Hey everyone!
I'm not too experienced in mikrotik's. I'm using HAP AX3 as a main router and I want to use my old hap ac as access point.
For those purpose I'm trying to use HAP AC as CAP, connected to the HAP AX3 (with enabled CAPsMan controller) via ethernet. However I am facing a problem: HAP AC connects to HAP AX3 (I see Hap AC as Remote CAP), but it is not getting wifi configuration from ax3.
both routers running on RouterOS 7.17.
Here are configs:
ax3:ac:Any ideas on what could be wrong? Or what info should I provide?
Thanks for help!
I'm not too experienced in mikrotik's. I'm using HAP AX3 as a main router and I want to use my old hap ac as access point.
For those purpose I'm trying to use HAP AC as CAP, connected to the HAP AX3 (with enabled CAPsMan controller) via ethernet. However I am facing a problem: HAP AC connects to HAP AX3 (I see Hap AC as Remote CAP), but it is not getting wifi configuration from ax3.
both routers running on RouterOS 7.17.
Here are configs:
ax3:
Code:
/interface listadd comment=defconf name=WANadd comment=defconf name=LAN/interface wifi channeladd band=2ghz-ax disabled=no name=Ch-2-ax skip-dfs-channels=all width=\ 20/40mhzadd band=5ghz-ax disabled=no name=Ch-5-ax skip-dfs-channels=all width=\ 20/40/80mhzadd band=2ghz-n disabled=no name=Ch-2-n skip-dfs-channels=all width=20/40mhzadd band=5ghz-ac disabled=no name=Ch-5-ac width=20/40/80mhz/interface wifi securityadd authentication-types=wpa2-psk,wpa3-psk disable-pmkid=yes disabled=no ft=\ yes ft-over-ds=yes group-encryption=ccmp group-key-update=40m \ management-protection=allowed name=Secure-WiFi wps=disable/interface wifi configurationadd channel=Ch-2-ax country=Ukraine disabled=no mode=ap name=Cfg-2-ax \ security=Secure-WiFi ssid=MySSID_2GHzadd channel=Ch-5-ax country=Ukraine disabled=no mode=ap name=Cfg-5-ax \ security=Secure-WiFi ssid=MySSID_5GHzadd channel=Ch-2-n country=Ukraine disabled=no mode=ap name=Cfg-2-n security=\ Secure-WiFi ssid=MySSID_2GHzadd channel=Ch-5-ac country=Ukraine disabled=no mode=ap name=Cfg-5-ac \ security=Secure-WiFi ssid=MySSID_5GHz/interface wifiset [ find default-name=wifi1 ] channel=Ch-5-ax configuration=Cfg-5-ax \ configuration.mode=ap disabled=no security.authentication-types=\ wpa2-psk,wpa3-psk .ft=yes .ft-over-ds=yesset [ find default-name=wifi2 ] configuration=Cfg-2-ax configuration.manager=\ local .mode=ap disabled=no security.authentication-types=\ wpa2-psk,wpa3-psk .ft=yes .ft-over-ds=yes/ip pooladd name=default-dhcp ranges=192.168.2.100-192.168.2.254/ip dhcp-serveradd address-pool=default-dhcp interface=bridge name=defconf/disk settingsset auto-media-interface=bridge auto-media-sharing=yes auto-smb-sharing=yes/interface bridge portadd bridge=bridge comment=defconf interface=ether2add bridge=bridge comment=defconf interface=ether3add bridge=bridge comment=defconf interface=ether4add bridge=bridge comment=defconf interface=ether5add bridge=bridge comment=defconf interface=wifi1add bridge=bridge comment=defconf interface=wifi2/ip neighbor discovery-settingsset discover-interface-list=LAN/interface list memberadd comment=defconf interface=bridge list=LANadd comment=defconf interface=ether1 list=WAN/interface ovpn-server serveradd mac-address=FE:73:2A:40:21:78 name=ovpn-server1/interface wifi capsmanset enabled=yes interfaces=bridge package-path="" require-peer-certificate=no \ upgrade-policy=none/interface wifi provisioningadd action=create-dynamic-enabled disabled=no master-configuration=Cfg-2-n \ name-format=2GHz-%l-n supported-bands=2ghz-nadd action=create-dynamic-enabled disabled=no master-configuration=Cfg-5-ac \ name-format=5GHz-%l-ac supported-bands=5ghz-acadd action=create-dynamic-enabled disabled=no master-configuration=Cfg-2-ax \ name-format=2GHz-%l-ax supported-bands=2ghz-axadd action=create-dynamic-enabled disabled=no master-configuration=Cfg-5-ax \ name-format=5GHz-%l-ax supported-bands=5ghz-ax/ip addressadd address=192.168.2.1/24 comment=defconf interface=bridge network=\ 192.168.2.0/ip dhcp-clientadd comment=defconf interface=ether1/ip dhcp-server leaseadd address=192.168.2.250 client-id=1:f0:2f:4b:11:9b:58 mac-address=\ F0:2F:4B:11:9B:58 server=defconfadd address=192.168.2.249 client-id=1:88:66:5a:20:4b:cb mac-address=\ 88:66:5A:20:4B:CB server=defconfadd address=192.168.2.245 client-id=1:d4:90:9c:eb:76:10 mac-address=\ D4:90:9C:EB:76:10 server=defconfadd address=192.168.2.244 client-id=\ ff:c0:33:b8:60:0:1:0:1:2e:83:d1:76:38:e7:c0:33:b8:60 mac-address=\ 38:E7:C0:33:B8:60 server=defconfadd address=192.168.2.237 client-id=1:cc:2d:e0:a9:45:3e mac-address=\ CC:2D:E0:A9:45:3E server=defconf/ip dhcp-server networkadd address=192.168.2.0/24 comment=defconf dns-server=192.168.2.1 gateway=\ 192.168.2.1/ip dnsset allow-remote-requests=yes servers=1.1.1.1,1.0.0.1,8.8.8.8,8.8.4.4/ip dns staticadd address=192.168.2.1 comment=defconf name=router.lan type=A/ip firewall filteradd action=accept chain=input comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untrackedadd action=drop chain=input comment="defconf: drop invalid" connection-state=\ invalidadd action=accept chain=input comment="defconf: accept ICMP" protocol=icmpadd action=accept chain=input comment=\ "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1add action=drop chain=input comment="defconf: drop all not