Wireless Networking • Re: Problems with Capsman on RB5009 and CAP 5HaxD2HaxD using rOS 7.14.1 [SOLVED]

# 2024-03-26 10:37:28 by RouterOS 7.14.1# software id = E10X-RDVX## model = RB5009UPr+S+/interface bridgeadd name=bridge1 pvid=99 vlan-filtering=yes/interface ethernetset [ find default-name=ether1 ] comment="Bonding to au1-usw-01 Switch Port1" \    poe-out=offset [ find default-name=ether2 ] comment="Bonding to au1-usw-01 Switch Port2" \    poe-out=offset [ find default-name=ether5 ] comment="ADMIN ETH" name=ether5-accessset [ find default-name=ether8 ] comment="Temporarily for swtich in VLAN10"set [ find default-name=sfp-sfpplus1 ] auto-negotiation=no comment=\    "ISP WAN" name=sfp speed=1G-baseT-full/interface wifi# SSID not setadd configuration.mode=ap disabled=no name=cap-wifi1 radio-mac=\    AA:BB:CC:DD:EE:FF/interface vlanadd comment="Guests VLAN80 for WIFI" interface=bridge1 name=guests_v80 \    vlan-id=80add comment="employees vlan" interface=bridge1 name=vlan10 vlan-id=10add comment="sysadmins vlan" interface=bridge1 name=vlan90 vlan-id=90add comment="Admin Vlan" interface=bridge1 name=vlan99 vlan-id=99/interface bondingadd comment="Bonding Trunk for Switch" mode=802.3ad name=bonding_to_switch \    slaves=ether1,ether2/interface listadd comment="all Vlans" name=VLANadd comment="The WAN" name=WANadd comment="Where the admin VLAN is trunk" name=BASEadd comment="The Interface list needed for ADMINS" name=ADMIN/interface wifi channeladd band=5ghz-ax disabled=no frequency=\    5230-5250,5210-5230,5190-5210,5170-5190 name=5GHz_US_bands width=20/40mhzadd band=2ghz-ax disabled=no frequency=2412,2432,2422,2442 name=\    2GHZ_AX_US_BANDS secondary-frequency=2417,2427,2437 skip-dfs-channels=all \    width=20mhz/interface wifi datapathadd bridge=bridge1 comment="Employees VLAN WIFI" disabled=no name=\    employees_wifi_datapath vlan-id=10add bridge=bridge1 comment="GUESTS VLAN80 WIFI" disabled=no name=\    guests_wifi_datapath vlan-id=80/interface wifi securityadd authentication-types=wpa2-psk,wpa3-psk comment=\    "Security Profile for Employees wifi" disabled=no name=\    employees_wifi_security_profile wps=disableadd authentication-types=wpa2-psk,wpa3-psk comment=\    "Security Profile for Employees wifi" disabled=no name=\    guests_wifi_security_profile wps=disable/interface wifi configurationadd channel=5GHz_US_bands comment="Employees WIFI 5GHz" country=\    "United States" datapath=employees_wifi_datapath disabled=no name=\    5g_employees security=employees_wifi_security_profile ssid=ihconau2add channel=5GHz_US_bands comment="GUESTS WIFI 5GHz" country="United States" \    datapath=guests_wifi_datapath disabled=no name=5g_guests security=\    guests_wifi_security_profile ssid=ih-guestsadd channel=2GHZ_AX_US_BANDS comment="Employees WIFI 2.4GHz" country=\    "United States" datapath=employees_wifi_datapath disabled=no name=\    2g_employees security=employees_wifi_security_profile ssid=ihconau2add channel=2GHZ_AX_US_BANDS comment="GUESTS WIFI 5GHz" country=\    "United States" datapath=guests_wifi_datapath disabled=no name=2g_guests \    security=guests_wifi_security_profile ssid=ih-guests/ip pooladd comment="employees vlan10" name=vlan10 ranges=\    192.168.10.10-192.168.10.254add comment="sysadmin vlan90" name=vlan90 ranges=192.168.90.10-192.168.90.254add comment="ip pool for ether5" name=ether5 ranges=10.0.0.10-10.0.0.20add comment="ip pool for admin vlan99" name=vlan99 ranges=\    10.0.99.2-10.0.99.254add comment="Guests vlan80" name=vlan80 ranges=10.0.80.10-10.0.80.254/ip dhcp-serveradd address-pool=vlan10 comment="For employees vlan10" interface=vlan10 \    lease-time=10m name=vlan10add address-pool=vlan90 comment="For sysadmins vlan90" interface=vlan90 \    lease-time=10m name=vlan90add address-pool=ether5 comment="DHCP for eth5 access" interface=\    ether5-access lease-time=5d name=ether5add address-pool=vlan99 comment="For