I have a mAP lite configured extremely simply (see config below). My home network is an RB5009 main router, UniFi switches, and UniFi U7 Pro XGS APs. Everything else on my network is fine. The issue is that the mAP lite just doesn't appear on the Wi-Fi network, except from the router itself.
Ping from router: always works
Ping from any other device on the network: never works
Ping from any other device on the network after having pinged that other device from the mAP lite: always works (for as long as the arp entry exists)
So I've deduced a) that the mAP lite isn't seeing the arp broadcasts saying "who has this IP please", and b) for some reason it never discards the arp entry for the router.
The arp table always contains exactly one entry (the router), and if I ping another device from the mAP lite, then that arp entry appears for a while.
All the obvious stuff: it’s a stable network, UniFi dashboard sees the mAP lite connected with no disconnections in the UniFi logs, pinging from the mAP lite somewhere else works every time, the Ethernet interface is not configured with IP as you can see in the config, I’m using it to connect with Winbox via MAC address so I can actually be on the mAP lite and troubleshoot.
Please help!
# 2026-01-31 20:40:05 by RouterOS 7.21.2
# software id = XE3E-0WU9
#
# model = RBmAPL-2nD
# serial number = xxxxxxxx
/interface bridge add name=bridge1
/interface wireless set [ find default-name=wlan1 ] band=2ghz-onlyn country="united kingdom" disabled=no frequency=auto installation=indoor ssid=MYSSID station-roaming=enabled wireless-protocol=802.11
/interface wireless security-profiles set [ find default=yes ] authentication-types=wpa2-psk group-ciphers=tkip,aes-ccm mode=dynamic-keys supplicant-identity=MikroTik unicast-ciphers=tkip,aes-ccm
/ip address add address=192.168.1.69/24 interface=wlan1 network=192.168.1.0
/ip dns set servers=192.168.1.1
/ip route add disabled=no dst-address=0.0.0.0/0 gateway=192.168.1.1
/system clock set time-zone-name=Europe/London
/system identity set name=map-lite-2
/system ntp client set enabled=yes
/system ntp client servers add address=192.168.1.1
/system routerboard settings set auto-upgrade=yes
Thanks for the suggestion. Added an IP to the bridge, made absolutely no difference. Is this something worthy of a support ticket? (I just want to make sure I’m not “holding it wrong”).
Well, now the "outward facing entity" (the bridge) has an IP address and should respond to ARP requests.
In any case having the iP on the bridge is advised.
Another thing that you may want to try (as it is usually advised) is to assign manually a MAC to the bridge, that would be Rule #6 : The twelve Rules of Mikrotik Club
but I doubt it can be related.
Before a support ticket, I would try downgrading to an older release.
You don't mention it, but did the thingy work with a previous release and stopped working when you updated it to 7.21.2 or this is a new install that has never been tested before?
For a configuration as simple as yours, you have no real advantage in running 7.x (if not some added slowness and more storage used), I would downgrade to 6.49.19, but if you want to remain on 7, try 7.19.6.
The:
/system routerboard settings set auto-upgrade=yes
is IMHO "pure folly", that would be Rule #10.
I don't understand (but this is probably just me) how the device is used (Ap, station or something else) if no ethernet port is configured/connected and the bridge has only wlan1 in it.
Re. downgrading, I’ve had this mAP lite for a good few years, I just got fed up with this issue and want to see if it is solvable. I actually bought a 2nd mAP lite just for this purpose of troubleshooting! See my explanation of what I actually use this device for:
The reason I don’t want wlan1 in bridge1 is because I use the bridge with ether1 and a vxlan tunnel so I can tunnel a VLAN to the Ethernet port of the mAP lite and connect an Ethernet IoT device on my IoT VLAN – effectively using the mAP lite as a Wi-Fi to Ethernet bridge. That configuration works beautifully! The IoT device never loses connection to the Internet. I just can’t manage the mAP lite directly, instead I am forced to ssh from my RB5009. I just simplified the configuration down to the absolute bare bones for troubleshooting this issue. It’s not that I’m only showing you part of the config, I reset the 2nd device and set it up from scratch as above.
On Rule 10, Rule 9 says the firmware should be the same version of the OS, which I agree. What is wrong with auto upgrade?
Am also curious about Rule 5: without detect Internet the iOS app won’t show upload/download graph. I’ve never had any issues with detect internet. I set it to my WAN interface only.
Thank you, I appreciate your time and willingness to help me!
I still do not understand WHAT is that mAP doing, if you don't have an ethernet port in the same bridge as the wlan1 (this is what your configuration shows).
Maybe you edited your configuration removing some parts that you don't want to show and accidentally removed the ether port assignement inside the bridge. (but you should not remove ANY part of a configuration, if needed change/edit the sensitive data):
which is a no-no, if you think about it, if you actually knew where the issue is you would not be here asking if someone else can spot the issue ...
Still your configuration shows wlan1 in the bridge, so this is confusing:
There is nothing wrong with autoupdate in itself, it is the good Mikrotik guys that are overly optimistic and way too often mark a given release as "stable" way well (days, weeks) BEFORE it is actually (minimally) stable, a device with autoupgrade will update to whatever they mark as such and since there are usually tens of bug fixes on that same version the risk of disrupting a working setup is simply too high.
Well, detect-internet limited to a single interface doesn't really do any harm AFAIK, it is when (as it is by default) it actually detects internet among many ports that it can create issues.
You should IMHO post your full configuration of the actual device that is not working as expected, with a simil-configuration it might be harder to find the issue.
I apologise for the confusion. The config I posted in my OP is of a new and different mAP lite that I reset and configured from scratch – that is the TOTAL configuration. wlan1 is in the bridge because that is the default configuration from a reset ROS, I missed removing it. I’ve now taken it out (I’ll amend the config in the OP), which hasn’t fixed or changed anything.
On this:
/system routerboard settings set auto-upgrade=yes
That is the option that auto-upgrades firmware after rebooting post a RouterOS upgrade. It’s not an automatic RouterOS upgrade!!! I choose when to upgrade RouterOS and to what version, and trigger the RouterOS upgrade manually. The above option causes the firmware to upgrade after the first reboot after the ROS upgrade, prompting for a second reboot.
Mate I don’t know how else to explain it. I have an older device with a more complex config that works perfectly except I can’t ping it or ssh or Winbox to it from the network, only from the router (an RB5009). I’ve bought a second identical device, made the most basic config possible to prove this misconfiguration or bug has nothing to do with the added complexity of the real device’s config. On the original device, wlan1 is NOT part of the bridge: ether1 and the vxlan interface ARE.
Who cares if the bridge is empty? I already added an IP to the bridge (while wlan1 was still part of the bridge) and it makes no difference to this issue. Now I’ve removed wlan1 from the bridge as I should’ve done originally (my mistake, turns out it has made no difference). Remember: on the original device, I can’t have wlan1 in the bridge!