Repeater Setup

Hi all,

I have a hAP lite that acts as a main AP connected to the modem and I want to set up a hAP mini as a repeater to extend WiFi coverage.
I connected to hAP mini with wire and did the straithforward simple Repeater Setup.
I worked nicely, but the problem is that now I cannot access the hAP mini to open the web interface.
I cannot connect through the WinBox with its MAC address. When I go to Neighbors it finds only the hAP lite where my PC is connected on.
I tryied to connect with the IP that hAP mini got as a repeater but it doesn’t work either.
Any thoughts?

Try to avoid any repeating technique.
You can setup the hap mini as a station and then create a virtual interface as AP.

Hi,

Thanks a lot for your answer.
Do you have any instructions?
You mean something like that https://www.youtube.com/watch?v=SrW4OVa84O8 ?

Also, why you suggest to avaoid the repeating technique?
Is it slower?

Yes repeating is slower…
You can follow this video yes, however he setups the second mikrotik as a router too, if that is ok with you cool or you will have to make changes.
Also some steps in the video are not needed anymore… like the wireless-rep package…

Yes, apart from the wireless, i want to use also the ethernet on the second mikrotik (hAP mini in my case).
So, I guess I need to set it up as a router too?

No it is not necessary.

Which step do i need to skip then?
Or which step is not needed (you already mentioned the wireless-rep package step)

If you dont need every device to be in the same subnet just follow the video steps…

Ah, you mean the part that he configures the mikrotik 2 to be as subnet 10.0.0.0.
I dnot know if this would cause any issue to be, nevertheless I will skip it.
I guess I will leave the DHCP on mikrotik 1 to provide ip adresses.
What is the difference between “station” and “station bridge”?

What is the difference between “station” and “station bridge”?

https://wiki.mikrotik.com/wiki/Manual:Wireless_Station_Modes

I removed the repeater setup from hAP mini and set it up as a station-bridge. I didn’t use a subnet.
I created a virtual wlan interface to share internet from there wirelessly.
Everything seems to be working fine, BUT I still cannot connect to hAP mini from my PC which is connected to hAP lite, neither from WinBox with MAC address nor with its IP to open WebFig.
Is that possible?

