So what I've done is setup CAPsMAN to provision with dynamic interfaces and under the master interfaces there are guest interfaces for guest WiFi as well.
My issue is this: when I try to connect a laptop to the AP (which is a cAP ac) I get authentication errors on my Windows 10 device, however if I repeatedly attempt to connect eventually it will establish properly.
I've seen this exact issue happen else where on CAPsMAN on devices that are not my own, which is why I don't think it's just my device and I suspect I have something configured wrong or this RB4011/cAP ac is dropping the 802.11 ball.
For anyone that wants to help I've included the configs from the RB4011 and the cAP ac below.
CAPsMAN Config:
Code: Select all
CAPsMAN Controller:
/caps-man channel
add control-channel-width=20mhz extension-channel=disabled frequency=\
2412,2437,2462 name=ch-X-2GHz_auto secondary-frequency=disabled
add control-channel-width=20mhz extension-channel=disabled frequency=\
5180,5200,5220,5240,5745,5765,5785,5805,5825 name=ch-X-5GHz_auto \
secondary-frequency=disabled skip-dfs-channels=yes
add control-channel-width=20mhz frequency=2412 name=ch1_2GHz \
secondary-frequency=disabled
add control-channel-width=20mhz frequency=2417 name=ch2_2GHz \
secondary-frequency=disabled
add control-channel-width=20mhz frequency=2422 name=ch3_2GHz \
secondary-frequency=disabled
add control-channel-width=20mhz frequency=2427 name=ch4_2GHz \
secondary-frequency=disabled
add control-channel-width=20mhz frequency=2432 name=ch5_2GHz \
secondary-frequency=disabled
add control-channel-width=20mhz frequency=2437 name=ch6_2GHz \
secondary-frequency=disabled
add control-channel-width=20mhz frequency=2442 name=ch7_2GHz \
secondary-frequency=disabled
add control-channel-width=20mhz frequency=2447 name=ch8_2GHz \
secondary-frequency=disabled
add control-channel-width=20mhz frequency=2452 name=ch9_2GHz \
secondary-frequency=disabled
add control-channel-width=20mhz frequency=2457 name=ch10_2GHz \
secondary-frequency=disabled
add control-channel-width=20mhz frequency=2462 name=ch11_2GHz \
secondary-frequency=disabled
add control-channel-width=20mhz extension-channel=XX frequency=\
5180,5200,5220,5240,5745,5765,5785,5805 name=ch-XX-5GHz_auto \
secondary-frequency=disabled skip-dfs-channels=yes
add control-channel-width=20mhz extension-channel=XXXX frequency=\
5180,5200,5220,5240,5745,5765,5785,5805 name=ch-XXXX-5GHz_auto \
secondary-frequency=disabled skip-dfs-channels=yes
add control-channel-width=20mhz extension-channel=XX frequency=2412,2462 name=\
ch-XX-2GHz_auto secondary-frequency=disabled
add control-channel-width=20mhz frequency=5180 name=ch36_5GHz \
secondary-frequency=disabled
add control-channel-width=20mhz frequency=5200 name=ch40_5GHz \
secondary-frequency=disabled
add control-channel-width=20mhz frequency=5220 name=ch44_5GHz \
secondary-frequency=disabled
add control-channel-width=20mhz frequency=5240 name=ch48_5GHz \
secondary-frequency=disabled
add control-channel-width=20mhz frequency=5745 name=ch149_5GHz \
secondary-frequency=disabled
add control-channel-width=20mhz frequency=5765 name=ch153_5GHz \
secondary-frequency=disabled
add control-channel-width=20mhz frequency=5785 name=ch157_5GHz \
secondary-frequency=disabled
add control-channel-width=20mhz frequency=5805 name=ch161_5GHz \
secondary-frequency=disabled
add control-channel-width=20mhz frequency=5825 name=ch165_5GHz \
secondary-frequency=disabled
/caps-man configuration
add mode=ap name=cfg-blank
/interface bridge
add admin-mac=48:8F:5A:8B:CB:68 auto-mac=no dhcp-snooping=yes \
ingress-filtering=yes mtu=1500 name=bridge protocol-mode=none \
vlan-filtering=yes
/interface wireless
set [ find default-name=wlan2 ] adaptive-noise-immunity=ap-and-client-mode \
band=2ghz-b/g/n bridge-mode=disabled country=canada2 distance=indoors \
frequency=auto hw-fragmentation-threshold=2347 installation=indoor \
