Community discussions

MikroTik App
  4. RouterOS
  5. Wireless Networking

AP identity not "reboot safe"

Post Reply
 
Iv0
just joined
Topic Author
Posts: 9
Joined: Tue Jul 02, 2024 5:36 pm
Location: Switzerland

AP identity not "reboot safe"

Tue Dec 17, 2024 9:46 pm

Hi

I struggling with the configuration of CAPsMAN, but maybe one AP looks a bit more strange then the others. After a power off and on, the AP's loose the identity and one never shows the IP where it get from the dhcp, only the MAC with "%*3e" at the end.
Here is an example with two AP's (same model) after /system/reset-configuration keep-users=no caps-mode=yes
Everything is on the CAPsMAN host:
Code: Select all
[admin@0lab-og-eog01-sw2] /interface/wifi/radio> print 
Columns: CAP, RADIO-MAC, INTERFACE
# CAP                             RADIO-MAC          INTERFACE
0 MikroTik@192.168.0.214          D4:01:C3:XX:XX:X8  cap-wifi1
1 MikroTik@192.168.0.214          D4:01:C3:XX:XX:X9  cap-wifi2
2 MikroTik@D4:01:C3:YY:YY:Y0%*3e  D4:01:C3:YY:YY:Y2  cap-wifi3
3 MikroTik@D4:01:C3:YY:YY:Y0%*3e  D4:01:C3:YY:YY:Y3  cap-wifi4

[admin@0lab-og-eog01-sw2] /interface/wifi/capsman/remote-cap> print
Columns: ADDRESS, IDENTITY, STATE, BOARD-NAME, VERSION
#  ADDRESS            IDENTITY           STATE  BOARD-NAME         VERSION
0  192.168.0.124      0lab-og-eog01-sw2  Ok     CRS354-48P-4S+2Q+  7.16.2 
1  192.168.0.214      MikroTik           Ok     cAPGi-5HaxD2HaxD   7.16.2 
2  D4:01:C3:YY:YY:Y0  MikroTik           Ok     cAPGi-5HaxD2HaxD   7.16.2 
[admin@0lab-og-eog01-sw2] /interface/wifi/capsman/remote-cap> set-identity numbers=1 name=0lab-og-eog02-ap01
[admin@0lab-og-eog01-sw2] /interface/wifi/capsman/remote-cap> set-identity numbers=2 name=0lab-og-eog02-ap02
[admin@0lab-og-eog01-sw2] /interface/wifi/capsman/remote-cap> provision numbers=1,2

[admin@0lab-og-eog01-sw2] /interface/wifi/capsman/remote-cap> print detail 
 0 address=192.168.0.124 identity="0lab-og-eog01-sw2" board-name="CRS354-48P-4S+2Q+" serial="HGD09RXXXXG" version="7.16.2" base-mac=D4:01:C3:8E:8D:60 common-name="" state="Ok" 
 1 address=192.168.0.214 identity="0lab-og-eog02-ap01" board-name="cAPGi-5HaxD2HaxD" serial="HGM09SXXXXR" version="7.16.2" base-mac=D4:01:C3:XX:XX:X6 common-name="" state="Ok" 
 2 address=D4:01:C3:YY:YY:Y0 identity="0lab-og-eog02-ap02" board-name="cAPGi-5HaxD2HaxD" serial="HGM09YXXXX5" version="7.16.2" base-mac=D4:01:C3:YY:YY:Y0 common-name="" state="Ok" 
 
[admin@0lab-og-eog01-sw2] /interface/wifi/radio> print
Columns: CAP, RADIO-MAC, INTERFACE
# CAP                                       RADIO-MAC          INTERFACE
0 0lab-og-eog02-ap01@192.168.0.214          D4:01:C3:XX:XX:X8  cap-wifi1
1 0lab-og-eog02-ap01@192.168.0.214          D4:01:C3:XX:XX:X9  cap-wifi2
2 0lab-og-eog02-ap02@D4:01:C3:YY:YY:Y0%*3e  D4:01:C3:YY:YY:Y2  cap-wifi4
3 0lab-og-eog02-ap02@D4:01:C3:YY:YY:Y0%*3e  D4:01:C3:YY:YY:Y3  cap-wifi3

