Hap AX3 (CapsMan) + Hap AC2 (Reset to CAP mode). CAP unable to work as a switch and AP in the same time.

nette · June 11, 2025, 5:34pm

Hello,
I’m using Hap AX3 as a router and due to poor wifi coverage I decided to extend it by connecting Hap AC2 in CAP mode over ethernet (eth1 port). Provisioning works as expected and I was successful to connect with internet over CAP’s wifi.

Problem Description:
Whenever I try to connect any device over other CAP’s ethernet ports (eth2,3,4 or 5) the internet becomes no longer available on CAP’s wifi interfaces and following error starts to be populated in logs: ETHERTYPE 0x88bb. Long story short CAP seems to be unable to work as an AP and switch in the same time.

Desired Solution:
I would like to be able access the internet and LAN simultaneously on CAPs ethernet ports and wifi interfaces .

Setup details:

Latest firmware and ROS installed on both devices - 7.19.1
wifi-qcom and wifi-qcom ac packages installed
I have never tried this set up on previous versions of ROS.
For purpose of this set-up Hap AC2 was reset to CAP mode.

HAP AX3 CAPsman eth3 <————> eth1 CAP HAP AC2

Configuration details of both devices are listed below.

Thank you in advance for your help!

CAPsman Config:

2025-06-11 14:01:59 by RouterOS 7.19.1

software id = XDN8-0CBH

model = C53UiG+5HPaxD2HPaxD

serial number = xxxxxxxx

/interface bridge
add admin-mac=74:4D:28:61:00:39 auto-mac=no name=bridge1 port-cost-mode=short
/interface ethernet
set [ find default-name=ether1 ] advertise=“10M-baseT-half,10M-baseT-full,100M
-baseT-half,100M-baseT-full,1G-baseT-half,1G-baseT-full” comment=WAN-if
l2mtu=1598 mac-address=00:0C:42:43:B8:09
set [ find default-name=ether2 ] l2mtu=1598 mac-address=00:0C:42:43:B8:0A
set [ find default-name=ether3 ] comment=“p2p to device” l2mtu=1598 mac-address=
00:0C:42:43:B8:0B
set [ find default-name=ether4 ] comment=switch l2mtu=1598 mac-address=
74:4D:28:61:00:3B
set [ find default-name=ether5 ] l2mtu=1598 mac-address=74:4D:28:61:00:3C
/interface l2tp-client
add connect-to=nl.domainname.com disabled=no keepalive-timeout=30 mrru=
1600 name=ZPN user=username@domain.com
/interface pppoe-client
add add-default-route=yes comment=provider dial-on-demand=yes disabled=no
interface=ether1 name=pppoe-doe use-peer-dns=yes user=
JOHN.DOE
/interface wireguard
add listen-port=23680 mtu=1420 name=blablabla
/interface ethernet switch port
set 0 default-vlan-id=auto
set 1 default-vlan-id=auto
set 2 default-vlan-id=auto
set 3 default-vlan-id=auto
set 4 default-vlan-id=auto
set 5 default-vlan-id=auto
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
add exclude=dynamic name=discover
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wifi channel
add band=2ghz-ax disabled=no name=2G-AX width=20/40mhz
add band=2ghz-n disabled=no name=2G-N width=20/40mhz
add band=5ghz-ac disabled=no name=5G-AC skip-dfs-channels=all width=
20/40/80mhz
add band=5ghz-ax disabled=no name=5G-AX width=20/40/80/160mhz
/interface wifi security
add authentication-types=wpa2-psk,wpa3-psk disabled=no name=
“wifi”
/interface wifi configuration
add channel=2G-AX channel.frequency=2412,2437,2462 disabled=no mode=ap name=
“konfig 2,4 Ghz” security=“szyfrowanie wifi”
security.authentication-types=wpa2-psk,wpa3-psk ssid=network_name
add channel=5G-AC channel.frequency=
5180,5200,5220,5240,5745,5765,5785,5805,5825 disabled=no mode=ap name=
“konfig 5 Ghz” security=“wifi” security.authentication-types=
wpa2-psk,wpa3-psk ssid=network_name
/interface wifi
set [ find default-name=wifi2 ] channel.frequency=2412,2437,2462
configuration=“konfig 2,4 Ghz” configuration.mode=ap datapath.bridge=
bridge1 disabled=no name=“2,4 ghz - HAP AX3” security=“szyfrowanie wifi”
security.authentication-types=wpa2-psk,wpa3-psk .ft=no
set [ find default-name=wifi1 ] channel.frequency=
5180,5200,5220,5240,5745,5765,5785,5805,5825 configuration=“konfig 5 Ghz”
configuration.mode=ap datapath.bridge=bridge1 disabled=no name=
“5 ghz - HAP AX3” security=“szyfrowanie wifi”
security.authentication-types=wpa2-psk,wpa3-psk .ft=no

operated by CAP 192.168.4.18, traffic processing on CAP

add channel.band=2ghz-n .frequency=2412 .width=20/40mhz configuration=
“konfig 2,4 Ghz” configuration.mode=ap disabled=no name=
“CAP 2 Ghz HAP AC2” radio-mac=74:4D:28:61:00:3D security=
“wifi” security.authentication-types=wpa2-psk,wpa3-psk

