I recently setup a Routerboard as a primary access point connected via PoE to a Groove to connect to/amplify access points. I’m able to log in to both consoles for setup (after successfully using Quickset to config Groove in Router mode, with Auto Address acquisition). Further, I’m able to access it’s IP (for console/config) via the RouterBoard Wifi access (using assigned IP for Groove).
From the Groove, I can scan and connect to a known, good Wifi access point (actually a couple). But for some reason, once connected, the client (macbook) still cannot access the web. I also tried to access the Groove “Check for Updates” (under System/Packages) while connected and it was not able to reach the internet either to look for an update.
I’m sort of stuck trying to figure out what else to troubleshoot. Any help/guidance would be greatly appreciated.
A quick update to this: after working through a number of config changes, I still have the same issue:
Setup:
Mikrotik hAP with Groove AC connected to PoE (goal is to be able to grab / amplify wifi for local access).
hAP AP is setup, able to login, and config via: x.x.x.1
Groove boots successfully and am able to access it/config via hAP AP at: x.x.x.10[/list][/list]
From there, can successfully scan/connect Groove to different APs that are known/working.
However, when connected, I continue to get “cannot access internet”. And - when trying to update the Groove OS, the check for updates is not able to reach a server.
1.) any suggestions? I know enough to be dangerous… and am likely just overlooking something.
2.) any config guides out there (beyond what comes OOtB) that might help me troubleshoot?
Post your configuration for the Groove and router then someone will see your problem. Open “New Terminal” and enter /export file=yourfilename hide-sensitive . This file will appear in “Files” . Upload it to your computer, open it in a text editor and paste it in a post using code blocks http://forum.mikrotik.com/t/getting-the-most-out-of-this-forum/40983/1 This will save a lot of guessing about your problem.
Thank you @w32pamela for the pointers and suggestion to post config - much appreciated (and I should have thought of that - my bad). Here are my AP and Groove configs (note: searching the Wiki, I actually used the “export compact”. Hopefully this provides verbose enough detail for initial troubleshooting.) Again, I’m able to connect to Groove via the hAP. And, I’m able top connect to a known-good wifi AP from the Groove (and seem to see some broadcast traffic between the AP I’m connecting the Groove to and the Groove). But, I’m not able top access internet via the hAP.
Again, grateful for any tips/suggestions on what I might be missing.
thanks!
Here is the config for the hAP:
# jan/05/1970 00:36:42 by RouterOS 6.44.6
# software id = LI8D-72M0
#
# model = RB962UiGS-5HacT2HnT
# serial number = C5610B1DCD57
/interface bridge
add admin-mac=C4:AD:34:DD:E8:E3 auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX country="united states" disabled=no distance=indoors frequency=auto installation=indoor mode=ap-bridge ssid=<sanitized>-2GHz wireless-protocol=802.11
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-XXXX country="united states" disabled=no distance=indoors frequency=auto installation=indoor mode=ap-bridge ssid=<sanitized>-5GHz wireless-protocol=802.11
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=<sanitized> wpa2-pre-shared-key=<sanitized>
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=sfp1
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether2 network=192.168.88.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router.lan
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
I would use the Groove in CPE mode and the hAP in WISP AP mode.
First reset the Groove to factory default. Then insure the mode on Quickset is set to CPE. You should be able to use the Quickset to connect to an AP, browse the Internet and update the Groove when connected directly to it.
Next, reset the hAP to factory default. Then goto: IP> Firewall> Filter and disable all firewall rules (or at least the default drop rule for the chain=input). Now you can change the mode to WISP AP in Quickset. You may loose connection to the hAP, this is expected. Connect the Groove to the POE Out port of the hAP. If you left the IP setting on the hAP set to DHCP you should be able to find its IP on the Groove under: IP> DHCP-Server> Leases. You can make this lease static and then edit the IP to something more memorable like 192.168.88.2. A quick reboot of the hAP and you should be able to connect to it and update it. Then you can change the wireless settings using Quickset to your liking.
Normally making changes using Quickset after you make changes out side of it brakes things (the reason for resets), but in this case the script that is used for WISP AP is broken and will cause you to loose IP connectivity to the device if you don’t disable the firewall rules first…
Thanks WeWiNet and 2frogs. Really appreciate the help. I’m away from the gear but will have access tomorrow to make the changes. I’ll follow up with my results.
Regards
Jeff
Well, after many months unable to work on this, I’m reviving the thread with some progress made. Thanks @WeWiNet and @2frogs for the great guidance. I was able to get the Groove setup (in CPE mode) and the hAP (in WISP AP) mode. But, still having a few issues. Although the Groove is set and connected to a reliable/known Wifi AP and shows Tx/Rx, I’m not able to access the internet the Groove is connected to when plugged into the PoE port on the hAP I’m connected to.
Should the Groove be in Router or Bridge mode?
Should the Address Source be Any, Ethernet, or wLAN?
Anything else you might suggest I look into?
I think there may just be a detail or two I’m missing here. Fully admin I an NOT a networking/IP export so appreciate any guidance/assistance.