[admin@0lab-og-eog01-sw2] /ip/neighbor> print detail 
 0 interface=ether9,bridge1 address=192.168.0.225 address4=192.168.0.225 address6=fe80::d601:c3ff:fee2:8150 mac-address=D4:01:C3:YY:YY:Y0 identity="0lab-og-eog02-ap02" platform="MikroTik" 
   version="7.16.2 (stable) 2024-11-26 12:09:40" unpack=none age=15s uptime=20m2s software-id="BRSJ-YD2F" board="cAPGi-5HaxD2HaxD" ipv6=yes interface-name="bridgeLocal/ether1" 
   system-description="MikroTik RouterOS 7.16.2 (stable) 2024-11-26 12:09:40 cAPGi-5HaxD2HaxD" system-caps=bridge,router system-caps-enabled=bridge,router discovered-by=cdp,lldp,mndp 
...
 6 interface=ether48,bridge1 address=192.168.0.214 address4=192.168.0.214 address6=fe80::d601:c3ff:fee1:6886 mac-address=D4:01:C3:XX:XX:X6 identity="0lab-og-eog02-ap01" platform="MikroTik" 
   version="7.16.2 (stable) 2024-11-26 12:09:40" unpack=none age=25s uptime=20m40s software-id="7MAB-3W5Y" board="cAPGi-5HaxD2HaxD" ipv6=yes interface-name="bridgeLocal/ether1" system-caps="" 
   system-caps-enabled="" discovered-by=mndp 
[admin@0lab-og-eog01-sw2] /ip/neighbor>

As a neighbor, it can see the IP... After a poweroff / poweron it looks like after the factory reset:
Code: Select all
[admin@0lab-og-eog01-sw2] /interface/wifi/radio> print 
Columns: CAP, RADIO-MAC, INTERFACE
# CAP                             RADIO-MAC          INTERFACE
0 MikroTik@192.168.0.214          D4:01:C3:XX:XX:X8  cap-wifi1
1 MikroTik@192.168.0.214          D4:01:C3:XX:XX:X9  cap-wifi2
2 MikroTik@D4:01:C3:YY:YY:Y0%*3e  D4:01:C3:YY:YY:Y2  cap-wifi3
3 MikroTik@D4:01:C3:YY:YY:Y0%*3e  D4:01:C3:YY:YY:Y3  cap-wifi4

[admin@0lab-og-eog01-sw2]


The relevant configuration on the CAPsMAN host (Switch):
Code: Select all
/interface wifi datapath add bridge=bridge1 comment="0l-lan" disabled=no name=datapath_0l-lan vlan-id=1
/interface wifi datapath add bridge=bridge1 comment="0l-guest" disabled=no name=datapath_0l-guest vlan-id=28
/interface wifi datapath add bridge=bridge1 comment="0l-test" disabled=no name=datapath_0l-test vlan-id=29
/interface wifi security add authentication-types=wpa2-psk,wpa3-psk comment="0l-lan" disabled=no name=security_0l-lan
/interface wifi security add authentication-types=wpa2-psk,wpa3-psk comment="0l-guest" disabled=no name=security_0l-guest
/interface wifi security add authentication-types=wpa2-psk,wpa3-psk comment="0l-test" disabled=no name=security_0l-test
/interface wifi configuration add comment="0l-lan" datapath=datapath_0l-lan disabled=no hide-ssid=no mode=ap name=cfg_0l-lan security=security_0l-lan ssid=0l-lan
/interface wifi configuration add comment="0l-guest" disabled=no hide-ssid=no mode=ap name=cfg_0l-guest security=security_0l-guest ssid=0l-guest
/interface wifi configuration add comment="0l-test" datapath=datapath_0l-test disabled=no hide-ssid=no mode=ap name=cfg_0l-test security=security_0l-test ssid=0l-test
/interface wifi cap set discovery-interfaces=bridge1 enabled=yes
/interface wifi capsman set ca-certificate=auto certificate=auto enabled=yes interfaces=bridge1 package-path="" require-peer-certificate=no upgrade-policy=require-same-version
/interface wifi provisioning add action=create-dynamic-enabled comment=prov_og-eog01 disabled=no identity-regexp="^0lab-og-eog02-ap[0-9][0-9]" master-configuration=cfg_0l-lan slave-configurations=cfg_0l-guest,cfg_0l-test
Any hint, what's going wrong here?