operated by CAP 192.168.4.18, traffic processing on CAP

add channel.frequency=5180,5200,5220,5240,5745,5765,5785,5805,5825
configuration=“konfig 5 Ghz” configuration.mode=ap disabled=no name=
“CAP 5 Ghz HAP AC2” radio-mac=74:4D:28:61:00:3E
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-256-cbc
add enc-algorithms=aes-256-cbc name=l2tp-ipsec
/ip pool
add name=pool1 ranges=192.168.4.10-192.168.4.99
/ip dhcp-server
add address-pool=pool1 interface=bridge1 lease-time=15m name=server1DHCP
/ip smb users
set [ find default=yes ] disabled=yes
/queue type
add kind=sfq name=sfq
add kind=pfifo name=ovpn pfifo-limit=2500
/queue interface
set ether1 queue=ethernet-default
set ether2 queue=ethernet-default
set ether3 queue=ethernet-default
/queue tree
add max-limit=990M name=Download parent=global queue=default
add max-limit=990M name=Upload parent=global queue=default
add limit-at=10M max-limit=900M name=queue1 packet-mark=10_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue2 packet-mark=11_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue3 packet-mark=12_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue4 packet-mark=13_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue5 packet-mark=14_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue6 packet-mark=15_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue7 packet-mark=16_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue8 packet-mark=17_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue9 packet-mark=18_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue10 packet-mark=19_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue11 packet-mark=20_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue12 packet-mark=21_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue13 packet-mark=22_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue14 packet-mark=23_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue15 packet-mark=24_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue16 packet-mark=25_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue17 packet-mark=26_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue18 packet-mark=27_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue19 packet-mark=28_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue20 packet-mark=29_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue21 packet-mark=30_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue22 packet-mark=31_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue23 packet-mark=32_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue24 packet-mark=33_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue25 packet-mark=34_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue26 packet-mark=35_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue27 packet-mark=36_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue28 packet-mark=37_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue29 packet-mark=38_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue30 packet-mark=39_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue31 packet-mark=40_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue32 packet-mark=41_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue33 packet-mark=42_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue34 packet-mark=43_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue35 packet-mark=44_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue36 packet-mark=45_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue37 packet-mark=46_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue38 packet-mark=47_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue39 packet-mark=48_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue40 packet-mark=49_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue41 packet-mark=50_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue42 packet-mark=51_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue43 packet-mark=52_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue44 packet-mark=53_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue45 packet-mark=54_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue46 packet-mark=55_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue47 packet-mark=56_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue48 packet-mark=57_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue49 packet-mark=58_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue50 packet-mark=59_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue51 packet-mark=60_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue52 packet-mark=61_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue53 packet-mark=62_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue54 packet-mark=63_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue55 packet-mark=64_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue56 packet-mark=65_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue57 packet-mark=66_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue58 packet-mark=67_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue59 packet-mark=68_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue60 packet-mark=69_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue61 packet-mark=70_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue62 packet-mark=71_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue63 packet-mark=72_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue64 packet-mark=73_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue65 packet-mark=74_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue66 packet-mark=75_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue67 packet-mark=76_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue68 packet-mark=77_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue69 packet-mark=78_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue70 packet-mark=79_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue71 packet-mark=80_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue72 packet-mark=81_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue73 packet-mark=82_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue74 packet-mark=83_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue75 packet-mark=84_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue76 packet-mark=85_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue77 packet-mark=86_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue78 packet-mark=87_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue79 packet-mark=88_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue80 packet-mark=89_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue81 packet-mark=90_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue82 packet-mark=91_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue83 packet-mark=92_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue84 packet-mark=93_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue85 packet-mark=94_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue86 packet-mark=95_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue87 packet-mark=96_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue88 packet-mark=97_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue89 packet-mark=98_download parent=
