connected to CAPSMAN Controller.

The 3rd will not connect, or keeps dropping off due to 'ident conflict'. Mac Addresses are different. However, the WLAN interfaces appear to be identical to that of the bridged interface they're associated with...??

did /interface ethernet reset-mac-address numbers=X

also /interface wireless reset-configuration numbers=

no dice, same as the bridged interface.. which is odd??

all three(3) CAPS appear to connect with "CAP-764D285B8904" for name & common name.

I prob have config issue. Realized I had a mgmt SSID (hidden SSID) on all the AP's, but the .rsc file had the same mad address specified. I just went and removed the virtual interface from all the AP's.

Do I need to start over with the CAPs manage

Ok fixed.. I was overthinking it. Considering the ether1 interface is 'untagged' and the native vlan on the network, I can tag the SSID with vlan via capsman config.

I reset the AP's and select CAP mode, then all is good. All AP's are now provisioned via CAPsMan

Thanks!