Hi all,

I recently purchased two cAP ac access point that I’m trying to set up as simple bridge access points for my existing network.

First thing I’m trying to do is clear out all of the default config and set all interfaces to bridge so that I can then configure it the rest of the way from SSH or the web UI.

Here is the reset script I’m using:

/interface bridge
add admin-mac=48:8F:5A:77:93:A3 auto-mac=no name=bridge
/ip neighbor discovery-settings
set discover-interface-list=all
/interface bridge port
add bridge=bridge interface=ether1
add bridge=bridge interface=ether2
add bridge=bridge interface=wlan1
add bridge=bridge interface=wlan2
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=bridge
/tool mac-server
set allowed-interface-list=all
/tool mac-server mac-winbox
set allowed-interface-list=all

I then upload the file to flash/wap.rsc and run

/system reset-configuration run-after-reset=flash/wap.rsc

If I understand correctly, that should turn ether1,2 and wlan1,2 into one big switch. Then, when I connect a PC to ether2 and the rest of my network to ether1, I should be able to pull an IP on the PC and manage the AP as well.

However, when I connect the PC, I am not able to pull an IP, and I can’t see the AP from the rest of the network either.

I can only note what I did as I dont use scripts.

Attached my capac to an unmanaged switch on the subnet I wish it get an IP via ether1
This is assigned to the existing bridge automatically.

Next I assign the vlans to the bridge
Next I create the Interfaces List if required (I do one called Winbox, which I attach the base or management VLAN to, - which in my case is the same subnet that the capac AC has an IP from)
I will use this for IP neighbours/discovery and only allow that interface.

Next I create my wifi interfaces.
Next I create my bridge port settings
Next I create my bridge vlan settings.
Next I change IP address (the current IP that is connected to the bridge and assign it to the approriate vlan (the base or managment vlan).

Then I enable vlan filtering. The cap ac will go poof on your winbox connection but you should be able to reconnect and confirm that vlan filtering is still enabled.
Now the capac can be deployed in situ.

Probably I would then ensure after connectivity that I update the firmware to the version I want.

Is that also the config you see with “export” at the terminal ?
There is a MAC address in this script. You have 2 CAP ac’s , so either you have 2 scripts or you should remove the “admin-mac=48:8F:5A:77:93:A3 auto-mac=no” from the script.

Did the cAP ac get an IP address with its DHCP client? (reason for this question: checking the connection to the rest of the network)

This is indeed a switched network with slave interfaces ether1, ether2, WLAN1, WLAN2.

Ok, I finally figured out how to use the mac-telnet tool on the router to jump into the AP from the outside… And ya, this is a problem:

jan/02/1970 00:03:31 by RouterOS 6.45.9

software id = M2Y9-EWU9

model = RBcAPGi-5acD2nD

serial number = BECD0C822670

/interface bridge
add admin-mac=48:8F:5A:77:93:A3 auto-mac=no name=bridge
/interface wireless
set [ find default-name=wlan1 ] ssid=MikroTik
set [ find default-name=wlan2 ] ssid=MikroTik
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip neighbor discovery-settings
set discover-interface-list=all

It seems like some of the config took and some didn’t and I have no idea why. If I manually run /import after logging in, it works fine!

So… WTH?

Include :delay 10s on top of configuration script.

The problem: when script gets run, not all HW is initialized yet. So some objects (e.g. ether1 interface) are not available when script refers to them. And script breaks at that point.