Download priority=7 queue=sfq
add limit-at=10M max-limit=900M name=queue90 packet-mark=99_download parent=
Download priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue91 packet-mark=10_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue92 packet-mark=11_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue93 packet-mark=12_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue94 packet-mark=13_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue95 packet-mark=14_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue96 packet-mark=15_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue97 packet-mark=16_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue98 packet-mark=17_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue99 packet-mark=18_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue100 packet-mark=19_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue101 packet-mark=20_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue102 packet-mark=21_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue103 packet-mark=22_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue104 packet-mark=23_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue105 packet-mark=24_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue106 packet-mark=25_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue107 packet-mark=26_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue108 packet-mark=27_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue109 packet-mark=28_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue110 packet-mark=29_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue111 packet-mark=30_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue112 packet-mark=31_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue113 packet-mark=32_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue114 packet-mark=33_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue115 packet-mark=34_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue116 packet-mark=35_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue117 packet-mark=36_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue118 packet-mark=37_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue119 packet-mark=38_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue120 packet-mark=39_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue121 packet-mark=40_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue122 packet-mark=41_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue123 packet-mark=42_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue124 packet-mark=43_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue125 packet-mark=44_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue126 packet-mark=45_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue127 packet-mark=46_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue128 packet-mark=47_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue129 packet-mark=48_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue130 packet-mark=49_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue131 packet-mark=50_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue132 packet-mark=51_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue133 packet-mark=52_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue134 packet-mark=53_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue135 packet-mark=54_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue136 packet-mark=55_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue137 packet-mark=56_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue138 packet-mark=57_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue139 packet-mark=58_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue140 packet-mark=59_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue141 packet-mark=60_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue142 packet-mark=61_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue143 packet-mark=62_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue144 packet-mark=63_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue145 packet-mark=64_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue146 packet-mark=65_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue147 packet-mark=66_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue148 packet-mark=67_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue149 packet-mark=68_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue150 packet-mark=69_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue151 packet-mark=70_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue152 packet-mark=71_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue153 packet-mark=72_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue154 packet-mark=73_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue155 packet-mark=74_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue156 packet-mark=75_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue157 packet-mark=76_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue158 packet-mark=77_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue159 packet-mark=78_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue160 packet-mark=79_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue161 packet-mark=80_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue162 packet-mark=81_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue163 packet-mark=82_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue164 packet-mark=83_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue165 packet-mark=84_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue166 packet-mark=85_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue167 packet-mark=86_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue168 packet-mark=87_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue169 packet-mark=88_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue170 packet-mark=89_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue171 packet-mark=90_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue172 packet-mark=91_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue173 packet-mark=92_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue174 packet-mark=93_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue175 packet-mark=94_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue176 packet-mark=95_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue177 packet-mark=96_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue178 packet-mark=97_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue179 packet-mark=98_upload parent=
Upload priority=7 queue=sfq
add limit-at=5M max-limit=900M name=queue180 packet-mark=99_upload parent=
Upload priority=7 queue=sfq
/routing table
add disabled=no fib name=ZPN_table
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0
/system logging action
set 0 memory-lines=100
