One wifi network 2x cAP XL ac without a mikrotik router.

M52B28 · August 16, 2023, 8:45pm

Hi all,
I just bought 2x cAP XL ac.
I do not own and do not plan to purchase a mikrotik router for this installation. I have router ZTE MC889 5G LTE.
Despite not having a router, can I combine both cAP XL ac into one wifi network ?
Thank you in advance for your reply.

holvoetn · August 16, 2023, 8:48pm

Sure enough.
Just configure the same ssid on both, separate frequencies.
Let all the rest of the routing stuff be handled by your ZTE.

M52B28 · August 17, 2023, 4:09pm

Thanks holvoetn for your reply. It’s a good info.
Could you please write me more clearly about separate frequencies ?

anav · August 17, 2023, 4:09pm

Assuming there are no vlans from ZTE and a single flat subnet ??
Assumes that the CAPAC is on the LAN of the ZTE router with a fixed LAN IP of 192.168.100.5

BONUS: You have a wireguard connection assuming you can forward port 15231 to this capac. Just need to add a client to a mobile device, swap keys and done.
BONUS: Winbox access from your PC or laptop or smartphone is enabled on this subnet.
BONUS: Recommend actually configuring the router from Ether2 AKA OFF BRIDGE. Its the least error free method just modify ether2 first, then use ether2 to access the device and then make all the changes. Basically take ether2 off the default bridge, rename it, give it ONLY an IP address as seen below. Then take your laptop/pc change ipv4 settings on the ethernet card to anything in the 192.168.55.0/24 subnet and you should have access.

/interface bridge
add name=bridge1
/interface ethernet
interface=ether2 name=ether2access
/interface wireguard
add listen-port=15231 mtu=1420 name=WG-Home
/interface list
add name=MANAGE
/interface bridge port
add bridge=bridge1 interface=ether1 comment="from router"
add bridge=bridge1 interface=wifi1  comment=2ghz
add bridge=bridge1 interface=wifi2 comment=5ghz
/interface list member
add interface=bridge1 list=MANAGE
add interface=ether2access list=MANAGE
add interface=WG-Home list=MANAGE
/interface wireguard peers
add allowed-address=10.20.30.2/32 interface=WG-Home\
    public-key=" key from mobile device "
/ip address
add address=192.168.100.5/24 interface=bridge1 network=192.168.100.0
add address=10.20.30.1/24 interface=WG-Home network=10.20.30.0
add address=192.168.55.1/24  interface=ether2access network=192.168.5.0
/ip dns
allow-remote-requests=yes  servers=192.168.100.1
/ip neighbor discovery-settings
set discover-interface-list=MANAGE
/ip firewall filter-list
add ip-address=admin-IP1  list=Authorized comment="Local admin PC- static LANIP"
add ip-address=admin-IP2  list=Authorized comment="Local admin laptop- static LANIP"
add ip-address=admin-IP3  list=Authorized comment="Local admin smarphone/ipad- static LANIP"
add ip-address=10.20.30.2/32  list=Authorized comment="Remote admin wg device"
/ip firewall filter
add action=block chain=input dst-port=winbox-Port#  protocol=tcp src-address-list=!Authorized
/ip route
add  dst-address=0.0.0.0/0 gateway=192.168.100.1 routing-table=main
/tool mac-server
set allowed-interface-list=NONE
/tool mac-server mac-winbox
set allowed-interface-list=MANAGE