Unable to connect to 2.4Ghz
Posted: Thu Feb 14, 2019 5:27 pm
Hi,
I have an office setup with a RB4011iGS+ doing generic office routing as well as CAPsMAN for two cAP ac to cover a fairly small office.
My problem is that I am unable to use 2.4 Ghz wifi. Everything works fine for 5 Ghz clients. For debugging purposes I have set up two SSIDs, one called "company.5g" and one called "company.2g". Any attempt to connect to "company.2g" fails, and "company.5g" works. I have tried from several clients. Currently I get nothing in the log, but I have seen "4-way handshake" errors. Both the mentioned networks use the same security config, though.
See relevant config below (edited for confidentiality):
I have tried factory resetting both the cAPs. All devices are on latest stable firmware.
I am operating basically the same infrastructure in two other locations, and there it seems to work.
Update: It seems this is because I am using slave configurations. This works for 5 Ghz, not for 2.4 Ghz. No idea why.
Any ideas?
I have an office setup with a RB4011iGS+ doing generic office routing as well as CAPsMAN for two cAP ac to cover a fairly small office.
My problem is that I am unable to use 2.4 Ghz wifi. Everything works fine for 5 Ghz clients. For debugging purposes I have set up two SSIDs, one called "company.5g" and one called "company.2g". Any attempt to connect to "company.2g" fails, and "company.5g" works. I have tried from several clients. Currently I get nothing in the log, but I have seen "4-way handshake" errors. Both the mentioned networks use the same security config, though.
See relevant config below (edited for confidentiality):
Code: Select all
# feb/14/2019 16:08:55 by RouterOS 6.43.12
# software id = 5XDT-UT6X
#
# model = RB4011iGS+
# serial number =
/caps-man channel
add band=5ghz-onlyac name=5g-channel-auto reselect-interval=12h \
skip-dfs-channels=no
add band=2ghz-b/g/n name=2g-channel-auto reselect-interval=12h
/interface bridge
add fast-forward=no name=bridge-clientvpn
add admin-mac=BX::::X8 auto-mac=no name=bridge-internal
add fast-forward=no name=bridge-wifi-internal
add fast-forward=no name=bridge-wifi-public
/interface ethernet
set [ find default-name=ether1 ] name=ether1-wan
set [ find default-name=ether3 ] disabled=yes
set [ find default-name=ether4 ] disabled=yes
set [ find default-name=ether5 ] disabled=yes
set [ find default-name=ether6 ] disabled=yes
set [ find default-name=ether7 ] disabled=yes
set [ find default-name=ether8 ] disabled=yes
set [ find default-name=ether9 ] name=ether9-ap-conference
set [ find default-name=ether10 ] name=ether10-ap-entrance poe-out=off
set [ find default-name=sfp-sfpplus1 ] disabled=yes
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1-wan name=\
wan-xx-fiber user=xx@xx
/caps-man datapath
add bridge=bridge-internal client-to-client-forwarding=yes name=\
internal-datapath
add bridge=bridge-wifi-public client-to-client-forwarding=no name=\
public-datapath
/caps-man security
add authentication-types=wpa2-psk name=companyinternal-security
add authentication-types=wpa2-psk name=companypublic-security
add authentication-types=wpa2-eap eap-methods=passthrough \
eap-radius-accounting=yes encryption=aes-ccm group-encryption=aes-ccm \
name=companycorporate-security
/caps-man configuration
add channel=2g-channel-auto country=spain datapath=internal-datapath mode=ap \
name=cap-internal-2g security=companyinternal-security ssid=company.local
add channel=5g-channel-auto country=spain datapath=internal-datapath \
distance=indoors name=cap-internal-5g security=companyinternal-security \
ssid=company.local
add datapath=public-datapath name=cap-public security=companypublic-security \
ssid=company
add datapath=internal-datapath name=cap-corporate security=\
companycorporate-security ssid=company.corporate
add datapath=public-datapath name=cap-public-2g security=\
companypublic-security ssid=company.2g
add datapath=public-datapath name=cap-public-5g security=\
companypublic-security ssid=company.5g
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcppool-wifi-internal ranges=10.209.29.140-10.209.29.240
add name=dhcppool-internal ranges=10.209.30.140-10.209.30.240
add name=dhcppool-vpn ranges=10.209.31.140-10.209.31.240
add name=dhcppool-wifi-public ranges=10.209.20.140-10.209.20.240
/ip dhcp-server
add address-pool=dhcppool-wifi-internal disabled=no interface=\
bridge-wifi-internal lease-time=1d name=dhcp-wifi-internal
add address-pool=dhcppool-internal disabled=no interface=bridge-internal \
lease-time=1d name=dhcp-internal
add address-pool=dhcppool-wifi-public disabled=no interface=\
bridge-wifi-public lease-time=1d name=dhcp-wifi-public
/system logging action
add bsd-syslog=yes name=diskstation remote=10.209.30.14 target=remote
/caps-man manager
set enabled=yes
/caps-man provisioning
add action=create-dynamic-enabled hw-supported-modes=ac master-configuration=\
cap-internal-5g name-format=prefix name-prefix=cap-5g \
slave-configurations=cap-public,cap-corporate,cap-public-5g
add action=create-dynamic-enabled hw-supported-modes=gn master-configuration=\
cap-internal-2g name-format=prefix name-prefix=cap-2g \
slave-configurations=cap-public,cap-corporate,cap-public-2g
/interface bridge port
add bridge=bridge-internal interface=ether10-ap-entrance
add bridge=bridge-internal interface=ether2
add bridge=bridge-internal interface=ether9-ap-conference
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf disabled=yes interface=ether1-wan list=WAN
add interface=ether2 list=LAN
add interface=ether10-ap-entrance list=LAN
add interface=bridge-internal list=LAN
add interface=wan-xx-fiber list=WAN
add interface=bridge-clientvpn list=LAN
add interface=bridge-wifi-internal list=LAN
add interface=ether9-ap-conference list=LAN
/ip address
add address=10.209.29.1/24 interface=bridge-wifi-internal network=10.209.29.0
add address=10.209.30.1/24 interface=bridge-internal network=10.209.30.0
add address=10.209.31.1/24 interface=bridge-clientvpn network=10.209.31.0
add address=10.209.20.1/24 interface=bridge-wifi-public network=10.209.20.0
/ip dhcp-client
add dhcp-options=hostname,clientid interface=ether1-wan
/ip dhcp-server lease
add address=10.209.30.8 mac-address=BX::::X3 server=dhcp-internal
add address=10.209.30.5 mac-address=BX::::X4 server=dhcp-internal
/ip dhcp-server network
add address=10.209.20.0/24 dns-server=1.1.1.1,1.0.0.1 gateway=10.209.20.1
add address=10.209.29.0/24 dns-server=10.209.30.128,10.209.30.129,10.130.49.50 \
gateway=10.209.29.1 netmask=24
add address=10.209.30.0/24 dns-server=10.209.30.128,10.209.30.129,10.130.49.50 \
gateway=10.209.30.1 netmask=24
/ip dns
set servers=10.209.30.128,10.209.30.129,1.1.1.1
/ip dns static
add address=10.209.31.1 name=router.lan
/ip service
set telnet disabled=yes
set ftp disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/system logging
add action=diskstation topics=critical
add action=diskstation topics=error
add action=diskstation topics=info,!caps
add action=diskstation topics=warning
add topics=caps
add topics=wireless,debug
add topics=caps,debug
I am operating basically the same infrastructure in two other locations, and there it seems to work.
Update: It seems this is because I am using slave configurations. This works for 5 Ghz, not for 2.4 Ghz. No idea why.
Any ideas?