set 1 disk-file-name=flash/log disk-lines-per-file=100
/certificate settings
set builtin-trust-anchors=not-trusted
/interface bridge port
add bridge=bridge1 comment=defconf ingress-filtering=no interface=ether2
internal-path-cost=10 path-cost=10
add bridge=bridge1 comment=defconf ingress-filtering=no interface=ether3
internal-path-cost=10 path-cost=10
add bridge=bridge1 comment=defconf ingress-filtering=no interface=ether4
internal-path-cost=10 path-cost=10
add bridge=bridge1 comment=defconf ingress-filtering=no interface=ether5
internal-path-cost=10 path-cost=10
add bridge=bridge1 interface=“5 ghz - HAP AX3”
add bridge=bridge1 interface=“2,4 ghz - HAP AX3”
/ip firewall connection tracking
set udp-timeout=10s
/ip neighbor discovery-settings
set discover-interface-list=LAN
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface l2tp-server server
set authentication=mschap2 default-profile=*1 enabled=yes max-mru=1460
max-mtu=1460 use-ipsec=yes
/interface list member
add interface=bridge1 list=LAN
add interface=ether1 list=WAN
add interface=ether2 list=discover
add interface=ether3 list=discover
add interface=*9 list=discover
add interface=blablabla list=LAN
/interface wifi capsman
set ca-certificate=auto certificate=auto enabled=yes interfaces=bridge1
package-path=“” require-peer-certificate=no upgrade-policy=none
/interface wifi provisioning
add action=create-enabled disabled=no master-configuration=“konfig 2,4 Ghz”
supported-bands=2ghz-n
add action=create-enabled disabled=no master-configuration=“konfig 5 Ghz”
supported-bands=5ghz-ac
/interface wireguard peers
add allowed-address=192.168.238.2/32 client-address=192.168.238.2/32
client-dns=8.8.8.8,1.1.1.1 client-endpoint=x.x.x.x comment=
“device1” interface=blablabla name=peer1 private-key=
“xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=” public-key=
“xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=” responder=yes
add allowed-address=192.168.238.3/32 client-address=192.168.238.3/32
client-dns=8.8.8.8,1.1.1.1 client-endpoint=x.x.x.x comment=
“device2” interface=blablabla name=peer2 private-key=
“xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=” public-key=
“xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx” responder=yes
add allowed-address=192.168.238.4/32 client-address=192.168.238.4/32
client-dns=8.8.8.8,1.1.1.1 client-endpoint=x.x.x.x comment=
“device3” interface=blablabla name=peer3 private-key=
“xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=” public-key=
“xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=” responder=yes
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge1 network=
192.168.88.0
add address=192.168.4.1/24 interface=bridge1 network=192.168.4.0
add address=192.168.238.1/24 interface=blablabla network=192.168.238.0
/ip cloud
set ddns-enabled=yes ddns-update-interval=5m
/ip dhcp-client
add comment=defconf disabled=yes interface=ether1
/ip dhcp-server lease
add address=192.168.4.10 comment=name1 mac-address=A0:99:9B:05:64:EF server=
server1DHCP
add address=192.168.4.14 client-id=1:60:f4:45:cd:bb:4 comment=“name0”
mac-address=60:F4:45:CD:BB:04 server=server1DHCP
add address=192.168.4.15 comment=“name1” mac-address=94:44:44:FA:7D:4A
server=server1DHCP
add address=192.168.4.21 client-id=1:1c:91:48:a5:38:56 comment=
“name2” mac-address=1C:91:48:A5:38:56 server=server1DHCP
add address=192.168.4.2 client-id=1:0:b:6b:de:af:21 comment=name3
mac-address=00:0B:6B:DE:AF:21 server=server1DHCP
add address=192.168.4.27 client-id=1:b8:69:f4:82:bf:38 comment=“name4”
mac-address=B8:69:F4:82:BF:38 server=server1DHCP
add address=192.168.4.13 client-id=1:0:3:91:85:1:1 comment=“name5”
mac-address=00:03:91:85:01:01 server=server1DHCP use-src-mac=yes
add address=192.168.4.24 client-id=1:4c:5e:c:bf:c:44 comment=“name6”
mac-address=4C:5E:0C:BF:0C:44 server=server1DHCP
add address=192.168.4.11 comment=“box na gorze” mac-address=D0:27:24:01:37:8D
server=server1DHCP use-src-mac=yes
add address=192.168.4.23 client-id=1:d4:ca:6d:5f:6a:ab comment=name7
mac-address=D4:CA:6D:5F:6A:AB server=server1DHCP
add address=192.168.4.51 client-id=1:40:3f:8c:b1:32:f9 comment=
“name8” mac-address=40:3F:8C:B1:32:F9 server=server1DHCP
add address=192.168.4.29 client-id=1:60:a4:b7:49:30:ef comment=name9
mac-address=60:A4:B7:49:30:EF server=server1DHCP
add address=192.168.4.28 client-id=1:1c:fe:2b:0:e4:a8 comment=“name10”
mac-address=1C:FE:2B:00:E4:A8 server=server1DHCP
add address=192.168.4.18 client-id=1:74:4d:28:61:0:38 comment=“name11”
mac-address=74:4D:28:61:00:38 server=server1DHCP
add address=192.168.4.34 comment=“name12” mac-address=
30:58:90:AE:07:9E server=server1DHCP
/ip dhcp-server network
add address=192.168.4.0/24 dns-server=1.2.3.4,1.1.1.1 gateway=
192.168.4.1 netmask=24 ntp-server=5.5.4.4,91.210.128.220
wins-server=192.168.4.1
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes cache-size=4096KiB max-udp-packet-size=512
servers=1.3.5.7,8.8.8.8
/ip dns static
add address=192.168.88.1 name=router.lan type=A
/ip firewall address-list
add address=8.8.8.8 list=dns
add address=9.9.9.9 list=dns
/ip firewall filter
add action=accept chain=input comment=
“defconf: accept established,related,untracked” connection-state=
established,related,untracked
add action=drop chain=input comment=“defconf: drop invalid” connection-state=
invalid
add action=accept chain=input comment=“defconf: accept ICMP” protocol=icmp
add action=accept chain=input comment=winbox dst-port=8291 protocol=tcp
add action=accept chain=input comment=" wireguard ports" dst-port=23680
protocol=udp
add action=accept chain=input comment=webpanel dst-port=443 protocol=tcp
add action=accept chain=input comment=api dst-port=8729 protocol=tcp
add action=drop chain=input comment=“defconf: drop all not coming from LAN”
in-interface-list=!LAN
add action=fasttrack-connection chain=forward comment=“defconf: fasttrack”
connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=
“defconf: accept established,related, untracked” connection-state=
established,related,untracked
add action=drop chain=forward comment=“defconf: drop invalid”
connection-state=invalid
add action=accept chain=forward in-interface=bridge1 out-interface=pppoe-bor
src-address=192.168.4.0/24
add action=accept chain=forward out-interface=bridge1 src-address=10.0.9.0/24
add action=accept chain=forward in-interface=bridge1
add action=drop chain=forward comment=
“defconf: drop all from WAN not DSTNATed” connection-nat-state=!dstnat
connection-state=new in-interface-list=WAN
/ip firewall mangle
add action=mark-connection chain=prerouting new-connection-mark=ProtonVPN
src-address=192.168.4.11
add action=mark-connection chain=prerouting new-connection-mark=ProtonVPN
src-address=192.168.4.13
add action=mark-packet chain=postrouting dst-address=192.168.4.10
new-packet-mark=10_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.11
new-packet-mark=11_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.12
new-packet-mark=12_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.13
new-packet-mark=13_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.14
new-packet-mark=14_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.15
new-packet-mark=15_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.16
