You are correct, and I thought about it. I combed through the menus but wasn’t readily able to figure out a proper solution. I’m not a beginner but am no more than moderately experienced. In my case, the Metals will only be used in flat networks on non-routable IPs instead of Ubiquiti Bullets, so I would be basically OK. I know this is basic, but can you suggest the change I need to make in the menu system to make this proper?
Interfaces → Interface List
I don’t know if it was somehow done by you or Quick Set, but in posted config and both supouts there’s this strange entry (supout from non-working device had it without disabled=yes, but it’s not important):
/interface list member add disabled=yes list=LAN
It’s invalid, because it doesn’t have interface. If you try to add this manually, it won’t work. I guess maybe Quick Set was trying to add the bridge there, but something failed and you ended with invalid entry and config that wouldn’t let you in.
If you are willing to experiment, you can try again, reset everything, then change mode in Quick Set, don’t do any manual modifications and look what happened there.
That’s what Quick Set gave me repeatedly with no manual intervention - any bridge setup with Quick Set was not usable. Manual intervention was necessary to work around the access problem caused by Quick Set. Were I to reset the config, I’d simply end up with an inaccessible device again. Quick Set can’t do a usable bridge config. This didn’t happen on the first Metal due to its lesser firewall action list. Here’s what Quick Set gave me on the first unit xxx30. Worked perfect in minutes right out of the box, at least for my purposes. I didn’t realize initially that the “RBMetal” xxx25 device was different from the first. This is “Metal” xxx30:
nov/01/2019 11:47:50 by RouterOS 6.45.6
software id = F39K-FFU1
model = Metal G-52SHPacn
serial number = A8080A257374
/interface bridge
add name=bridge1
/interface wireless
set [ find default-name=wlan1 ] antenna-gain=0 band=5ghz-a/n/ac disabled=no
frequency=5220 mode=ap-bridge ssid=gamonal wireless-protocol=802.11
/interface ethernet
set [ find default-name=ether1 ] speed=100Mbps
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=
dynamic-keys supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp ranges=192.168.1.10-192.168.1.254
/ip dhcp-server
add address-pool=dhcp interface=bridge1 name=defconf
/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=wlan1 learn=yes
/interface detect-internet
set detect-interface-list=WAN
/interface list member
add disabled=yes list=LAN
add interface=ether1 list=WAN
add interface=wlan1 list=LAN
/ip address
add address=192.168.1.30/24 comment=defconf interface=wlan1 network=192.168.1.0
/ip dhcp-client
add dhcp-options=hostname,clientid interface=ether1
/ip dhcp-server network
add address=192.168.1.0/24 comment=defconf gateway=192.168.1.30 netmask=24
/ip dns
set allow-remote-requests=yes servers=192.168.1.254
/ip dns static
add address=192.168.1.30 name=router.lan
/ip firewall filter
add action=accept chain=forward comment=“defconf: accept in ipsec policy”
ipsec-policy=in,ipsec
add action=accept chain=forward comment=“defconf: accept out ipsec policy”
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment=“defconf: fasttrack”
connection-state=established,related
add action=accept chain=forward comment=
“defconf: accept established,related, untracked” connection-state=
established,related,untracked
add action=drop chain=forward comment=“defconf: drop invalid” connection-state=
invalid
add action=drop chain=forward comment=
“defconf: drop all from WAN not DSTNATed” connection-nat-state=!dstnat
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment=“defconf: masquerade” disabled=yes
ipsec-policy=out,none out-interface-list=WAN
/ip route
add distance=1 gateway=192.168.1.254
/system clock
set time-zone-name=America/Los_Angeles
My problem is that neither MAC address or IP appears on the neighbour tabs, so i do not know what devices are in range. I inserted MAC address manually but winbox rejects the connection: Could not connect to Reason: could not connect. I think it is like the device is in range and rejects the connection (when not in range it shows request time out or something like that). I have all firewalls and interfaces not in use disabled. I cannot connect by Ip address because i was setting a system where the KNOT acts as a station pseudobridge, so interfaz wlan1 is not config yet.