Everything is possible when there is a wrong configuration…

Can you help me with that? This is the configuration of the hAP Lite:
/interface bridge
add admin-mac=B8:69:F4:0E:74:D0 auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=ether1 ] advertise=
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether2 ] advertise=
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether3 ] advertise=
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether4 ] advertise=
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 keepalive-timeout=disabled name=
pppoe-out1 use-peer-dns=yes user=guest@adsl.gr
/interface pptp-server
add name=pptp-in1 user=ppp1
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk management-protection=allowed mode=dynamic-keys name=
profile1 supplicant-identity=MikroTik
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce disabled=no
distance=indoors frequency=auto mode=ap-bridge security-profile=profile1 ssid=
HomeWifi wireless-protocol=802.11
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.100
add name=dhcp_pool1 ranges=192.168.88.2-192.168.88.254
add name=VPNpool ranges=192.168.88.101-192.168.88.150
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/ppp profile
add bridge=bridge change-tcp-mss=yes dns-server=8.8.8.8,8.8.8.4 local-address=
192.168.88.1 name=VPMprofile remote-address=VPNpool
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=wlan1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface detect-internet
set internet-interface-list=all
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/interface pptp-server server
set default-profile=VPMprofile enabled=yes
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether2 network=192.168.88.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip dns static
add address=192.168.88.1 name=router.lan
/ip firewall filter
add action=accept chain=input comment=“defconf: accept established,related,untracked”
connection-state=established,related,untracked
add action=drop chain=input comment=“defconf: drop invalid” connection-state=invalid
add action=accept chain=input dst-port=1723 protocol=tcp
add action=accept chain=input comment=“defconf: accept ICMP” protocol=icmp
add action=drop chain=input comment=“defconf: drop all not coming from LAN”
in-interface-list=!LAN
add action=accept chain=forward comment=“defconf: accept in ipsec policy” ipsec-policy=
in,ipsec
add action=accept chain=forward comment=“defconf: accept out ipsec policy” ipsec-policy=
out,ipsec
add action=fasttrack-connection chain=forward comment=“defconf: fasttrack”
connection-state=established,related
add action=accept chain=forward comment=“defconf: accept established,related, untracked”
connection-state=established,related,untracked
add action=drop chain=forward comment=“defconf: drop invalid” connection-state=invalid
add action=drop chain=forward comment=“defconf: drop all from WAN not DSTNATed”
connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment=“defconf: masquerade” ipsec-policy=out,none
out-interface=pppoe-out1
add action=dst-nat chain=dstnat disabled=yes dst-address=141.255.114.15 dst-port=1723
protocol=tcp to-addresses=192.168.88.13 to-ports=1723
/ip route
add distance=1 dst-address=192.168.2.10/32 gateway=ether1
/ppp secret
add name=ppp1 profile=VPMprofile service=pptp
add name=ppp2 profile=VPMprofile service=pptp
/system clock
set time-zone-name=Europe/Athens
/system routerboard mode-button
set enabled=yes on-event=script1
/system script
add dont-require-permissions=no name=wlan_on_off owner=admin policy=
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=“:if ([/interf
ace get wlan1 disabled ]=false) do={\r
\n\t/interface wireless disable wlan1} else={\r
\n\t/interface wireless enable wlan1}”
add dont-require-permissions=no name=WLAN_OFF owner=admin policy=
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=
“/interface wireless disable wlan1”
add dont-require-permissions=no name=WLAN_ON owner=admin policy=
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=
“/interface wireless enable wlan1”
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
And this is the configuration of the hAP Mini which is conencted to hAP Lite through wifi
/interface bridge
add admin-mac=74:4D:28:84:DB:19 auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce
disabled=no frequency=auto mode=station-bridge ssid=HomeWifi
/interface ethernet
set [ find default-name=ether1 ] advertise=
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether2 ] advertise=
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether3 ] advertise=
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk group-ciphers=
tkip,aes-ccm mode=dynamic-keys supplicant-identity=MikroTik
unicast-ciphers=tkip,aes-ccm
add authentication-types=wpa2-psk mode=dynamic-keys name=
wlan1-HomeWifi-repeater supplicant-identity=MikroTik
/interface wireless
add disabled=no keepalive-frames=disabled mac-address=76:4D:28:84:DB:1C
master-interface=wlan1 multicast-buffering=disabled name=wlan2
security-profile=wlan1-HomeWifi-repeater ssid=HomeWifi-guest
wds-cost-range=0 wds-default-cost=0 wps-mode=disabled
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge interface=wlan2
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add interface=wlan1 list=WAN
add interface=ether1 list=LAN
add interface=ether2 list=LAN
add interface=ether3 list=LAN
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=bridge
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router.lan
/ip firewall filter
add action=accept chain=input comment=
“defconf: accept established,related,untracked” connection-state=
established,related,untracked
add action=drop chain=input comment=“defconf: drop invalid” connection-state=
invalid
add action=accept chain=input comment=“defconf: accept ICMP” protocol=icmp
add action=drop chain=input comment=“defconf: drop all not coming from LAN”
in-interface-list=!LAN
add action=accept chain=forward comment=“defconf: accept in ipsec policy”
ipsec-policy=in,ipsec
add action=accept chain=forward comment=“defconf: accept out ipsec policy”
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment=“defconf: fasttrack”
connection-state=established,related
add action=accept chain=forward comment=
“defconf: accept established,related, untracked” connection-state=
established,related,untracked
add action=drop chain=forward comment=“defconf: drop invalid” connection-state=
invalid
add action=drop chain=forward comment=
“defconf: drop all from WAN not DSTNATed” connection-nat-state=!dstnat
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment=“defconf: masquerade” ipsec-policy=
out,none out-interface-list=WAN
/system clock
set time-zone-name=Europe/Athens
/tool mac-server
set allowed-interface-list=LAN
It is strange cause if i connect with cable to hAP mini I can see both in winbox. Ευχαριστώ για την βοήθεια btw.

The reason that you can’t connect to hAP mini from the main part of your LAN are these two config lines:

/interface list member add interface=wlan1 list=WAN
/ip firewall filter add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN

Generally there’s quite a lot of config surplus or slightly wrong on hAP mini and is (or can) causing problems:

• remove all DHCP server related settings (ip pool, ip dhcp-server, …)
• update interface list membership (all of ports are LAN)
• remove all /ip dns config
• possibly remove all /ip firewall config (I guess you trust your own LAN)

You were right. I removed the excess config and worked like a charm!
It was my fault as I used it with out of the box config that was set for a primary router.
Thanks guys. I really appreciate this.