new-packet-mark=16_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.17
new-packet-mark=17_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.18
new-packet-mark=18_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.19
new-packet-mark=19_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.20
new-packet-mark=20_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.21
new-packet-mark=21_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.22
new-packet-mark=22_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.23
new-packet-mark=23_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.24
new-packet-mark=24_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.25
new-packet-mark=25_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.26
new-packet-mark=26_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.27
new-packet-mark=27_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.28
new-packet-mark=28_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.29
new-packet-mark=29_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.30
new-packet-mark=30_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.31
new-packet-mark=31_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.32
new-packet-mark=32_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.33
new-packet-mark=33_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.34
new-packet-mark=34_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.35
new-packet-mark=35_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.36
new-packet-mark=36_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.37
new-packet-mark=37_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.38
new-packet-mark=38_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.39
new-packet-mark=39_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.40
new-packet-mark=40_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.41
new-packet-mark=41_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.42
new-packet-mark=42_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.43
new-packet-mark=43_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.44
new-packet-mark=44_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.45
new-packet-mark=45_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.46
new-packet-mark=46_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.47
new-packet-mark=47_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.48
new-packet-mark=48_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.49
new-packet-mark=49_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.50
new-packet-mark=50_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.51
new-packet-mark=51_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.52
new-packet-mark=52_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.53
new-packet-mark=53_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.54
new-packet-mark=54_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.55
new-packet-mark=55_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.56
new-packet-mark=56_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.57
new-packet-mark=57_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.58
new-packet-mark=58_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.59
new-packet-mark=59_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.60
new-packet-mark=60_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.61
new-packet-mark=61_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.62
new-packet-mark=62_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.63
new-packet-mark=63_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.64
new-packet-mark=64_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.65
new-packet-mark=65_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.66
new-packet-mark=66_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.67
new-packet-mark=67_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.68
new-packet-mark=68_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.69
new-packet-mark=69_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.70
new-packet-mark=70_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.71
new-packet-mark=71_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.72
new-packet-mark=72_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.73
new-packet-mark=73_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.74
new-packet-mark=74_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.75
new-packet-mark=75_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.76
new-packet-mark=76_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.77
new-packet-mark=77_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.78
new-packet-mark=78_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.79
new-packet-mark=79_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.80
new-packet-mark=80_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.81
new-packet-mark=81_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.82
new-packet-mark=82_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.83
new-packet-mark=83_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.84
new-packet-mark=84_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.85
new-packet-mark=85_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.86
new-packet-mark=86_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.87
new-packet-mark=87_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.88
new-packet-mark=88_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.89
new-packet-mark=89_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.90
new-packet-mark=90_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.91
new-packet-mark=91_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.92
new-packet-mark=92_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.93
new-packet-mark=93_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.94
new-packet-mark=94_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.95
new-packet-mark=95_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.96
new-packet-mark=96_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.97
new-packet-mark=97_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.98
new-packet-mark=98_download passthrough=no
add action=mark-packet chain=postrouting dst-address=192.168.4.99
new-packet-mark=99_download passthrough=no
add action=mark-packet chain=prerouting new-packet-mark=10_upload
passthrough=no src-address=192.168.4.10
add action=mark-packet chain=prerouting new-packet-mark=11_upload
passthrough=no src-address=192.168.4.11
add action=mark-packet chain=prerouting new-packet-mark=12_upload
passthrough=no src-address=192.168.4.12
add action=mark-packet chain=prerouting new-packet-mark=13_upload
passthrough=no src-address=192.168.4.13
add action=mark-packet chain=prerouting new-packet-mark=14_upload
passthrough=no src-address=192.168.4.14
add action=mark-packet chain=prerouting new-packet-mark=15_upload
passthrough=no src-address=192.168.4.15
add action=mark-packet chain=prerouting new-packet-mark=16_upload
passthrough=no src-address=192.168.4.16
add action=mark-packet chain=prerouting new-packet-mark=17_upload
