Long identyfing network in Win

Hi, I have really weird problem with my home network.

I have RB2011 configured as router and 2x hAP ac2 configured just as switches.
And it would seem that everything is ok because when I connect my devices (notebook, PC etc) to one of the switches, I get IP address and access to internet BUT the problem is that it takes a long time. I see Ethernet Identifying for approximatly 30 seconds.

However when I connect my PC directly to RB2011 it works perfectly and I get IP Address immediately.

Do you have any ideas what is the cause?



EDIT: (added configurations)



Switch export output:

# 2023-11-17 18:22:10 by RouterOS 7.11.2
# software id = GILK-XLQ8
#
# model = RBD52G-5HacD2HnD
# serial number = A97709F1AB4C
/interface bridge
add name=br_lan protocol-mode=stp
/interface wireless
# managed by CAPsMAN
# channel: 2412/20-Ce/gn(17dBm), SSID: Mikrotikus-vacuum, CAPsMAN forwarding
set [ find default-name=wlan1 ] ssid=MikroTik
# managed by CAPsMAN
# channel: 5640/20-eCee/ac/DP(24dBm), SSID: Mikrotikus, CAPsMAN forwarding
set [ find default-name=wlan2 ] ssid=MikroTik
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/interface bridge port
add bridge=br_lan interface=ether1
add bridge=br_lan interface=ether2
add bridge=br_lan interface=ether3
add bridge=br_lan interface=ether4
add bridge=br_lan interface=ether5
/interface ovpn-server server
set auth=sha1,md5
/interface wireless cap
# 
set certificate=request discovery-interfaces=ether1 enabled=yes interfaces=\
    wlan1,wlan2
/ip dhcp-client
add interface=br_lan
/system clock
set time-zone-name=Europe/Warsaw
/system identity
set name=cap2
/system note
set show-at-login=no

Router export output:

# 2023-11-17 18:30:09 by RouterOS 7.11.2
# software id = TGGM-B9HH
#
# model = RB2011UiAS-2HnD
# serial number = 444A02CD946F
/caps-man channel
add band=5ghz-a/n/ac control-channel-width=20mhz frequency=5180,5200,5220,5240,5745 name=channel2
add band=2ghz-g/n control-channel-width=20mhz frequency=2412,2437,2462 name=channel2.4
/interface bridge
add name=br_lan protocol-mode=none
/interface ethernet
set [ find default-name=ether1 ] comment=WAN
set [ find default-name=ether2 ] comment=SALON1
set [ find default-name=ether3 ] comment=SALON2
set [ find default-name=ether4 ] comment=GABINET1
set [ find default-name=ether5 ] comment="NIE DZIALA Z JAKIEGOS POWODU"
set [ find default-name=ether6 ] comment=GABINET2
set [ find default-name=sfp1 ] disabled=yes
/caps-man datapath
add bridge=br_lan client-to-client-forwarding=yes local-forwarding=no name=datapath1
/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm name=security1
/caps-man configuration
add country=poland datapath=datapath1 mode=ap name=cfg1 rx-chains=0,1,2,3 security=security1 ssid=Mikrotikus tx-chains=0,1,2,3
add channel=channel2.4 country=poland datapath=datapath1 mode=ap name=cfg2 rx-chains=0,1,2,3 security=security1 ssid=Mikrotikus-vacuum tx-chains=0,1,2,3
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk eap-methods="" mode=dynamic-keys name=dom supplicant-identity=""
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-g/n basic-rates-b="" channel-width=20/40mhz-eC country=poland frequency=2472 installation=indoor mode=ap-bridge name=WIFI rate-set=configured security-profile=dom ssid=Mikrotikus station-roaming=enabled \
    supported-rates-b="" tx-power-mode=all-rates-fixed wireless-protocol=802.11 wps-mode=disabled
/ip pool
add name=pool_lan ranges=192.168.50.100-192.168.50.254
add name=pool_wlan ranges=192.168.60.2-192.168.60.254
add name=pool_vpn ranges=10.0.0.100-10.0.0.255
/ip dhcp-server
add address-pool=pool_lan interface=br_lan lease-time=10m name=dhcp_lan
/port
set 0 name=serial0
/ppp profile
add change-tcp-mss=yes dns-server=8.8.8.8 local-address=10.0.0.1 name=ipsec_vpn remote-address=pool_vpn use-encryption=yes
/routing bgp template
set default disabled=no output.network=bgp-networks
/routing ospf instance
add disabled=no name=default-v2
/routing ospf area
add disabled=yes instance=default-v2 name=backbone-v2
/caps-man manager
set ca-certificate=auto certificate=auto enabled=yes
/caps-man provisioning
add action=create-dynamic-enabled hw-supported-modes=gn master-configuration=cfg2 name-format=identity
add action=create-dynamic-enabled master-configuration=cfg1 name-format=identity
/interface bridge port
add bridge=br_lan ingress-filtering=no interface=ether2
add bridge=br_lan ingress-filtering=no interface=ether3
add bridge=br_lan ingress-filtering=no interface=ether4
add bridge=br_lan ingress-filtering=no interface=ether5
add bridge=br_lan ingress-filtering=no interface=ether6
add bridge=br_lan ingress-filtering=no interface=ether9
add bridge=br_lan ingress-filtering=no interface=ether10
add bridge=br_lan ingress-filtering=no interface=ether7
add bridge=br_lan ingress-filtering=no interface=ether8
/interface bridge settings
set use-ip-firewall-for-vlan=yes
/ip firewall connection tracking
set loose-tcp-tracking=no
/ip neighbor discovery-settings
set discover-interface-list=dynamic
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface l2tp-server server
set authentication=mschap2 default-profile=ipsec_vpn enabled=yes use-ipsec=yes
/interface ovpn-server server
set auth=sha1,md5
/interface wireless access-list
add comment="Mi Mix 2s" mac-address=F4:60:E2:E4:B0:0C
add comment=Mi9 mac-address=A8:9C:ED:E4:71:00
add comment="Laptop Asus" mac-address=AC:7B:A1:B4:C2:47
add comment="Laptop Thinkpad" mac-address=8C:C6:81:F4:8B:3E
add authentication=no forwarding=no
/ip address
add address=192.168.50.1/24 interface=br_lan network=192.168.50.0
/ip dhcp-client
add interface=ether1
/ip dhcp-server lease
add address=192.168.50.10 client-id=1:70:85:c2:89:99:dd comment=PC mac-address=70:85:C2:89:99:DD server=dhcp_lan
add address=192.168.50.241 client-id=1:0:4:30:b1:b4:47 comment="Dekoder Netia" mac-address=00:04:30:B1:B4:47 server=dhcp_lan
add address=192.168.50.240 client-id=1:0:d9:d1:d8:44:81 comment=PS4 mac-address=00:D9:D1:D8:44:81 server=dhcp_lan
add address=192.168.50.196 client-id=1:2c:ff:65:fc:1b:7a comment="DRUKARKA OKI" mac-address=2C:FF:65:FC:1B:7A server=dhcp_lan
add address=192.168.50.2 client-id=1:b8:69:f4:8a:61:78 comment="CAP SALON" mac-address=B8:69:F4:8A:61:78 server=dhcp_lan
add address=192.168.50.3 client-id=1:b8:69:f4:8a:60:22 comment="CAP GABINET" mac-address=B8:69:F4:8A:60:22 server=dhcp_lan
/ip dhcp-server network
add address=192.168.50.0/24 dns-server=192.168.50.1 gateway=192.168.50.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,1.1.1.1
/ip firewall address-list
add address=192.168.50.0/24 list=LAN
add address=192.168.60.0/24 list=WLAN
/ip firewall filter
add action=accept chain=forward comment="Accept established and related" connection-state=established,related
add action=accept chain=forward comment="Accept LAN" in-interface=br_lan out-interface=ether1 src-address-list=LAN
add action=accept chain=forward comment="Accept VPN" disabled=yes out-interface=ether1 src-address=10.0.0.0/24
add action=accept chain=forward comment="Accept port forwarding" connection-nat-state=dstnat disabled=yes
add action=drop chain=forward comment="Drop rest"
add action=accept chain=output comment="Accept output"
add action=accept chain=input comment="VPN IPSec" disabled=yes in-interface=ether1 protocol=ipsec-esp
add action=accept chain=input comment="VPN IPSec" disabled=yes dst-port=500,1701,4500 protocol=udp
add action=accept chain=input comment="Acceot CAP" dst-port=5246,5247 protocol=udp
add action=accept chain=input comment="Accept established and related" connection-state=established,related
add action=accept chain=input comment="Accept icmp" protocol=icmp
add action=accept chain=input comment="Accept DNS from LAN" connection-state=new dst-address=192.168.50.1 dst-port=53 in-interface=br_lan protocol=udp src-address=192.168.50.0/24
add action=accept chain=input comment="Accept winbox from LAN" connection-state=new dst-address=192.168.50.1 dst-port=8291 in-interface=br_lan protocol=tcp src-address=192.168.50.0/24
add action=drop chain=input comment="Drop rest"
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1 src-address=192.168.50.0/24
add action=masquerade chain=srcnat out-interface=ether1 src-address=192.168.60.0/24
add action=masquerade chain=srcnat out-interface=ether1 src-address=10.0.0.0/24
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip ssh
set forwarding-enabled=remote
/lcd
set default-screen=interfaces enabled=no touch-screen=disabled
/ppp secret
add name=michal profile=ipsec_vpn service=l2tp
/routing bfd configuration
add disabled=no interfaces=all min-rx=200ms min-tx=200ms multiplier=5
/system clock
set time-zone-name=Europe/Warsaw
/system note
set show-at-login=no
/system routerboard settings
# Firmware upgraded successfully, please reboot for changes to take effect!
set auto-upgrade=yes
/tool mac-server
set allowed-interface-list=none
/tool mac-server mac-winbox
set allowed-interface-list=none
/tool mac-server ping
set enabled=no