coming from LAN" \ in-interface-list=!LANadd action=accept chain=forward comment="defconf: accept in ipsec policy" \ ipsec-policy=in,ipsecadd action=accept chain=forward comment="defconf: accept out ipsec policy" \ ipsec-policy=out,ipsecadd action=fasttrack-connection chain=forward comment="defconf: fasttrack" \ connection-state=established,related hw-offload=yesadd action=accept chain=forward comment=\ "defconf: accept established,related, untracked" connection-state=\ established,related,untrackedadd action=drop chain=forward comment="defconf: drop invalid" \ connection-state=invalidadd action=drop chain=forward comment=\ "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \ connection-state=new in-interface-list=WAN/ip firewall natadd action=masquerade chain=srcnat comment="defconf: masquerade" \ ipsec-policy=out,none out-interface-list=WAN/ip hotspot profileset [ find default=yes ] html-directory=hotspot/ip ipsec profileset [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5/ip serviceset telnet disabled=yesset ftp disabled=yesset ssh disabled=yesset api disabled=yesset api-ssl disabled=yes/ip smb sharesset [ find default=yes ] directory=pub/ipv6 firewall address-listadd address=::/128 comment="defconf: unspecified address" list=bad_ipv6add address=::1/128 comment="defconf: lo" list=bad_ipv6add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6add address=100::/64 comment="defconf: discard only " list=bad_ipv6add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6/ipv6 firewall filteradd action=accept chain=input comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untrackedadd action=drop chain=input comment="defconf: drop invalid" connection-state=\ invalidadd action=accept chain=input comment="defconf: accept ICMPv6" protocol=\ icmpv6add action=accept chain=input comment="defconf: accept UDP traceroute" \ dst-port=33434-33534 protocol=udpadd action=accept chain=input comment=\ "defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\ udp src-address=fe80::/10add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \ protocol=udpadd action=accept chain=input comment="defconf: accept ipsec AH" protocol=\ ipsec-ahadd action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\ ipsec-espadd action=accept chain=input comment=\ "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsecadd action=drop chain=input comment=\ "defconf: drop everything else not coming from LAN" in-interface-list=\ !LANadd action=accept chain=forward comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untrackedadd action=drop chain=forward comment="defconf: drop invalid" \ connection-state=invalidadd action=drop chain=forward comment=\ "defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6add action=drop chain=forward comment=\ "defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \ hop-limit=equal:1 protocol=icmpv6add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\ icmpv6add action=accept chain=forward comment="defconf: accept HIP" protocol=139add action=accept chain=forward comment="defconf: accept IKE" dst-port=\ 500,4500 protocol=udpadd action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\ ipsec-ahadd action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\ ipsec-espadd action=accept chain=forward comment=\ "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsecadd action=drop chain=forward comment=\ "defconf: drop everything else not coming from LAN" in-interface-list=\ !LAN/system identityset name=Hap-AX3/system noteset show-at-login=no/tool mac-serverset allowed-interface-list=LAN/tool mac-server mac-winboxset allowed-interface-list=LANCode:
/interface wireless# managed by CAPsMANset [ find default-name=wlan1 ] mode=ap-bridge noise-floor-threshold=-110 \ ssid=MikroTik# managed by CAPsMANset [ find default-name=wlan2 ] mode=ap-bridge ssid=MikroTik/interface ethernetset [ find default-name=ether1 ] mac-address=CC:2D:E0:A9:45:3Eset [ find default-name=sfp1 ] advertise=\ 10M-baseT-half,10M-baseT-full,100M-baseT-half,100M-baseT-full/caps-man datapathadd bridge=bridge name=datapath-wifi/interface wifi datapathadd bridge=bridge disabled=no name=datapath1/interface wireless security-profilesset [ find default=yes ] supplicant-identity=MikroTik/interface bridge portadd bridge=bridge comment=defconf interface=ether1add bridge=bridge comment=defconf interface=ether2add bridge=bridge comment=defconf interface=ether3add bridge=bridge comment=defconf interface=ether4add bridge=bridge comment=defconf interface=ether5add bridge=bridge comment=defconf interface=sfp1/interface ovpn-server serveradd mac-address=FE:00:F9:5A:53:90 name=ovpn-server1/interface wifi capset certificate=request discovery-interfaces=bridge enabled=yes/interface wifi capsmanset package-path="" require-peer-certificate=no upgrade-policy=none/interface wireless cap# set bridge=bridge certificate=CAP-CC2DE0A9452E discovery-interfaces=bridge \ enabled=yes interfaces=wlan1,wlan2/ip dhcp-clientadd comment=defconf interface=bridge/ip serviceset telnet disabled=yesset ftp disabled=yesset ssh disabled=yesset api disabled=yesset api-ssl disabled=yes/system clockset time-zone-name=Europe/Kiev/system identityset name=Hap-AC/system noteset show-at-login=noThanks for help!
Statistics: Posted by DrCure — Fri Jan 24, 2025 9:57 pm