Hi,

Here is what I have running on my client's network

• RB2011 (6.35 - hasn't been rebooted in 193 days) that PCC load balances two high speed WAN connections, along with Queue Trees for all the local subnets
• 3x 951Ui-2HnDs and 1x wAP as APs (6.37.1)
• 1x 750UP to power the APs (6.37.1)
• 5 networks that connect to 5 SSIDs, a couple APs run 3 SSIDs, while the other 2 run 4 each (two of the SSIDs only run on one AP)
• CAPsMAN master config allows Local Forwarding and Client to Client, while the slaves do not
• CAPsMAN access list rules to drop devices with less than -80dbm
• CAPsMAN channels set to 1,6,11 with the two APs on 11 the farthest apart
• There is a lot of other networks in range, but we have the strongest signal

Problems

1. wireless performance works fine until there are over 50 devices connected.Then things start to slow right down to the point where it is almost unusable at over 60 devices at peak usage times.
2. random disconnects of devices with Group Key timeouts in the logs
3. intermittent high latency issues with iPad based POS system connecting to local devices (they are all wired), like receipt printers and local server

Thoughts and things I have tried on each problem

1. moved the CAPsMAN controller from the 750UP to another 951Ui-2HnDs (wlan disabled) connected directly to the RB2011. It was recommended not to run it on the RB2011 due to resource concerns. The WAN connections are not maxed and local interface graphs on the CAPsMAN interface is around 30 Mbit/s. Wired devices are fine.
2. research suggests changing the timeout from the 5 minute default, can't in CAPsMAN. Don't know what else to try/do.
3. changed the WiFi config to WPA2, AES only. Apple recommends enabling WMM, which is not an option in CAPsMAN. POS vendor only support Apple APs, which you can't adjust (turn off 2.4 or tweak power) in the newer firmwares/Airport Utility, which then interferes w/ the Mikrotik APs.

I am considering removing the CAPsMAN config entirely and having all the APs configured separately so I can enable WMM and change the Group Key. But am worried about clean hand offs between APs (access list rules with authentication=no based on signal <80dbm).

Thanks for taking the time to read this post. Any thoughts would be greatly appreciated.
Al

WMM is enabled by default in CAPsMAN (from 6.31+) , before it was disabled by default (I would like a control over it too with a software setting).

About group key timeout (I can be wrong) I remember some mention in a past changelog but I've not verified that functionality at that time; a rapid check in one of my last capsman deployment (6.36.x) unfortunately reveals now no handle for that setting (cli/winbox).

In my opinion MT should take the time to complete capsman implementing all relevant settings handles.

i have the same problem with capsman and apple devices, my scenario is:

1 x hEX as capsmanager and border router routerOS 6.37.1
3 x hAP lite AC as caps, for wireless access, local forwarding and client to client forwarding enabled routerOS 6.37.1

The issues:

apple devices are disconnecting every 5 minutes generating a log on capsmanager of "group key timeout", unfortunately capsman does not allow to adjust group key update parameter


im considering too to remove capsmanager and manage hAP´s individually.

i agree bajodel on this:

MT should take the time to complete capsman implementing all relevant settings handles

Have you every found a solution for this issue?

I currently have a ticket open related to the group key timeout problem. I am only experiencing the problem with Cisco 7925g wireless ip phones. I will post the outcome wether it is solved or not here. They used to work fine a few versions ago, but cannot remember which version exactly.

What problems are you facing?

TonyJr

I have a couple of sites with CAPSMAN, 6 WAPACs each and a lot (100+) of iPads and Macbook Airs. It's a basic network setup.

I am having a hell of a time with one of the networks.

• One SSID
  Full multicast helper
  Both types of preamble and guard intervals
  Local and client to client forwarding
  ROS 6.39.2
  2GHz 20MHz N only
  5GHz Ceee A/N/AC Only
  Default 5 min Group Key Timeout
  All bridges on all devices have disabled (R)STP.
  Bridges have fast-forward on
  All connected to a new HPE 1620-48G switch with no STP enabled. It's just being a switch.

I get

• * Bulk "disconnected, group key timeout" on devices.
  * From time to time on a particular WAPAC Wifi from a Mac or iPad connects (I can see it in the log) but DHCP doesn't seem to get passed along. Power cycle of the WAPAC fixes it.
  * Radio silence - devices are connected but no data flows for 5-10mins then works again. All WAPACs stop talking to the LAN but wired computers work fine. No errors in the logs on the WAPAC or CAPSMAN unit.
  * Sometimes radio silence occurs when the bell goes and lots of iPads are shut off/turned on/move about at once. This radio silence ends after about 10 mins.

With the radio silence it seems the bridge has stopped working properly - but the WAPACs all do it in unison - so it has to be some condition triggering a CAPSMAN state where the bridges or radios don't pass data. I can connect into the WAPACs at this time with Winbox no problem and the CAPSMAN log still reports client connect and disconnect activity during this period. That would imply the bridge/eth interface is working still.

As CAPSMAN causes the Wifi interfaces to become dynamic members of the bridge maybe something is happening where the WAPACs somehow lose this WLAN/bridge membership?? (This is speculation, as I type this I can't say I have checked how the WLAN dynamic bridge ports are reporting their state).

I am trying some WAPACs from today not connected to CAPSMAN to see how they travel.

I'd really like a well tested recipe of Mikrotik settings for IOS and OSX based devices. I'd preferably like to hear them from Mikrotik who has exercised 50 iPads working on CAPSMAN off one WAPAC. A man can dream...

capsman datapaths check option CLIENT TO CLIENT FORWARDING