Hi, can someone help me with my configuration? I have a home network made with all Mikrotik devices.

I have added wAP outdoor which is connecting wirelessly to the main network. I have set 5GHZ interface on wAP in station mode so i have connection established. The 2.4 GHZ on wAP is set as ap bridge and is used for the clients to connect on.

The status is that clients are connected to wAP but i cannot reach them and they also cannot reach internet. I would like that wAP is using my main DHCP server. Bridge has all the ports including both wlan’s added to it.

Here is my configuration on wAP.

# 2023-11-21 21:00:11 by RouterOS 7.12
# software id = JUB5-NCR8
#
# model = RBwAPG-5HacD2HnD
# serial number = HE108J6B35F
/interface bridge
add admin-mac=48:A9:8A:34:E4:07 auto-mac=no comment=defconf name=bridgeLocal
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \
    disabled=no frequency=2452 installation=outdoor mode=\
    ap-bridge ssid=abuba
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
    20/40/80mhz-Ceee disabled=no frequency=5500 \
    installation=outdoor ssid=abuba wireless-protocol=nv2-nstreme-802.11
/interface list
add name=WAN
add name=LAN
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk group-ciphers=\
    tkip,aes-ccm mode=dynamic-keys supplicant-identity=MikroTik \
    unicast-ciphers=tkip,aes-ccm
/ip pool
add name=dhcp ranges=172.0.0.1-172.0.0.50
/ip dhcp-server
add address-pool=dhcp disabled=yes interface=bridgeLocal lease-time=10m name=\
    server1
/interface bridge port
add bridge=bridgeLocal comment=defconf ingress-filtering=no interface=ether1
add bridge=bridgeLocal comment=defconf ingress-filtering=no interface=ether2
add bridge=bridgeLocal ingress-filtering=no interface=wlan2
add bridge=bridgeLocal ingress-filtering=no interface=wlan1
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface list member
add interface=wlan2 list=WAN
add interface=ether1 list=LAN
add interface=ether2 list=LAN
add interface=wlan1 list=LAN
add interface=bridgeLocal list=LAN
add interface=*6 list=LAN
/interface ovpn-server server
set auth=sha1,md5
/interface wireless cap
set bridge=bridgeLocal discovery-interfaces=bridgeLocal interfaces=\
    wlan1,wlan2
/ip address
add address=10.0.0.56 interface=wlan2 network=10.0.0.0
/ip dhcp-client
add interface=bridgeLocal
# DHCP client can not run on slave or passthrough interface!
add interface=wlan2
/ip dhcp-relay
add dhcp-server=10.0.0.1 disabled=no interface=bridgeLocal local-address=\
    10.0.0.88 name=Test
/ip dhcp-server network
add address=172.0.0.0/24 gateway=172.0.0.1 netmask=24
/ip dns
set servers=10.0.0.1
/ip firewall nat
# in/out-interface matcher not possible when interface (wlan2) is slave - use master instead (bridgeLocal)
add action=masquerade chain=srcnat out-interface=wlan2
/ip route
add disabled=yes dst-address=0.0.0.0/0 gateway=10.0.0.1
/routing bfd configuration
add disabled=no interfaces=all min-rx=200us min-tx=200us multiplier=5
/system identity
set name="MikroTik T"
/system note
set show-at-login=no

You don’t have a src-nat of masquerade on the LANs

Your setup of the masquerade failed … see this line in your post

in/out-interface matcher not possible when interface (wlan2) is slave - use master instead (bridgeLocal)

Hi,

I assume you want it all bridged so everything on the wired network can see everything connected to the wap
and visa versa. (Importantly I also assume the device the wAP is connected to via wlan2 is a Mikrotik device)

In this case, set the 5GHz interface on the wAP to Station Bridge Mode.
Probably set its wireless protocol to 802.11 (only)

Disable the dhcp client on wlan2 (the bridge should get its IP address)

That should be enough.
Though once working you might want to remove the dhcp relay.

It is doing bridging only, so most firewall rules (except input) probably won’t be doing anything.

I don’t know why but if I put it into station-bridge mode it fails to connect. It connects if in station mode but I can’t do bridging then. Both APs are from Mikrotik so I’m not sure why station-bridge is failing.

Any ideas?

There are two wireless drivers currently in use on mikrotik gear:

1. wireless - legacy driver which was available already in v6 and is supported by all devices except for newest (AX) gear
2. wifi / wifiwave2 - new driver which came with v7 and AX ger. Also supported by AC devices with ARM processor.

Any *-bridge mode only works when AP and station both run same generation of wireless drivers (either both running wireless or both running wifi/wifiwave2 drivers).
In addition, AP has to support ap-bridge mode … legacy wireless does it (default setting is ap-bridge), new wifi does it in newer versions (7.12 added station-bridge mode, it’s not clear when ap mode started support for 4-address mode, required for *-bridge modes).

You only posted config of AP … so also check main AP to verify that the whole setup conforms to the above limitations.

I have this exact case. The AP that would be a gateway is hAP ax2 and the AP that will connect to it is wAP.

So here we again hit the Mikrotik backwards compatibility wall…

What are my options now? I want to wirelessly connect both devices and i need that the clients connecting to wAP will be reachable from the main network and also have internet.

Can i use station-pseudobridge with extra routing?

Since 7.13beta, your wAP ac is compatible with new wifi driver: https://help.mikrotik.com/docs/display/ROS/WiFi#WiFi-Compatibility

So try to upgrade wAP ac to 7.13beta2 (should go smooth since you are already on 7.12), uninstall wireless package (it becomes a separate package after upgrade), install wifi-qcom-ac package (from extras) and … you should be able to use station-bridge (and get better performance on wAP ac). It’ll be tight on flash space, wifi-qcom-ac uses around 300kB more flash space than legacy wireless driver.

Or you can wait some more (I’m guessing a couple of weeks) for 7.13 stable release: some users are reporting memory leaks with 7.13beta, I have it running on my hAP ac2 and don’t experience memory leaks, but I’m running it without wireless drivers.

** Edit **

You can try station pseudo bridge It might work.

If it does, you shouldn’t need to do anything much else.

It seems that if you turn off rstp on the bridge (at both ends) this is more likely to work.
(But Station Pseudo bridge is a dodgy hack)

I just tested this and it works like a dream. Tnx!

Based on this great new feature can we also expect that in the not-so-distant future, we will be able to join wifiwave2 APs to the existing CAPsMAN that has legacy wireless APs?

AFAIK this is not forseen.

And, BTW, ability to run wifi (wave2) driver on some AC devices which previously wasn’t possible is not due to some elementary breakthrough, it’s rather result of introducing split wifi packages (essentials are still bundled in base ROS package, hardware drivers now come separate for ac hardware), which allows installation on devices with tiny flash storage. Actual hardware (e.g. IPQ401x SoC with wifi built-in) was supported from get go, but only devices with decent flash space (64MB+) could run it.