I’ve got an RB4011 as my main office router, setup fine, all working. I then have a cAP ac wireless access point I want to use to give Staff access and a HotSpot that authenticates against a Radius server.
I’ve had an RB4011 with WiFi integrated working with this same setup, but getting this non-wifi RB4011 and the cAP ac to do the same is proving difficult. Below is my export of config.
What I’ve done is configure the staff wifi to operate as a bridge to the DHCP server on RB4011, then I used the DHCP server on the cAP to give my pool to the hotspot. So my staff wifi works fine, connects, gets and IP from the RB4011 and has internet.
The HotSpot wifi connects, gets and IP address from the 2.1 pool, but doesn’t have internet. It does come up with the login page for the hotspot, but once logged in, still no internet.
Here is my config for the cAP ac, any clues what I’m missing?
# feb/28/2020 16:16:26 by RouterOS 6.43.16
# software id = VD59-56PR
#
# model = RBcAPGi-5acD2nD
# serial number = B87B0ACC0691
/interface bridge
add admin-mac=74:4D:28:AB:15:94 auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
disabled=no distance=indoors frequency=auto mode=ap-bridge ssid=\
"Grover Hill Staff Wifi " wireless-protocol=802.11
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
20/40/80mhz-XXXX disabled=no distance=indoors frequency=auto mode=\
ap-bridge ssid="Grover Hill Staff Wifi 5g" wireless-protocol=802.11
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys \
supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk eap-methods="" \
management-protection=allowed name="Patron Wifi" supplicant-identity=""
/interface wireless
add disabled=no keepalive-frames=disabled mac-address=76:4D:28:AB:15:96 \
master-interface=wlan1 multicast-buffering=disabled name="Patron Wifi" \
security-profile="Patron Wifi" ssid="Patron Wifi" wds-cost-range=0 \
wds-default-cost=0 wps-mode=disabled
/ip hotspot profile
set [ find default=yes ] dns-name=login.com hotspot-address=192.168.2.1 \
html-directory=flash/hotspot login-by=https,http-pap
/ip pool
add name=dhcp ranges=192.168.2.2-192.168.2.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface="Patron Wifi" name=dhcp1
/ip hotspot
add address-pool=dhcp disabled=no idle-timeout=none interface="Patron Wifi" \
name="Patron Wifi"
/interface bridge port
add bridge=bridge comment=defconf interface=ether1
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
/interface list member
add interface=ether1 list=WAN
add interface=bridge list=LAN
/ip address
add address=192.168.2.1/24 interface="Patron Wifi" network=192.168.2.0
add address=192.168.1.252/24 interface=ether1 network=192.168.1.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=\
bridge
/ip dhcp-relay
add dhcp-server=192.168.1.1 disabled=no interface=wlan1 name=relay1
add dhcp-server=192.168.1.1 disabled=no interface=wlan2 name=relay2
/ip dhcp-server network
add address=192.168.2.0/24 dns-server=208.67.222.222 gateway=192.168.1.1 \
netmask=24
/ip dns
set allow-remote-requests=yes servers=208.67.222.222,208.67.220.220
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat out-interface-list=WAN
/ip hotspot user
add name=admin
/ip route
add distance=1 dst-address=192.168.1.0/24 gateway=192.168.1.1
add check-gateway=ping distance=1 dst-address=192.168.2.0/24 gateway=\
192.168.1.1
/system clock
set time-zone-name=America/New_York
/system identity
set name="Grover Hill Wifi"
/system routerboard mode-button
set enabled=yes on-event=dark-mode
/system script
add comment=defconf dont-require-permissions=no name=dark-mode owner=*sys \
policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
source="\r\
\n :if ([system leds settings get all-leds-off] = \"never\") do={\r\
\n /system leds settings set all-leds-off=immediate \r\
\n } else={\r\
\n /system leds settings set all-leds-off=never \r\
\n }\r\
\n "