Mikrotik CapsMan Dropout

Communities Blog
,
1

Hey Folks,

I have a pair of Mikrotik devices for the wifi in my house.

A UFO puck downstairs: RBcAPGi-5acD2nD (rev 2?)
A mini switch + USB thing upstairs: 952Ui-5ac2nD (the ethernet is only 100mbit on this one)

These two devices are linked together with ethernet with one or two switches in between.

I set this up a while ago. But I used CAPsMAN, the central manager being the “UFO” device. As out of the 2 I have, that’s the only one with gigabit ethernet.

So this meant I had matching wifi Names + password and so any mobile device had good wifi around the house.

When ever I had to power down the upstairs wifi (it’s not PoE and I need to re-wire the power strip for it) it powers up and broadcasts the same wifi SSID with teh same password. The only catch is, that any device connecting to it doesn’t get an IP. It appears that it’s not forwarding the packets to the lan with router I use. (that’s an edge router device that I can’t fault yet).

When I log into the UFO device I see duplicated “Ports” under Bridge>Ports. I would have to change what was bridged to get that connect. I do this seldom so my memory may be off. But it this has been the 6th or so time I have had to do this in the past 3 years. So I want this to be the last!

Basically the fault is this:
When upstairs mobile devices have issue connecting to the internet

Cause:
Mikrotik isn’t correctly forwarding data to/from router.

Replication steps:
Power cycle Upstairs wifi or disconnect ethernet temporarily.

Fix:
Make the upstairs wifi more resilient against power/data loss with network.

Easier said than done! But If this does work, I would like to update the Mikrotik upstairs with one that supports gigabit. Making file transfers there to the NAS downstairs a little more tolerable.

First I will start with a firmware update. They are both running 6.48.2 Router OS. So wish me luck!

I will then look into CAPsMAN host configuration as i fix the duplicate ports/interfaces there. So It sounds like that’s where the system is tripping up when upstairs device re-registers itself.

2022-12-28 21:33

Firmware updated. Needed to set the DNS and default route on each device. (They were programmed with static IPs). Used the updater in the web panel. Was pretty slick.

From 6.48.2 to 6.49.7

What’s new in 6.49.7 (2022-Oct-11 17:37):

*) branding - fixed execution of “autorun.scr” file when installing branding package (introduced in v6.47);
*) routerboot - prevent enabling “protected-routerboot” on unsupported factory firmware versions;
*) routerboot - properly reset system configuration when protected bootloader is enabled and reset button used;
*) system - improved handling of user policies;
*) wireless - fixed disconnection of connected client while running background scan on wAP ac and wAP R ac devices;
*) wireless - fixed missing wireless interface on some RB921GS-5HPacD devices;

What’s new in 6.49.6 (2022-Apr-07 17:53):

*) led - fixed wireless signal strength led on Cube Lite60;
*) routerboot - fixed packet receiving in etherboot on Wireless Wire nRAY;
*) winbox - added missing “3GGP RAW” parameter under “Interface/Wireless/Interworking Profile” menu;
*) wireless - fixed GUD version in 3gpp information;

Nothing stating about CAPsMan. But I will need to try and actually ensure that a wifi device is connected to one AP than another. I may need to pull my laptop out and some some CLI-fu to work that one out.

2

MikroTik have some excellent instructional videos on updating and setting it up… Maybe it is worth to just run through the setup again to make sure that you’ve not overlooked anything?

This one is about setting it up:

About updating over CaPsMAN:

And of course the docs pages provide info on the CLI stuff!
I’m on RouterOS 7 with a single AP, so I never set it up myself… :sweat_smile:

1 Like
3

Thanks for the suggestion @Aug
I watched to see how CAPsMAN was set up. I just compared the setup rather than factory reset so far.

One thing I did notice is that I had two Configurations under CAPsMAN called “Home-2.4G” and “Home-5G” one for each 2.4G and 5G band.

image
image1010×259 32.9 KB

Which with the only provision config set I had added Home-5G as Slave config, but here I removed it to only say Home-2.4G.
image

After removing my upstairs device in the CAP Interface and provisioning, I rebooted the upstairs device and it re-added itself as expected.

