no connection from/to WLAN Printer

mso · December 20, 2018, 6:22am

Hello!

I´m a beginner with RouterOS. Just configured a Routerboard 750UPr2 (hEX POE) and two RBmAPL-2nD (mAP Lite).

Routerboard is connecting via PPPoE-Client (Internet), the two mAPs are running through CAPsMAN and everything - WLAN, WAN-Access, VPN, StaticIP, Winbox - is working well exept of accessing my WLAN-Printer. Printer gets IP from DHCP but Webinterface cannot be reached and also no ping from LAN/Terminal.

WAN ↔ DSL-Modem → hEX (192.168.88.1) → mAP 1/2 (192.168.88.3 and .4) → internal devices (192.168.88.5 - .20 via DHCP).

Could anybody please give me a hint where to start?

Thanks in advance,
Michael

dec/20/2018 07:12:29 by RouterOS 6.43.7

software id = removed

model = RouterBOARD 750UP r2

serial number = removed

/interface bridge
add admin-mac=E4:8D:8C:5D:95:10 auto-mac=no name=bridge
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 name=pppoe-out1 service-name=a1-dsl user=removed
/caps-man configuration
add channel.band=2ghz-g/n channel.control-channel-width=20mhz channel.extension-channel=Ce channel.frequency=2437 country=
austria datapath.bridge=bridge hide-ssid=no name=cap-config security.authentication-types=wpa2-psk
security.encryption=aes-ccm ssid=wlan
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp ranges=192.168.88.2-192.168.88.20
add name=vpn ranges=192.168.89.10-192.168.89.20
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge lease-time=1h name=dhcp
/ppp profile
set *FFFFFFFE local-address=192.168.89.1 remote-address=vpn
/queue simple
add disabled=yes max-limit=0/768k name=upload target=“”
/system logging action
set 0 memory-lines=100
set 1 disk-lines-per-file=100
/caps-man manager
set enabled=yes
/caps-man manager interface
set [ find default=yes ] forbid=yes
add disabled=no interface=bridge
/caps-man provisioning
add action=create-dynamic-enabled master-configuration=cap-config
/interface bridge port
add bridge=bridge interface=ether2
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4
add bridge=bridge interface=ether5
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface l2tp-server server
set enabled=yes use-ipsec=yes
/interface list member
add interface=bridge list=LAN
add interface=pppoe-out1 list=WAN
/interface pppoe-server server
add disabled=no interface= service-name=vpn
/interface pptp-server server
set enabled=yes
/interface sstp-server server
set default-profile=default-encryption enabled=yes
/ip address
add address=192.168.88.1/24 interface=ether2 network=192.168.88.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid interface=ether1
/ip dhcp-server lease
add address=192.168.88.4 allow-dual-stack-queue=no client-id=1:4C:5E:0C:14:80:E3 mac-address=4C:5E:0C:14:80:E3 server=dhcp
add address=192.168.88.5 allow-dual-stack-queue=no client-id=1:4c:5e:c:14:80:cd mac-address=4C:5E:0C:14:80:CD server=dhcp
add address=192.168.88.7 client-id=1:b8:53:ac:62:51:86 mac-address=B8:53:AC:62:51:86 server=dhcp
add address=192.168.88.6 client-id=1:d8:bb:2c:c0:60:52 mac-address=D8:BB:2C:C0:60:52 server=dhcp
add address=192.168.88.3 client-id=0:0:0:0:0:0:0 mac-address=00:FA:E0:FA:E0:00 server=dhcp
add address=192.168.88.8 client-id=1:64:eb:8c:60:8e:dd mac-address=64:EB:8C:60:8E:DD server=dhcp
add address=192.168.88.2 client-id=1:48:4b:aa:9a:d1:59 mac-address=48:4B:AA:9A:D1:59 server=dhcp
/ip dhcp-server network
add address=192.168.88.0/24 gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip dns static
add address=192.168.88.1 name=router.lan
/ip firewall filter
add action=accept chain=input comment=“accept established,related,untracked” connection-state=
established,related,untracked
add action=accept chain=input comment=“allow IPsec NAT” dst-port=4500 protocol=udp
add action=accept chain=input comment=“allow IKE” dst-port=500 protocol=udp
add action=accept chain=input comment=“allow l2tp” dst-port=1701 protocol=udp
add action=accept chain=input comment=“allow pptp” dst-port=1723 protocol=tcp
add action=accept chain=input comment=“allow sstp” dst-port=443 protocol=tcp
add action=accept chain=input comment=“WinBox Admin” dst-port=8291 protocol=tcp
add action=accept chain=input comment=“accept ICMP” protocol=icmp
add action=drop chain=input comment=“drop invalid” connection-state=invalid
add action=drop chain=input comment=“drop all not coming from LAN” in-interface-list=!LAN
add action=accept chain=forward comment=“accept in ipsec policy” ipsec-policy=in,ipsec
add action=accept chain=forward comment=“accept out ipsec policy” ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment=fasttrack connection-state=established,related
add action=accept chain=forward comment=“accept established,related, untracked” connection-state=
established,related,untracked
add action=drop chain=forward comment=“drop invalid” connection-state=invalid
add action=drop chain=input comment=“drop all from WAN not DSTNATed” connection-nat-state=!dstnat connection-state=new
in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment=masquerade ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat comment=“masq. vpn traffic” src-address=192.168.89.0/24
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
set udplite disabled=yes
set dccp disabled=yes
set sctp disabled=yes
/ip ipsec user
add name=vpn
add name=mike
/ip service
set telnet disabled=yes
set ftp address=192.168.88.0/24 disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ppp secret
add name=vpn
add name=mike
/system clock
set time-zone-name=Europe/Vienna
/system identity
set name=router
/system leds
set 0 disabled=yes type=off
set 1 disabled=yes type=off
set 2 disabled=yes type=off
set 3 disabled=yes type=off
set 4 disabled=yes type=off
/system ntp client
set enabled=yes primary-ntp=212.69.166.153 secondary-ntp=185.9.19.142
/system scheduler
add interval=1w3d name=reboot on-event=reboot policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon
start-date=dec/16/2018 start-time=00:01:00
/system script
add dont-require-permissions=no name=reboot owner=admin policy=
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=“/system reboot”
/tool e-mail
set address=127.0.0.1 from=“”
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN

mso · December 23, 2018, 11:57am

I forgot to enable „Client To Client Forwarding“.
Everything working now.

Merry Christmas