Correct, although would I set up the WIFI from the 5009 then? The problem with that is when I have gone in to check any settings for WIFI, and because it does not naturally have WIFI, then it does not have the same quick setup, options, nor shows the WIFI channels like the WIFI router does. I want to make sure that the wapax itself handles the WIFI settings. The router board will handle all vlan and the WIFI router device itself would be isolated to one vlan. Referring back to my previous diagrams, My only change to / I forgot to have it in the diagram is that the wapax will be on a vlan too, vlan60 to be precise. The most I would have the wapax handle for vlan would be “vlan601” to further isolate the guest IOT network but the wapax already performs some degree of isolating the individual WIFI networks.
However, I am not at the stage to set up any vlans as I need all my internet working first before it makes any sense for me to begin that process. What I need help with is why when the 5009 and the wapax are connected it shows the WIFI channels on the wapax but none are active nor show up in available WIFI network list for any of my devices.
Based on the configuration I have provided I need some help understanding if there is something else I need to do on the 5009 to pass along internet capability to the wapax or if there is something I need to enable or turn on for the wapax for it to broadcast the WIFI networks much like I had to change its DNS and DHCP server information to avoid ethernet network issues.
Where would the setting be for putting it into AP/Switch mode and when in this mode can it still be the device to manage / handle the WIFI network settings.
Courtesy of a friend I have been able to address the incorrect DNS and IPv4 ethernet address collision issues I was encountering when I would turn on a device with both routers turned on, so that part of the problem puzzle is already solved.
This same friend has also mentioned it could be a CAPsMAN related issue based on the config output from the WIFI router where it states that the WIFI channels have no capsman connections. Could this be what I need to change or enable in relation to the 5009?
Thanks.
No the 5009 need not have any wifi settings. It runs the vlans, on the wifi device we associate the wlans to the vlans via / interface bridge port/bridge vlan
So I NEED to set up a vlan first before the 5009 can register the wlan? That doesn’t seem right. I’m just trying to understand how to get the wapax to broadcast the wifi1…wifi4 wlan instances.
Where do I go to set the wapax into AP mode like you were mentioning?
I keep asking to keep vlans out of this until the internet access is up and running in all regards, wired or wireless, as I want to keep things to one step / learning at a time.
I went in and set the wifi1..wifi4 to “capsman or local” and after that it began to broadcast the 5ghz, 2ghz and the guest iot networks.
I can connect to them on my devices but they have no internet access.
I feel like I am getting closer but still confused on how to fix this.
Should I consider doing a modem reboot for it to fully grab both routers?
The ARP list of the wapax shows the phone that I have connected to the wifi interface. It shows as reachable on the router.
I see some small traffic on the wapax router to the wifi2 that has the 5ghz channel.
When I click WPS accept on the router quick configuration it is able to start / states “OK” now.
But the phone is getting no internet.
No worries, do what you want, I will be assisting others that are more compliant.
One can easily setup all the WIFI and SSIDs, without the vlans as the last step in the connecting the dots is done on /interface bridge port and /interface bridge vlan.
However you wont have any traffic flowing but you should be able to see SSIDSs at least.
I am happy to be compliant, I have provided configurations and I am attempted to do what is asked or recommended but I am newer to IT and networking.
I’m just trying to take things one step at a time in order to not get myself confused and trying to understand what is required compared to what is additional in the task of wireless internet access setup.
Along with playing around with settings in the meantime of responses to both learn and see what progress I can make.
I’m merely asking if VLAN is necessary at this point in time in order to achieve internet traffic to the wifi / wireless lan.
I do not believe I have done anything with SSIDs yet either.
I’m just asking for what the steps or next step is for allowing the wapax to have internet access from the 5009.
Or if not steps then at least explanations in what you are trying to have me set up for the router itself.
Such as where I would go to put the entire wapax router into switch/ap mode as I am unsure where that is located. Wifi1…Wifi4 already show as “ap” so unsure if it is already in such a mode or not.
DHCP should be disabled on the wapax but I still need to feed it the DHCP from my primary router correct? And the same with DNS? OPr once I switch modes it should disable by default? If I put the wifi router into bridge mode is that the same as switch/ap mode then?
For example “wifi device we associate the wlans to the vlans via / interface bridge port/bridge vlan”
Could you provide additional context or details in relation to which of the router devices you are saying this is set up for.
Do I set up the wlan on the 5009 or the wapax side? I need to check if the wapax already has a wlan configuration correct? I understand the vlan itself should be on the 5009 side but then at which level do I attach the wlan to the vlan? Just by assigning the eth6 port with the wifi router to a vlan?
What do I need to set up on the 5009 side vs what I need to set up on the wapax side?
I moved to using the second ethernet port on the wapax and disabled the DHCP server from it entirely and my devices now have internet access through WIFI.