passthrough=no src-address=192.168.4.17
add action=mark-packet chain=prerouting new-packet-mark=18_upload
passthrough=no src-address=192.168.4.18
add action=mark-packet chain=prerouting new-packet-mark=19_upload
passthrough=no src-address=192.168.4.19
add action=mark-packet chain=prerouting new-packet-mark=20_upload
passthrough=no src-address=192.168.4.20
add action=mark-packet chain=prerouting new-packet-mark=21_upload
passthrough=no src-address=192.168.4.21
add action=mark-packet chain=prerouting new-packet-mark=22_upload
passthrough=no src-address=192.168.4.22
add action=mark-packet chain=prerouting new-packet-mark=23_upload
passthrough=no src-address=192.168.4.23
add action=mark-packet chain=prerouting new-packet-mark=24_upload
passthrough=no src-address=192.168.4.24
add action=mark-packet chain=prerouting new-packet-mark=25_upload
passthrough=no src-address=192.168.4.25
add action=mark-packet chain=prerouting new-packet-mark=26_upload
passthrough=no src-address=192.168.4.26
add action=mark-packet chain=prerouting new-packet-mark=27_upload
passthrough=no src-address=192.168.4.27
add action=mark-packet chain=prerouting new-packet-mark=28_upload
passthrough=no src-address=192.168.4.28
add action=mark-packet chain=prerouting new-packet-mark=29_upload
passthrough=no src-address=192.168.4.29
add action=mark-packet chain=prerouting new-packet-mark=30_upload
passthrough=no src-address=192.168.4.30
add action=mark-packet chain=prerouting new-packet-mark=31_upload
passthrough=no src-address=192.168.4.31
add action=mark-packet chain=prerouting new-packet-mark=32_upload
passthrough=no src-address=192.168.4.32
add action=mark-packet chain=prerouting new-packet-mark=33_upload
passthrough=no src-address=192.168.4.33
add action=mark-packet chain=prerouting new-packet-mark=34_upload
passthrough=no src-address=192.168.4.34
add action=mark-packet chain=prerouting new-packet-mark=35_upload
passthrough=no src-address=192.168.4.35
add action=mark-packet chain=prerouting new-packet-mark=36_upload
passthrough=no src-address=192.168.4.36
add action=mark-packet chain=prerouting new-packet-mark=37_upload
passthrough=no src-address=192.168.4.37
add action=mark-packet chain=prerouting new-packet-mark=38_upload
passthrough=no src-address=192.168.4.38
add action=mark-packet chain=prerouting new-packet-mark=39_upload
passthrough=no src-address=192.168.4.39
add action=mark-packet chain=prerouting new-packet-mark=40_upload
passthrough=no src-address=192.168.4.40
add action=mark-packet chain=prerouting new-packet-mark=41_upload
passthrough=no src-address=192.168.4.41
add action=mark-packet chain=prerouting new-packet-mark=42_upload
passthrough=no src-address=192.168.4.42
add action=mark-packet chain=prerouting new-packet-mark=43_upload
passthrough=no src-address=192.168.4.43
add action=mark-packet chain=prerouting new-packet-mark=44_upload
passthrough=no src-address=192.168.4.44
add action=mark-packet chain=prerouting new-packet-mark=45_upload
passthrough=no src-address=192.168.4.45
add action=mark-packet chain=prerouting new-packet-mark=46_upload
passthrough=no src-address=192.168.4.46
add action=mark-packet chain=prerouting new-packet-mark=47_upload
passthrough=no src-address=192.168.4.47
add action=mark-packet chain=prerouting new-packet-mark=48_upload
passthrough=no src-address=192.168.4.48
add action=mark-packet chain=prerouting new-packet-mark=49_upload
passthrough=no src-address=192.168.4.49
add action=mark-packet chain=prerouting new-packet-mark=50_upload
passthrough=no src-address=192.168.4.50
add action=mark-packet chain=prerouting new-packet-mark=51_upload
passthrough=no src-address=192.168.4.51
add action=mark-packet chain=prerouting new-packet-mark=52_upload
passthrough=no src-address=192.168.4.52
add action=mark-packet chain=prerouting new-packet-mark=53_upload
passthrough=no src-address=192.168.4.53
add action=mark-packet chain=prerouting new-packet-mark=54_upload
passthrough=no src-address=192.168.4.54
add action=mark-packet chain=prerouting new-packet-mark=55_upload
passthrough=no src-address=192.168.4.55
add action=mark-packet chain=prerouting new-packet-mark=56_upload
passthrough=no src-address=192.168.4.56
add action=mark-packet chain=prerouting new-packet-mark=57_upload
passthrough=no src-address=192.168.4.57
add action=mark-packet chain=prerouting new-packet-mark=58_upload
passthrough=no src-address=192.168.4.58
add action=mark-packet chain=prerouting new-packet-mark=59_upload
passthrough=no src-address=192.168.4.59
add action=mark-packet chain=prerouting new-packet-mark=60_upload
passthrough=no src-address=192.168.4.60
add action=mark-packet chain=prerouting new-packet-mark=61_upload
passthrough=no src-address=192.168.4.61
add action=mark-packet chain=prerouting new-packet-mark=62_upload
passthrough=no src-address=192.168.4.62
add action=mark-packet chain=prerouting new-packet-mark=63_upload
passthrough=no src-address=192.168.4.63
add action=mark-packet chain=prerouting new-packet-mark=64_upload
passthrough=no src-address=192.168.4.64
add action=mark-packet chain=prerouting new-packet-mark=65_upload
passthrough=no src-address=192.168.4.65
add action=mark-packet chain=prerouting new-packet-mark=66_upload
passthrough=no src-address=192.168.4.66
add action=mark-packet chain=prerouting new-packet-mark=67_upload
passthrough=no src-address=192.168.4.67
add action=mark-packet chain=prerouting new-packet-mark=68_upload
passthrough=no src-address=192.168.4.68
add action=mark-packet chain=prerouting new-packet-mark=69_upload
passthrough=no src-address=192.168.4.69
add action=mark-packet chain=prerouting new-packet-mark=70_upload
passthrough=no src-address=192.168.4.70
add action=mark-packet chain=prerouting new-packet-mark=71_upload
passthrough=no src-address=192.168.4.71
add action=mark-packet chain=prerouting new-packet-mark=72_upload
passthrough=no src-address=192.168.4.72
add action=mark-packet chain=prerouting new-packet-mark=73_upload
passthrough=no src-address=192.168.4.73
add action=mark-packet chain=prerouting new-packet-mark=74_upload
passthrough=no src-address=192.168.4.74
add action=mark-packet chain=prerouting new-packet-mark=75_upload
passthrough=no src-address=192.168.4.75
add action=mark-packet chain=prerouting new-packet-mark=76_upload
passthrough=no src-address=192.168.4.76
add action=mark-packet chain=prerouting new-packet-mark=77_upload
passthrough=no src-address=192.168.4.77
add action=mark-packet chain=prerouting new-packet-mark=78_upload
passthrough=no src-address=192.168.4.78
add action=mark-packet chain=prerouting new-packet-mark=79_upload
passthrough=no src-address=192.168.4.79
add action=mark-packet chain=prerouting new-packet-mark=80_upload
passthrough=no src-address=192.168.4.80
add action=mark-packet chain=prerouting new-packet-mark=81_upload
passthrough=no src-address=192.168.4.81
add action=mark-packet chain=prerouting new-packet-mark=82_upload
passthrough=no src-address=192.168.4.82
add action=mark-packet chain=prerouting new-packet-mark=83_upload
passthrough=no src-address=192.168.4.83
add action=mark-packet chain=prerouting new-packet-mark=84_upload
passthrough=no src-address=192.168.4.84
add action=mark-packet chain=prerouting new-packet-mark=85_upload
