I’m at my whits end, and have been going in circles now. I have an RB3011 that I have configured to be my DHCP server. I have two wireless routers an hAP and wAP. Problems started two weeks ago when I added the hAP I screwed something up and now neither wireless router functions. I’ve pulled the wAP for now and am concentrating on getting the hAP to work. No sense going through all of the things I’ve tried. The current configuration is
All are running RouterOS 6.44.1
I have reset both the RB and hAP (Via WinBox > System > Reset Configuration > with No Default Configuration set)
Minimal configuration from here:
Added new administration user name and deleted admin
Disabled a bunch of services (telnet,ftp,www,api,api-ss)
On the RB3011 in Quick Set:
Selected Router
Address Acquition set to Automatic (from the Cable Modem)
Local Network
IP Address =192.168.88.1
DHCP Server & NAT Selected
DHCP Server Range = 192.168.88.10-192.168.88.254
On the hAP in Quick Set, Home AP Dual mode:
Set both SSIDs
Country = united states3
Set WiFi Password
Internet Address Acquisition set to Automatic
Local Network IP Address set to 192.168.88.1, mask 255.255.255.0(/24)
DHCP Server, NAT and UPnP not selected.
I can see the wireless clients connect to the hAP, then the log says they received disassoc; sending station leaving (8)
Devices connected directly to the RB3011 do get IP addresses (3 desktops, 2 servers & the hAP). So it looks like the DHCP server is working. The hAP looks like it is in bridge mode but no IP are being passed. RB3011
# apr/07/2019 09:52:49 by RouterOS 6.44.1
# software id = QSEQ-N8CZ
#
# model = RouterBOARD 3011UiAS
# serial number = 71A0065DE59E
/interface bridge add name=bridge1
/interface list add name=WAN
/interface list add name=LAN
/interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik
/ip pool add name=dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server add address-pool=dhcp disabled=no interface=bridge1 name=dhcp1
/interface bridge port add bridge=bridge1 interface=ether2
/interface bridge port add bridge=bridge1 interface=ether3
/interface bridge port add bridge=bridge1 interface=ether4
/interface bridge port add bridge=bridge1 interface=ether5
/interface bridge port add bridge=bridge1 interface=ether6
/interface bridge port add bridge=bridge1 interface=ether7
/interface bridge port add bridge=bridge1 interface=ether8
/interface bridge port add bridge=bridge1 interface=ether9
/interface bridge port add bridge=bridge1 interface=ether10
/interface bridge port add bridge=bridge1 interface=sfp1
/interface list member add interface=ether1 list=WAN
/interface list member add list=LAN
/interface list member add interface=bridge1 list=LAN
/ip address add address=192.168.88.1/24 interface=ether2 network=192.168.88.0
/ip dhcp-client add dhcp-options=hostname,clientid disabled=no interface=ether1
/ip dhcp-server network add address=192.168.88.0/24 gateway=192.168.88.1 netmask=24
/ip firewall nat add action=masquerade chain=srcnat out-interface-list=WAN
/ip service set telnet disabled=yes
/ip service set ftp disabled=yes
/ip service set www disabled=yes
/ip service set ssh port=2200
/ip service set api disabled=yes
/ip service set api-ssl disabled=yes
/system clock set time-zone-name=America/Los_Angeles
/system identity set name="MikroTik RB3011"
/tool mac-server set allowed-interface-list=none
hAP
# jan/02/1970 00:08:39 by RouterOS 6.44.1
# software id = EWNV-K0BF
#
# model = RBD52G-5HacD2HnD
# serial number = A97A092ACFA8
/interface bridge add name=bridge1
/interface wireless set [ find default-name=wlan1 ] country="united states3" disabled=no mode=ap-bridge ssid=Bree_IoT wireless-protocol=802.11
/interface wireless set [ find default-name=wlan2 ] country="united states3" disabled=no mode=ap-bridge ssid=MikroTik wireless-protocol=802.11
/interface list add name=WAN
/interface list add name=LAN
/interface wireless security-profiles set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=xxxxxxxx wpa2-pre-shared-key=xxxxxxxx
/interface bridge port add bridge=bridge1 interface=wlan2
/interface bridge port add bridge=bridge1 disabled=yes interface=ether1
/interface bridge port add bridge=bridge1 interface=ether2
/interface bridge port add bridge=bridge1 interface=ether3
/interface bridge port add bridge=bridge1 interface=ether4
/interface bridge port add bridge=bridge1 interface=ether5
/interface bridge port add bridge=bridge1 interface=wlan1
/interface list member add interface=ether2 list=LAN
/interface list member add interface=ether3 list=LAN
/interface list member add interface=ether4 list=LAN
/interface list member add interface=ether5 list=LAN
/interface list member add interface=wlan1 list=LAN
/interface list member add interface=ether1 list=WAN
/interface list member add interface=bridge1 list=LAN
/ip address add address=192.168.88.1/24 interface=ether2 network=192.168.88.0
/ip dhcp-client add dhcp-options=hostname,clientid disabled=no interface=ether1
/ip service set telnet disabled=yes
/ip service set ftp disabled=yes
/ip service set www disabled=yes
/ip service set ssh port=2200
/ip service set api disabled=yes
/ip service set api-ssl disabled=yes
On both the hAP and wAP, use WISP AP from quickset after reset from no-default. After you configure the wireless, select Mode=Bridge, Address Acquisition=Automatic, Bridge All LAN Ports=yes and hit apply. After a couple seconds hit Apply again and it should now have IP from your RB3011. You can now also use all ethernet ports.
I do hope you added at least the default firewall rules or equivalent, back on your RB3011.
So here is the sad thing. The only changes I made since my Original Post was I added the firewall rules and other settings that I noted in the previous message. All of a sudden the various wireless devices are showing up on the DHCP Server Leases list. So which of these made things work? And why?
/tool mac-server set allowed-interface-list=none
/tool mac-server ping set enabled=no
/ip neighbor discovery-settings set discover-interface-list=LAN
/tool bandwidth-server set enabled=no
/ip dns set allow-remote-requests=no
/ip proxy set enabled=no
/ip socks set enabled=no
/ip upnp set enabled=no
/ip cloud set ddns-enabled=no update-time=no
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
add action=accept chain=input comment="default configuration" \
connection-state=established,related
add action=accept chain=input src-address-list=allowed_to_router
add action=accept chain=input protocol=icmp
add action=drop chain=input
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN