Help please

RouterOS General
1

Hi all.

I’m fresh new in here so will ask to understand me and apologies if I’m asking in the wrong place.

I have a Mikrotik RB4011iGS+ (call it the first router) and another hAP ac^2 (call it the second router)

since the first router does not have wireless, I want to connect the ether10 port of the first router to the ether1 port of the second router and pass the configurations from the first router to the second router through VLAN, in this way after I have configured the wireless the second router received the data for the network from the first router.

the configuration of the three wireless stations that will be configured in the second router are as follows:

Wireless 1, SSID 1Wireless, 2.4GHz, 192.168.1.1/24
Wireless 2, SSID 2Wireless, 2.4GHz, 192.168.2.1/24
Wireless 3, SSID 3Wireless, 5GHz, 192.168.3.1/24

can some one help me on realizing this ?

2

Must read (and it is great):

http://forum.mikrotik.com/t/using-routeros-to-vlan-your-network/126489/1

3

Thanks @erlinden, i give it a quick view… but I cant find any thing tha may help me one this problem right now… there is a lot of very useful information, but i need something right now, to fix this issue.

Thanks again

4

The second device is only acting as AP./switch, no DHCP required, no firewall rules required.
https://forum.mikrotik.com/viewtopic.php?t=182276

5

Yes, i know that, in fact i have try that but when i try to connect any device through wireless on the second mikrotik, the devide search for ip and didn’t get any. I tried with vlans but no success. When i go home, will post all configs i have done, maybe some one can understand better than my English in write, sorry for that

6

Good idea, post both configs
/export file=anynameyouwish ( minus router serial number and any public WANIP info) if vers 6 firmware add hide=sensitive.

7

All the described can be done with CAPSMAN.
I actually use 4011 + 3 routers (caps) like ac2 for wifi.
All caps automatically get the wireless settings.
All use different channels, etc…

8

Capsman should be avoided for new users or where there is no reason to do so. In this case there is no reason to do so and the OP can concentrate on how to setup vlans on a router and an AP, that is logical and clear to follow. Any router / AP that adds capsman doubles the amount of config required and the options for errors too, just dumb. There are some rare occasions where it makes sense, many APs and or some specific need to block wifi users from accessing wired users on SAME vlan.
Otherwise, I can set up a router and one ap or 3 aps in far less time than via capsman and it will work the first time as its clear and simple.
One can copy and past the AP config from one device to the other and basically only change the IP address assigned to the AP on the trusted network.

As for the OP getting locked out… Suggest, if you have an extra port on the router, to take a port off the bridge and use that for config or emergency access later if bridge hiccups.
https://forum.mikrotik.com/viewtopic.php?t=181718

I also use the unused port on my capacs for this purpose as well. On the bench so to speak I adjust the config via LAn2 port.
During physical installation of a cap, if the cap is not readily accessible and easy to attach an ethernet cable to LAN2 for emergency access, then I ensure two cables are run so that the LAN2 cable although not necessarily run back to the router or a patch panel switch is located in an area that can be readily accessed ( attache end of cable to laptop).

9

In general, mikrotik should be avoided for new users :slight_smile:
Today there are many friendly wifi systems that provide new users with capability of setting up mesh with couple of mouse clicks.

10

Thanks to you, and all who have replied.. here are my conf explained.

As I told you before, i have 2 Mikrotik routers, the first one RB4011iGS+ that has all the rules and the second one hAP ac^2 that I want to use for wireless.

At the first one I have added 3 Vlan’s on port 10:

VlanName: Wireless1 Vlanid: 10
VlanName: Wireless2 Vlanid: 20
VlanName: Wireless3 Vlanid: 30

At the first router i have some bridges because other ports, apart the ether10, are used for various networks for various purposes.

For Vlanid 10 and 20 I have a bridge for each one, only Vlanid 30 is in the same bridge with some other physical ports.

Bridges and interfaces:

Interface Wireless1 Bridge Wireless1
Interface Wireless2 Bridge Wireless2
Interface Wireless3 Bridge Pc_hardware


also I have created addresses for each one.

address: 192.168.1.1/24 Network: 192.168.1.0 Interface: Wireless1
address: 192.168.2.1/24 Network: 192.168.2.0 Interface: Wireless2
address: 192.168.3.1/24 Network: 192.168.3.0 Interface: Pc_hardware

This is all I have configured on router one RB4011iGS+.

This is the second router (hAP ac^2) that I’m using for wireless dispatch only.

/interface bridge
add name=bridge1 vlan-filtering=yes
/interface vlan
add interface=ether1 name=Wireless3 vlan-id=30
add interface=ether1 name=Wireless2 vlan-id=20
add interface=ether1 name=Wireless1 vlan-id=10
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk mode=dynamic-keys name=Wireless3 supplicant-identity=""
add authentication-types=wpa-psk,wpa2-psk mode=dynamic-keys name=Wireless1 supplicant-identity=""
add authentication-types=wpa-psk,wpa2-psk mode=dynamic-keys name="Wireless2" supplicant-identity=""
/interface wireless
set [ find default-name=wlan1 ] comment="Wifi 2.4GHz" country=albania disabled=no frequency=2452 installation=indoor mode=ap-bridge name="Wireless2" security-profile="Wireless2" ssid="Wireless2" vlan-id=20 vlan-mode=use-tag wps-mode=disabled
set [ find default-name=wlan2 ] band=5ghz-a/n/ac comment="5GHz Wireless Wireless3" country=albania disabled=no frequency=5580 installation=indoor mode=ap-bridge name="Wireless3 5GHz" security-profile=Wireless3 ssid=Wireless3 vlan-id=30 vlan-mode=use-tag wps-mode=disabled
add comment="Wifi 2.4GHz" disabled=no hide-ssid=yes keepalive-frames=disabled mac-address=xx:xx:xx:xx:xx:xx master-interface="Wireless2" multicast-buffering=disabled name=Wireless1 security-profile=Wireless1 ssid=Wireless1 vlan-id=10 vlan-mode=use-tag wds-cost-range=0 wds-default-cost=0 wps-mode=disabled
/interface wireless manual-tx-power-table
set "Wireless2" comment="Wifi 2.4GHz"
set "Wireless3 5GHz" comment="5GHz Wireless Wireless3"
set Wireless1 comment="Wifi 2.4GHz"
/interface wireless nstreme
set "Wireless2" comment="Wifi 2.4GHz
set "Wireless3 5GHz" comment="5GHz Wireless Wireless3"
set *E comment="Wifi 2.4GHz"
/interface bridge port
add bridge=bridge1 interface=Wireless3
add bridge=bridge1 interface=Wireless2
add bridge=bridge1 interface=Wireless1
/ip address
add address=192.168.1.2/24 interface=Wireless1 network=10.10.10.0
add address=192.168.2.2/24 interface="Wireless2" network=192.168.1.0
add address=1192.168.3.2/24 interface=Wireless3 network=192.168.34.0
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4

That’s all I have done…

11

Edited your post. Please make proper use of ptoper tags: quote for quote, code for code etc.

12

thanks ;')

13

Any one trying to understand what’s going wrong :disappointed_face: with my config. Plz if anyone can help will be a good hand for me. Also as i mentioned before l, i have tray Capsman, but as far as I understand it is for a wireless equiped router to be mananger. Hope someone help me with thiss mess. Thanks in advance.

14

Hi there again.

Finally I have fix the all thing. After reanalyzing all, the only thing that I have done wrong was to check the Vlan tag at the wireless AP on the second router and also to create a bridge for all instead of creating a bridge for each Vlan and wireless, all other configs were ok.

Again thanks to all who replied to my help request.