Community discussions

MikroTik App
 
Hypernia
just joined
Topic Author
Posts: 3
Joined: Tue Jan 31, 2023 9:48 am

Cannot connect 1 Device via 2.4 GHz

Tue Jan 31, 2023 10:12 am

Hi together,

I have 2 hAP AC². One is behind my modem (vlan 7) and manages capsman. The other one is behind the first and is manged by capsman. Both have Radios 2.4 and 5 GHz with 2 SSIDs each (home and guest). I have problems connecting to an Epson printer (192.168.1.123, connected to my home-SSID-radio 2.4 GHz) ONLY WHEN I am connected to my home-SSID-radio 2.4 GHz. I get a 'host unreachable' on android, linux and windows devices when I ping the printer. Router, printer and pinging device are all in the same room. At the same time I can ping it via 5 GHz wifi or via LAN. I can ping any other home-vlan's devices (which are connected on 5 GHz / LAN) with my 2.4 GHz device.

The only shortterm solution is some combination (I didn't figure out the 'correct', reproducible steps until now) of clicking on 'provision' in capsman for this radio or removing the remote CAP and then reconnecting the device. At some point it starts working - but this doesn't last and some time later the 'host unreachable' is back again.

Here is my export:
# jan/31/2023 08:27:09 by RouterOS 6.48.3
# software id = ZYHZ-0L3Y
#
# model = RBD52G-5HacD2HnD
/interface bridge
add admin-mac=48:8F:5A:C7:E9:91 auto-mac=no comment="defconf, Prio 2000 um Root zu sein " name=bridge1 priority=0x2000 vlan-filtering=yes
/interface wireless
# managed by CAPsMAN
# channel: 2412/20-Ce/gn(17dBm), SSID: HaHo_2.4, CAPsMAN forwarding
set [ find default-name=wlan1 ] band=2ghz-g/n channel-width=20/40mhz-XX distance=indoors frequency=2452 installation=indoor mode=ap-bridge name="wlan1 (2,4 GHz)" ssid=HaHo wireless-protocol=802.11
# managed by CAPsMAN
# channel: 5520/20-eCee/ac/DP(24dBm), SSID: HaHo, CAPsMAN forwarding
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-XXXX distance=indoors frequency=auto installation=indoor mode=ap-bridge name="wlan2 (5 GHz)" ssid=HaHo wireless-protocol=802.11
/interface vlan
add interface=ether1 name="vlan7 (Telekom)" vlan-id=7
add interface=bridge1 name="vlan100 (Heim)" vlan-id=100
add interface=bridge1 name="vlan200 (Gast)" vlan-id=200
/caps-man configuration
add channel.band=5ghz-a/n/ac channel.tx-power=35 country=etsi datapath.bridge=bridge1 datapath.vlan-id=100 datapath.vlan-mode=use-tag name=cfg_HaHo_5GHz security.authentication-types=wpa2-psk ssid=HaHo
add channel.band=5ghz-a/n/ac channel.tx-power=35 country=etsi datapath.bridge=bridge1 datapath.vlan-id=200 datapath.vlan-mode=use-tag name=cfg_TPH_5Ghz security.authentication-types=wpa2-psk ssid=TPH
add channel.band=2ghz-b/g/n channel.tx-power=30 country=etsi datapath.bridge=bridge1 datapath.vlan-id=100 datapath.vlan-mode=use-tag name=cfg_HaHo_2.4GHz security.authentication-types=wpa2-psk ssid=HaHo_2.4
add channel.band=2ghz-b/g/n channel.tx-power=30 country=etsi datapath.bridge=bridge1 datapath.vlan-id=200 datapath.vlan-mode=use-tag name=cfg_TPH_2.4 security.authentication-types=wpa2-psk ssid=TPH
/interface pppoe-client
add add-default-route=yes disabled=no interface="vlan7 (Telekom)" max-mtu=1500 name=pppoe-telekom-fiber user=123@t-online.de
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=dynamic-keys supplicant-identity=MikroTik
add authentication-types=wpa2-psk eap-methods="" mode=dynamic-keys name=Gast-Profil supplicant-identity=""
/ip pool
add name=default-dhcp ranges=192.168.1.10-192.168.1.254
add name=Gast-DHCP ranges=192.168.200.10-192.168.200.254
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface="vlan100 (Heim)" name=Heim-DHCP
add address-pool=Gast-DHCP disabled=no interface="vlan200 (Gast)" name=Gast-DHCP
/queue simple
add disabled=yes dst=ether1 max-limit=2M/2M name=Test-Queue target=192.168.1.100/32
/system logging action
set 1 disk-lines-per-file=5000
/caps-man manager
set enabled=yes
/caps-man provisioning
add action=create-dynamic-enabled comment=5GHz hw-supported-modes=ac master-configuration=cfg_HaHo_5GHz name-format=prefix name-prefix=5GHz- slave-configurations=cfg_TPH_5Ghz
add action=create-dynamic-enabled comment=2.4GHz hw-supported-modes=gn master-configuration=cfg_HaHo_2.4GHz name-format=prefix name-prefix=2.4GHz- slave-configurations=cfg_TPH_2.4
/interface bridge filter
add action=drop chain=forward disabled=yes packet-mark=forward-Arbeitszimmer
/interface bridge port
add bridge=bridge1 comment=defconf interface=ether2 pvid=100
add bridge=bridge1 comment=defconf interface=ether3 pvid=100
add bridge=bridge1 comment=defconf interface=ether4
add bridge=bridge1 comment=defconf interface=ether5
add bridge=bridge1 comment=defconf frame-types=admit-only-untagged-and-priority-tagged interface="wlan1 (2,4 GHz)" pvid=100
add bridge=bridge1 comment=defconf frame-types=admit-only-untagged-and-priority-tagged interface="wlan2 (5 GHz)" pvid=100
/ip neighbor discovery-settings
set discover-interface-list=LAN
/ipv6 settings
set accept-redirects=no accept-router-advertisements=yes
/interface bridge vlan
