Community discussions

MikroTik App
 
nebulight
just joined
Topic Author
Posts: 4
Joined: Fri Dec 25, 2020 4:51 am

Wifi 2.4ghz clients can't talk to 5ghz clients?

Sun Sep 11, 2022 8:29 pm

This is really odd. I have a single crs328-24p running routerOS and CAPsMAN with a single AP. I have two different SSIDs setup (one for 2.4ghz and one for 5ghz). I just added a Sonos wifi speaker to the house and when I connect the sonos speaker to the 2.4ghz network, clients (iPhone Xs, 8 and iPad Mini 2) on the 5ghz network can't connect. If I put the Sonos on the 5ghz network, then clients on the 2.4ghz network can't connect. I've had similar issues with a wifi HP printer and Windows PCs connecting, but I just assumed that was due to the printer being very old.

Any assistance would be helpful. Thanks!

CONFIG:
# sep/11/2022 10:14:07 by RouterOS 7.5
# software id = LH0Q-60UK
#
# model = CRS328-24P-4S+
# serial number = REMOVED
/caps-man channel
add band=5ghz-a/n/ac extension-channel=XX name=5ghz
add band=2ghz-g/n extension-channel=disabled name=2.4ghz
/interface bridge
add admin-mac=C4:AD:34:9A:64:17 auto-mac=no comment=defconf name=bridge
/caps-man datapath
add bridge=bridge name=PathtoBridge
/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm \
    name="Muddy Security"
/caps-man configuration
add channel=2.4ghz country="united states3" datapath=PathtoBridge \
    datapath.local-forwarding=no name=Muddy security="Muddy Security" ssid=\
    Muddy
add channel=5ghz country="united states" datapath=PathtoBridge name=Muddy-5G \
    security="Muddy Security" ssid=Muddy-5G
/interface list
add name=WAN
add name=LAN
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.88.100-192.168.88.254
/ip dhcp-server
add address-pool=dhcp interface=bridge lease-time=10h name=DHCP88
/port
set 0 name=serial0
/routing bgp template
set default disabled=no output.network=bgp-networks
/routing ospf instance
add disabled=no name=default-v2
/routing ospf area
add disabled=yes instance=default-v2 name=backbone-v2
/zerotier
set zt1 comment="ZeroTier Central controller - https://my.zerotier.com/" \
    identity="REMOVED" name=zt1 \
    port=9993
/zerotier interface
add instance=zt1 name=zerotier1 network=93afae5963a1aad3
/caps-man manager
set enabled=yes upgrade-policy=suggest-same-version
/caps-man manager interface
set [ find default=yes ] forbid=yes
add disabled=no interface=bridge
/caps-man provisioning
add action=create-dynamic-enabled hw-supported-modes=gn,b \
    master-configuration=Muddy
add action=create-dynamic-enabled hw-supported-modes=ac,an \
    master-configuration=Muddy-5G
/interface bridge port
add bridge=bridge comment=defconf disabled=yes ingress-filtering=no \
    interface=ether1
add bridge=bridge comment=defconf ingress-filtering=no interface=ether2
add bridge=bridge comment=defconf ingress-filtering=no interface=ether3
add bridge=bridge comment=defconf ingress-filtering=no interface=ether4
add bridge=bridge comment=defconf ingress-filtering=no interface=ether5
add bridge=bridge comment=defconf ingress-filtering=no interface=ether6
add bridge=bridge comment=defconf ingress-filtering=no interface=ether7
add bridge=bridge comment=defconf ingress-filtering=no interface=ether8
add bridge=bridge comment=defconf ingress-filtering=no interface=ether9
add bridge=bridge comment=defconf ingress-filtering=no interface=ether10
add bridge=bridge comment=defconf ingress-filtering=no interface=ether11
add bridge=bridge comment=defconf ingress-filtering=no interface=ether12
add bridge=bridge comment=defconf ingress-filtering=no interface=ether13
add bridge=bridge comment=defconf ingress-filtering=no interface=ether14
add bridge=bridge comment=defconf ingress-filtering=no interface=ether15
add bridge=bridge comment=defconf ingress-filtering=no interface=ether16
add bridge=bridge comment=defconf ingress-filtering=no interface=ether17
add bridge=bridge comment=defconf ingress-filtering=no interface=ether18
add bridge=bridge comment=defconf ingress-filtering=no interface=ether19
add bridge=bridge comment=defconf ingress-filtering=no interface=ether20
add bridge=bridge comment=defconf ingress-filtering=no interface=ether21
add bridge=bridge comment=defconf ingress-filtering=no interface=ether22
add bridge=bridge comment=defconf ingress-filtering=no interface=ether23
add bridge=bridge comment=defconf ingress-filtering=no interface=ether24
add bridge=bridge comment=defconf ingress-filtering=no interface=sfp-sfpplus1
add bridge=bridge comment=defconf ingress-filtering=no interface=sfp-sfpplus2
add bridge=bridge comment=defconf ingress-filtering=no interface=sfp-sfpplus3
add bridge=bridge comment=defconf ingress-filtering=no interface=sfp-sfpplus4
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes
/interface list member
add interface=ether1 list=WAN
add interface=bridge list=LAN
/interface ovpn-server server
set auth=sha1,md5
/ip address
add address=192.168.88.1/24 interface=bridge network=192.168.88.0
/ip cloud
set update-time=no
/ip dhcp-client
add interface=ether1
/ip dhcp-server lease
add address=192.168.88.251 mac-address=A0:C9:A0:67:B8:D9 server=DHCP88
