Community discussions

MUM Europe 2020
 
Zarch
just joined
Topic Author
Posts: 10
Joined: Mon Nov 18, 2019 10:32 pm

Multiple SSID on HAP AC2 capsman - can't get it to work

Sat Nov 30, 2019 12:43 pm

Mikrotik newbie struggling here.....

I have Hap AC2 and 2 x HAP AC Lite in Capsman.
The main 2ghz works fine and so does the main 5ghz channel and config, both on the same SSID (MikroTik-AP)

But I can't seem to get a 2nd SSID working (MikroTik-Print) on the 2ghz side setup as a slave config.

Would anyone be kind enough to take a look ot my config and show me the error of my ways?

Thank you.
[admin@Downstairs AP] > /caps-man export
# nov/30/2019 10:31:44 by RouterOS 6.45.7
# software id = RVQ2-WUT2
#
# model = RBD52G-5HacD2HnD
# serial number = B4A00AF187FA
/caps-man channel
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=Ceee frequency=5180 name="5Ghz - Channel 36"
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=disabled frequency=5260 name=\
    "5Ghz - Channel 52"
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=Ceee frequency=5500 name="5Ghz - Channel 100"
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=Ceee frequency=5580 name="5Ghz - Channel 116"
add band=2ghz-b/g/n control-channel-width=20mhz extension-channel=disabled frequency=2412 name="2GHz - Channel 1"
add band=2ghz-g/n control-channel-width=20mhz extension-channel=disabled frequency=2432 name="2GHz - Channel 5"
add band=2ghz-g/n control-channel-width=20mhz extension-channel=disabled frequency=2452 name="2GHz - Channel 9"
add band=2ghz-g/n control-channel-width=20mhz extension-channel=disabled frequency=2472 name="2GHz - Channel 13"
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=Ceee frequency=5660 name="5GHz - Channel 132"
/caps-man security
add authentication-types=wpa-psk,wpa2-psk encryption=aes-ccm group-encryption=aes-ccm name=security1 passphrase=\
    pass123
add authentication-types=wpa-psk,wpa2-psk encryption=aes-ccm group-encryption=aes-ccm name=security-print \
    passphrase=pass123
add authentication-types=wpa-psk,wpa2-psk encryption=aes-ccm name=security-samsung passphrase=pass123
/caps-man access-list
add action=accept allow-signal-out-of-range=10s disabled=no mac-address=84:25:19:31:34:6F signal-range=-120..120 \
    ssid-regexp=""
add action=accept allow-signal-out-of-range=always comment=\
    "If your signal is between -88dB and +120dB, you are allowed to connect." disabled=no signal-range=-88..120 \
    ssid-regexp=""
add action=reject allow-signal-out-of-range=always comment="If your signal drops below -89dB, you\92re kicked from \
    this AP, go find another AP to connect to that has a stronger signal." disabled=no signal-range=-120..-89 \
    ssid-regexp=""
/caps-man configuration
add channel="2GHz - Channel 1" country="united kingdom" datapath=datapath1 datapath.bridge=bridge1 \
    datapath.client-to-client-forwarding=yes hw-retries=15 multicast-helper=full name=2GHz-C1 security=\
    security-print ssid=MikroTik-AP
add channel="5Ghz - Channel 52" country="united kingdom" datapath=datapath1 datapath.bridge=bridge1 \
    datapath.client-to-client-forwarding=yes multicast-helper=full name=5GHz-C52 security=security1 \
    security.authentication-types=wpa2-psk ssid=MikroTik-AP
add country="united kingdom" datapath=datapath2 datapath.bridge=bridge1 datapath.client-to-client-forwarding=no \
    multicast-helper=full name=Printer-2Ghz security=security-samsung ssid=MikroTik-Print
/caps-man datapath
add bridge=bridge1 client-to-client-forwarding=yes local-forwarding=no name=datapath1
add bridge=bridge1 client-to-client-forwarding=yes local-forwarding=no name=datapath2
/caps-man interface
add configuration=2GHz-C1 disabled=no l2mtu=1600 mac-address=74:4D:28:74:F3:97 master-interface=none name=\
    wlan-downstairs-cap-2ghz radio-mac=74:4D:28:74:F3:97 radio-name=744D2874F397
add configuration=5GHz-C52 disabled=no l2mtu=1600 mac-address=74:4D:28:74:F3:98 master-interface=none name=\
    wlan-downstairs-cap-5ghz radio-mac=74:4D:28:74:F3:98 radio-name=744D2874F398
add configuration=2GHz-C1 disabled=no l2mtu=1600 mac-address=CC:2D:E0:F1:D5:E9 master-interface=none name=\
    wlan-landing-cap-2ghz radio-mac=CC:2D:E0:F1:D5:E9 radio-name=CC2DE0F1D5E9
add configuration=5GHz-C52 disabled=no l2mtu=1600 mac-address=CC:2D:E0:F1:D5:E8 master-interface=none name=\
    wlan-landing-cap-5ghz radio-mac=CC:2D:E0:F1:D5:E8 radio-name=CC2DE0F1D5E8
add configuration=2GHz-C1 disabled=no l2mtu=1600 mac-address=CC:2D:E0:DE:DC:98 master-interface=none name=\
    wlan-shed-cap-2ghz radio-mac=CC:2D:E0:DE:DC:98 radio-name=CC2DE0DEDC98
add configuration=5GHz-C52 disabled=no l2mtu=1600 mac-address=CC:2D:E0:DE:DC:97 master-interface=none name=\
    wlan-shed-cap-5ghz radio-mac=CC:2D:E0:DE:DC:97 radio-name=CC2DE0DEDC97
/caps-man manager
set ca-certificate=auto certificate=auto enabled=yes upgrade-policy=suggest-same-version
/caps-man provisioning
add action=create-enabled hw-supported-modes=gn master-configuration=2GHz-C1 slave-configurations=Printer-2Ghz
add action=create-enabled hw-supported-modes=a master-configuration=5GHz-C52
[admin@Downstairs AP] > 
[admin@Downstairs AP] > 
 
