hAP lite - connection problems

Lenael · November 25, 2018, 9:22am

Hi all,

recently I bought MikroTik hAP lite TC RB941-2nD-TC AP. I tried to set up an ordinary Wireless AP client connection like this:

I have one DHCP server on TP-Link router. I finally managed to do it, but network performance through Mikrotik is really poor. On cable I had 80Mb/s - through Mikrotik I have 2Mb/s. Additionally, I can’t connect to my TP-Link through the internet browser. Network disk on FTP is also unavailable. I tried connecting my PC directly to TP-Link via lan cable and all problems were gone so it looks like I screw something.
I know that this could be a silly problem, but could you please look at my configuration and see if there are some basic errors?
RouterBOARD 941-2nD - Firmware: 6.43.4

/interface bridge
add name=bridge1
/interface ethernet
set [ find default-name=ether1 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full mac-address=\
    CC:2D:E0:6E:9A:56
set [ find default-name=ether2 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full mac-address=\
    CC:2D:E0:6E:9A:57
set [ find default-name=ether3 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full mac-address=\
    CC:2D:E0:6E:9A:58
set [ find default-name=ether4 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full mac-address=\
    CC:2D:E0:6E:9A:59
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk eap-methods="" management-protection=allowed \
    mode=dynamic-keys name=secprof supplicant-identity=""
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n country=poland disabled=no \
    frequency=2437 security-profile=secprof ssid=XXXXX wireless-protocol=\
    802.11 wps-mode=disabled
/ip pool
add name=dhcp ranges=192.168.1.1-192.168.1.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge1 name=dhcp1
/interface bridge port
add bridge=bridge1 interface=wlan1
add bridge=bridge1 disabled=yes interface=ether1
add bridge=bridge1 hw=no interface=ether2
add bridge=bridge1 hw=no interface=ether3
add bridge=bridge1 hw=no interface=ether4
/ip address
add address=192.168.1.2/24 interface=ether2 network=192.168.1.0
/ip dhcp-client
add add-default-route=no dhcp-options=hostname,clientid disabled=no interface=\
    ether1
/ip dhcp-relay
add dhcp-server=192.168.1.1 disabled=no interface=bridge1 name=relay1
/ip dhcp-server network
add address=192.168.1.0/24 gateway=192.168.1.2 netmask=24
/ip dns
set allow-remote-requests=yes servers=192.168.1.1
/ip dns static
add address=192.168.1.1 name=tplink_archer
/ip firewall filter
add action=accept chain=input disabled=yes protocol=icmp
add action=accept chain=input connection-state=established disabled=yes
add action=accept chain=input connection-state=related disabled=yes
add action=drop chain=input disabled=yes in-interface=ether1
/ip firewall nat
add action=masquerade chain=srcnat disabled=yes dst-address=192.168.1.0/24 \
    out-interface=bridge1
add action=masquerade chain=srcnat out-interface=bridge1
add action=accept chain=srcnat disabled=yes out-interface=bridge1
/ip route
add distance=1 gateway=192.168.1.1
add disabled=yes distance=1 gateway=192.168.1.1
add disabled=yes distance=1 dst-address=192.168.1.0/24 gateway=192.168.1.1 \
    scope=10
/system clock
set time-zone-name=Europe/Warsaw
/system identity
set name=AP_Bedroom
/system routerboard settings
set silent-boot=no

Thank you!

mkx · November 25, 2018, 2:12pm

There are a few problematic things in your setup (from the most important to the least important ones):

from the configuration export it is not visible (you can sheck using /interface wireless print), but likely the WiFi mode is not correct. For your use case it should be set to mode=station-bridge and even this does not guarantee good performance (see next bullet)
WiFi was not standradized with your particular use case in mind. Meaning that standard wireless frames lack one additional MAC field in the header which in turn means that AP (hAP lite in your case) has a hard time to determine where (to which wired client) to forward the just received wireless frame (WiFi MAC header contains MAC of original sender (usually router’s or server’s MAC address), MAC of AP and MAC of wireless station). To get over this limitation, many of AP vendors implemented proprietory extensions but those don’t work between different vendors. Also WPS offers solution to this problem.
In short: the setup you have (TP-Link on one side, Mikrotik on the other side) might work, but it will be far from optimal.
switch off all firewall and NAT rules on Mikrotik, remove all routing rules (static routes) as well. All devices are members of same L2 domain after all.
you still have DHCP server on your Mikrotik active. You should definitiely disable it so that it doesn’t interfer with DHCP server running on TP-Link.
Configuring static addresses on the equipment that connects to hAP lite is the way forward, keep sticking to it even for WIndows laptop (for ethernet interface at least). Due to problem, described in my first two bullets, only single device on hAP lite’s side can receive DHCP assigned address …
I don’t think you need DHCP-relay active. AFAIK one needs DHCP-relay if real DHCP server is in different L2 domain while both L2 domains are bridged by particular mikrotik. In this case DHCP-relay forwards DHCP requests and answers between both L2 domains. In your case, with wlan and ethernet ports on hAP lite bridged, all belong to the same L2 domain

sid5632 · November 25, 2018, 2:21pm

Get rid of the TP-Link and use another Mikrotik.
The IP address on ether2 should be on bridge1.
Get rid of the dhcp-client on ether1.

Ariful01 · November 25, 2018, 3:04pm

I would like to know whether Mikrotik metal 2shpn will work as a station mode and access point at the same time ?