admin vlan99" interface=vlan99 \    lease-time=10m name=vlan99add address-pool=vlan80 comment="For GUESTS vlan80" interface=guests_v80 \    lease-time=10m name=guests_vlan80/ip smb usersset [ find default=yes ] disabled=yes/interface bridge portadd bridge=bridge1 interface=ether6add bridge=bridge1 ingress-filtering=no interface=ether7 pvid=99add bridge=bridge1 interface=ether8add bridge=bridge1 interface=bonding_to_switch pvid=99/ip firewall connection trackingset udp-timeout=10s/ipv6 settingsset disable-ipv6=yes/interface bridge vlanadd bridge=bridge1 comment="Base VLAN99" tagged=bonding_to_switch,bridge1 \    untagged=ether6,ether8,ether7 vlan-ids=99add bridge=bridge1 comment="Employees VLAN10" tagged=\    ether6,ether7,ether8,bonding_to_switch,bridge1 vlan-ids=10add bridge=bridge1 comment="Sysadmins VLAN90" tagged=\    ether6,ether7,ether8,bonding_to_switch,bridge1 vlan-ids=90add bridge=bridge1 comment="Guests VLAN80" tagged=\    bridge1,bonding_to_switch,ether7 vlan-ids=80/interface list memberadd comment=VLAN10 interface=vlan10 list=VLANadd comment=VLAN90 interface=vlan90 list=VLANadd comment=VLAN99 interface=vlan99 list=VLANadd comment="BASE just vlan99" interface=vlan99 list=BASEadd comment="admin vlan99" interface=vlan99 list=ADMINadd comment="Sysadmin from vlan90" interface=vlan90 list=ADMINadd interface=sfp list=WAN/interface wifi access-listadd action=reject comment="Reject anonymous MACs for WIFIs" disabled=yes \    mac-address=02:00:00:00:00:00 mac-address-mask=02:00:00:00:00:00/interface wifi capset enabled=yes slaves-static=yes/interface wifi capsmanset enabled=yes interfaces=BASE package-path="" require-peer-certificate=no \    upgrade-policy=suggest-same-version/interface wifi provisioningadd action=create-dynamic-enabled comment="Employees 5Ghz provisioning" \    disabled=no master-configuration=5g_employees slave-configurations=\    5g_guests supported-bands=5ghz-axadd action=create-dynamic-enabled comment="Employees 2.4Ghz provisioning" \    disabled=no master-configuration=2g_employees slave-configurations=\    2g_guests supported-bands=2ghz-ax/ip addressadd address=10.0.99.1/24 comment="admin vlan99 Ip addresses" interface=vlan99 \    network=10.0.99.0add address=192.168.10.1/24 comment="employees vlan_10 Ip addresses" \    interface=vlan10 network=192.168.10.0add address=192.168.90.0/24 comment="sysadmins vlan90 Ip addresses" \    interface=vlan90 network=192.168.90.0add address=10.0.0.1/24 comment="Admin IP for eth5" interface=ether5-access \    network=10.0.0.0add address=xxx.yyy.zzz.tt4/29 comment="Main IP for router  for ISP" \    interface=sfp network=xxx.yyy.zzz.tt2add address=10.0.80.1/24 comment="sysadmins vlan80 Ip addresses" \    interface=guests_v80 network=10.0.80.0/ip dhcp-server leaseadd address=192.168.10.100 client-id=1:b4:22:0:66:43:a7 comment=Printer \    mac-address=B4:22:00:66:43:A7 server=vlan10/ip dhcp-server networkadd address=10.0.0.0/24 dns-server=1.1.1.1,8.8.4.4 gateway=10.0.0.1add address=10.0.80.0/24 comment="Guests vlan80 network" dns-server=\    1.1.1.1,8.8.4.4 gateway=10.0.80.1add address=10.0.99.0/24 comment="Admin vlan90 network" dns-server=\    1.1.1.1,8.8.4.4 gateway=10.0.99.1add address=192.168.10.0/24 comment="employees vlan10 network" dns-server=\    192.168.10.1 gateway=192.168.10.1add address=192.168.90.0/24 comment="Syadmins vlan99 network" dns-server=\    192.168.90.1 gateway=192.168.90.1/ip dnsset allow-remote-requests=yes servers=1.1.1.1,8.8.4.4/ip firewall filteradd action=drop chain=input comment="DROP DNS tcp port 53 from WAN" dst-port=\    53 in-interface-list=WAN protocol=tcpadd action=drop chain=input comment="DROP DNS udp port 53 from WAN" dst-port=\    53 in-interface-list=WAN protocol=udpadd action=accept chain=input comment="Allow Estab & Related" \    connection-state=established,related,untrackedadd action=drop chain=input comment="Drop invalid connections" \    