add bridge=bridge1 tagged=bridge1 vlan-ids=200
add bridge=bridge1 tagged=bridge1 vlan-ids=100
/interface list member
add comment=defconf interface=bridge1 list=LAN
add comment=defconf interface=ether1 list=WAN
add list=LAN
add interface="vlan200 (Gast)" list=LAN
add interface="vlan100 (Heim)" list=LAN
/interface wireless cap
# 
set bridge=bridge1 discovery-interfaces=bridge1 enabled=yes interfaces="wlan1 (2,4 GHz),wlan2 (5 GHz)"
/ip address
add address=192.168.1.1/24 comment=defconf interface="vlan100 (Heim)" network=192.168.1.0
add address=192.168.200.1/24 interface="vlan200 (Gast)" network=192.168.200.0
add address=192.168.2.1/24 interface=ether5 network=192.168.2.0
/ip dhcp-client
add comment=defconf disabled=no interface=ether1
/ip dhcp-server lease
add address=192.168.1.10 client-id=1:48:8f:5a:5f:e4:3 comment="MikroTik hAP AC^2 Arbeitszimmer" mac-address=48:8F:5A:5F:E4:03 server=Heim-DHCP
add address=192.168.1.123 client-id=1:b0:e8:92:b:f3:5c comment=Drucker mac-address=B0:E8:92:0B:F3:5C server=Heim-DHCP
/ip dhcp-server network
add address=192.168.1.0/24 comment=Heim-Netzwerk dns-server=192.168.1.151 gateway=192.168.1.1
add address=192.168.200.0/24 comment=Gast-Netzwerk dns-server=192.168.1.151,8.8.8.8 gateway=192.168.200.1
/ip dns
set allow-remote-requests=yes servers=192.168.1.151,8.8.8.8
/ip dns static
add address=192.168.1.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="Alles erlaubt aus Heim-VLAN" in-interface="vlan100 (Heim)"
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="Loopback erlaubt fuer Cap in Capsman " dst-address-type=local src-address-type=local
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" disabled=yes ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" disabled=yes ipsec-policy=out,ipsec
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=forward comment="DNS-Anfragen erlauben" dst-address=192.168.1.151 dst-port=53 in-interface-list=LAN protocol=udp
add action=drop chain=forward comment="Blockiere G\E4ste f\FCr Modem-Netz" dst-address=192.168.0.0/24 in-interface="vlan200 (Gast)"
add action=drop chain=forward comment="Drop Inter-VLAN-Routing" in-interface=all-vlan out-interface=all-vlan
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat out-interface=pppoe-telekom-fiber src-address=192.0.0.0/8
add action=src-nat chain=srcnat dst-address-type="" out-interface=bridge1 src-address-type="" to-addresses=192.168.2.1
/ip proxy access
add action=deny comment="block telnet & spam e-mail relaying"
add action=deny comment="allow CONNECT only to SSL ports 443 [https] and 563 [snews]" method=CONNECT
/ip route
add distance=1 dst-address=10.8.0.0/24 gateway="vlan100 (Heim)"
/ipv6 address
add from-pool=pool-ipv6 interface="vlan100 (Heim)"
add from-pool=pool-ipv6 interface="vlan200 (Gast)"
/ipv6 dhcp-client
add add-default-route=yes interface=pppoe-telekom-fiber pool-name=pool-ipv6 request=prefix use-peer-dns=no
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
add address=::224.0.0.0/100 comment="defconf: other" list=bad_ipv6
add address=::127.0.0.0/104 comment="defconf: other" list=bad_ipv6
add address=::/104 comment="defconf: other" list=bad_ipv6
add address=::255.0.0.0/104 comment="defconf: other" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=33434-33534 protocol=udp
add action=accept chain=input comment="defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp src-address=fe80::/16
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=input comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=forward comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="Aus Heimnetz alles erlauben" in-interface="vlan100 (Heim)"
add action=drop chain=forward comment="Inter-VLAN-Routing unterbinden" in-interface=all-vlan out-interface=all-vlan
add action=drop chain=forward comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
/ipv6 nd
set [ find default=yes ] interface="vlan100 (Heim)"
add hop-limit=64 interface="vlan200 (Gast)"
/system clock
set time-zone-name=Europe/Berlin
/system identity
set name="MikroTik hAP AC^2"
/system logging
add action=disk topics=firewall
add action=echo topics=firewall
/system routerboard settings
set auto-upgrade=yes
/system scheduler
add interval=1d name=taeglich-Schedule on-event=Backup-Script policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=jan/25/2021 start-time=00:00:00
/system script
add dont-require-permissions=no name=Backup-Script owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":local Date [/system clock get date]\
    \n:local Month [:tostr ([:find [:toarray \"Jan,feb,mar,apr,may,jun,jul,ago,sep,oct,nov,dec\"] [:pick \$Date 0 3]]+1)]\
    \n\
    \n:if (:len \$Month<2) do={\
    \n  :set Month \"0\$Month\"\
    \n }\
    \n\
    \n:local filename ([/system identity get name] . \".\" . [:pick [/system clock get date] 7 11] \\\
    \n. \"-\" . \$Month . \"-\" . [:pick [/system clock get date] 4 6]);\
    \n\
    \n\
    \n:export compact file=\$filename;\
    \n\
    \n/system backup save name=\$filename dont-encrypt=yes"
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
 
