0c492d016c
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
- Created docs/19-WIFI-CAPSMAN-CONFIG.md documenting working WiFi settings - Fixed 38:1F:8D:04:6F:E4 OUI - was incorrectly labeled as Tuya, is actually Xiaomi - XTRM2 (2.4GHz) requires WPA+WPA2 with TKIP for legacy device compatibility - CAPsMAN working with CAP XL ac on 2.4GHz Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
4.8 KiB
4.8 KiB
WiFi and CAPsMAN Configuration
Last Updated: 2026-02-01 Purpose: Document WiFi network settings, CAPsMAN configuration, and device compatibility requirements
Network Overview
| SSID | Band | Purpose | Password |
|---|---|---|---|
| XTRM | 5GHz | Primary network (fast devices) | M0stW4nt3d@home |
| XTRM2 | 2.4GHz | IoT/Legacy devices | M0stW4nt3d@IoT |
XTRM (5GHz) - wifi1
Target: Modern devices (phones, laptops, tablets)
| Setting | Value |
|---|---|
| SSID | XTRM |
| Band | 5GHz |
| Mode | 802.11ax (WiFi 6) |
| Channel | Auto (DFS enabled) |
| Width | 80MHz |
| Security | WPA2-PSK + WPA3-PSK |
| Cipher | CCMP (AES) |
| 802.11r (FT) | Enabled |
| Password | M0stW4nt3d@home |
XTRM2 (2.4GHz) - wifi2
Target: IoT devices, legacy devices, smartwatches
CRITICAL COMPATIBILITY REQUIREMENTS
Some devices (Tuya JMWZG1 gateway, Amazfit TREX3, iPad 2) require legacy settings:
| Setting | Value | Reason |
|---|---|---|
| SSID | XTRM2 | |
| Band | 2.4GHz | IoT compatibility |
| Mode | 802.11g | Legacy device support |
| Channel | 1 (2412 MHz) | Most compatible |
| Width | 20MHz | Required for old devices |
| Security | WPA-PSK + WPA2-PSK | WPA needed for legacy |
| Cipher | TKIP + CCMP | TKIP required for old devices |
| 802.11r (FT) | Disabled | Causes issues with IoT |
| Password | M0stW4nt3d@IoT |
Devices Requiring WPA + TKIP
| Device | MAC Address | Model | Notes |
|---|---|---|---|
| Amazfit TREX3 | TBD | Smartwatch | Requires WPA+TKIP |
| Tuya Smart Gateway | TBD | JMWZG1 | Requires WPA+TKIP |
| iPad 2 | TBD | A1395/A1396 | Legacy device |
RouterOS Commands for XTRM2
# Working configuration for legacy devices
/interface wifi set wifi2 \
channel.frequency=2412 \
channel.band=2ghz-g \
channel.width=20mhz \
security.authentication-types=wpa-psk,wpa2-psk \
security.encryption=tkip,ccmp \
security.ft=no \
security.ft-over-ds=no \
security.passphrase="M0stW4nt3d@IoT"
Fallback (Maximum Compatibility)
If devices still can't connect, use WPA-only with TKIP-only:
/interface wifi set wifi2 \
security.authentication-types=wpa-psk \
security.encryption=tkip
CAPsMAN Configuration
Manager (HAP ax³ - 192.168.10.1)
| Setting | Value |
|---|---|
| Enabled | Yes |
| Interfaces | bridge, vlan10-mgmt |
| Certificate | Auto-generated |
CAP Device (CAP XL ac - 192.168.10.2)
| Setting | Value |
|---|---|
| caps-man-addresses | 192.168.10.1 |
| certificate | request |
| SSH Port | 2222 |
CAP Interfaces
| Interface | Radio | Band | SSID | Status |
|---|---|---|---|---|
| cap-wifi1 | wifi1 | 2.4GHz | XTRM2 | Working |
| cap-wifi2 | wifi2 | 5GHz | XTRM | Channel issues (disabled) |
CAP Access List Rule
CAP clients bypass VLAN assignment (go to VLAN 10):
/interface wifi access-list add \
interface=cap-wifi1 \
action=accept \
comment="CAP clients - no VLAN" \
place-before=0
WiFi Access List (VLAN Assignment)
Devices are assigned to VLANs based on MAC address:
| VLAN | Purpose | Example Devices | |------|---------|-----------------|| | 20 | Trusted | MacBooks, iPhones, Samsung phones | | 25 | Kids | Kids devices | | 30 | IoT | Smart home devices, Chromecast, Bosch appliances | | 40 | Catch-All | Unknown devices (default) |
Current Access List
/interface wifi access-list print
Troubleshooting
Device can see XTRM2 but can't connect
- Check security settings - device may need WPA (not WPA2)
- Check cipher - device may need TKIP (not CCMP/AES)
- Try 802.11g mode instead of 802.11n
- Use channel 1, 6, or 11
Device connects but disconnects immediately
- Check if 802.11r (Fast Transition) is disabled
- Check VLAN assignment - CAP clients need special rule
- Check channel width - use 20MHz for stability
CAP not connecting to CAPsMAN
- Check certificate - remove old cert and re-request
- Check firewall - ports 5246-5247 UDP must be open
- Check interface binding - CAPsMAN must listen on correct interface
Backup Files
| File | Location | Purpose |
|---|---|---|
| wifi-backup-working.rsc | Router files | WiFi config export |
| config-backup-working.backup | Router files | Full system backup |
Quick Reference
Show WiFi status
/interface wifi print
/interface wifi monitor wifi2 once
/interface wifi registration-table print
Show security settings
/interface wifi security print detail
:put [/interface wifi get wifi2 security.authentication-types]
:put [/interface wifi get wifi2 security.encryption]
Check CAPsMAN
/interface wifi capsman print
/interface wifi capsman remote-cap print