Seperate wireless network

belowzero273 · June 10, 2014, 6:14pm

I have RB951G-2HnD and I’m trying to set up 2 separate wireless networks with internet access both.
Single wifi network works well and I’m adding second one.

Add another Virtual AP. Defined Security profile, SSID etc.
Add IP > Address List Network for this WIFI network
Add NAT rule.
Add DHCP Server for virtual Interface.

virtual AP is not bridged with all the rest.

Client got his address from DHCP but has no Internet Access.
What am I missing or is there guide for this case?

rextended · June 10, 2014, 6:45pm

you have added another dedicated “network” on dhcp server?

belowzero273 · June 10, 2014, 6:54pm

[admin@MikroTik] /ip dhcp-server network> print
 # ADDRESS            GATEWAY         DNS-SERVER      WINS-SERVER     DOMAIN   
 0 192.168.1.0/24     192.168.1.1     8.8.8.8        
                                      8.8.8.8

Yep, there’s second subnet 192.168.1.0 for virtualAP.

rextended · June 10, 2014, 6:57pm

i see only one network, if you have two separate dhcp server, you must use two network…

belowzero273 · June 10, 2014, 7:16pm

second DHCP Server is Windows-based machine, so it’s not there.
I use Windows DHCP for one network, a Mikrotik for other.

rextended · June 10, 2014, 7:20pm

ok, I understand now, but you notice you have omit that important information?

put all the “/export compact” out on the forum.

belowzero273 · June 10, 2014, 7:29pm

Here goes
(private wifi is the one with Windows DHCP, public - with Mikrotik).