Hypernia
just joined
Topic Author
Posts: 3
Joined: Tue Jan 31, 2023 9:48 am

Re: Cannot connect 1 Device via 2.4 GHz

Thu Feb 09, 2023 10:38 am

Another information I didn't tell yet:
I have NO problems connecting to my printer via the capsman managed 2.4 GHz wifi from the OTHER hAP AC².
 
erlinden
Forum Guru
Forum Guru
Posts: 1900
Joined: Wed Jun 12, 2013 1:59 pm
Location: Netherlands

Re: Cannot connect 1 Device via 2.4 GHz

Thu Feb 09, 2023 10:44 am

Would start with not using extension channel on the 2.4GHz radio.
Also, adjust your transmission power to something sane.

Think if you require 802.11a and 802.11b (more of a standard advice, probably won't help sole your problem).
Might want to update the RouterOS (any reason for running this version?)
Why do you use CAPsMAN?
 
Hypernia
just joined
Topic Author
Posts: 3
Joined: Tue Jan 31, 2023 9:48 am

Re: Cannot connect 1 Device via 2.4 GHz

Thu Feb 09, 2023 1:21 pm

Would start with not using extension channel on the 2.4GHz radio.
What do you mean exactly? Which part of the configuration is this?

Also, adjust your transmission power to something sane.
tx-power=20 or something like this?

Might want to update the RouterOS (any reason for running this version?)
I had problems updating because of not enough space on the hAPs. I googled it back then and the criticality and effort for the solution didn't seem to be worth it.

Why do you use CAPsMAN?
I want to seamlessly roam between access points. AFAIK capsman is the (only) solution?

But: The other hAP is running the same capsman configuration on the same router OS version. My devices can both connect to the network and ping / be pinged. The problem is only within the 2.4 GHz wifi on the hAP AC² running the capsman server.
 
User avatar
Ca6ko
Member
Member
Posts: 498
Joined: Wed May 04, 2022 10:59 pm
Location: Kharkiv, Ukraine

Re: Cannot connect 1 Device via 2.4 GHz

Tue Feb 14, 2023 4:30 pm

Is the Local Forwarding function accidentally disabled in the settings of this interface on the capsman manager?
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: Cannot connect 1 Device via 2.4 GHz

Tue Feb 14, 2023 4:37 pm

Some wireless printers have really terrible WiFi support software. The presence of newer WiFi options makes them fail completely, e.g. they think the network is "open" and don't allow entry of a password.
Solutions:
- put printer in waste bin or recycle it for materials
- connect printer using an ethernet wire.

Who is online

Users browsing this forum: UkRainUa and 29 guests