passthrough=no src-address=192.168.4.85
add action=mark-packet chain=prerouting new-packet-mark=86_upload
passthrough=no src-address=192.168.4.86
add action=mark-packet chain=prerouting new-packet-mark=87_upload
passthrough=no src-address=192.168.4.87
add action=mark-packet chain=prerouting new-packet-mark=88_upload
passthrough=no src-address=192.168.4.88
add action=mark-packet chain=prerouting new-packet-mark=89_upload
passthrough=no src-address=192.168.4.89
add action=mark-packet chain=prerouting new-packet-mark=90_upload
passthrough=no src-address=192.168.4.90
add action=mark-packet chain=prerouting new-packet-mark=91_upload
passthrough=no src-address=192.168.4.91
add action=mark-packet chain=prerouting new-packet-mark=92_upload
passthrough=no src-address=192.168.4.92
add action=mark-packet chain=prerouting new-packet-mark=93_upload
passthrough=no src-address=192.168.4.93
add action=mark-packet chain=prerouting new-packet-mark=94_upload
passthrough=no src-address=192.168.4.94
add action=mark-packet chain=prerouting new-packet-mark=95_upload
passthrough=no src-address=192.168.4.95
add action=mark-packet chain=prerouting new-packet-mark=96_upload
passthrough=no src-address=192.168.4.96
add action=mark-packet chain=prerouting new-packet-mark=97_upload
passthrough=no src-address=192.168.4.97
add action=mark-packet chain=prerouting new-packet-mark=98_upload
passthrough=no src-address=192.168.4.98
add action=mark-packet chain=prerouting new-packet-mark=99_upload
passthrough=no src-address=192.168.4.99
/ip firewall nat
add action=masquerade chain=srcnat comment=name1a out-interface=pppoe-bor
add action=masquerade chain=srcnat comment=ZPN out-interface=ZPN
add action=dst-nat chain=dstnat comment=“name2a” dst-port=8080
in-interface=pppoe-bor protocol=tcp to-addresses=192.168.4.24 to-ports=80
add action=dst-nat chain=dstnat comment=“name3a” dst-port=8082
in-interface=pppoe-bor protocol=tcp to-addresses=192.168.4.24 to-ports=
8291
add action=dst-nat chain=dstnat comment=“name4a” dst-port=8083
in-interface=pppoe-bor protocol=tcp to-addresses=192.168.4.23 to-ports=
8291
add action=dst-nat chain=dstnat comment=“name5a” dst-port=8122
in-interface=pppoe-bor protocol=tcp to-addresses=192.168.4.24 to-ports=
8122
/ip firewall service-port
set tftp disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
/ip ipsec mode-config
add address-pool=*3 name=cfg1 static-dns=8.8.8.8 system-dns=no
/ip ipsec policy
add dst-address=0.0.0.0/0 group=*3 proposal=*2 src-address=0.0.0.0/0
template=yes
/ip ipsec profile
set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5
/ip proxy
set cache-path=web-proxy1 max-cache-size=none parent-proxy=0.0.0.0
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=ZPN routing-table=
ZPN_table scope=30 suppress-hw-offload=no target-scope=10
add disabled=no distance=1 dst-address=192.168.238.0/24 gateway=blablabla
routing-table=ZPN_table scope=30 suppress-hw-offload=no target-scope=10
/ip service
set ftp disabled=yes
set ssh disabled=yes
set telnet disabled=yes
set www disabled=yes
set www-ssl certificate=cert1 disabled=no
set api disabled=yes
set api-ssl certificate=cert1
/ip smb shares
set [ find default=yes ] directory=/flash/pub
/ip upnp
set allow-disable-external-interface=yes
/ppp secret
add disabled=yes name=Marcin profile=*1 service=l2tp
/routing rule
add action=lookup-only-in-table disabled=no src-address=192.168.4.13 table=
ZPN_table
add action=lookup-only-in-table disabled=no src-address=192.168.4.11 table=
ZPN_table
/system clock
set time-zone-autodetect=no time-zone-name=Europe/Warsaw
/system clock manual
set time-zone=+01:00
/system identity
set name=MT
/system ntp client
set enabled=yes
/system ntp server
set enabled=yes
/system ntp client servers
add address=153.19.250.123
/system scheduler
add disabled=yes interval=5m name=schedule1 on-event=dyndns policy=
read,write,policy,test,sensitive start-date=1970-01-01 start-time=
00:00:00
add disabled=yes interval=15m name=neo_restart on-event=neo_restart policy=
read,write,policy,test,sensitive start-date=2016-07-04 start-time=
11:10:16
/system script
add dont-require-permissions=no name=dyndns owner=admin policy=
ftp,read,write,policy,test,password,sniff,sensitive source=“# Set needed v
ariables\r
\n:local username "xxxxxxxxxxx"\r
\n:local password "xxxxxxx"\r
\n:local hostname "xxxx.xxxx.xxx"\r
\n:local ddnsinterface "xx"\r
\n\r
\n:global dyndnsForce\r
\n:global previousIP\r
\n\r
\n:local currentIP [ /ip address get [/ip address find interface=$ddnsint
erface] address ]\r
\n:log info "UpdateDynDNS: currentIP = $currentIP"\r
\n\r
\n# Remove the # on next line to force an update every single time - usefu
l for debugging,\r
\n# but you could end up getting blacklisted by DynDNS!\r
\n\r
\n#:set dyndnsForce true\r
\n\r
\n# Determine if dyndns update is needed\r
\n\r
\n:if (($currentIP != $previousIP) || ($dyndnsForce = true)) do={\r
\n :set dyndnsForce false\r
\n :set previousIP $currentIP\r
\n /tool fetch user=$username password=$password mode=http address="
name.domain.org" \\r
\n src-path="/nic/update?hostname=$hostname&myip=$currentIP" ds
t-path="/dyndns.txt"\r
\n :local result [/file get dyndns.txt contents]\r
\n :log info ("UpdateDynDNS: Dyndns update needed")\r
\n :log info ("UpdateDynDNS: Dyndns Update Result: ".$result)\r
\n :put ("Dyndns Update Result: ".$result)\r
\n#} else={\r
\n# :log info ("UpdateDynDNS: No dyndns update needed")\r
\n}”
add dont-require-permissions=no name=marking_down owner=admin policy=
ftp,read,write,policy,test,password,sniff,sensitive source=“:for x from=10
_to=99 do={ /ip firewall mangle add chain=postrouting dst-address=("192.
168.4.$x" ) action=mark-packet new-packet-mark=( "$x_download") passt
hrough=no }”
add dont-require-permissions=no name=marking_up owner=admin policy=
ftp,read,write,policy,test,password,sniff,sensitive source=“:for x from=10
_to=99 do={ /ip firewall mangle add chain=prerouting src-address=("192.1
68.4.$x" ) action=mark-packet new-packet-mark=( "$x_upload" ) passthr
ough=no }”
add dont-require-permissions=yes name=neo_restart owner=admin policy=
ftp,read,write,policy,test,password,sniff,sensitive source=“:local int1 "
neo"; \r
\n:local ip1 "8.8.8.8";\r
\n\r
\n# check ip\r
\n:if ([/ping $ip1 count=5] = 0) do={\r
\n/interface pppoe-client disable $int1;\r
\ndelay delay-time=2;\r
\n/interface pppoe-client enable $int1;\r
\n:log error "Restart neo, no ping"\r
\n}”
add dont-require-permissions=no name=queues_down owner=piotr policy=
ftp,read,write,policy,test,password,sniff,sensitive source=“:for z from 10
_to 99 do={ /queue tree add parent=Download packet-mark=( "$z_download
") limit-at=10M queue=sfq priority=7 max-limit=900M }”
add dont-require-permissions=no name=queues_up owner=piotr policy=
ftp,read,write,policy,test,password,sniff,sensitive source=“:for b from 10
_to 99 do={ /queue tree add parent=Upload packet-mark=( "$b_upload" )
limit-at=5M queue=sfq priority=7 max-limit=900M }”
/system watchdog
set automatic-supout=no watchdog-timer=no
/tool graphing interface
add
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool sniffer
set filter-interface=bridge1 filter-ip-protocol=tcp filter-port=8122

