I have recently installed a 5009 with 3 cAP ac access points in my home. I have updated the wireless packages to use wifi-qcom and wifi-qcom-ac, respectively, and gone about setting up the configs as per the Mikrotik docs: https://help.mikrotik.com/docs/display/ROS/WiFi.
The router has mostly got the default/base config applied and is updated to 7.14 (as are the APs). There are a handful of settings I will likely change but for now the default seems to be OK for what I need initially. However, there is a bit of an issue... I am unable to control the access points effectively (at all really).
I have provisioned the the APs by holding the reset button during boot which seemed to make them connect to the router to get their configs. These configs work and I am able to auth and connect to the Internet no problem. However, in the WiFi window (on the router), I see "-- no connection to CAPsMAN, managed locally" and when logged into the AP, I see "managed by CAPsMAN" with addtl wifi info (though not all configs are present/applied).
I am not quite clear on how to get the Router and the cAPs to agree on their management/settings and it seems that while they are able to get their base config, I am unable to modify or control them further. It looks like even though the base config is applied, additional communications between the router and the APs isn't working.
I am wondering if it is related to certs.
I have attached both the router and AP configs here.
Any help is greatly appreciated, thanks in advance.
-
-
woopdeedoo
just joined
- Posts: 5
- Joined:
CAPsMAN <> cAP config and behaviour is baffling me - managed, yet unmanaged...
You do not have the required permissions to view the files attached to this post.
Re: CAPsMAN <> cAP config and behaviour is baffling me - managed, yet unmanaged...
Wave2 capsman is in base ROS package since 7.13.
Remove wifi-qcom package from RB5009.
Remove wifi-qcom package from RB5009.
-
-
woopdeedoo
just joined
- Posts: 5
- Joined:
Re: CAPsMAN <> cAP config and behaviour is baffling me - managed, yet unmanaged...
So I did this, removed the wifi-qcom package from router and rebooted it to apply the change... The issue remains... I rebooted one of the APs to see if that would make a difference and it did not. Do you think I need to redo the whole "unplug PoE connection, hold 'reset' and plug back in, wait for flashing LEDs and let go of 'reset' button" thing to sync them again?Wave2 capsman is in base ROS package since 7.13.
Remove wifi-qcom package from RB5009.
Edit to add: I notice in the WinBox "neighbor" tab that this AP has a DHCP IP and also a 0.0.0.0 IP associated with the MAC address after reboot... See Attached image.
Do I need to do a thing to adjust this after the removal of the wifi-qcom package?
You do not have the required permissions to view the files attached to this post.
Re: CAPsMAN <> cAP config and behaviour is baffling me - managed, yet unmanaged...
Can you please clarify what is not working since your questions/response is quite unclear.
On RB5009, there should not be a message anymore about interfaces being managed locally. Yes or no ?
You should see on RB5009 the 6 radios of the 3 APs being controlled by capsman (3x 5Ghz, 3x 2.4GHz). Yes or no ?
Are you able to use the APs with the settings your configured on RB5009 ? Yes or no ?
On RB5009, there should not be a message anymore about interfaces being managed locally. Yes or no ?
You should see on RB5009 the 6 radios of the 3 APs being controlled by capsman (3x 5Ghz, 3x 2.4GHz). Yes or no ?
Are you able to use the APs with the settings your configured on RB5009 ? Yes or no ?
Re: CAPsMAN <> cAP config and behaviour is baffling me - managed, yet unmanaged...
About config:
caps looks ok (rather default)
RB5009:
I think you missed some things in the provided documents ...
remove:
Your RB5009 has no radios, so it does not need to listen for capsman. It IS the capsman controller.
Bridge:
what's this ??
Remove the errors.
conflict here...
I assume you do not want to use the 192.168.88.0/24 subnet ? Remove it then (also the pool and DHCP-server network).
You have set your bridge to address 10.10.0.1 but you do the SAME on ether1 ? Why ? Ether1 should be in subnet of your upstream ISP router, I would think (can't know for sure since you did not reveal how that part is constructed).
And further on you have DHCP client on ether1, which more or less confirms my finding.
Clean up and repost config please.
caps looks ok (rather default)
RB5009:
I think you missed some things in the provided documents ...
remove:
Code: Select all
/interface wifi cap
set discovery-interfaces=bridge enabled=yes lock-to-caps-man=no slaves-static=noBridge:
what's this ??
Code: Select all
add bridge=bridge interface=*50
add bridge=bridge interface=*54
add bridge=bridge interface=*51
add bridge=bridge interface=*55
add bridge=bridge interface=*4E
add bridge=bridge interface=*4Fconflict here...
