I have a wifi compatible xmas light which can be controlled with a mobile app and that is rarely reachable. I found this strange error in the logs, but I didn't find any useful solution on this forum or Google.. I assuem the ciphers are correct in the security profile, but I might be wrong.. Should I set "aes ccm" as Group Encryption?
Setup: Capsman router is a RB4011 with vlan filtering. 2 cap devices are hap ac2-s, ROS: 7.16 stable
Error message:
Code: Select all
02:52:38 caps,info D8:1F:12:9D:EF:46@cap3 rejected, requests wrong WPA group cipher
02:52:46 dhcp,info dhcp1 deassigned 192.168.95.49 for D8:1F:12:9D:EF:46 wlan0
02:52:48 dhcp,info dhcp1 assigned 192.168.95.49 for D8:1F:12:9D:EF:46 wlan0
02:53:06 dhcp,info dhcp1 deassigned 192.168.95.49 for D8:1F:12:9D:EF:46 wlan0
02:53:07 dhcp,info dhcp1 assigned 192.168.95.49 for D8:1F:12:9D:EF:46 wlan0
02:53:25 dhcp,info dhcp1 deassigned 192.168.95.49 for D8:1F:12:9D:EF:46 wlan0
02:53:25 dhcp,info dhcp1 assigned 192.168.95.49 for D8:1F:12:9D:EF:46 wlan0
02:54:08 caps,info D8:1F:12:9D:EF:46@cap3 reassociating
02:54:08 caps,info D8:1F:12:9D:EF:46@cap3 reassociatingConfig:
Code: Select all
# 2024-11-22 12:27:47 by RouterOS 7.16
# software id = PT47-7AMD
#
# model = RB4011iGS+5HacQ2HnD
# serial number = F03C0ED5A73B
/caps-man channel
add band=2ghz-b/g/n control-channel-width=20mhz frequency=2412 name=ch24
add band=5ghz-onlyn name=ch5
/interface bridge
add name=bridge vlan-filtering=yes
/interface wireless
# managed by CAPsMAN
# channel: 5300/20-Ce/an/DP(17dBm), SSID: Hidden Network, CAPsMAN forwarding
set [ find default-name=wlan2 ] country=estonia mode=ap-bridge ssid=MikroTik_5G
/interface wireguard
add listen-port=9980 mtu=1420 name=wireguard1
/interface vlan
add interface=bridge name=vlan10 vlan-id=10
add interface=bridge name=vlan100 vlan-id=100
add interface=bridge name=vlan200 vlan-id=200
/caps-man datapath
add bridge=bridge client-to-client-forwarding=yes name=datapath1 vlan-id=100 vlan-mode=use-tag
/caps-man security
add authentication-types=wpa-psk,wpa2-psk encryption=aes-ccm name=sec1
/caps-man configuration
add channel=ch24 country=estonia datapath=datapath1 distance=indoors installation=indoor mode=ap name=cfg_24 security=sec1 ssid="Hidden Network"
add channel=ch5 channel.band=5ghz-n/ac .control-channel-width=20mhz .frequency=5240 country=estonia datapath=datapath1 distance=indoors installation=indoor mode=ap name=cfg_5 rates.supported="" \
security=sec1 ssid="Hidden Network"
/caps-man interface
add configuration=cfg_24 disabled=no l2mtu=1600 mac-address=xx:xx:xx:xx:xx:xx master-interface=none name=cap1 radio-mac=xx:xx:xx:xx:xx:xx radio-name=xx
add channel=ch5 channel.frequency=5300 configuration=cfg_5 configuration.installation=any disabled=no l2mtu=1600 mac-address=xx:xx:xx:xx:xx:xx master-interface=none name=cap2 radio-mac=\
xx:xx:xx:xx:xx:xx radio-name=xx
add channel.frequency=2422 configuration=cfg_24 disabled=no l2mtu=1600 mac-address=xx:xx:xx:xx:xx:xx master-interface=none name=cap3 radio-mac=xx:xx:xx:xx:xx:xx radio-name=xx