CAP Config:

2025-06-11 13:57:09 by RouterOS 7.19.1

software id = P8JU-PC08

model = RBD52G-5HacD2HnD

serial number = xxxxxxxxxxxx

/interface bridge
add admin-mac=74:4D:28:61:00:38 auto-mac=no comment=defconf name=bridgeLocal
/interface wifi datapath
add bridge=bridgeLocal comment=defconf disabled=no name=capdp
/interface wifi

managed by CAPsMAN 74:4D:28:61:00:39%bridgeLocal, traffic processing on CAP

mode: AP, SSID: q6w6, channel: 2412/n/Ce

set [ find default-name=wifi1 ] configuration.manager=capsman datapath=capdp
disabled=no

managed by CAPsMAN 74:4D:28:61:00:39%bridgeLocal, traffic processing on CAP

mode: AP, SSID: q6w6, channel: 5180/ac/Ceee/I

set [ find default-name=wifi2 ] configuration.manager=capsman datapath=capdp
disabled=no
/interface bridge port
add bridge=bridgeLocal comment=defconf interface=ether1
add bridge=bridgeLocal comment=defconf interface=ether2
add bridge=bridgeLocal comment=defconf interface=ether3
add bridge=bridgeLocal comment=defconf interface=ether4
add bridge=bridgeLocal comment=defconf interface=ether5
/interface wifi cap
set discovery-interfaces=bridgeLocal enabled=yes slaves-datapath=capdp
/ip dhcp-client
add comment=defconf interface=bridgeLocal
/system clock
set time-zone-name=Europe/Warsaw

erlinden · June 12, 2025, 6:07am

I suspect it has something to do with MAC addresses, I just noticed:

74:4D:28:61:00:38 (hAP AC2)
74:4D:28:61:00:39 (hAP AX3)

Could it be that it was copied from the hAP AX3 (probably it’s ether1 port) en pasted to the hAP AC2?
If that is the case, just reset the hAP AC2 to CAPS Mode and everything should be fine again.

nette · June 12, 2025, 8:01am

Hello Erlinden,

Thank you for this hint. In fact I was using Hap AC2 as a router in the past and then I have upgraded it to Hap AX3 so I transferred the config from one device to another.
Since Hap AC2 had became spare I decided to use it as a CAP. It was already reset to CAP mode, so I suspect it is the other way around:
copied from the hAP AC2 (probably it’s ether1 port) en pasted to the hAP AX3.
I will investigate and will let know here afterwards.

erlinden · June 12, 2025, 8:30am

Aah…that would (also) explain the situation.
Good practice…when restoring to other device, don’t leave MAC addresses in.

holvoetn · June 12, 2025, 10:14am

BTW GOOD catch !! : hatsoff:

erlinden · June 12, 2025, 11:06am

nette · June 12, 2025, 3:07pm

I have changed the residual mac addresses on Hap AX3 to hardware ones and it did the trick - now everything works as it should.

Many thanks Erlinden and hats off - I owe you a big beer
Honestly I would never figure this out by myself.

The topic can be closed now.

erlinden · June 12, 2025, 7:55pm

No problem m8, everyone on the forum is willing to help. Glad it is solved, you can mark as solved on the reply that gave the solution.

patrikg · June 13, 2025, 8:33am

Hi, I’m very glad you solved the problem.

See the pictures below.
Where you click on the following places on the thread that solved your problem.

So the AI can take over and know what the problems are with the respective solution.

At board style: Canvas

At board style: prosilver