gotsprings
Forum Veteran
Forum Veteran
Posts: 802
Joined: Mon May 14, 2012 9:30 pm

Re: Multiple SSID on HAP AC2 capsman - can't get it to work

Sat Nov 30, 2019 12:47 pm

On the device running as Caps-Man... Slave SSIDs don't get added to the bridge by default.

Open bridge and add the ports.

I have seen this on several units now.
"It ain't what you don't know that gets you into trouble. It's what you know for sure that just ain't so."
Mark Twain
 
Zarch
just joined
Topic Author
Posts: 10
Joined: Mon Nov 18, 2019 10:32 pm

Re: Multiple SSID on HAP AC2 capsman - can't get it to work

Sat Nov 30, 2019 1:35 pm

On the device running as Caps-Man... Slave SSIDs don't get added to the bridge by default.

Open bridge and add the ports.

I have seen this on several units now.
Thanks for the reply.

But checking my bridge (bridge1) on the capsman unit, it already has all ethernet ports (excluding the one internet link) and all wifi ports in (from itself and the attached caps).

So not sure I can do anything else there?
 
Zacharias
Forum Guru
Forum Guru
Posts: 1083
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: Multiple SSID on HAP AC2 capsman - can't get it to work

Sat Nov 30, 2019 1:53 pm

On the device running as Caps-Man... Slave SSIDs don't get added to the bridge by default.

Open bridge and add the ports.

I have seen this on several units now.
Wrong...
They are added just fine without any problems...
Never had an issue before...
Just tested in 6.45.7 and works just fine as well...
Obviously this is caused by wrong configuration...
 
raffav
Member Candidate
Member Candidate
Posts: 291
Joined: Wed Oct 24, 2012 4:40 am

Re: Multiple SSID on HAP AC2 capsman - can't get it to work

Sat Nov 30, 2019 1:56 pm

 
gotsprings
Forum Veteran
Forum Veteran
Posts: 802
Joined: Mon May 14, 2012 9:30 pm

Re: Multiple SSID on HAP AC2 capsman - can't get it to work

Sat Nov 30, 2019 4:16 pm

TO MAKE THIS CLEAR...
I only observe this when the CAPS-MAN is running in the same device that I am trying to control as a cap.