Any ideas?

You may have misconfigured one of the devices…
Unfortunately, my ouiji board is out for servicing…

(again)

From the vehicles repairer:

• Why doesn’t my car start?

• Where is the car to be checked?

• I left it at home…

Why can’t you understand that to get help you have to show how the device is configured, without the forum users having to retype it every time?
What’s so difficult to understand that if you don’t show the configuration of the apparatus, we aren’t fortune tellers???
Do an /export of the devices and explain everything better.

You didn’t hookup the spark plugs?
No gas in the car.
Dont know how to use the key? Its a push button stewpid…
…
…
…

Thanks for the answer, I am already pasting the configuration of both the router and switches.
But I think the example with the car mechanic is wrong Because when I explain the symptoms to the mechanic, he is usually able to tell me the probable cause if he has encountered a similar problem. And that’s what I expected here too .
Anyway:

Switch export output:

# 2023-11-17 18:22:10 by RouterOS 7.11.2
# software id = GILK-XLQ8
#
# model = RBD52G-5HacD2HnD
# serial number = A97709F1AB4C
/interface bridge
add name=br_lan protocol-mode=stp
/interface wireless
# managed by CAPsMAN
# channel: 2412/20-Ce/gn(17dBm), SSID: Mikrotikus-vacuum, CAPsMAN forwarding
set [ find default-name=wlan1 ] ssid=MikroTik
# managed by CAPsMAN
# channel: 5640/20-eCee/ac/DP(24dBm), SSID: Mikrotikus, CAPsMAN forwarding
set [ find default-name=wlan2 ] ssid=MikroTik
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/interface bridge port
add bridge=br_lan interface=ether1
add bridge=br_lan interface=ether2
add bridge=br_lan interface=ether3
add bridge=br_lan interface=ether4
add bridge=br_lan interface=ether5
/interface ovpn-server server
set auth=sha1,md5
/interface wireless cap
# 
set certificate=request discovery-interfaces=ether1 enabled=yes interfaces=\
    wlan1,wlan2
/ip dhcp-client
add interface=br_lan
/system clock
set time-zone-name=Europe/Warsaw
/system identity
set name=cap2
/system note
set show-at-login=no

Router export output:

