Hello everyone!
The setup:
I use my primary RB750Gr2 to manage my two AP with CAPsMAN…
I got 3 ssid configured, one “admin” 5Ghz, one “admin” 2.4 and one “guest” 2.4.
I see the three ssid, I’m able to connect to three of them and I got private 192.168.1.x address on both “admin” but no internet, I can only ping 192.168.1.1 (DHCP pool 192.168.1.100-254)
The configs are the “same”, only dhcp binding and bridge is different..
Any idea?!
Thanks
Dave
Without seeing the rest of your conifg, I’d start with double-checking your NAT and Firewall.
matiaszon:
It does say nothing.
/export hide-sensitive
[admin@MikroTik] > /export hide-sensitive
# may/05/2017 13:14:16 by RouterOS 6.39.1
# software id = PGU7-MYBT
#
/interface bridge
add mtu=1500 name=Guest
add mtu=1500 name=OfficeNet
/interface ethernet
set [ find default-name=ether1 ] name=ether1-gateway
set [ find default-name=ether2 ] name=ether2-master-local
set [ find default-name=ether3 ] master-port=ether2-master-local name=ether3-slave-local
set [ find default-name=ether4 ] master-port=ether2-master-local name=ether4-slave-local
set [ find default-name=ether5 ] master-port=ether2-master-local name=ether5-slave-local
/ip neighbor discovery
set ether1-gateway discover=no
/caps-man configuration
add datapath.bridge=OfficeNet name=OfficeNet security.authentication-types=wpa-psk,wpa-eap security.encryption=aes-ccm,tkip security.group-encryption=\
aes-ccm ssid=Office
add datapath.bridge=Guest name=Guest security.authentication-types=wpa-psk,wpa-eap security.encryption=aes-ccm,tkip security.group-encryption=aes-ccm \
ssid=Guesttata
/caps-man interface
add channel.band=2ghz-b/g/n configuration=OfficeNet configuration.hide-ssid=no configuration.mode=ap configuration.ssid=Testzouiz datapath.bridge=\
OfficeNet disabled=no l2mtu=1600 mac-address=6C:3B:6B:B7:0B:48 master-interface=none name=cap1 radio-mac=6C:3B:6B:B7:0B:48 \
security.authentication-types=wpa-psk security.encryption=aes-ccm,tkip security.group-encryption=aes-ccm
add channel.band=5ghz-a/n/ac configuration=OfficeNet configuration.hide-ssid=no configuration.mode=ap configuration.ssid=Test5 datapath.bridge=OfficeNet \
disabled=no l2mtu=1600 mac-address=6C:3B:6B:B7:0B:47 master-interface=none name=cap2 radio-mac=6C:3B:6B:B7:0B:47 security.authentication-types=\
wpa-psk security.encryption=aes-ccm,tkip security.group-encryption=aes-ccm
add channel.band=2ghz-b/g/n configuration=Guest configuration.hide-ssid=no configuration.mode=ap configuration.ssid="FBI Guest" datapath.bridge=Guest \
disabled=no l2mtu=1600 mac-address=6E:3B:6B:B7:0B:48 master-interface=cap1 name=cap3 radio-mac=00:00:00:00:00:00 security.authentication-types=\
wpa-psk security.encryption=aes-ccm,tkip security.group-encryption=aes-ccm
/ip firewall layer7-protocol
add name=Block regexp="^.+(youporn.com|pornhub.com).*\$"
add name=Youtube regexp="^.+(https://www.youtube.com).*\$"
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-256-cbc,aes-128-cbc,3des pfs-group=none
/ip pool
add name=dhcp ranges=192.168.1.100-192.168.1.254
add name=vpn-pool ranges=192.168.10.10-192.168.10.20
add name=OfficeNet ranges=192.168.100.2-192.168.100.254
add name=GuestPool ranges=10.0.0.2-10.0.0.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=ether2-master-local name=default
add address-pool=dhcp disabled=no interface=OfficeNet name=CAP
add address-pool=GuestPool disabled=no interface=Guest name=dhcp2
/ppp profile
add dns-server=8.8.8.8 local-address=192.168.10.1 name=pptp_profile remote-address=vpn-pool use-encryption=yes
add change-tcp-mss=yes local-address=vpn-pool name=l2tp-profile remote-address=vpn-pool use-encryption=required
/queue tree
add disabled=yes name=Stable-Ping packet-mark=Ping-Packet parent=global
/system logging action
set 1 disk-file-name=log
/user group
add name=sniffer policy=ssh,read,!local,!telnet,!ftp,!reboot,!write,!policy,!test,!winbox,!password,!web,!sniff,!sensitive,!api,!romon,!dude,!tikapp
/caps-man manager
set enabled=yes
/caps-man provisioning
add action=create-dynamic-enabled disabled=yes master-configuration=OfficeNet name-prefix=AP
/interface l2tp-server server
set authentication=mschap2 caller-id-type=ip-address default-profile=l2tp-profile enabled=yes max-mru=1460 max-mtu=1460 use-ipsec=yes
/ip accounting
set enabled=yes threshold=2560
/ip accounting web-access
set accessible-via-web=yes address=192.168.1.215/32
/ip address
add address=192.168.1.1/24 comment="default configuration" interface=ether2-master-local network=192.168.1.0
add address=192.168.1.1/24 interface=OfficeNet network=192.168.1.0
add address=10.0.0.1/24 interface=Guest network=10.0.0.0
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid disabled=no interface=ether1-gateway
/ip dhcp-server lease
add address=192.168.1.81 comment="Insteon controller" mac-address=00:0E:F3:3C:B2:0A server=default
/ip dhcp-server network
add address=10.0.0.0/24 dns-server=10.0.0.1,8.8.8.8 gateway=10.0.0.1 netmask=24
add address=192.168.1.0/24 comment="default configuration" dns-server=192.168.1.1,8.8.8.8 gateway=192.168.1.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip dns static
add address=192.168.1.1 name=router
/ip firewall filter
add action=accept chain=input comment="default configuration" protocol=icmp
add action=accept chain=input comment="default configuration" connection-state=established,related
add action=drop chain=input comment="default configuration" in-interface=ether1-gateway
add action=fasttrack-connection chain=forward comment="default configuration" connection-state=established,related
add action=accept chain=forward comment="default configuration" connection-state=established,related
add action=drop chain=forward comment="default configuration" connection-state=invalid
add action=drop chain=forward comment="default configuration" connection-nat-state=!dstnat connection-state=new in-interface=ether1-gateway
add action=reject chain=forward connection-limit=100,32 layer7-protocol=Youtube log-prefix=porn reject-with=icmp-network-unreachable tcp-flags=""
/ip firewall mangle
add action=mark-connection chain=prerouting new-connection-mark=Stable-Ping passthrough=yes protocol=icmp
add action=mark-packet chain=prerouting connection-mark=Stable-Ping new-packet-mark=Ping-Packet passthrough=no protocol=icmp
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" out-interface=ether1-gateway
add action=masquerade chain=srcnat dst-address=192.168.1.50 dst-port=0-65000 out-interface=ether2-master-local protocol=tcp src-address=192.168.1.0/24
/ip ipsec peer
add address=0.0.0.0/0 comment=cs enc-algorithm=aes-256,aes-192,aes-128,3des,des exchange-mode=main-l2tp generate-policy=port-strict passive=yes
/ip route
add disabled=yes distance=1 gateway=172.102.16.153
/ip smb shares
set [ find default=yes ] directory=/pub
/ppp aaa
set use-radius=yes
/ppp secret
add name=davep profile=pptp_profile
/system clock
set time-zone-name=America/Toronto
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-local
[admin@MikroTik] >
My network is not working… Anyone pleaassee!!
/ip route
add disabled=yes distance=1 gateway=172.102.16.153
why default gateway is disabled?
Chouby
May 10, 2017, 11:17pm
9
Because I had a static IP before.. I didn’t delete it yet.. I’m DHCP from my isp now..
Chouby
May 15, 2017, 5:37pm
11
I’m trying to troubleshoot myself and I see this but I don’t understand why it is not going out on WAN…
It’s my Google Pixel pinging google DNS… but no answer
Any idea?
Just a gut feeling:
-Chris
Only the guest wifi is working…