If its on a router or other device... all caps work just fine with virtual APs or SLAVE configs.

THIS HAPPENS 100/100 across 4 different test routers that have caps-man running on them trying to control their own wirless.


#####
On the device running as Caps-Man... Slave SSIDs don't get added to the bridge by default.

Open bridge and add the ports.

I have seen this on several units now.
Wrong...
They are added just fine without any problems...
Never had an issue before...
Just tested in 6.45.7 and works just fine as well...
Obviously this is caused by wrong configuration...
Got a brand new audience yesterday.

Added a slave SSID in Caps-Man.

Rebooted and there it is in the air.
Can't connect.

Got to interfaces and see new entries for WLAN.
Add them to bridge as ports, and devices connect

EDIT...
Just confirmed it again with 6.45.7

If the WLANs are not added to the Bridge as Ports... They do not get an IP address from the DHCP server and time out.

Enabled Port in bridge and device connects immediately.

Here is the export from the Log
09:30:50 caps,info AC:37:43:DD:2B:45@2ghz-MikroTik-1 disconnected, received deauth
: sending station leaving (3)
09:30:51 caps,info AC:37:43:DD:2B:45@5ghz-ac-MikroTik-1-1 connected, signal streng
th -57
09:31:27 caps,info AC:37:43:DD:2B:45@5ghz-ac-MikroTik-1-1 disconnected, received d
eauth: sending station leaving (3)
09:31:31 caps,info AC:37:43:DD:2B:45@5ghz-ac-MikroTik-1-1 connected, signal streng
th -69
09:31:54 system,info bridge port added by admin
09:32:06 system,info bridge port added by admin
09:32:07 caps,info AC:37:43:DD:2B:45@5ghz-ac-MikroTik-1-1 disconnected, received d
eauth: sending station leaving (3)
09:32:08 caps,info AC:37:43:DD:2B:45@5ghz-ac-MikroTik-1 connected, signal strength
-68
09:32:28 caps,info AC:37:43:DD:2B:45@5ghz-ac-MikroTik-1 disconnected, received dea
uth: sending station leaving (3)
09:32:28 caps,info AC:37:43:DD:2B:45@5ghz-ac-MikroTik-1-1 connected, signal streng
th -65

5ghz-ac-MikroTik-1-1 Is the name of the slave interface and is labeled as WLAN 5.
Add it as a port connects right away.
"It ain't what you don't know that gets you into trouble. It's what you know for sure that just ain't so."
Mark Twain
 
Zarch
just joined
Topic Author
Posts: 10
Joined: Mon Nov 18, 2019 10:32 pm

Re: Multiple SSID on HAP AC2 capsman - can't get it to work

Sat Nov 30, 2019 5:28 pm

Thanks for the comments, checked the provided doc, couldn't see anything that I hadn't already done.

I'm not using separate VLANs, I just want the new SSID in the existing single VLAN set up.
 
gotsprings
Forum Veteran
Forum Veteran
Posts: 802
Joined: Mon May 14, 2012 9:30 pm

Re: Multiple SSID on HAP AC2 capsman - can't get it to work

Sat Nov 30, 2019 7:41 pm

Thanks for the comments, checked the provided doc, couldn't see anything that I hadn't already done.

I'm not using separate VLANs, I just want the new SSID in the existing single VLAN set up.
That's what I was typing... Add the second WLAN to your bridge.
"It ain't what you don't know that gets you into trouble. It's what you know for sure that just ain't so."
Mark Twain
 
raffav
Member Candidate
Member Candidate
Posts: 291
Joined: Wed Oct 24, 2012 4:40 am

Re: Multiple SSID on HAP AC2 capsman - can't get it to work

Sat Nov 30, 2019 9:51 pm

Thanks for the comments, checked the provided doc, couldn't see anything that I hadn't already done.

I'm not using separate VLANs, I just want the new SSID in the existing single VLAN set up.
If you don't want to use vlan what is the point to have multiple SSID?
 