Code: Select all
/ip address
add address=192.168.88.1/24 comment=defconf disabled=yes interface=bridge network=192.168.88.0
add address=10.10.0.1/24 interface=bridge network=10.10.0.0
add address=10.10.0.1 interface=ether1 network=10.10.0.1You have set your bridge to address 10.10.0.1 but you do the SAME on ether1 ? Why ? Ether1 should be in subnet of your upstream ISP router, I would think (can't know for sure since you did not reveal how that part is constructed).
And further on you have DHCP client on ether1, which more or less confirms my finding.
Clean up and repost config please.
-
-
woopdeedoo
just joined
- Posts: 5
- Joined:
Re: CAPsMAN <> cAP config and behaviour is baffling me - managed, yet unmanaged...
>> Can you please clarify what is not working since your questions/response is quite unclear.
So the APs are showing in the CAPsMAN and have initial config but it doesn't seem I can made any new changes ("pushing" WPS button for my printer as an example). It looks like there is a communication issue between the CAPsMAN and the APs (though it looks like a partial issue??)
See screenshot from WiFi dialog. ^ Here ^
I can share a screenshot of what I see on the APs (it shows managed by CAPsMAN with SSID though doesn't allow local config despite that being set in router conf) as well as AP config again if you think it would be helpful.
As for the rest of your comments, they were helpful and correct, I have responded below.
Yup, mostly default still... Just getting this up and running before I start implementing things (apologies, I am new to Mikrotik)
Fixed
I actually think this was auto-populated or something? these are the ends of the AP radio MAC addresses which seem to have been automatically added in the previous config. They seem to have disappeared after uninstalling the wifi-qcom package.
Yup, you are correct. I have attached the updated config. I was in the process of updating the local network settings and I hadn't cleaned up all the pieces. Apologies.
> You have set your bridge to address 10.10.0.1 but you do the SAME on ether1 ? Why ? Ether1 should be in subnet of your upstream ISP router, I would think (can't know for sure since you did not reveal how that part is constructed).
I don't really know why that was there. I believe it is fixed now, though, I have removed that and things should be correct on the basics of the config. I appreciate your assistance identifying errors.
So the APs are showing in the CAPsMAN and have initial config but it doesn't seem I can made any new changes ("pushing" WPS button for my printer as an example). It looks like there is a communication issue between the CAPsMAN and the APs (though it looks like a partial issue??)
See screenshot from WiFi dialog. ^ Here ^
I can share a screenshot of what I see on the APs (it shows managed by CAPsMAN with SSID though doesn't allow local config despite that being set in router conf) as well as AP config again if you think it would be helpful.
As for the rest of your comments, they were helpful and correct, I have responded below.
About config:
caps looks ok (rather default)
Yup, mostly default still... Just getting this up and running before I start implementing things (apologies, I am new to Mikrotik)
RB5009:
I think you missed some things in the provided documents ...
remove:Code: Select all/interface wifi cap set discovery-interfaces=bridge enabled=yes lock-to-caps-man=no slaves-static=no
Fixed
Bridge:
what's this ??Remove the errors.Code: Select alladd bridge=bridge interface=*50 add bridge=bridge interface=*54 add bridge=bridge interface=*51 add bridge=bridge interface=*55 add bridge=bridge interface=*4E add bridge=bridge interface=*4F
I actually think this was auto-populated or something? these are the ends of the AP radio MAC addresses which seem to have been automatically added in the previous config. They seem to have disappeared after uninstalling the wifi-qcom package.
conflict here...I assume you do not want to use the 192.168.88.0/24 subnet ? Remove it then (also the pool and DHCP-server network).Code: Select all/ip address add address=192.168.88.1/24 comment=defconf disabled=yes interface=bridge network=192.168.88.0 add address=10.10.0.1/24 interface=bridge network=10.10.0.0 add address=10.10.0.1 interface=ether1 network=10.10.0.1
You have set your bridge to address 10.10.0.1 but you do the SAME on ether1 ? Why ? Ether1 should be in subnet of your upstream ISP router, I would think (can't know for sure since you did not reveal how that part is constructed).
And further on you have DHCP client on ether1, which more or less confirms my finding.
Clean up and repost config please.
Yup, you are correct. I have attached the updated config. I was in the process of updating the local network settings and I hadn't cleaned up all the pieces. Apologies.
> You have set your bridge to address 10.10.0.1 but you do the SAME on ether1 ? Why ? Ether1 should be in subnet of your upstream ISP router, I would think (can't know for sure since you did not reveal how that part is constructed).
