Only wifi with guest-network, not with the "regular"2.4 and 5GHz channels

Good afternoon everyone,
My myconfig.cfg.rsc.txt (5.87 KB)
I have a question about my MikroTik HAP AC router (board). For a while now I have had connection problems with my Draytek Vigor router. It’s a second-hand, so I’m afraid he’s at the end of his rope. The connection is regularly lost.

I have ruled out everything else, so it really depends on the router. That’s why I bought the MikroTik. Since I don’t have an ICT background, it took some doing, but I have the config as good as ready. I just can’t connect to the “normal” Wi-Fi channels.

I have included the config. Perhaps you want to see if everything is set up correctly and can also find out why the WiFi is not working.

Thanks in advance for your help!

We need a long chat to clean this up …

I just can’t connect to the “normal” Wi-Fi channels.

I think you point to WLAN1 and WLAN2 ? ( wlan-2.4GHz, wlan-5GHz )

/interface wireless
set [ find default-name=wlan1 ] band=2ghz-g/n country=netherlands disabled=no
frequency=2442 installation=indoor mode=ap-bridge name=wlan-2.4GHz
security-profile=“007 Security Profile” ssid=“007 Secret Wifi 2.4G”
wireless-protocol=802.11 wps-mode=disabled

Even in the Netherlands you should use channel 1-6 or 11. Most of your neighbors don’t go for 1-5-9-13, even most don’t care and set their device on “auto”
Frequency 2442 does not fit in any of those two potential non-overlapping selections.

set [ find default-name=wlan2 ] band=5ghz-n/ac channel-width=20/40/80mhz-XXXX
country=netherlands disabled=no frequency=5580 installation=indoor mode=
ap-bridge name=wlan-5GHz security-profile=“007 Security Profile” ssid=
“007 Secret Wifi 5G” wireless-protocol=802.11 wps-mode=disabled

Mikrotik is not good for the Netherlands with it’s default setting. Using XXXX gives less control. With freq 5580 and XXXX you can get from 5520 till 5640.(= 7 channels) (and eventually wait 10 minutes on weather channel tests before seeing any signal)

/interface bridge filter
add action=drop chain=forward in-interface=wlan3
add action=drop chain=forward out-interface=wlan3
add action=drop chain=forward in-interface=wlan4
add action=drop chain=forward out-interface=wlan4

No forwarding ? So they are unused ? The “no forwarding” in the wlan interface setting is something totally different, and might be what you are looking for. (Client separation)
This is something else. wlan3 and wlan4 cannot forward to other interfaces.

/interface bridge port
add bridge=bridgeLocal comment=defconf disabled=yes interface=ether1
add bridge=bridgeLocal comment=defconf interface=ether2
add bridge=bridgeLocal comment=defconf interface=ether3
add bridge=bridgeLocal comment=defconf interface=ether4
add bridge=bridgeLocal comment=defconf interface=ether5
add bridge=bridgeLocal comment=defconf interface=sfp1
add bridge=bridgeLocal interface=wlan3
add bridge=bridgeLocal interface=wlan4

wlan1 and wlan2 are clearly missing here. ( wlan-2.4GHz, wlan-5GHz )
For clarity, remove ether1.

/interface bridge settings
set use-ip-firewall=yes

What is the reason to use this ? Intra-lan filtering for interfaces connected to the bridge?

/interface wireless cap
set bridge=bridgeLocal discovery-interfaces=bridgeLocal interfaces=
wlan-2.4GHz,wlan-5GHz

Some isolated CAPsMAN setting? Not sure what this would do, if it does anything here.

/ip firewall filter
add action=accept chain=input comment=“Toegang tot de router” dst-address=
192.168.100.1 dst-port=8291 protocol=tcp

This comes before any “drop” filter rules. So your router is always open to everyone. Not safe , James.

Firewall needs a separate screening.

Thanks for you long answer! I have change a few settings according tot your advice. I hope the settings are better this way.

Can you also help me with the firewall settings?
My 2e myconfig.cfg.txt (6.14 KB)