Zacharias
Forum Guru
Forum Guru
Posts: 1083
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: Multiple SSID on HAP AC2 capsman - can't get it to work

Sat Nov 30, 2019 10:14 pm

TO MAKE THIS CLEAR...
I only observe this when the CAPS-MAN is running in the same device that I am trying to control as a cap.

If its on a router or other device... all caps work just fine with virtual APs or SLAVE configs.
I ve made many many capsman configurations. But so that i can be sure that even at the latest version there is no bug or something, i made a quick test for you...
So, in a RB951ui 2hnd that i use for quick tests, i setup capsman on the router it self and then created 2 different configs, one was added as master and second was added as slave...
Interfaces where added to the bridge as normal.. no problem at all...

So, since you say that the interfaces are not added to the bridge makes me thing of a mistake...
# You use caspman forwarding ? If yes, under caspman datapath, have you selected your bridge interface ?
# Local forwarding ? Under wireless cap, have you selected the bridge interface for the interfaces to be added ?
 
gotsprings
Forum Veteran
Forum Veteran
Posts: 802
Joined: Mon May 14, 2012 9:30 pm

Re: Multiple SSID on HAP AC2 capsman - can't get it to work

Sun Dec 01, 2019 12:27 am

TO MAKE THIS CLEAR...
I only observe this when the CAPS-MAN is running in the same device that I am trying to control as a cap.

If its on a router or other device... all caps work just fine with virtual APs or SLAVE configs.
I ve made many many capsman configurations. But so that i can be sure that even at the latest version there is no bug or something, i made a quick test for you...
So, in a RB951ui 2hnd that i use for quick tests, i setup capsman on the router it self and then created 2 different configs, one was added as master and second was added as slave...
Interfaces where added to the bridge as normal.. no problem at all...

So, since you say that the interfaces are not added to the bridge makes me thing of a mistake...
# You use caspman forwarding ? If yes, under caspman datapath, have you selected your bridge interface ?
# Local forwarding ? Under wireless cap, have you selected the bridge interface for the interfaces to be added ?
I never use caps forwarding anymore. It slows the throughput to garbage. So I got in the habit of always using LOCAL FORWARDING. Which probably explains why you don't see this.

On caps that are being controlled as remote... Local forwarding being set gets passed on to the device and I handle everything as VLANs or what have you.

On the local Caps-Man... When you add it as a cap... You look in /bridge ports and you see the master config as WLAN1 and WLAN 2. And until I add WLAN 3 and WLAN 4 to the bridge... Client devices can't pull an IP address and disconnect.
"It ain't what you don't know that gets you into trouble. It's what you know for sure that just ain't so."
Mark Twain
 
Zacharias
Forum Guru
Forum Guru
Posts: 1083
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: Multiple SSID on HAP AC2 capsman - can't get it to work

Sun Dec 01, 2019 9:22 am

It slows the throughput to garbage
It depends, but in general terms i do not agree...
I have in production capsman with local forwarding mode as well and never seen such behavior...
Why do you manually add the interfaces inside the bridge? This is not how its done! You go to wireless cap bridge and there you set the Bridge you want your interfaces to be added...
 
gotsprings
Forum Veteran
Forum Veteran
Posts: 802
Joined: Mon May 14, 2012 9:30 pm

Re: Multiple SSID on HAP AC2 capsman - can't get it to work

Sun Dec 01, 2019 11:33 am

It slows the throughput to garbage
It depends, but in general terms i do not agree...
I have in production capsman with local forwarding mode as well and never seen such behavior...
Why do you manually add the interfaces inside the bridge? This is not how its done! You go to wireless cap bridge and there you set the Bridge you want your interfaces to be added...
I had to add the interface or it won't work.