I don't really know why that was there. I believe it is fixed now, though, I have removed that and things should be correct on the basics of the config. I appreciate your assistance identifying errors.
You do not have the required permissions to view the files attached to this post.
Re: CAPsMAN <> cAP config and behaviour is baffling me - managed, yet unmanaged...
Your wireless interfaces on the CAP aren't part of the bridge, hence it can't be controlled.
Please read this carefully:
https://help.mikrotik.com/docs/display/ ... iFiCAPsMAN
Please read this carefully:
https://help.mikrotik.com/docs/display/ ... iFiCAPsMAN
Re: CAPsMAN <> cAP config and behaviour is baffling me - managed, yet unmanaged...
Good catch !!
That SHOULD however be part of default caps config ...
Minor other thing (I don't think it makes any difference)
Change interface from all to bridge. You don't want incoming requests for capsman from WAN (which anyhow should be blocked by firewall, but better safe then sorry).
When you go to RB5009 / Wifi / Remote Cap, you do see the 3 APs ?
The tab to the left, select all radios and then Provision. This will retrigger provisioning.
That SHOULD however be part of default caps config ...
Minor other thing (I don't think it makes any difference)
Code: Select all
/interface wifi capsman
set enabled=yes interfaces=all package-path="" require-peer-certificate=no \
upgrade-policy=noneWhen you go to RB5009 / Wifi / Remote Cap, you do see the 3 APs ?
The tab to the left, select all radios and then Provision. This will retrigger provisioning.
-
-
woopdeedoo
just joined
- Posts: 5
- Joined:
Re: CAPsMAN <> cAP config and behaviour is baffling me - managed, yet unmanaged...
First off, thank you very much for your input and feedback, I really appreciate the help you have so freely offered.
Apologies for the delayed update here, work has been a little wild the last couple days.
As mentioned earlier, I have added the `cap-wifiX` interfaces to the bridge but they show in the config as follows:
I have attempted adding the `cap-wifi` interfaces using CLI and also using the GUI. They show in the bridge dialogue but go like this ^ after attempting provisioning, showing as "unknown" in the GUI.
Of course, the CAPs are still showing as before, "--no connection to CAPsMAN, managed locally" while the CAPs themselves show that they are managed by CAPsMAN.
EDIT: I can see all 3 APs in the RemoteCap tab of the WiFi menu.
I am beginning to wonder if there is maybe something incorrect on the Firewall config? I have essentially kept the default config as it came out the box though I have moved some of the rules around, notably putting all the blocker rules last. The CAPs are connected to a switch (also a MikroTik) which in turn is connected on ether2 on the Router.
I have attached the current config again with only very minor redactions in an effort to share as much relevant info as possible.
Once again, thank you for your assistance in getting to the bottom of this issue!
Edit to add: I have enabled logging on all "block" rules of the firewall and while reviewing the logs for an unrelated issue, I noted a few interesting entries.
I can see the CAP connect:
and disconnect:
This seems to be happening repeatedly for all the AP interfaces.
And checking DHCP log messages, I see some ARP conflicts: and these all appear to be the CAP radio MACs? I think so though I see on the switch that each of the ports connected to the CAPs have 3-4 MAC addresses associated.
I think this may be the cause of the issue here but I have no idea what is causing it or how to fix it!
Apologies for the delayed update here, work has been a little wild the last couple days.
As mentioned earlier, I have added the `cap-wifiX` interfaces to the bridge but they show in the config as follows:
Code: Select all
add bridge=bridge comment=wifi interface=*2F
add bridge=bridge comment=wifi interface=*30
add bridge=bridge comment=wifi interface=*31
add bridge=bridge comment=wifi interface=*32
add bridge=bridge comment=wifi interface=*33
add bridge=bridge comment=wifi interface=*34
Of course, the CAPs are still showing as before, "--no connection to CAPsMAN, managed locally" while the CAPs themselves show that they are managed by CAPsMAN.
EDIT: I can see all 3 APs in the RemoteCap tab of the WiFi menu.
I am beginning to wonder if there is maybe something incorrect on the Firewall config? I have essentially kept the default config as it came out the box though I have moved some of the rules around, notably putting all the blocker rules last. The CAPs are connected to a switch (also a MikroTik) which in turn is connected on ether2 on the Router.
I have attached the current config again with only very minor redactions in an effort to share as much relevant info as possible.
Once again, thank you for your assistance in getting to the bottom of this issue!
Edit to add: I have enabled logging on all "block" rules of the firewall and while reviewing the logs for an unrelated issue, I noted a few interesting entries.
