guest don't work

hi,

i’m new on mikrotik.

I’ve tried to created a double acces point, one private for me with acces to my home local network and one public for guests with only internet acces.
The public wifi work well but i can’t make working the public wifi, it can’t acces to internet.

i’ve a mikrotik cap lite connected an a lan port of my internet router (192.168.1.254)

My configuration is :

wisp ap - bridge - address acquisition = automatic - ip adress = 192.168.1.73 - gateway = 192.168.1.254
wireless private - wlan1 - ssid = private - bridge mode = enabled - mode = apbridge - wpa2 security.

For the guest wifi :
wlan2 - arp = enabled - mode = ap bridge - master interface = wlan1 - wmm support = disabled - wds mode = disabled
ip / addresses = 20.20.20.0/24 - 20.20.20.0 - interface = wlan2
ip / pool - dhcp_pool4 = 20.20.20.20-20.20.20.154
ip / firewall / nat - src adress = 20.20.20.0/24 - out interface = bridge - srcnat - masquerade

ip / dhcp server - name = dhcp1 - adress pool = dhcp_pool4 - authoritative=yes
→ in the up left side of the screen it is write : ‘invalid’ and the line is in grey.
ip / routes - wlan2 unreachable

I can’t see there is a problem but i don’t undertand it.

could you help me ?

regards

philippe

i add my export compact :

/interface bridge
add admin-mac=B8:69:F4:2E:6A:D6 auto-mac=no comment=defconf name=bridge

/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce disabled=no distance=indoors frequency=auto mode=ap-bridge ssid=prive wireless-protocol=802.11
add disabled=no keepalive-frames=disabled mac-address=BA:69:F4:2E:6A:D8 master-interface=wlan1 multicast-buffering=disabled name=wlan2 ssid=wlan2 wds-cost-range=0 wds-default-bridge=
bridge wds-default-cost=0 wps-mode=disabled

/interface list
add name=WAN
add name=LAN

/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=xxxxxxxx wpa2-pre-shared-key=serena13
add authentication-types=wpa-psk,wpa2-psk management-protection=allowed mode=dynamic-keys name=guest supplicant-identity=MikroTik wpa-pre-shared-key=serena13 wpa2-pre-shared-key=serena13

/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot

/ip pool
add name=dhcp_pool4 ranges=20.20.20.2-20.20.20.254

/ip dhcp-server
add address-pool=dhcp_pool4 disabled=no interface=wlan2 name=dhcp1

/interface bridge port
add bridge=bridge comment=defconf hw=no interface=ether1
add bridge=bridge comment=defconf interface=wlan1

/interface detect-internet
set detect-interface-list=all

/interface list member
add interface=ether1 list=WAN
add interface=wlan1 list=LAN

/ip address
add address=20.20.20.0/24 interface=wlan2 network=20.20.20.0

/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=bridge

/ip dhcp-server network
add address=20.20.20.0/24 dns-server=8.8.8.8 domain=serena.org gateway=20.20.20.1

/ip firewall nat
add action=masquerade chain=srcnat out-interface=bridge src-address=20.20.20.0/24

Interface list LAN: You only have WLAN 1 there, need to also add WLAN 2 if you use interface list somewhere else.

Do NAT / masquerade on the out interface (LAN port ?) or out interface list (WAN) instead of bridge.

report back if that changed anything.

Your export is not complete, I see no routes printed for instance

i’ve add a route and now all is ok. Tanks you for your help.

wan2’s address is not really regular: 20.20.20.0/24 is network address and should not be assigned to any device.

As OP is running DHCP client on bridge, default route should be dynamically configured by that … and will not be seen in export (only in /ip route print). Other routes are not needed.