max-station-count=250 mode=ap-bridge multicast-helper=full name=WiFi_2g \
scan-list=default,5200-5300 ssid=4011 station-roaming=enabled \
wireless-protocol=802.11 wmm-support=enabled
add mac-address=4A:8F:5A:5B:9F:F4 master-interface=WiFi_2g mode=station name=\
WiFi_2g-Guest
set [ find default-name=wlan1 ] adaptive-noise-immunity=ap-and-client-mode \
band=5ghz-a/n/ac bridge-mode=disabled channel-width=20/40/80mhz-eeeC \
country=canada2 distance=indoors frequency=5805 hw-fragmentation-threshold=\
2347 max-station-count=250 mode=ap-bridge multicast-helper=full name=\
WiFi_5g skip-dfs-channels=all ssid=4011 station-roaming=enabled \
wireless-protocol=802.11 wmm-support=enabled
add mac-address=4A:8F:5A:8B:CB:73 master-interface=WiFi_5g mode=station name=\
WiFi_5g-Guest
/interface ethernet
set [ find default-name=sfp-sfpplus1 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full comment=WAN
/interface wireless nstreme
set WiFi_2g enable-polling=no
set WiFi_5g enable-polling=no
/interface vlan
add interface=bridge name=BR_Guest vlan-id=4080
add interface=bridge loop-protect=off name=BR_WAN vlan-id=4094
/caps-man security
add authentication-types=wpa2-psk disable-pmkid=no encryption=aes-ccm \
group-encryption=aes-ccm group-key-update=1h name=default passphrase=\
12345678910cap
add authentication-types=wpa2-psk disable-pmkid=no encryption=aes-ccm \
group-encryption=aes-ccm group-key-update=1h name=guest passphrase=\
12345678910capg
/interface list
add name=WiFi
add name=LAN
add exclude=WiFi,LAN name=WAN
add exclude=WiFi,LAN,WAN name=admin
/caps-man datapath
add arp=enabled bridge=bridge client-to-client-forwarding=yes interface-list=\
none local-forwarding=yes mtu=1500 name=datapath-lan vlan-id=1 vlan-mode=\
no-tag
add arp=enabled bridge=bridge client-to-client-forwarding=no interface-list=\
none local-forwarding=yes mtu=1500 name=datapath-lan_guest vlan-id=4080 \
vlan-mode=use-tag
/caps-man configuration
add channel=ch6_2GHz channel.band=2ghz-onlyn channel.control-channel-width=\
20mhz channel.extension-channel=disabled channel.secondary-frequency=\
disabled country=canada datapath=datapath-lan disconnect-timeout=3s \
distance=indoors frame-lifetime=0ms guard-interval=any hide-ssid=no \
hw-protection-mode=none hw-retries=7 installation=any keepalive-frames=\
enabled max-sta-count=250 mode=ap multicast-helper=full name=cfg-2GHz \
rx-chains=0,1,2,3 security=default ssid=Test tx-chains=0,1,2,3
add channel=ch-X-2GHz_auto country=canada datapath=datapath-lan_guest \
disconnect-timeout=3s distance=indoors frame-lifetime=0ms guard-interval=\
any hide-ssid=no hw-protection-mode=none hw-retries=7 installation=any \
keepalive-frames=enabled max-sta-count=250 mode=ap multicast-helper=full \
name=cfg-2GHz_Guest rx-chains=0,1,2,3 security=guest ssid=Test tx-chains=\
0,1,2,3
add channel=ch161_5GHz channel.band=5ghz-a/n/ac channel.control-channel-width=\
20mhz channel.extension-channel=eeeC channel.secondary-frequency=disabled \
channel.skip-dfs-channels=yes country=canada datapath=datapath-lan \
disconnect-timeout=3s distance=indoors frame-lifetime=0ms guard-interval=\
any hide-ssid=no hw-protection-mode=none hw-retries=7 installation=any \
keepalive-frames=enabled max-sta-count=250 mode=ap multicast-helper=full \
name=cfg-5GHz rx-chains=0,1,2,3 security=default ssid=Test_5GHz tx-chains=\
0,1,2,3
add channel=ch-XX-5GHz_auto channel.skip-dfs-channels=yes country=canada \
datapath=datapath-lan_guest disconnect-timeout=3s distance=indoors \
frame-lifetime=0ms guard-interval=any hide-ssid=no hw-protection-mode=none \
hw-retries=7 installation=any keepalive-frames=enabled max-sta-count=250 \
mode=ap multicast-helper=full name=cfg-5GHz_Guest rx-chains=0,1,2,3 \
security=guest ssid=Test_5GHz-Guest tx-chains=0,1,2,3
/caps-man interface
add channel.frequency=2437 channel.secondary-frequency=disabled configuration=\