Look here is the output from a cap.
[admin@MikroTik] /interface bridge port> print
Flags: X - disabled, I - inactive, D - dynamic, H - hw-offload 
 #     INTERFACE      BRIDGE         HW  PVID PR  PATH-COST INTERNA...    HORIZON
 0   H ;;; defconf
       ether1         bridgeLocal    yes    1 0x         10         10       none
 1 I H ;;; defconf
       ether2         bridgeLocal    yes    1 0x         10         10       none
 2 I H ;;; defconf
       ether3         bridgeLocal    yes    1 0x         10         10       none
 3 I H ;;; defconf
       ether4         bridgeLocal    yes    1 0x         10         10       none
 4 I H ;;; defconf
       ether5         bridgeLocal    yes    1 0x         10         10       none
 5  D  wlan2          bridgeLocal           1 0x         10         10       none
 6  D  wlan3          bridgeLocal          20 0x         10         10       none
 7  D  wlan4          bridgeLocal         100 0x         10         10       none
Now here is the config from the caps-MANAGER of a SLAVE or Virtual AP
/caps-man configuration
add country="united states3" datapath.client-to-client-forwarding=yes \
    datapath.local-forwarding=yes datapath.vlan-id=20 datapath.vlan-mode=\
    use-tag keepalive-frames=enabled mode=ap name=OfficeCAPTest \
    security.authentication-types=wpa2-psk security.encryption=aes-ccm \
    security.group-encryption=aes-ccm security.passphrase=notanythingreal ssid=\
    JustanExample
Point being... on a local CAP... the WIRELESS Interfaces are not added as Ports on the Bridge Automatically. And they are on remote CAPs.
"It ain't what you don't know that gets you into trouble. It's what you know for sure that just ain't so."
Mark Twain
 
Zacharias
Forum Guru
Forum Guru
Posts: 1083
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: Multiple SSID on HAP AC2 capsman - can't get it to work

Sun Dec 01, 2019 5:16 pm

@gotsprings i ll give it a try tomorrow and i will let you know...
What is your ROS version by the way ?
 
gotsprings
Forum Veteran
Forum Veteran
Posts: 802
Joined: Mon May 14, 2012 9:30 pm

Re: Multiple SSID on HAP AC2 capsman - can't get it to work

Sun Dec 01, 2019 5:56 pm

@gotsprings i ll give it a try tomorrow and i will let you know...
What is your ROS version by the way ?
6.45.7.

But I have noticed this for a little while now.

I had an install with 3 cAP AC and a hAP AC2 as the router. I got complaints about people not being able to connect. After painfully working my way through it... I finally noticed it was the slave interfaces off the hAP AC2 that clients would show as connected in CAPS-MAN... But not pass traffic.

I wasn't sure until another install called with "all sorts of issues". Worked that problem with an annoying tech who had no patience, bad troubleshooting skills, and screams a lot. Made it harder to figure it out.

But we narrowed it down to the wifi from the router..

Mocked it up at the office... Used 3 SSIDs on the router using caps man... Sure enough... SSIDs 2 and 3 didn't work.

Logged back into jobs that had more than one SSID coming from the router in Caps-Man mode and turned them off. Problem calls stopped.

Figured out that add port to the bridge the other day and proved it repeatedly across several systems.
"It ain't what you don't know that gets you into trouble. It's what you know for sure that just ain't so."
Mark Twain
 
Zacharias
Forum Guru
Forum Guru
Posts: 1083
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: Multiple SSID on HAP AC2 capsman - can't get it to work

Sun Dec 01, 2019 6:27 pm

Ok i ll give it a try and let you know... By the way when you already have a good router, i mean a powerful one just go with capsman forwarding...
Am not really sure why you use local forwarding so much....
 
Zarch
just joined
Topic Author
Posts: 10
Joined: Mon Nov 18, 2019 10:32 pm

Re: Multiple SSID on HAP AC2 capsman - can't get it to work

Sun Dec 01, 2019 8:31 pm

Thanks for the comments, checked the provided doc, couldn't see anything that I hadn't already done.

I'm not using separate VLANs, I just want the new SSID in the existing single VLAN set up.
If you don't want to use vlan what is the point to have multiple SSID?
I have a wireless printer that has quirky security requirements (ie, not that secure).

So I can create a new SSID for this, whilst leaving my main SSID secure for all the other devices.
 
gotsprings
Forum Veteran
Forum Veteran
Posts: 802
Joined: Mon May 14, 2012 9:30 pm

Re: Multiple SSID on HAP AC2 capsman - can't get it to work

Sun Dec 01, 2019 8:51 pm

Thanks for the comments, checked the provided doc, couldn't see anything that I hadn't already done.