add channel=ch5 channel.frequency=5180 configuration=cfg_5 disabled=no l2mtu=1600 mac-address=xx:xx:xx:xx:xx:xx master-interface=none mtu=1500 name=cap4 radio-mac=xx:xx:xx:xx:xx:xx radio-name=xx
add channel.frequency=2432 configuration=cfg_24 disabled=no l2mtu=1600 mac-address=xx:xx:xx:xx:xx:xx master-interface=none name=cap5 radio-mac=xx:xx:xx:xx:xx:xx radio-name=xx
add channel=ch5 channel.frequency=5240 configuration=cfg_5 disabled=no l2mtu=1600 mac-address=xx:xx:xx:xx:xx:xx master-interface=none name=cap6 radio-mac=xx:xx:xx:xx:xx:xx radio-name=xxx
/interface list
add name=LAN
/interface wifi security
add authentication-types=wpa2-psk disabled=no name=sec
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk mode=dynamic-keys name=profile1 supplicant-identity=""
/interface wireless
# managed by CAPsMAN
# channel: 2412/20-Ce/gn(17dBm), SSID: Hidden Network, CAPsMAN forwarding
set [ find default-name=wlan1 ] country=estonia installation=indoor mode=ap-bridge security-profile=profile1 ssid=MikroTik
/ip pool
add name=dhcp_pool0 ranges=192.168.95.30-192.168.95.254
add name=dhcp_pool1 ranges=192.168.10.2-192.168.10.254
add name=dhcp_pool2 ranges=192.168.200.2-192.168.200.254
/ip dhcp-server
add address-pool=dhcp_pool0 interface=vlan100 name=dhcp1
add address-pool=dhcp_pool1 interface=vlan10 name=dhcp_vlan10
add address-pool=dhcp_pool2 interface=vlan200 name=dhcp_vlan200
/caps-man manager
set enabled=yes
/caps-man provisioning
add action=create-dynamic-enabled master-configuration=cfg_24 radio-mac=xx:xx:xx:xx:xx:xx
add action=create-dynamic-enabled master-configuration=cfg_24 radio-mac=xx:xx:xx:xx:xx:xx
/interface bridge port
add bridge=bridge interface=ether2 pvid=100
add bridge=bridge interface=ether3 pvid=100
add bridge=bridge interface=ether4 pvid=100
add bridge=bridge interface=ether5 pvid=100
add bridge=bridge interface=ether8 pvid=10
add bridge=bridge interface=ether9 pvid=200
add bridge=bridge interface=wlan1
add bridge=bridge interface=wlan2
add bridge=bridge interface=ether6 pvid=100
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface bridge vlan
add bridge=bridge untagged=ether8 vlan-ids=10
add bridge=bridge tagged=bridge untagged=ether4,ether5,ether3,ether2,ether6 vlan-ids=100
add bridge=bridge tagged=bridge untagged=ether9 vlan-ids=200
/interface wireless cap
#
set caps-man-addresses=127.0.0.1 enabled=yes interfaces=wlan1,wlan2
/ip address
add address=192.168.95.1/24 interface=vlan100 network=192.168.95.0
add address=192.168.200.1/24 interface=vlan200 network=192.168.200.0
add address=192.168.10.1/24 interface=vlan10 network=192.168.10.0
add address=192.168.90.1/24 interface=wireguard1 network=192.168.90.0
/ip dhcp-client
add interface=ether1
/ip dhcp-server network
add address=192.168.10.0/24 dns-server=192.168.95.3,192.168.95.33 gateway=192.168.10.1
add address=192.168.95.0/24 dns-server=192.168.95.3,192.168.95.33 gateway=192.168.95.1
add address=192.168.200.0/24 dns-server=1.1.1.1,8.8.8.8 gateway=192.168.200.1
/ip dns
set servers=192.168.95.3,192.168.95.33
