Most devices have connected to the ax2 without issue, but several "smart devices," including two Geeni Smart Bulbs (model BW903) and one Roomba (model 960) will not associate when using a passphrase (WPA, WPA2, WPA3 - none of them work). Two of them give a "key handshake error" and the other never shows up in the logs. Note that I have other Geeni devices that are able to connect without issue. I'm using the same exact passphrase that's been in use on the ac2 for several years. I tried all the standard wifi troubleshooting stuff - switching channels, switching to different passphrases, hiding SSIDs, rebooting things, etc.
To get things up and running with the two bulbs and one Roomba, I created a slave network without authentication, and that has worked for all the devices. This rules out distance and a few other considerations (30 feet distance, open air, line of site). I went to put some access-list rules in and it appears that's broken in 7.8, too (I commented on another topic on that one where two other people have chimed in). I had to result in some NAT rules to whitelist the MAC addresses, and yes, someone in my apartment complex is connecting to open networks - even hidden ones - so my paranoia is warranted.
Here are the configs (I've replaced some of the values with Xs):
MASTER
Code: Select all
4 M BR default-name="wifi2" name="xxxx-wlan-2" mac-address=XX:XX:XX:2C:42:96 arp-timeout=auto radio-mac=XX:XX:8A:2C:42:96
configuration.mode=ap .ssid="xxxx-wlan-2" .country=United States
security=xxxx-wlan
SLAVE (AUTHENTICATED)
Code: Select all
2 BR name="xxxx-iot-1" mac-address=XX:XX:XX:2C:42:97 arp-timeout=auto master-interface=xxxx-wlan-2
configuration.mode=ap .ssid="xxxx-iot-1" .hide-ssid=no
security=iot
SECURITY (Using an all lower UUID for the passphrase)
Code: Select all
2 name="iot" authentication-types=wpa2-psk,wpa3-psk encryption=ccmp,gcmp,ccmp-256,gcmp-256 passphrase="80925074-xxxx-xxxx-xxxx-xxxxxxxx01f2"
Anyone have any ideas? Mikrotik engineers: let me know if I can get you additional troubleshooting info.
Appreciate any and all assistance.
-- Justin