Community discussions

MikroTik App
 
dewitpj
just joined
Topic Author
Posts: 24
Joined: Sun Dec 26, 2021 9:15 pm

[WORKING] 802.11r with MacOS (CAPsMAN - hAP ax3)

Sun Jun 04, 2023 8:18 am

Hi All,

MacOS 13.4 was used
ROS 7.10rc1


Hardware used:

hAP AX3 - CAPsMAN
cAP AX - cAPGi-5HaxD2HaxD

Do *NOT* try and configure any of the remote interfaces using the radio menu - this will break things. Use this for the local interfaces only and use the provision under "Remote CAP" for anything else

Below is my current working FT (802.11r) config - with MacOS/Windows/Linux - various hardware. This config will be rolled out to a bigger site next week with a lot more roaming devices
/interface wifiwave2 channel
add band=5ghz-ax comment="5G AX" disabled=no name="5G AX" skip-dfs-channels=all width=20/40/80mhz
add band=2ghz-ax comment="2G AX" disabled=no name="2G AX" skip-dfs-channels=all width=20/40mhz

/interface wifiwave2 datapath
add bridge=Desktop comment=Desktop disabled=no name=Desktop

/interface wifiwave2 security
add authentication-types=wpa2-psk,wpa3-psk disabled=no ft=yes ft-mobility-domain=0xBEEF ft-nas-identifier=babe ft-r0-key-lifetime=5m ft-reassociation-deadline=1m name="Security Profile"
add authentication-types=wpa-psk,wpa2-psk disabled=no name="Security Profile Old"

/interface wifiwave2 configuration
add channel.skip-dfs-channels=all datapath=Desktop disabled=no mode=ap name=ssid security="Security Profile" ssid=ssid
add datapath=Desktop disabled=no mode=ap name=ssid_24 security="Security Profile" ssid=ssid_24
add country="New Zealand" disabled=no mode=ap name=ssid_j security="Security Profile" ssid=ssid_j
add country="New Zealand" datapath=Desktop disabled=no mode=ap name=ssid_24_old security="Security Profile Old" ssid=ssid_24_old

/interface wifiwave2 cap
set caps-man-addresses=127.0.0.1 certificate=request discovery-interfaces=Desktop enabled=yes slaves-datapath=Desktop

/interface wifiwave2 capsman
set ca-certificate=auto enabled=yes package-path="" require-peer-certificate=no upgrade-policy=none

/interface wifiwave2 provisioning
add action=create-dynamic-enabled comment="5G Prov" disabled=no master-configuration=ssid slave-configurations=ssid_j supported-bands=5ghz-ax,5ghz-ac,5ghz-n,5ghz-a
add action=create-dynamic-enabled comment="2G Prov" disabled=no master-configuration=ssid slave-configurations=ssid_j,ssid_24,ssid_24_old supported-bands=2ghz-ax,2ghz-g,2ghz-n

Replace "ssid" where needed. I create a 2.4G only network for my IoT/Older devices. Comments welcome

P.S. I assume FT is working since:
17:07:19 wireless,info 66:38:39:72:FF:FE@cap-wifi3 rejected, FT: PMKID in Reassoc Req did not match with the PMKR1Name derived from auth request
But also, my client connected which it refused to do in the past when turning on FT. FT needs to be enabled on the security profile by the looks of things. Other than a few clients that broke when I played with it, all seems well !

Who is online

Users browsing this forum: Google [Bot], sybadi and 32 guests