I see under CAP Interface there is the upstairs interface being added. but only for one radio, the other says no supported channel, which I guess makes sense.

image
image941×340 36.9 KB

My laptop can see the Access Point upstairs and connects to it, but isn’t able to get an IP address. Check with iwconfig and see the MAC address for the upstairs AP. Just to confirm, I’ll do the same when moving downstairs to see if it is still the case. It connects well and gets a proper IP and all that…

So the same symptoms remain.

Looking deeper into my configurations, specifically Home-2.4G I see that I set it to be the 2.Ghz band and a specific channel.
image

In the video they skipped over this. And said “Leave it alone and it will select a frequency automatically”. The host does mention that if you want to set up for different bands, you’ll need to have a second config. Which was likely what I was doing.

Having reset it, I see that my laptop now reports it connecting upstairs on 2.412Ghz rather than 2.437Ghz previously. But still the same issue of no IP address…

Interestingly I see that under CAP Interface I see that I no longer have ‘no supported channel’

image
image981×323 36.5 KB

I think I may try factory resetting it now. But I would like to know what I did. Sadly the config backup from these devices appear to be in some binary form. A text form of being able to figure out the differences would be nice, that I see on other corporate managed devices. If anyone knows of a way, please let me know!

4

Mmm… :thinking:

I’m just comparing to how I set up the wifi on my hAP AX². I’m using the wave2 options on RouterOS 7.6, but I do see some differences…

To set up what I have, I used their own guide from the docs. That did advise me to set up frequencies.
Here’s what I have on the 2.4 channel:
image

I don’t have two configurations specified, just using both channels in a single one. That seems to work fine for what I need.

You can create a Supout.rif to see if support can help you out though!
But I do also get just resetting it to get up and running again faster.

5

I’ve figured out how to ‘export’ the text config.

just ssh into it and say “export file download-me” and then it will create a text file of all the config. I’ve backed this up with the binary backup files that are generated from the file manager.

Now… I went through the video again and converted his steps into CLI commands.

First lets wipe the slate

# Delete previous setup
/caps-man manager set enabled=no
/caps-man provisioning remove [find where 1=1]
/caps-man configuration remove [find where 1=1]
/caps-man channel remove [find where 1=1]
/caps-man datapath remove [find where 1=1]
/caps-man security remove [find where 1=1]
/caps-man access-list remove [find where 1=1]
/caps-man rates remove [find where 1=1]
/caps-man remote-cap  remove [find where 1=1]
/caps-man registration-table remove [find where 1=1]

#Remove local Interface to capsman
/interface wireless cap set enabled=no interfaces=wlan1,wlan2

Now let’s go through it one by one…

# 1) Setup CAMPsMan
/caps-man manager
set enabled=yes

# 2) Set local Wifi to be managed by CAP
/interface wireless cap
set enabled=yes interfaces=wlan1,wlan2 caps-man-addresses=127.0.0.1

# Confirm that local wifi is managed by capsman
/interface wireless print

I see the interfaces saying managed by CapsMan, but it is also outputting old SSID information. I guess it’s whatever it remembered from it’s last setup that I just wiped.

# In the caps Interfaces we're not controlling anything yet
/caps-man interface print

In the video it shows the interfaces as empty. But I get both the local interfaces and the upstairs one. (I left the upstairs config alone so far, so that’s why we’re seeing it pop up here)

image
image807×139 17.1 KB 

# 3) Need a new configuration
# show that we have no config
/caps-man interface print

# Create a config, where we do not specifiy channel, it will auto select on both 2.4G and 5G,
#    Security settings (inc Password) is set here, instead of a security profile 
/caps-man configuration 
add name="Home 2.4G" mode=ap ssid="my-ssid" country="united kingdom" security.authentication-types=wpa2-psk,wpa-psk security.encryption=aes-ccm  security.passphrase=mywifipassword

# Provision Radios, see what radios there are
/caps-man radio print

In the video there is a list of two radios, here is four. But what is really different is that mine already provisioned the devices, you see the P Indicator. Meaning it’s already on boarded.

image
image1060×154 33.6 KB

Presently my laptop isn’t connecting to upstairs wifi, even if it’s right above the AP. So I will give that the similiar treatement as I accidentally started plugging CAPsMAN config settings into it rather than the UFO device. Shouldn’t have the two SSH windows open so close together! I’m sure we’ve all been guilty of that one.