add address=192.168.88.230 client-id=1:0:18:dd:6:9f:40 mac-address=\
    00:18:DD:06:9F:40 server=DHCP88
/ip dhcp-server network
add address=192.168.88.0/24 dns-server=192.168.88.1 gateway=192.168.88.1 \
    netmask=24
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4,4.2.2.2
/ip firewall address-list
add address=192.168.88.2-192.168.88.254 list=allowed_to_router
add address=0.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=172.16.0.0/12 comment=RFC6890 list=not_in_internet
add address=192.168.0.0/16 comment=RFC6890 list=not_in_internet
add address=10.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=169.254.0.0/16 comment=RFC6890 list=not_in_internet
add address=127.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=224.0.0.0/4 comment=Multicast list=not_in_internet
add address=198.18.0.0/15 comment=RFC6890 list=not_in_internet
add address=192.0.0.0/24 comment=RFC6890 list=not_in_internet
add address=192.0.2.0/24 comment=RFC6890 list=not_in_internet
add address=198.51.100.0/24 comment=RFC6890 list=not_in_internet
add address=203.0.113.0/24 comment=RFC6890 list=not_in_internet
add address=100.64.0.0/10 comment=RFC6890 list=not_in_internet
add address=240.0.0.0/4 comment=RFC6890 list=not_in_internet
add address=192.88.99.0/24 comment="6to4 relay Anycast [RFC 3068]" list=\
    not_in_internet
add address=34.243.160.122 list="Plex Servers"
add address=34.245.172.51 list="Plex Servers"
add address=34.248.59.52 list="Plex Servers"
add address=52.16.207.132 list="Plex Servers"
add address=54.171.49.143 list="Plex Servers"
add address=63.34.171.72 list="Plex Servers"
add address=192.168.88.20 list="Plex Internal"
add address=54.170.120.91 list="Plex Servers"
add address=46.51.207.89 list="Plex Servers"
add address=192.168.192.0/24 list=ZeroTier
add address=192.168.192.0/24 list=allowed_to_router
/ip firewall filter
add action=accept chain=input comment="default configuration" \
    connection-state=established,related
add action=accept chain=input src-address-list=allowed_to_router
add action=accept chain=forward disabled=yes dst-address-list="Plex Internal" \
    dst-port=32400 protocol=tcp src-address-list="Plex Servers"
add action=drop chain=input protocol=icmp
add action=drop chain=input
add action=fasttrack-connection chain=forward comment=FastTrack \
    connection-state=established,related hw-offload=yes
add action=accept chain=forward comment="Established, Related" \
    connection-state=established,related
add action=drop chain=forward comment="Drop invalid" connection-state=invalid \
    log=yes log-prefix=invalid
add action=drop chain=forward comment=\
    "Drop incoming packets that are not NATted" connection-nat-state=!dstnat \
    connection-state=new in-interface=ether1 log=yes log-prefix=!NAT
add action=drop chain=forward comment=\
    "Drop incoming from internet which is not public IP" in-interface=ether1 \
    log=yes log-prefix=!public src-address-list=not_in_internet
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
add action=dst-nat chain=dstnat comment="Plex port forwarding" dst-port=32400 \
    in-interface=ether1 protocol=tcp src-address-list="Plex Servers" \
    to-addresses=192.168.88.20 to-ports=32400
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www address=192.168.88.0/24 disabled=yes
set www-ssl address=192.168.88.0/24 tls-version=only-1.2
set api address=192.168.88.20/32
set winbox address=192.168.88.0/24,192.168.192.0/24
set api-ssl disabled=yes
/ip ssh
set strong-crypto=yes
/system clock
set time-zone-name=America/Los_Angeles
/system identity
set name=CRS328-24P
/system ntp client
set enabled=yes
/system ntp client servers
add address=time.nist.gov
add address=pool.ntp.org
/system routerboard settings
set boot-os=router-os
/system swos
set allow-from-ports="p1,p2,p3,p4,p5,p6,p7,p8,p9,p10,p11,p12,p13,p14,p15,p16,p\
    17,p18,p19,p20,p21,p22,p23,p24,p25,p26,p27,p28" identity="MikroTik SwOS" \
    static-ip-address=192.168.1.2
/tool bandwidth-server
set enabled=no
/tool mac-server
set allowed-interface-list=none
/tool mac-server mac-winbox
set allowed-interface-list=none
/tool mac-server ping
set enabled=no
 
Marino
Frequent Visitor
Frequent Visitor
Posts: 65
Joined: Sun Jun 14, 2015 7:26 pm

Re: Wifi 2.4ghz clients can't talk to 5ghz clients?

Sun Sep 11, 2022 9:38 pm

Did you enable client-to-client forwarding in your capsman datapath settings? Can't find it in your settings.
 
nebulight
just joined
Topic Author
Posts: 4
Joined: Fri Dec 25, 2020 4:51 am

Re: Wifi 2.4ghz clients can't talk to 5ghz clients?

Sun Sep 11, 2022 10:39 pm

Thank you! This seems to have fixed it. I was unaware of this setting. Any documentation on this so I can read up on it? Also, what is the purpose of local forwarding?

/caps-man datapath
add bridge=bridge client-to-client-forwarding=yes local-forwarding=no name=\
PathtoBridge

EDIT: Found the documentation here in case someone in the future finds this thread https://help.mikrotik.com/docs/display/ROS/CAPsMAN

Thanks again!

Matt

Who is online

Users browsing this forum: hapi, neki and 28 guests