connection-state=invalidadd action=drop chain=input comment="drop ICMP to WAN" in-interface-list=WAN \    protocol=icmpadd action=accept chain=input comment="Accept Loopback for CAPSMAN" \    dst-address=127.0.0.1add action=accept chain=input comment="Allow everything from VLANs" \    in-interface-list=VLANadd action=accept chain=input comment="Allow Admin VLAN full access" \    in-interface-list=BASEadd action=drop chain=input comment="DROP REST OF INPUT" in-interface-list=\    WANadd action=accept chain=forward comment="VLAN Internet Access only" \    connection-state=new in-interface-list=VLAN out-interface-list=WANadd action=accept chain=forward comment="accept in ipsec policy" \    ipsec-policy=in,ipsecadd action=accept chain=forward comment="accept out ipsec policy" \    ipsec-policy=out,ipsecadd action=accept chain=forward comment=\    "accept established,related, untracked" connection-state=\    established,related,untrackedadd action=drop chain=forward comment="defconf: drop invalid" \    connection-state=invalidadd action=drop chain=forward comment=\    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \    connection-state=new in-interface-list=WANadd action=drop chain=forward comment=\    "Drop everything Forward from VLANs- TO ACTIVE WHEN TESTED" \    in-interface-list=VLAN/ip firewall natadd action=masquerade chain=srcnat comment="Masquerade ISP WAN" \    out-interface-list=WAN/ip firewall service-portset ftp disabled=yesset tftp disabled=yesset h323 disabled=yesset sip disabled=yes/ip routeadd comment="Main isp Gateway" disabled=no distance=1 dst-address=\    0.0.0.0/0 gateway=xxx.yyy.zzz.tt3 pref-src="" routing-table=main scope=30 \    suppress-hw-offload=no target-scope=10/ip serviceset telnet disabled=yesset ftp disabled=yesset www disabled=yesset ssh address=10.0.0.0/24,10.0.69.0/24,10.0.99.0/24,192.168.90.0/24set api disabled=yesset winbox address=\    10.0.0.0/24,10.0.69.0/24,10.0.99.0/24,192.168.90.0/24,192.168.10.0/24set api-ssl disabled=yes/ip smb sharesset [ find default=yes ] directory=/pub/system clockset time-zone-name=America/Chicago/system identityset name=au1-core-rt01/system loggingadd disabled=yes topics=debug/system noteset show-at-login=no/system ntp clientset enabled=yes/system ntp client serversadd address=pool.ntp.orgadd address=europe.pool.ntp.orgadd address=asia.pool.ntp.org/tool romonset enabled=yes

/interface bridgeadd ingress-filtering=no name=bridge1 port-cost-mode=short priority=0x2000 pvid=99 vlan-filtering=yes/interface ethernetset [ find default-name=ether1 ] comment=Trunk l2mtu=1560/interface vlanadd comment="Managment VLAN99" interface=bridge1 name=MGMT vlan-id=99/interface wifi datapathadd bridge=bridge1 disabled=no name=vlan10_employees vlan-id=10add bridge=bridge1 disabled=no name=vlan80_guests vlan-id=80/interface wifi# managed by CAPsMAN# mode: AP, SSID: ihconau2, channel: 5220/ax/Ceset [ find default-name=wifi1 ] configuration.manager=capsman .mode=ap datapath=vlan10_employees disabled=no# managed by CAPsMANset [ find default-name=wifi2 ] configuration.manager=capsman .mode=ap datapath=vlan10_employees disabled=no/interface bridge portadd bridge=bridge1 ingress-filtering=no interface=ether1 internal-path-cost=10 path-cost=10 pvid=99/interface bridge vlanadd bridge=bridge1 comment="For mgmt vlan99" tagged=bridge1 vlan-ids=99add bridge=bridge1 comment="For employees vlan10" tagged=bridge1,ether1 vlan-ids=10add bridge=bridge1 comment="For Guests vlan80" tagged=bridge1,ether1 vlan-ids=80/interface wifi capset caps-man-addresses=10.0.99.1 enabled=yes slaves-datapath=vlan80_guests slaves-static=no/ip addressadd address=10.0.99.101/24 comment="admin vlan ip" interface=MGMT network=10.0.99.0/ip routeadd disabled=no dst-address=0.0.0.0/0 gateway=10.0.99.1/system clockset time-zone-name=America/Chicago/system identityset name=au1-core-ap02/system noteset show-at-login=no/tool romonset enabled=yes