# 2023-11-17 18:30:09 by RouterOS 7.11.2
# software id = TGGM-B9HH
#
# model = RB2011UiAS-2HnD
# serial number = 444A02CD946F
/caps-man channel
add band=5ghz-a/n/ac control-channel-width=20mhz frequency=5180,5200,5220,5240,5745 name=channel2
add band=2ghz-g/n control-channel-width=20mhz frequency=2412,2437,2462 name=channel2.4
/interface bridge
add name=br_lan protocol-mode=none
/interface ethernet
set [ find default-name=ether1 ] comment=WAN
set [ find default-name=ether2 ] comment=SALON1
set [ find default-name=ether3 ] comment=SALON2
set [ find default-name=ether4 ] comment=GABINET1
set [ find default-name=ether5 ] comment="NIE DZIALA Z JAKIEGOS POWODU"
set [ find default-name=ether6 ] comment=GABINET2
set [ find default-name=sfp1 ] disabled=yes
/caps-man datapath
add bridge=br_lan client-to-client-forwarding=yes local-forwarding=no name=datapath1
/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm name=security1
/caps-man configuration
add country=poland datapath=datapath1 mode=ap name=cfg1 rx-chains=0,1,2,3 security=security1 ssid=Mikrotikus tx-chains=0,1,2,3
add channel=channel2.4 country=poland datapath=datapath1 mode=ap name=cfg2 rx-chains=0,1,2,3 security=security1 ssid=Mikrotikus-vacuum tx-chains=0,1,2,3
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk eap-methods="" mode=dynamic-keys name=dom supplicant-identity=""
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-g/n basic-rates-b="" channel-width=20/40mhz-eC country=poland frequency=2472 installation=indoor mode=ap-bridge name=WIFI rate-set=configured security-profile=dom ssid=Mikrotikus station-roaming=enabled \
    supported-rates-b="" tx-power-mode=all-rates-fixed wireless-protocol=802.11 wps-mode=disabled
/ip pool
add name=pool_lan ranges=192.168.50.100-192.168.50.254
add name=pool_wlan ranges=192.168.60.2-192.168.60.254
add name=pool_vpn ranges=10.0.0.100-10.0.0.255
/ip dhcp-server
add address-pool=pool_lan interface=br_lan lease-time=10m name=dhcp_lan
/port
set 0 name=serial0
/ppp profile
add change-tcp-mss=yes dns-server=8.8.8.8 local-address=10.0.0.1 name=ipsec_vpn remote-address=pool_vpn use-encryption=yes
/routing bgp template
set default disabled=no output.network=bgp-networks
/routing ospf instance
add disabled=no name=default-v2
/routing ospf area
add disabled=yes instance=default-v2 name=backbone-v2
/caps-man manager
set ca-certificate=auto certificate=auto enabled=yes
/caps-man provisioning
add action=create-dynamic-enabled hw-supported-modes=gn master-configuration=cfg2 name-format=identity
add action=create-dynamic-enabled master-configuration=cfg1 name-format=identity
/interface bridge port
add bridge=br_lan ingress-filtering=no interface=ether2
add bridge=br_lan ingress-filtering=no interface=ether3
add bridge=br_lan ingress-filtering=no interface=ether4
add bridge=br_lan ingress-filtering=no interface=ether5
add bridge=br_lan ingress-filtering=no interface=ether6
add bridge=br_lan ingress-filtering=no interface=ether9
add bridge=br_lan ingress-filtering=no interface=ether10
add bridge=br_lan ingress-filtering=no interface=ether7
add bridge=br_lan ingress-filtering=no interface=ether8
/interface bridge settings
set use-ip-firewall-for-vlan=yes
/ip firewall connection tracking
set loose-tcp-tracking=no
/ip neighbor discovery-settings
set discover-interface-list=dynamic
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface l2tp-server server
set authentication=mschap2 default-profile=ipsec_vpn enabled=yes use-ipsec=yes
/interface ovpn-server server
set auth=sha1,md5
/interface wireless access-list
add comment="Mi Mix 2s" mac-address=F4:60:E2:E4:B0:0C
add comment=Mi9 mac-address=A8:9C:ED:E4:71:00
add comment="Laptop Asus" mac-address=AC:7B:A1:B4:C2:47
add comment="Laptop Thinkpad" mac-address=8C:C6:81:F4:8B:3E
add authentication=no forwarding=no
/ip address
add address=192.168.50.1/24 interface=br_lan network=192.168.50.0
/ip dhcp-client
add interface=ether1
/ip dhcp-server lease
add address=192.168.50.10 client-id=1:70:85:c2:89:99:dd comment=PC mac-address=70:85:C2:89:99:DD server=dhcp_lan
add address=192.168.50.241 client-id=1:0:4:30:b1:b4:47 comment="Dekoder Netia" mac-address=00:04:30:B1:B4:47 server=dhcp_lan