Setting Caps-Man managed on the upstairs I see the radio dissapear on the UFO. That’s expected…

image
image1021×97 13.4 KB

After resetting the caps-man on the upstairs device.

image
image1215×122 35 KB

The UFO sees it has provisioned the upstairs device again, however. When I print the wifi information it spigging out that it’s dissabled. Which will explain why my laptop couldn’t connect to it. It’s not outputting it’s default SSID of MikroTik-XXXXXX.

image
image1291×256 63.7 KB

So I somehow made it worse. But the UFO wifi is working fine!

Maybe… Maybe I should factory reset, something lingering in the config somewhere?

1 Like
6

I dunno… I’ve been reading through the “Simple setup of a CAPsMAN system”, but haven’t really seen where you might have gone wrong… Though I’m not too familiar with the SSH configurations, as I mainly use WinBox (and sometimes the terminal there) to configure my machine. :persevere:

I can explain your four radios though!
A single device might have two 2.4GHz radios or a 2.4GHz and a 5GHz radio. Mine has two listed for example; one for each band.

And with a reset, you can also first set up the whole CAPsMAN part and then have the other AP connect. That might give you less confusion about which device is causing what problem.
Though I don’t know if you have a lot of other settings to get right first… That might be a pain if you have lots of custom settings :sweat:

7

Thanks for your help @Aug, don’t stress out if you don’t get this working. I find things more interesting broken than working!

I’ve managed to factory reset the upstairs AP and apply the following config:

/system identity set name=upstairs

#static IP not to clash with default (in case DHCP derps out)
/ip address add address=192.168.88.12/24 interface=bridge

# Remove default dhcp-client (likely listening to a single interface)
/ip dhcp-client remove [find where 1=1]
/ip dhcp-client add interface=bridge  use-peer-dns=yes use-peer-ntp=yes
/ip dhcp-client enable numbers=0 

# Set the wireless to work with capsmap managed elsewhere on the network
/interface wireless cap set enabled=yes discovery-interfaces=bridge interfaces=wlan1,wlan2

This gives the same issue where the Wifi is managed by capsman, but the radio isn’t enabled.

Digging into the UFO Master setup

/caps-man interface print

Gives this:

image
image1193×204 44.1 KB

I noticed it only specifies that one radio (2.$Ghz is running on the master/UFO device). Again this adds up. I can’t see a toggle to say “Run” as it’s more of a status flag as far as I can tell than a settable option.

I’m gonna reset the master/UFO and paste the config here. As I have done a bit of tinkering in the past to try and have multiple SSID and VLANs in the past. No idea what else I may of played with while I had the bonet/hood open.

1 Like
8

Okay I factory reset the UFO (Cap AC) and well, It reset and started to get an IP over DHCP and thats it. No web panel, no ssh, no ports open. I left it a while. restarted it directly connected to laptop with a PoE injector, and no static default ip set. Winbox couldn’t see it either

So I used netinstall to pull it back to 6.48.2 and had to use winbox to set an IP.

I ran through the commands and still same issue. See the radio interfaces pop up from local and upstairs AP. But upstairs AP isn’t turning on the Wifi, yet the UFO is on.

https://wiki.mikrotik.com/wiki/Manual:Simple_CAPsMAN_setup

Now I looked here for a tutorial that I have been through when I initially set this up. This sets up a router as well as capsman. But the key difference is it sets up datapath to bridge mode. I think here it scratches something, because every time The office AP reset, I would have to attach the wireless interface into that bridge each time.

I will look into this later. I have had enough fun on this today, will distract myself with something else.

1 Like