cfg-2GHz disabled=yes l2mtu=1600 mac-address=48:8F:5A:2E:A6:F7 \
master-interface=none name="2GHz-cAP ac (51448)-1" radio-mac=\
48:8F:5A:2E:A6:F7 radio-name=488F5A2EA6F7
add channel.frequency=5805 channel.secondary-frequency=disabled configuration=\
cfg-5GHz disabled=yes l2mtu=1600 mac-address=48:8F:5A:2E:A6:F8 \
master-interface=none name="5GHz-cAP ac (51448)-1" radio-mac=\
48:8F:5A:2E:A6:F8 radio-name=488F5A2EA6F8
add channel.frequency=5180,5200,5220,5240,5745,5765,5785,5805 \
channel.secondary-frequency=disabled configuration=cfg-5GHz_Guest disabled=\
yes l2mtu=1600 mac-address=4A:8F:5A:2E:A6:F8 master-interface=\
"5GHz-cAP ac (51448)-1" name="5GHz-cAP ac (51448)-1-1" radio-mac=\
00:00:00:00:00:00 radio-name=4A8F5A2EA6F8
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk eap-methods="" group-key-update=1h mode=\
dynamic-keys name=profile1 supplicant-identity="" wpa2-pre-shared-key=\
123456789104011
/ip dhcp-server
add interface=bridge name=dhcp1
/ip pool
add name=pool-lan ranges=192.168.100.20-192.168.100.254
add name=pool-lan_guest ranges=192.168.102.20-192.168.102.254
/ip dhcp-server
add address-pool=pool-lan bootp-support=none disabled=no interface=bridge \
lease-time=1d name=DHCP-LAN
add address-pool=pool-lan_guest bootp-support=none disabled=no interface=\
BR_Guest lease-time=1d name=DHCP-LAN-Guest
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,passw\
ord,web,sniff,sensitive,api,romon,dude,tikapp"
/caps-man manager
set ca-certificate=CAPsMAN-CA-488F5A8BCB68 certificate=CAPsMAN-488F5A8BCB68 \
enabled=yes require-peer-certificate=yes upgrade-policy=\
require-same-version
/caps-man manager interface
set [ find default=yes ] forbid=yes
add disabled=no interface=bridge
add disabled=no interface=WiFi_5g
add disabled=no interface=WiFi_2g
/caps-man provisioning
add action=create-enabled comment="Prov cAP ac" common-name-regexp=\
CAP-488F5A2EA6F5 hw-supported-modes=g identity-regexp=51448 \
master-configuration=cfg-2GHz name-format=prefix-identity name-prefix=2GHz
add action=create-enabled common-name-regexp=CAP-488F5A2EA6F5 \
hw-supported-modes=ac identity-regexp=51448 master-configuration=cfg-5GHz \
name-format=prefix-identity name-prefix=5GHz slave-configurations=\
cfg-5GHz_Guest
add action=create-dynamic-enabled comment="Prov RB4011" common-name-regexp=\
CAPsMAN-488F5A8BCB68 disabled=yes hw-supported-modes=g identity-regexp=\
51448 master-configuration=cfg-2GHz name-format=prefix-identity \
name-prefix=2GHz
add action=create-dynamic-enabled common-name-regexp=CAPsMAN-488F5A8BCB68 \
disabled=yes hw-supported-modes=ac identity-regexp=51448 \
master-configuration=cfg-5GHz name-format=prefix-identity name-prefix=5GHz \
slave-configurations=cfg-5GHz_Guest
add hw-supported-modes=ac master-configuration=cfg-blank name-format=identity
add hw-supported-modes=g master-configuration=cfg-blank
/interface bridge port
add bridge=bridge comment="Change Pvid back to 1" edge=yes ingress-filtering=\
yes interface=ether1 point-to-point=yes pvid=4094 trusted=yes
add bridge=bridge edge=yes ingress-filtering=yes interface=ether2 \
point-to-point=yes
add bridge=bridge edge=yes ingress-filtering=yes interface=ether3 \
point-to-point=yes
add bridge=bridge edge=yes ingress-filtering=yes interface=ether4 \
point-to-point=yes
add bridge=bridge edge=yes ingress-filtering=yes interface=ether5 \
point-to-point=yes
add bridge=bridge edge=yes ingress-filtering=yes interface=ether6 \
point-to-point=yes
add bridge=bridge edge=yes ingress-filtering=yes interface=ether7 \
point-to-point=yes
add bridge=bridge edge=yes ingress-filtering=yes interface=ether8 \
point-to-point=yes
add bridge=bridge edge=yes ingress-filtering=yes interface=ether9 \
point-to-point=yes
add bridge=bridge edge=yes ingress-filtering=yes interface=ether10 \
point-to-point=yes
