I have an hAP ac lite (RouterOS v6.49.10) with dual WLAN (2.4GHz + 5GHz). The hAP ac lite is setup as Home AP Dual. I have long had a Groove (RouterOS v6.49.10) connected to ether5 (POE out). It has worked fine, for many years. I have always been able to connect wirelessly to the hAP, and it to the Groove, and thus to the internet (when the Groove finds a wifi internet connection), over either wlan1 or wlan2. I liveaboard and work from my boat and use this setup to connect laptop, smart tv, etc., with Groove connecting to marina wifi.
I recently added an LTE modem connected to the hAP at ether1 as another connection for when unable to connect to public wifi over Groove. I initially had problems getting everything set up. But with help on here making sure the Groove and hAP had separate DHCP servers, etc., I was able to get it all setup and working (apparently).
(I also have a separate ethernet connection setup on ether4 with its own DHCP server (10.0.10.0) for use in case of emergency but that I don’t use.)
The only disappointing aspect was that with both LTE modem and Groove powered, I would get internet solely through the LTE modem. That is, through WebFig I could see that the Groove was connecting to the marina wifi, it got an IP address, and packets were Tx/Rx, but the internet I was using was coming all from the LTE modem (as observed from viewing the LTE network usage when accessing the LTE modem web interface). What I’d wanted was for the Groove to be the primary connection and failover to the LTE modem only when the Groove could not connect to a public wifi with internet (because there is a monthly fee for the LTE connection that I can turn off or on). I was told on here that wouldn’t work so long as both Groove and LTE modem were powered.
So I realized this morning that I could simply go into the LTE modem web interface and click “disconnect” from the LTE network, which I’d hoped would mean that I now could connect to the internet via the Groove connection to the marina wifi. I tried that and:
- The Groove is showing connected to the marina wifi
- Has an IP address corresponding to the marina wifi
- Both Groove webfig and hAP webfig (ether5, where Groove connected) show packets Tx/Rx
- My laptop is connected via wlan2 to hAP
But when I try to access the internet (i.e. go to a website on my laptop), I get “no internet.”
I’ve double-checked that the marina wifi is not down and has internet access by connecting directly with my laptop and can get internet.
When I go into the LTE modem and reconnect to the LTE network, I have internet access again.
So there still seems to be some problem where, when the LTE modem is powered, even though it is not connected to the LTE network, it is preventing the Groove to serve internet through the hAP. Is there any way around this whatsoever?
I would like to avoid having to rely on simply de-powering one or the other if possible. I wired both the hAP and the LTE modem to the same switch on my boat’s electrical panel (the Groove is powered POE through the hAP). So I would like to find a way to not have to de-power the LTE modem to be able to use the Groove. (Also I would like the safety net of knowing that I can access the LTE modem web interface at any time because it’s always powered; when not plugged into shore power, the hAP and LTE modem run off battery power; I rewired 110 transformers to the 12V system [this isn’t the source of the problem; this has worked for years].)
I would greatly appreciate any help! My config files are below:
hAP config
# oct/15/2023 11:02:07 by RouterOS 6.49.10
# software id = XRE0-SJ3C
#
# model = RB952Ui-5ac2nD
# serial number =
/interface bridge
add admin-mac=74:4D:28:6E:6B:F3 auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=ether1 ] advertise="10M-half,10M-full,100M-half,100M-f\
ull,1000M-half,1000M-full,2500M-full,5000M-full,10000M-full"
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
disabled=no distance=indoors frequency=auto installation=indoor mode=\
ap-bridge ssid="Tallawah 2GHz" station-roaming=enabled wireless-protocol=\
802.11
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
20/40/80mhz-XXXX disabled=no distance=indoors frequency=auto \
installation=indoor mode=ap-bridge ssid="Tallawah 5GHz" station-roaming=\
enabled wireless-protocol=802.11
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=\
dynamic-keys supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.188.10-192.168.188.254
add name=dchp2 ranges=10.0.10.2-10.0.10.5
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
add address-pool=dchp2 disabled=no interface=ether4 name=dhcp2 src-address=\
10.0.10.1
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
sword,web,sniff,sensitive,api,romon,dude,tikapp"
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add comment=defconf interface=ether4 list=LAN
add comment=defconf interface=ether5 list=WAN
/ip address
add address=192.168.188.1/24 interface=bridge network=192.168.188.0
add address=10.0.10.1/24 interface=ether4 network=10.0.10.0
/ip dhcp-client
add comment=defconf disabled=no interface=ether1
add disabled=no interface=ether5
/ip dhcp-server network
add address=10.0.10.0/24 gateway=10.0.10.1
add address=192.168.188.0/24 comment=defconf gateway=192.168.188.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,208.67.222.222
/ip dns static
add address=192.168.188.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
/system clock
set time-zone-name=America/Chicago
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
Groove config
# oct/15/2023 11:03:05 by RouterOS 6.49.10
# software id = XJHT-L8PK
#
# model = RouterBOARD Groove GA-52HPacn
# serial number =
/interface wireless
set [ find default-name=wlan1 ] band=5ghz-a/n/ac disabled=no mode=\
station-pseudobridge ssid=GptMarina station-roaming=enabled \
wireless-protocol=nv2-nstreme-802.11
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk group-ciphers=\
tkip,aes-ccm supplicant-identity=MikroTik unicast-ciphers=tkip,aes-ccm
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=ether1 name=dhcp1
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
sword,web,sniff,sensitive,api,romon,dude,tikapp"
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface list member
add interface=wlan1 list=WAN
add list=LAN
/ip address
add address=192.168.88.2/24 interface=ether1 network=192.168.88.0
/ip dhcp-client
add disabled=no interface=wlan1
/ip dhcp-server network
add address=192.168.88.0/24 gateway=192.168.88.2 netmask=24
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,208.67.222.222
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
/system clock
set time-zone-name=America/Chicago
/system identity
set name="Tallawah Groove"
/system upgrade upgrade-package-source
add address=192.168.100.1 user=admin