I will now proceed with additional hardening, firewall rules, and look into setting up vlans.
I wanted to wait on vlan for it to be the next step I learn and to apply it to one of my ethernet connected devices first before I go applying it to WIFI as I figure the former will be easier as a first time learning vlan setup.
Thanks to everyone who replied for your help.
Were you using quick setup on both devices? While this might work to some degree, it is not the best approach, especially when both units are fighting on who is the router in the house…
Correct, it was both my first time setting up my own Modem + Router(s) and I was pretty unaware of how things would work and conflict.
The primary fix was a combination of the following:
First, I moved the ethernet from using the wapax’s 2.5G + POE port to using the secondary ethernet port. This put the wapax into switch mode as the 2.5 was trying to function as a WAN.
Second, I turning the DHCP entirely off rather than having it turned on but rather than running its own I had it pointed at the router boards DHCP.
Finally, as I did not have any CAPSMAN set up I had to set it to “CAPSMAN or local”.
This allowed for internet to start passing through to my devices over Wi-Fi. Initially two desktop computers and two phones.
However, The Wi-Fi is still spotty. I had turned only the wapax off last night for general security purposes since I still have hardening and firewalls to add to it, apart from the 5009 already having all of that set up. When I turned the wapax back on this morning I found that my computers connect to it no issue while my phones sometimes connect with or without internet
Additionally, the 2.4GHz bandwidth used for home security and the GUEST IOT device network is often crashing or has no internet.
I am going to check channel number usage and network standard settings enabled (802.11 variants) for all broadcasts to ensure they are proper.
I plan to work on setting up a proper CAPsMAN configuration as the next step and have been forwarded guides for that process. I believe this will help.
If anyone has additional settings to increase stability or any insight on what might be causing only phones to connect without internet that would be appreciated. I may first have the setup forget all phone devices and then try rebooting the full modem + 5009 routerboard + wapax turned smart switch ap to see if that fixes any internet passing to phones issue too as it did once yesterday.
The reason I was being “un-compliant” about vlan setup is because I would rather have the Wi-Fi fully or partially working rather than not working at all before setting up my first vlan period let alone for a device acting as a smart switch with Wi-Fi. The thought process here was that doing otherwise adds additional layers of uncertainty and learning simultaneously.
Additionally, this weekend I will be attempting to do my first ever vlan for one of the groups of ethernet connected devices, this way I can learn that process in preparation for the Wi-Fi’s vlan.
I don’t see a reason to complicate with Capsman, for one AP.
To be honest, I tried Mikrotik wifi for many many years but I was not entirely happy with it. Since moving to TP-Link AP, uptime has been amazing, almost to the point I forgot about them. And they do VLANs just fine as well.
If you would of reset the AX to no default configuration, create one bridge with both ports and radios, then it does not matter where you connect the cable. Firewall on the AP makes no sense if you ask me. Set the AP bridge with a manual IP address, outside of the 5009 DHCP range, let say the range 192.168.x.100 - 192.168.x.200, and AP to be 192.168.x.2 for example. Set a route to point as gateway to the 5009 LAN IP, destination address 0.0.0.0/0. You can set a static DNS and then the AP should have itself access to internet.
Apply VLANs later on, when you get to grips with Mikrotik. Read around here see how it goes.
You are correct. I was reading over the CAPSMAN guides and it seems needlessly complex or excessive when only using a single additional Wi-Fi router as a smart switch ap. It would be more optimal if I was running multiple Wi-Fi access points, say for a business. Nonetheless, I will likely save my current settings and look into how it works at some point for the purpose of learning.
I will do the same of exporting my current settings before I look into doing the process you have described. Once again for the purpose of learning.
However, neither are a priority and both may be unnecessary as I have made more setup progress.
I have managed to get the Wi-Fi to co-operate quite well where all of my phones, smart devices (home security system), and the other IOT devices (smart outlets and temperature monitors) have been able to connect to my 5Ghz, 2Ghz, and a Slave 2GHz networks respectively. I plan to set up a Slave 5Ghz network for guests to use so that I do not have to hand out my primary 5Ghz password to family, friends, or otherwise.
The exception being that my primary phone, which has data access, will often drop off of the 5Ghz and then have a DHCP validation error and can connect but with no internet. When this has happened to other devices it is typically when switching between the 5Ghz and 2Ghz networks to set up more IOT devices on the IOT Guest as the phone used for setup must be on the same Wi-Fi at the time for the IOT device to establish. However, for other devices I can always easily fix by rebooting that device or simply restarting the routers but this fix never works for my primary phone.
I will be working on setting up a vlan for the previously mentioned 4x Ubuntu 16 units that are on one unmanaged switch.
I will likely not respond unless some insight as to what is going on with my primary SIM card phone is provided or if I end up requiring some vlan help but I have multiple guides to follow and should be good.
Once again thank you for your time and assistance!