add address=192.168.50.240 client-id=1:0:d9:d1:d8:44:81 comment=PS4 mac-address=00:D9:D1:D8:44:81 server=dhcp_lan
add address=192.168.50.196 client-id=1:2c:ff:65:fc:1b:7a comment="DRUKARKA OKI" mac-address=2C:FF:65:FC:1B:7A server=dhcp_lan
add address=192.168.50.2 client-id=1:b8:69:f4:8a:61:78 comment="CAP SALON" mac-address=B8:69:F4:8A:61:78 server=dhcp_lan
add address=192.168.50.3 client-id=1:b8:69:f4:8a:60:22 comment="CAP GABINET" mac-address=B8:69:F4:8A:60:22 server=dhcp_lan
/ip dhcp-server network
add address=192.168.50.0/24 dns-server=192.168.50.1 gateway=192.168.50.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,1.1.1.1
/ip firewall address-list
add address=192.168.50.0/24 list=LAN
add address=192.168.60.0/24 list=WLAN
/ip firewall filter
add action=accept chain=forward comment="Accept established and related" connection-state=established,related
add action=accept chain=forward comment="Accept LAN" in-interface=br_lan out-interface=ether1 src-address-list=LAN
add action=accept chain=forward comment="Accept VPN" disabled=yes out-interface=ether1 src-address=10.0.0.0/24
add action=accept chain=forward comment="Accept port forwarding" connection-nat-state=dstnat disabled=yes
add action=drop chain=forward comment="Drop rest"
add action=accept chain=output comment="Accept output"
add action=accept chain=input comment="VPN IPSec" disabled=yes in-interface=ether1 protocol=ipsec-esp
add action=accept chain=input comment="VPN IPSec" disabled=yes dst-port=500,1701,4500 protocol=udp
add action=accept chain=input comment="Acceot CAP" dst-port=5246,5247 protocol=udp
add action=accept chain=input comment="Accept established and related" connection-state=established,related
add action=accept chain=input comment="Accept icmp" protocol=icmp
add action=accept chain=input comment="Accept DNS from LAN" connection-state=new dst-address=192.168.50.1 dst-port=53 in-interface=br_lan protocol=udp src-address=192.168.50.0/24
add action=accept chain=input comment="Accept winbox from LAN" connection-state=new dst-address=192.168.50.1 dst-port=8291 in-interface=br_lan protocol=tcp src-address=192.168.50.0/24
add action=drop chain=input comment="Drop rest"
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1 src-address=192.168.50.0/24
add action=masquerade chain=srcnat out-interface=ether1 src-address=192.168.60.0/24
add action=masquerade chain=srcnat out-interface=ether1 src-address=10.0.0.0/24
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip ssh
set forwarding-enabled=remote
/lcd
set default-screen=interfaces enabled=no touch-screen=disabled
/ppp secret
add name=michal profile=ipsec_vpn service=l2tp
/routing bfd configuration
add disabled=no interfaces=all min-rx=200ms min-tx=200ms multiplier=5
/system clock
set time-zone-name=Europe/Warsaw
/system note
set show-at-login=no
/system routerboard settings
# Firmware upgraded successfully, please reboot for changes to take effect!
set auto-upgrade=yes
/tool mac-server
set allowed-interface-list=none
/tool mac-server mac-winbox
set allowed-interface-list=none
/tool mac-server ping
set enabled=no

Thank you in advance for any answers

Hi,

I think you are supposed to remove some of the information on your export.

My guess is it’s the stp enabled on the hap ac2’s.
rstp is a lot quicker, (and can skip steps)

Without a “meshed” network or a total messed up network, Id suggest to disabled STP completely.
Sometimes this settings breaks someting else. I always wonder why MT has enabled this by default…

As rplant says, this could be STP: the configurations are very vanilla and most is default, meaning you get the default blocking time of 30s.

Try this on one of the hAP and sees if it makes things better:

/interface bridge set [find name=br_lan] protocol-mode=rstp

Guys, you are just great!

The RSTP setting works great, but I noticed that it is even better (at least in terms of speed) is to completely disable STP, just set it to “None”.

But, how do you think, is it a good solution to disable STP at all? What exactly is STP?

https://en.wikipedia.org/wiki/Spanning_Tree_Protocol