Community discussions

MikroTik App
 
ingtegration
newbie
Topic Author
Posts: 36
Joined: Fri Sep 11, 2015 6:52 am
Location: Montreal, Quebec , CANADA
Contact:

CAPsMAN 4-way handshake timeout

Tue Jun 21, 2022 5:45 am

I have an hEX-S configured as CAPsMAN currently with 1 x wAP-AC r3 (RBwAPG-5HacD2HnD). Classic config i use everywhere. Never had this problem before with RouterOS 6.x. On random times, my wireless clients are asking for the wireless key (which is already the good one!) and clicking OK a couple of time, it eventually reconnect.

Latest stable RouterOS installed on both hEX-S and wAP-AC (7.3.1). I'm lost and i don't see what i can do to fix the problem. Here is the CAPsMAN config:
[admin@hEX-S] /caps-man> export hide-sensitive
# jun/20/2022 22:40:59 by RouterOS 7.3.1
# software id = GLCH-0359
#
# model = RB760iGS
# serial number = xxxxxxxxx
/caps-man channel
add band=2ghz-g/n control-channel-width=20mhz extension-channel=XX frequency=2412,2437,2462 name=AUTO-2 reselect-interval=1h skip-dfs-channels=yes
add band=5ghz-n/ac control-channel-width=20mhz extension-channel=XX frequency=5180,5200,5220,5240,5745,5765,5785,5805,5825 name=AUTO-5 reselect-interval=1h skip-dfs-channels=yes
/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm name=SEC-VLAN16
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm name=SEC-VLAN17
/caps-man access-list
add action=accept allow-signal-out-of-range=10s disabled=no interface=any signal-range=-79..120 ssid-regexp=""
add action=reject allow-signal-out-of-range=10s disabled=no interface=any signal-range=-120..-80 ssid-regexp=""
/caps-man configuration
add channel=AUTO-2 country=canada datapath=DP-VLAN16 distance=indoors installation=indoor mode=ap name=2-CFG-VLAN16 rx-chains=0,1,2 security=SEC-VLAN16 ssid=IngT01 tx-chains=0,1,2
add channel=AUTO-5 country=canada datapath=DP-VLAN16 distance=indoors installation=indoor mode=ap name=5-CFG-VLAN16 rx-chains=0,1,2 security=SEC-VLAN16 ssid=IngT01 tx-chains=0,1,2
add channel=AUTO-5 country=canada datapath=DP-VLAN17 distance=indoors installation=indoor mode=ap name=5-CFG-VLAN17 rx-chains=0,1,2 security=SEC-VLAN17 ssid=IngT01 tx-chains=0,1,2
add channel=AUTO-2 country=canada datapath=DP-VLAN17 distance=indoors installation=indoor mode=ap name=2-CFG-VLAN17 rx-chains=0,1,2 security=SEC-VLAN17 ssid=IngT01 tx-chains=0,1,2
/caps-man datapath
add bridge=BR-Trunk name=DP-VLAN16 vlan-id=16 vlan-mode=use-tag
add bridge=BR-Trunk name=DP-VLAN17 vlan-id=17 vlan-mode=use-tag
/caps-man interface
add channel=AUTO-2 configuration=2-CFG-VLAN17 datapath=DP-VLAN17 disabled=no l2mtu=1600 mac-address=2E:C8:1B:AB:2E:A9 master-interface=2-wAP-AC1-LAN name=2-wAP-AC1-Guest radio-mac=00:00:00:00:00:00 radio-name=2EC81BAB2EA9 security=SEC-VLAN17
add channel=AUTO-2 configuration=2-CFG-VLAN16 datapath=DP-VLAN16 disabled=no l2mtu=1600 mac-address=2C:C8:1B:AB:2E:A9 master-interface=none name=2-wAP-AC1-LAN radio-mac=\
    2C:C8:1B:AB:2E:A9 radio-name=2CC81BAB2EA9 security=SEC-VLAN16
add channel=AUTO-5 configuration=5-CFG-VLAN17 datapath=DP-VLAN17 disabled=no l2mtu=1600 mac-address=2E:C8:1B:AB:2E:AA master-interface=5-wAP-AC1-LAN name=5-wAP-AC1-Guest radio-mac=00:00:00:00:00:00 radio-name=2EC81BAB2EAA security=SEC-VLAN17
add channel=AUTO-5 configuration=5-CFG-VLAN16 datapath=DP-VLAN16 disabled=no l2mtu=1600 mac-address=2C:C8:1B:AB:2E:AA master-interface=none name=5-wAP-AC1-LAN radio-mac=\
    2C:C8:1B:AB:2E:AA radio-name=2CC81BAB2EAA security=SEC-VLAN16
/caps-man manager
set ca-certificate=auto certificate=auto enabled=yes
/caps-man provisioning
add action=create-disabled hw-supported-modes=g master-configuration=2-CFG-VLAN16 name-format=prefix-identity name-prefix=2 slave-configurations=2-CFG-VLAN17
add action=create-disabled hw-supported-modes=ac master-configuration=5-CFG-VLAN16 name-format=prefix-identity name-prefix=5 slave-configurations=5-CFG-VLAN17

I usually don't config any frequency on "channel", letting CAPsMAN choose them. In this one, i kinda forced to use the "usual" ones hoping it would help. Any help appreciated.

Who is online

Users browsing this forum: Amazon [Bot], robmaltsystems and 31 guests