add bridge=bridge comment=WAN edge=yes ingress-filtering=yes interface=\
sfp-sfpplus1 point-to-point=yes pvid=4094 trusted=yes
/interface bridge settings
set use-ip-firewall-for-vlan=yes
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface bridge vlan
add bridge=bridge tagged=bridge vlan-ids=4094
add bridge=bridge tagged=bridge,WiFi_2g,WiFi_5g,ether10 vlan-ids=4080
/interface list member
add interface=WiFi_2g list=WiFi
add interface=WiFi_5g list=WiFi
add interface=bridge list=LAN
add interface=ether1 list=LAN
add interface=ether2 list=LAN
add interface=ether3 list=LAN
add interface=ether4 list=LAN
add interface=ether5 list=LAN
add interface=ether6 list=LAN
add interface=ether7 list=LAN
add interface=ether8 list=LAN
add interface=ether9 list=LAN
add interface=ether10 list=LAN
add interface=BR_WAN list=WAN
add interface=BR_TV list=WAN
/interface wireless cap
set bridge=bridge caps-man-addresses=127.0.0.1 certificate=CAPsMAN-488F5A8BCB68 \
interfaces=WiFi_2g,WiFi_5g static-virtual=yes
/interface wireless sniffer
set file-limit=8192 file-name=bad_auth.pcap memory-limit=2048 receive-errors=\
yes
/ip address
add address=192.168.100.1/24 interface=bridge network=192.168.100.0
add address=192.168.102.1/24 interface=BR_Guest network=192.168.102.0
/ip dhcp-client
add disabled=no interface=BR_WAN
add add-default-route=no disabled=no interface=BR_Admin use-peer-dns=no \
use-peer-ntp=no
add disabled=no interface=bridge
/ip dhcp-server lease
add address=192.168.100.250 client-id=1:48:8f:5a:2e:a6:f5 mac-address=\
48:8F:5A:2E:A6:F5 server=DHCP-LAN
/ip dhcp-server network
add address=192.168.100.0/24 caps-manager=192.168.100.1 dns-server=\
192.168.100.1 gateway=192.168.100.1 netmask=24 ntp-server=192.168.100.1
add address=192.168.102.0/24 dns-server=192.168.102.1 gateway=192.168.102.1 \
netmask=24 ntp-server=192.168.102.1
/system identity
set name="RB4011 (51448)"
cAP ac config:
/interface bridge
add admin-mac=48:8F:5A:2E:A6:F5 auto-mac=no name=bridge protocol-mode=none \
vlan-filtering=yes
/interface wireless
# managed by CAPsMAN
set [ find default-name=wlan1 ] adaptive-noise-immunity=ap-and-client-mode \
band=2ghz-b/g/n bridge-mode=disabled country=canada2 distance=indoors mode=\
ap-bridge multicast-helper=full name=WiFi_2g ssid=MikroTik \
wireless-protocol=802.11 wmm-support=enabled
add keepalive-frames=disabled mac-address=4A:8F:5A:2E:A6:F7 master-interface=\
WiFi_2g multicast-buffering=disabled name=WiFi_2g-Guest ssid=guest vlan-id=\
4080 vlan-mode=use-tag wds-cost-range=0 wds-default-cost=0 wps-mode=\
disabled
# managed by CAPsMAN
set [ find default-name=wlan2 ] adaptive-noise-immunity=ap-and-client-mode \
band=5ghz-a/n/ac bridge-mode=disabled country=canada2 distance=indoors \
mode=ap-bridge multicast-helper=full name=WiFi_5g ssid=MikroTik \
wireless-protocol=802.11 wmm-support=enabled
add mac-address=4A:8F:5A:2E:A6:F8 master-interface=WiFi_5g mode=station name=\
WiFi_5g-Guest
/interface ethernet
set [ find default-name=ether2 ] disabled=yes
/interface wireless nstreme
# managed by CAPsMAN
set WiFi_2g enable-polling=no
# managed by CAPsMAN
set WiFi_5g enable-polling=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/interface bridge port
add bridge=bridge edge=yes interface=ether1 learn=yes point-to-point=yes \
trusted=yes
add bridge=bridge edge=yes interface=WiFi_2g learn=yes point-to-point=yes
add bridge=bridge edge=yes interface=WiFi_5g learn=yes point-to-point=yes
add bridge=bridge edge=yes ingress-filtering=yes interface=ether2 \
point-to-point=yes
/interface bridge vlan
add bridge=bridge tagged=ether1 vlan-ids=4080
/interface wireless cap
#
set bridge=bridge caps-man-addresses=192.168.100.1 certificate=request enabled=\
yes interfaces=WiFi_2g,WiFi_5g static-virtual=yes
/ip dhcp-client
add disabled=no interface=bridge
/system identity
set name="cAP ac (51448)"
/system routerboard settings
set auto-upgrade=yes