MacOS 13.4 was used
ROS 7.10rc1
Hardware used:
hAP AX3 - CAPsMAN
cAP AX - cAPGi-5HaxD2HaxD
Do *NOT* try and configure any of the remote interfaces using the radio menu - this will break things. Use this for the local interfaces only and use the provision under "Remote CAP" for anything else
Below is my current working FT (802.11r) config - with MacOS/Windows/Linux - various hardware. This config will be rolled out to a bigger site next week with a lot more roaming devices
Code: Select all
/interface wifiwave2 channel
add band=5ghz-ax comment="5G AX" disabled=no name="5G AX" skip-dfs-channels=all width=20/40/80mhz
add band=2ghz-ax comment="2G AX" disabled=no name="2G AX" skip-dfs-channels=all width=20/40mhz
/interface wifiwave2 datapath
add bridge=Desktop comment=Desktop disabled=no name=Desktop
/interface wifiwave2 security
add authentication-types=wpa2-psk,wpa3-psk disabled=no ft=yes ft-mobility-domain=0xBEEF ft-nas-identifier=babe ft-r0-key-lifetime=5m ft-reassociation-deadline=1m name="Security Profile"
add authentication-types=wpa-psk,wpa2-psk disabled=no name="Security Profile Old"
/interface wifiwave2 configuration
add channel.skip-dfs-channels=all datapath=Desktop disabled=no mode=ap name=ssid security="Security Profile" ssid=ssid
add datapath=Desktop disabled=no mode=ap name=ssid_24 security="Security Profile" ssid=ssid_24
add country="New Zealand" disabled=no mode=ap name=ssid_j security="Security Profile" ssid=ssid_j
add country="New Zealand" datapath=Desktop disabled=no mode=ap name=ssid_24_old security="Security Profile Old" ssid=ssid_24_old
/interface wifiwave2 cap
set caps-man-addresses=127.0.0.1 certificate=request discovery-interfaces=Desktop enabled=yes slaves-datapath=Desktop
/interface wifiwave2 capsman
set ca-certificate=auto enabled=yes package-path="" require-peer-certificate=no upgrade-policy=none
/interface wifiwave2 provisioning
add action=create-dynamic-enabled comment="5G Prov" disabled=no master-configuration=ssid slave-configurations=ssid_j supported-bands=5ghz-ax,5ghz-ac,5ghz-n,5ghz-a
add action=create-dynamic-enabled comment="2G Prov" disabled=no master-configuration=ssid slave-configurations=ssid_j,ssid_24,ssid_24_old supported-bands=2ghz-ax,2ghz-g,2ghz-n
P.S. I assume FT is working since:
Code: Select all
17:07:19 wireless,info 66:38:39:72:FF:FE@cap-wifi3 rejected, FT: PMKID in Reassoc Req did not match with the PMKR1Name derived from auth request