I can see the CAP connect:
Code: Select all
***:FF@cap-wifi5 connected, signal strength -64Code: Select all
***:FF@cap-wifi5 disconnected, connection lost, signal strength -67And checking DHCP log messages, I see some ARP conflicts:
Code: Select all
Detected conflict by ARP response for 10.10.0.205 from **:**:**:**:**:FFI think this may be the cause of the issue here but I have no idea what is causing it or how to fix it!
You do not have the required permissions to view the files attached to this post.
Re: CAPsMAN <> cAP config and behaviour is baffling me - managed, yet unmanaged...
Why do you even attempt to do this ?As mentioned earlier, I have added the `cap-wifiX` interfaces to the bridge but they show in the config as follows:I have attempted adding the `cap-wifi` interfaces using CLI and also using the GUI. They show in the bridge dialogue but go like this ^ after attempting provisioning, showing as "unknown" in the GUI.Code: Select alladd bridge=bridge comment=wifi interface=*2F add bridge=bridge comment=wifi interface=*30 add bridge=bridge comment=wifi interface=*31 add bridge=bridge comment=wifi interface=*32 add bridge=bridge comment=wifi interface=*33 add bridge=bridge comment=wifi interface=*34
Those interfaces will come on their own once the cap devices are being managed by capsman.
Re: CAPsMAN <> cAP config and behaviour is baffling me - managed, yet unmanaged...
More generally speaking, whenever you see something in Mikrotik exports with an asterisk * followed by a (hex) number, it means in a nutshell:
here there was something that used to make sense but that - due to some changes in some other parts of the configuration - is now invalid and RoS cannot understand what this is.
Those entries need to be deleted (and if needed re-created with valid values).
here there was something that used to make sense but that - due to some changes in some other parts of the configuration - is now invalid and RoS cannot understand what this is.
Those entries need to be deleted (and if needed re-created with valid values).
-
-
woopdeedoo
just joined
- Posts: 5
- Joined:
Re: CAPsMAN <> cAP config and behaviour is baffling me - managed, yet unmanaged...
Why do you even attempt to do this ?
Those interfaces will come on their own once the cap devices are being managed by capsman.
Because of this comment:
Your wireless interfaces on the CAP aren't part of the bridge, hence it can't be controlled.
I guess I misunderstood what was being suggested here.
Either way, I have removed the settings and provisioned the APs from the "Remote CAP" tab in the Wireless section but no dice.
The CAPs are visible but not being added to the bridge... At this point I am beginning to think that the only way to get them to work is to rebuild the whole router config from scratch (though it really doesn't make sense to need to do that)...
An additional thought that occurs to me is that connecting the CAPs to the router directly (ether3-5) instead of via the switch might make a difference here? I would appreciate any thoughts on this idea.
I am also curious about the issues on the MAC conflicts I am seeing in the logs... It seems like it could be relevant though I am unsure how to further investigate that specifically.
Re: CAPsMAN <> cAP config and behaviour is baffling me - managed, yet unmanaged...
On CAP those wireless interfaces need to be part of bridge.
Only wifi1 and wifi2.
Not on capsman controller, that will come on is own.
I strongly suggest you reread documentation.
Only wifi1 and wifi2.
Not on capsman controller, that will come on is own.
I strongly suggest you reread documentation.
Re: CAPsMAN <> cAP config and behaviour is baffling me - managed, yet unmanaged...
On a default cap config only Ethernet ports are part of the bridge.
Re: CAPsMAN <> cAP config and behaviour is baffling me - managed, yet unmanaged...
And you are quite correct too !
My bad ...
Ethernet to bridge.
All wireless/wifi interface looking for capsman using bridge.
My bad ...
Ethernet to bridge.
All wireless/wifi interface looking for capsman using bridge.
Re: CAPsMAN <> cAP config and behaviour is baffling me - managed, yet unmanaged...
Your CAP config looks perfectly fine and is the default config you get when turning the device into caps-mode. Nothing wrong.I have provisioned the the APs by holding the reset button during boot which seemed to make them connect to the router to get their configs. These configs work and I am able to auth and connect to the Internet no problem. However, in the WiFi window (on the router), I see "-- no connection to CAPsMAN, managed locally" and when logged into the AP, I see "managed by CAPsMAN" with addtl wifi info (though not all configs are present/applied).
But why did you enable caps mode on your router? makes no sense and probably explains the wifi interfaces in your rb5009 export. Your caps wifi interfaces are dynamic provisioned. They show in print but not in export on your caps manager (rb5009) device - when configured correctly.
tl;Dr
on your rb5009 disable cap mode:
Code: Select all
/interface/wifi/cap set enabled=noWho is online
Users browsing this forum: sinisa and 10 guests