[admin@MikroTik] > export compact

jun/10/2014 23:22:57 by RouterOS 6.12

software id = 67M6-M40J

/interface bridge
add name=bridge-local protocol-mode=none
/interface ethernet
set [ find default-name=ether1 ] mac-address=60:A4:4C:27:56:48 name=
eth01_internet
set [ find default-name=ether2 ] name=eth02_ speed=1Gbps
set [ find default-name=ether3 ] name=eth03_uplink
set [ find default-name=ether4 ] name=eth04_my-pc
set [ find default-name=ether5 ] name=eth05_server
/ip neighbor discovery
set eth01_internet discover=no
set bridge-local discover=no
/interface wireless security-profiles
add authentication-types=wpa2-eap mode=dynamic-keys name=Radius
radius-mac-mode=as-username-and-password supplicant-identity=Mikrotik
add eap-methods=“” management-protection=allowed name=open
supplicant-identity=“”
add authentication-types=wpa2-psk eap-methods=“” management-protection=
allowed mode=dynamic-keys name=guest supplicant-identity=“”
wpa2-pre-shared-key=XXXXXXXXXXXXXXXXXXXXX
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n comment=Wireless country=
russia default-authentication=no default-forwarding=no disabled=no
disconnect-timeout=1s frequency=2417 ht-rxchains=0 ht-txchains=0
hw-retries=4 l2mtu=2290 mode=ap-bridge security-profile=Radius ssid=
private_wifi wireless-protocol=802.11
add disabled=no l2mtu=2290 mac-address=D6:CA:6D:93:12:6D master-interface=
wlan1 name=wlan2_guest security-profile=guest ssid=public_wifi
wds-cost-range=0 wds-default-cost=0
/ip neighbor discovery
set wlan1 comment=Wireless discover=no
/interface wireless manual-tx-power-table
set wlan1 comment=Wireless
/interface wireless nstreme
set wlan1 comment=Wireless
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m
mac-cookie-timeout=3d
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des
/ip pool
add name=guest_pool ranges=192.168.1.5-192.168.1.10
/ip dhcp-server
add address-pool=guest_pool disabled=no interface=wlan2_guest name=dhcp1
/system logging action
set 0 memory-lines=100
set 1 disk-lines-per-file=100
set 3 remote=192.168.0.200 src-address=192.168.0.88
/interface bridge port
add bridge=bridge-local interface=wlan1
add bridge=bridge-local interface=eth02_
add bridge=bridge-local interface=eth04_my-pc
add bridge=bridge-local interface=eth05_server
add bridge=bridge-local interface=eth03_uplink
/ip address
add address=10.204.169.184/22 interface=eth01_internet network=10.204.168.0
add address=192.168.0.88/24 interface=eth04_my-pc network=192.168.0.0
add address=192.168.1.0/24 interface=wlan2_guest network=192.168.1.0
add address=192.168.1.1/24 interface=wlan2_guest network=192.168.1.0
/ip dhcp-relay
add dhcp-server=192.168.0.200,192.168.0.210 disabled=no interface=
eth05_server name=server.belowzero.local
/ip dhcp-server config
set store-leases-disk=never
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=8.8.8.8,8.8.8.8 gateway=192.168.1.1
/ip dns
set allow-remote-requests=yes servers=192.168.248.21,192.168.245.14
/ip firewall address-list
add address=255.255.255.0 list=192.168.0.11
/ip firewall filter
add chain=input comment=“Allow ping” protocol=icmp
add chain=forward protocol=icmp
add chain=input comment=“Accept established connections” connection-state=
established
add chain=forward connection-state=established
add chain=input comment=“Accept related connections” connection-state=related
add chain=forward connection-state=related
add chain=input comment=“Access to Mikrotik only from our local network”
src-address=192.168.0.0/24
add chain=forward comment=“Published resources” dst-address=192.168.0.200
dst-port=443 protocol=tcp src-port=“”
add chain=forward comment=“Internet for LAN” in-interface=bridge-local
out-interface=eth01_internet src-address=192.168.0.0/24
add chain=forward in-interface=wlan2_guest out-interface=eth01_internet
src-address=192.168.1.0/24
add chain=forward dst-address=192.168.0.200 dst-port=49434 protocol=tcp
add chain=forward dst-address=192.168.0.200 dst-port=49434 protocol=udp
add chain=input comment=IPTV protocol=igmp
add chain=forward dst-port=1234 protocol=udp
add action=log chain=input comment=Log disabled=yes
add action=log chain=forward disabled=yes
add action=log chain=output disabled=yes
add action=drop chain=input comment=“Drop invalid connections”
connection-state=invalid
add action=drop chain=forward connection-state=invalid
add action=drop chain=input comment=“All other drop”
add action=drop chain=forward
/ip firewall nat
add action=masquerade chain=srcnat comment=NAT out-interface=eth01_internet
src-address=192.168.0.0/24
add action=masquerade chain=srcnat out-interface=eth01_internet src-address=
192.168.1.0/24
add action=netmap chain=dstnat comment=“Publish HTTPS” dst-address=
10.204.169.184 dst-port=443 protocol=tcp to-addresses=192.168.0.200
to-ports=443
add action=netmap chain=dstnat comment=“Publish Torrent” dst-address=
10.204.169.184 dst-port=49434 protocol=tcp src-port=“” to-addresses=
192.168.0.200
add action=netmap chain=dstnat dst-address=10.204.169.184 dst-port=49434
protocol=udp src-port=“” to-addresses=192.168.0.200
/ip proxy
set parent-proxy=0.0.0.0
/ip route
add distance=1 gateway=10.204.168.1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www address=192.168.0.0/24
set ssh address=192.168.0.0/24
set www-ssl address=192.168.0.0/24
set api disabled=yes
set api-ssl disabled=yes
/ip upnp
set allow-disable-external-interface=no enabled=yes
/ip upnp interfaces
add interface=eth01_internet type=external
add interface=eth02_ type=internal
add interface=eth03_uplink type=internal
add interface=eth04_my-pc type=internal
add interface=eth05_server type=internal
add interface=wlan1 type=internal
/radius
add address=192.168.0.200 secret=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX service=wireless
/routing igmp-proxy interface
add alternative-subnets=0.0.0.0/0 interface=eth01_internet upstream=yes
add interface=bridge-local
/system clock
set time-zone-name=Europe/Moscow
/system clock manual
set dst-delta=+04:00 time-zone=+04:00
/system lcd
set contrast=0 enabled=no port=parallel type=24x4
/system lcd page
set time disabled=yes display-time=5s
set resources disabled=yes display-time=5s
set uptime disabled=yes display-time=5s
set packets disabled=yes display-time=5s
set bits disabled=yes display-time=5s
set version disabled=yes display-time=5s
set identity disabled=yes display-time=5s
set wlan2_guest disabled=yes display-time=5s
set bridge-local disabled=yes display-time=5s
set wlan1 disabled=yes display-time=5s
set eth01_internet disabled=yes display-time=5s
set eth02_ disabled=yes display-time=5s
set eth03_uplink disabled=yes display-time=5s
set eth04_my-pc disabled=yes display-time=5s
set eth05_server disabled=yes display-time=5s
/system leds
set 0 interface=wlan1
/system logging
add action=disk topics=radius
add topics=hotspot
add topics=firewall
add action=disk topics=wireless
add action=disk topics=account
/system ntp client
set enabled=yes primary-ntp=192.168.0.200 secondary-ntp=192.168.0.210
/tool bandwidth-server
set enabled=no
/tool graphing interface
add

rextended · June 10, 2014, 7:45pm

/ip address
add address=10.204.169.184/22 interface=eth01_internet network=10.204.168.0
add address=192.168.0.88/24 interface=eth04_my-pc network=192.168.0.0
add address=192.168.1.0/24 interface=wlan2_guest network=192.168.1.0
add address=192.168.1.1/24 interface=wlan2_guest network=192.168.1.0

First: REMOVE THIS, now I check the other…

rextended · June 10, 2014, 7:48pm

/ip dhcp-server network
add address=192.168.1.0/24 dns-server=8.8.8.8,8.8.8.8 gateway=192.168.1.1 netmask=24

Second: Replace second 8.8.8.8 to 8.8.4.4 (not really a problem) and set netmask to 24

belowzero273 · June 10, 2014, 7:50pm

Damn, I’ve missed this! That did the trick, thank you very much!

rextended · June 10, 2014, 7:52pm

I’m happy,

thanks for the karma.