I'm not using separate VLANs, I just want the new SSID in the existing single VLAN set up.
If you don't want to use vlan what is the point to have multiple SSID?
I have a wireless printer that has quirky security requirements (ie, not that secure).

So I can create a new SSID for this, whilst leaving my main SSID secure for all the other devices.
Have had that exact problem. Ended up needing to make an unencrypted SSID to connect the printer too. Then you make an ACL to only allow that printer to connect. Then limit that SSID to just the closest Access Point. Etc etc etc.
"It ain't what you don't know that gets you into trouble. It's what you know for sure that just ain't so."
Mark Twain
 
gotsprings
Forum Veteran
Forum Veteran
Posts: 802
Joined: Mon May 14, 2012 9:30 pm

Re: Multiple SSID on HAP AC2 capsman - can't get it to work

Sun Dec 01, 2019 9:04 pm

Ok i ll give it a try and let you know... By the way when you already have a good router, i mean a powerful one just go with capsman forwarding...
Am not really sure why you use local forwarding so much....
That would be Mikrotik staff.

When I was getting crap numbers from cAP AC, Mikrotik support told me to "use local forwarding". wAP AC was sub 100M... "This is processor related... Use local forwarding." When the wireless remotes in the system all disconnected... "try local forwarding". Basically I have been told in trouble shooting SEVERAL TIMES by support staff... "Local forwarding". (There is a back and forth between me and Normmis that he specifically stated it's the processor in the Access Point... It doesn't matter that I had a CCR router...)

Besides... If I build the system using local forwarding taking into account things like VLANs and the like... It's a lot easier to rip out the Mikrotik wireless for another vendor when I need to.

I also design routing for companies after they can't get something to work. So they already have switching and wireless handled.

Mikrotik Wireless is WAY BEHIND performance and interference mitigation compared to my other vendor. But I really try to use Mikrotik wireless if it can actually get the job done. But as soon as I see several issues that have bitten me again and again... Tik wireless gets replaced and issues disappear immediately. But it's 200 dollars more per access point at cost. So it can add up, quick.
Last edited by gotsprings on Sun Dec 01, 2019 9:50 pm, edited 1 time in total.
"It ain't what you don't know that gets you into trouble. It's what you know for sure that just ain't so."
Mark Twain
 
Zacharias
Forum Guru
Forum Guru
Posts: 1083
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: Multiple SSID on HAP AC2 capsman - can't get it to work

Sun Dec 01, 2019 9:19 pm

Ok i ll give it a try and let you know... By the way when you already have a good router, i mean a powerful one just go with capsman forwarding...
Am not really sure why you use local forwarding so much....
That would be Mikrotik staff.
Tests are for everyone...
Besides that, i am pretty sure it will work just fine...
 
Zacharias
Forum Guru
Forum Guru
Posts: 1083
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: Multiple SSID on HAP AC2 capsman - can't get it to work

Tue Dec 03, 2019 1:31 pm

Just tested, local forwarding mode and capsman in same device, interfaces master and slave where dynamically added to the Bridge and i was able to connect on both, address was assigned to me without any problems...
So check your config again, there is 100% a mistake, maybe in your vlans too...
The device i tested is a 951 ui 2hnd with ROS 6.45.7...
 
gotsprings
Forum Veteran
Forum Veteran
Posts: 802
Joined: Mon May 14, 2012 9:30 pm

Re: Multiple SSID on HAP AC2 capsman - can't get it to work

Wed Dec 04, 2019 3:38 am

Did you add bridge in the data path?

I don't.
"It ain't what you don't know that gets you into trouble. It's what you know for sure that just ain't so."
Mark Twain
 
Zacharias
Forum Guru
Forum Guru
Posts: 1083
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: Multiple SSID on HAP AC2 capsman - can't get it to work

Wed Dec 04, 2019 8:25 am

Did you add bridge in the data path?

I don't.
You do not add the Bridge in datapath in local forwarding, so no i didnt...
This is done in capsman forwarding...

Who is online

Users browsing this forum: No registered users and 20 guests