Thanks a lot
Ivo
Top
 
holvoetn
Forum Guru
Forum Guru
Posts: 6825
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: AP identity not "reboot safe"

Wed Dec 18, 2024 8:20 am

Some formatting issue on the CAP Name or some naming convention which has not been documented or ... ??

I am seeing the same with all my APs under capsman (7.16.2: AX Lite, wAP AX and AX2).
Also in Winbox GUI it shows.

If it bothers you, make ticket to support so they can investigate root cause.
Top
 
Iv0
just joined
Topic Author
Posts: 9
Joined: Tue Jul 02, 2024 5:36 pm
Location: Switzerland

Re: AP identity not "reboot safe"

Wed Dec 18, 2024 10:10 am

I try...
Top
 
Iv0
just joined
Topic Author
Posts: 9
Joined: Tue Jul 02, 2024 5:36 pm
Location: Switzerland

Re: AP identity not "reboot safe"

Wed Dec 18, 2024 11:21 am

Okay, i figure out these two scenarios:

CAP loose the identity:
  • CAP: /system/reset-configuration keep-users=no caps-mode=yes
  • CAPsMAN: /interface/wifi/capsman/remote-cap/set-identity numbers=2 name=0lab-og-eog02-ap02
  • CAPsMAN: /interface/wifi/capsman/remote-cap//interface/wifi/capsman/remote-cap/provision numbers=2
  • Power off/on CAP
CAP hold the identity after power off/on:
  • CAP: /system/reset-configuration keep-users=no caps-mode=yes
  • CAPsMAN: /interface/wifi/capsman/remote-cap/set-identity numbers=2 name=0lab-og-eog02-ap02
  • CAPsMAN: /interface/wifi/capsman/remote-cap//interface/wifi/capsman/remote-cap/provision numbers=2
  • Login to CAP with ssh
    Code: Select all
    Do you want to see the software license? [Y/n]: n
...
You can type "v" to see the exact commands that are used to add and remove           
this default configuration, or you can view them later with                          
'/system default-configuration print' command.                                       
To remove this default configuration type "r" or hit any other key to continue.      
If you are connected using the above IP and you remove it, you will be disconnected. 
                                                                                     
Confirming configuration                                                             
CTRL-C do not change passwort
quit
  • Power off/on CAP, "n"
But this is not the idea to login/logout on every CAP after provisioning, just to hold the hostname.
Ivo
Top
 
holvoetn
Forum Guru
Forum Guru
Posts: 6825
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: AP identity not "reboot safe"

Wed Dec 18, 2024 11:49 am

That sounds like a genuine bug.
Definitely something to report.

And ... good analysis !!
Top
 
Iv0
just joined
Topic Author
Posts: 9
Joined: Tue Jul 02, 2024 5:36 pm
Location: Switzerland

Re: AP identity not "reboot safe"

Fri Jan 10, 2025 3:10 pm

Hi

Mikrotik support means, this is not a bug:
This behavior is expected because, after executing system/reset-configuration skip-backup=y caps-mode=y, you must accept the configuration. Until you do so, all changes will remain in the cache. Please note that you will need to log into the board one way or another to accept the configuration.
you can set up automation using API requests
But also with an API call, we need the password and this is on the label, no barcode or so, where we can scan. So we have to write down all the PW's manually. With more than 100 AP's? Wow...
Well, we use Ansible to configure the whole infrastructure, so it's not a problem to configure also the AP's with Ansible, but if we need from every AP the password, just because to set the hostname, this is nonsense.
Maybe someone have another, better way?

Ivo
Top
Post Reply

Who is online

Users browsing this forum: No registered users and 13 guests
  4. RouterOS
  5. Wireless Networking