Router - AP configuration

fernandogogarcia · December 21, 2017, 5:22am

Hi guys, how are you?
I have a very similar doubt to http://forum.mikrotik.com/t/basic-setup-for-router-with-multiple-aps/110266/1 (witch I’ve tried to follow, but can’t make it to work, sorry about that!)

My network is now connected like this:
ISP Router - > CRS125-24G-1S-IN - > hAP AC lite

I have plans to have multiple hAP’s in the future connected, but right now 1 is enough.
At the CRS I have 4 vlans configured (10,20,30,40) and they appear to work just fine. Each vlan have it’s own DHCP server using its own IP pools.
I have also a hotspot configured at the CRS poiting to vlan 40.

The hap is connected at ether 21 (vlan 40). My plan is to use it as wireless AP so my clients can use the hotspot. I can make it kinda work if I set up a DHCP server at the hAP, but I wanted to use all DHCP servers at the CRS. If I follow that tutorial mentioned at the beginning of the post I can’t event see the SSID of the wireless network.
If I change the wireless mode from station(or any other station something) to any other mode, I can see the SSID but I can’t get any IP when I try to connect.

I even tried to use my ISP router (with DHCP on that) connected to the hAP to check if I forgot something at my config on CRS but i have the exact same issues.

Here is the CRS /export:

# dec/21/2017 15:44:27 by RouterOS 6.40.5

#
# model = CRS125-24G-1S

/interface ethernet
set [ find default-name=ether2 ] master-port=ether1
set [ find default-name=ether3 ] master-port=ether1
set [ find default-name=ether4 ] master-port=ether1
set [ find default-name=ether5 ] master-port=ether1
set [ find default-name=ether6 ] master-port=ether1
set [ find default-name=ether7 ] master-port=ether1
set [ find default-name=ether8 ] master-port=ether1
set [ find default-name=ether9 ] master-port=ether1
set [ find default-name=ether10 ] master-port=ether1
set [ find default-name=ether11 ] master-port=ether1
set [ find default-name=ether12 ] master-port=ether1
set [ find default-name=ether13 ] master-port=ether1
set [ find default-name=ether14 ] master-port=ether1
set [ find default-name=ether15 ] master-port=ether1
set [ find default-name=ether16 ] master-port=ether1
set [ find default-name=ether17 ] master-port=ether1
set [ find default-name=ether18 ] master-port=ether1
set [ find default-name=ether19 ] master-port=ether1
set [ find default-name=ether20 ] master-port=ether1
set [ find default-name=ether21 ] master-port=ether1
set [ find default-name=ether22 ] master-port=ether1
set [ find default-name=ether23 ] master-port=ether1
set [ find default-name=ether24 ] master-port=ether1
/ip neighbor discovery
set ether21 discover=no
set ether22 discover=no
set ether23 discover=no
set ether24 discover=no
/interface vlan
add comment="Caixa e terminais" interface=ether1 name=vlan10 vlan-id=10
add comment=Cameras interface=ether1 name=vlan20 vlan-id=20
add comment="Escrit\F3rio" interface=ether1 name=vlan30 vlan-id=30
add comment="APs (Hotspot)" interface=ether1 name=vlan40 vlan-id=40
/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm name=wpa2psk
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip firewall layer7-protocol
add comment="Block Torrents" name=block-torrents regexp="^(\\x13bittorrent proto\
    col|azver\\x01\$|get /scrape\\\?info_hash=get /announce\\\?info_hash=|get /c\
    lient/bitcomet/|GET /data\\\?fid=)|d1:ad2:id20:|\\x08'7P\\)[RP]"
/ip hotspot profile
add dns-name=hotspot.com.br hotspot-address=192.168.10.1 \
    http-cookie-lifetime=3h login-by=cookie,http-chap,trial name=hsprof1 \
    trial-uptime-limit=3h
/ip pool
add name=dhcp_pool0 ranges=10.0.1.2-10.0.1.254
add name=dhcp_pool1 ranges=10.0.2.2-10.0.2.254
add name=dhcp_pool2 ranges=10.0.3.2-10.0.3.254
add name=dhcp_pool3 ranges=192.168.10.6-192.168.10.254
/ip dhcp-server
add address-pool=dhcp_pool0 always-broadcast=yes disabled=no interface=vlan10 \
    lease-time=3d name="dhcp vlan10"
add address-pool=dhcp_pool1 disabled=no interface=vlan20 lease-time=3d name=\
    "dhcp vlan20"
add address-pool=dhcp_pool2 disabled=no interface=vlan30 lease-time=3d name=\
    "dhcp vlan30"
add address-pool=dhcp_pool3 authoritative=after-2sec-delay disabled=no \
    interface=vlan40 lease-time=3d name="dhcp vlan 40"
/ip hotspot
add address-pool=dhcp_pool3 addresses-per-mac=1 disabled=no idle-timeout=none \
    interface=vlan40 name=hotspot1 profile=hsprof1
/queue simple
add name="Limitar max download e upload hotspot" queue=\
    hotspot-default/hotspot-default target=vlan40
/tool user-manager customer
set admin access=\
    own-routers,own-users,own-profiles,own-limits,config-payment-gw
/interface ethernet switch egress-vlan-tag
add tagged-ports=ether1,ether2,switch1-cpu vlan-id=10
add tagged-ports=ether1,ether2,switch1-cpu vlan-id=30
add tagged-ports=ether1,ether2,switch1-cpu vlan-id=20
add tagged-ports=ether1,ether2,switch1-cpu vlan-id=40
/interface ethernet switch egress-vlan-translation
add customer-vid=10 customer-vlan-format=untagged-or-tagged new-customer-vid=0 \
    ports=ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10,ether11 \
    service-vlan-format=untagged-or-tagged
add customer-vid=20 customer-vlan-format=untagged-or-tagged new-customer-vid=0 \
    ports=ether12,ether13,ether14,ether15 service-vlan-format=\
    untagged-or-tagged
add customer-vid=40 customer-vlan-format=untagged-or-tagged new-customer-vid=0 \
    ports=ether22,ether23,ether24,ether21 service-vlan-format=\
    untagged-or-tagged
add customer-vid=30 customer-vlan-format=untagged-or-tagged new-customer-vid=0 \
    ports=ether16,ether17,ether18,ether19,ether20 service-vlan-format=\
    untagged-or-tagged
/interface ethernet switch ingress-vlan-translation
add customer-vid=0 new-customer-vid=10 ports=\
    ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10,ether11
add customer-vid=0 new-customer-vid=20 ports=ether12,ether13,ether14,ether15
add new-customer-vid=40 ports=ether22,ether23,ether24,ether21 service-vid=0
add customer-vid=0 new-customer-vid=30 ports=\
    ether16,ether17,ether18,ether19,ether20
/interface ethernet switch vlan
add ports="ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether1\
    0,ether11,switch1-cpu" vlan-id=10
add ports=ether1,ether2,ether12,ether13,ether14,ether15,switch1-cpu vlan-id=20
add ports=ether1,ether2,ether16,ether17,ether18,ether19,ether20,switch1-cpu \
    vlan-id=30
add ports=ether1,ether2,ether21,ether22,ether23,ether24,switch1-cpu vlan-id=40
/ip address
add address=10.0.1.1/24 interface=vlan10 network=10.0.1.0
add address=10.0.2.1/24 interface=vlan20 network=10.0.2.0
add address=10.0.3.1/24 interface=vlan30 network=10.0.3.0
add address=192.168.10.1/24 interface=vlan40 network=192.168.10.0
/ip arp
add address=10.0.3.249 interface=vlan30 mac-address=00:18:E2:06:38:41
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether1
/ip dhcp-server lease
add address=192.168.10.253 client-id=1:6c:3b:6b:b9:d9:a2 mac-address=\
    6C:3B:6B:B9:D9:A2 server="dhcp vlan 40"
/ip dhcp-server network
add address=10.0.1.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=10.0.1.1
add address=10.0.2.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=10.0.2.1
add address=10.0.3.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=10.0.3.1
add address=192.168.10.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.10.1
/ip dns
set servers=8.8.8.8,8.8.4.4
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" \
    disabled=yes
add action=drop chain=forward disabled=yes in-interface=vlan40 out-interface=\
    !ether1
add action=drop chain=forward dst-port=\
    !0-1024,8291,5900,5800,3389,14147,5222,59905 protocol=tcp src-address-list=\
    Torrent-Conn
add action=drop chain=forward dst-port=\
    !0-1024,8291,5900,5800,3389,14147,5222,59905 protocol=udp src-address-list=\
    Torrent-Conn
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" \
    disabled=yes
add action=masquerade chain=srcnat out-interface=ether1
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    src-address=192.168.10.0/24
/ip hotspot user
add name=**** password=*****
/lcd
set time-interval=hour
/system clock
set time-zone-name=America/Sao_Paulo
/system script
add name="Set Ports" owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive source="#\r\
    \n#\r\
    \n# Set master port\r\
    \n# Then set slave port type i.e.: ether or sfp \r\
    \n# This is for interfaces not named \93ether\94 like SFP\r\
    \n# Then set ports in range form using SlavePortStart and SlavePortStop.\r\
    \n:global MasterPort \"ether1\"\r\
    \n:global PortType \"ether\"\r\
    \n:global SlavePortsStart \"2\"\r\
    \n:global SlavePortsStop \"24\"\r\
    \n:for i from=\$SlavePortsStart to=\$SlavePortsStop do={\r\
    \n/interface ethernet set (\$PortType . \$i) master-port=\$MasterPort\r\
    \n}"
/tool user-manager database
set db-path=user-manager

Here is the hAP /export:

# dec/21/2017 03:19:19 by RouterOS 6.40.5
#
# model = RouterBOARD 952Ui-5ac2nD
/interface bridge
add name=bridge1
/interface ethernet
set [ find default-name=ether1 ] name=1_To_2011
set [ find default-name=ether2 ] master-port=1_To_2011
set [ find default-name=ether3 ] master-port=1_To_2011
set [ find default-name=ether4 ] master-port=1_To_2011
set [ find default-name=ether5 ] master-port=1_To_2011
/interface wireless
set [ find default-name=wlan1 ] disabled=no ssid=Mikro
set [ find default-name=wlan2 ] ssid=MikroTik
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk
    supplicant-identity=MikroTik wpa2-pre-shared-key=Y
/interface bridge port
add bridge=bridge1 interface=1_To_2011
add bridge=bridge1 interface=wlan1
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid dis
    bridge1
/system clock
set time-zone-name=America/Sao_Paulo