Up until recently I have had only a single device (an RB951) serving as router and wireless AP for my network. There is a virtual AP set up for guests. The main “Home” subnet is 192.168.1.0/24, and the “Guest” is 192.168.2.0/24.
I have just installed a Metal52AC to extend the network outdoors, and I am using CAPsMAN to control the two wireless APs.
For some reason, the “guest” network on only the Metal52AC has no internet access…the guest AP on the RB951 works fine. The “home” APs on both devices also work fine and have internet access.
I’m hoping someone can tell me what I’m doing wrong. I’m very much a newcomer, so any help would be greatly appreciated!
Here is the setup for the RB951 (manager and CAP)
# may/12/2017 18:49:57 by RouterOS 6.39.1
# software id = C7Q1-WZAR
#
/caps-man channel
add band=2ghz-b/g/n control-channel-width=20mhz extension-channel=Ce \
frequency=2412 name=ch2412
/interface bridge
add comment="Bridges ether2-wlan1" name=Bridge_Home
add comment="Bridge for Guest Virtual AP" name=Bridge_Guest
/interface ethernet
set [ find default-name=ether1 ] comment="VSAT Connection"
set [ find default-name=ether2 ] comment="Master LAN port"
set [ find default-name=ether3 ] master-port=ether2
set [ find default-name=ether4 ] master-port=ether2
set [ find default-name=ether5 ] master-port=ether2
/caps-man datapath
add bridge=Bridge_Home local-forwarding=yes name=HomeData
add bridge=Bridge_Guest local-forwarding=yes name=GuestData
/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm \
name=MainCAPsMAN
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm \
name=GuestCAPsMAN
/caps-man configuration
add channel=ch2412 datapath=HomeData mode=ap name=cfgHome security=\
MainCAPsMAN ssid=EV_Home
add datapath=GuestData mode=ap name=cfgGuest security=GuestCAPsMAN ssid=\
EV_Guest
/caps-man interface
add configuration=cfgHome disabled=no l2mtu=1600 mac-address=\
6C:3B:6B:3D:79:F5 master-interface=none name=Metal_Home radio-mac=\
6C:3B:6B:3D:79:F5
add configuration=cfgGuest disabled=no l2mtu=1600 mac-address=\
6E:3B:6B:3D:79:F5 master-interface=Metal_Home name=Metal_Guest radio-mac=\
00:00:00:00:00:00
add configuration=cfgHome disabled=no l2mtu=1600 mac-address=\
E4:8D:8C:5F:73:93 master-interface=none name=RB951_Home radio-mac=\
E4:8D:8C:5F:73:93
add configuration=cfgGuest disabled=no l2mtu=1600 mac-address=\
E6:8D:8C:5F:73:93 master-interface=RB951_Home name=RB951_Guest radio-mac=\
00:00:00:00:00:00
/interface wireless security-profiles
add authentication-types=wpa2-psk mode=dynamic-keys name=Main
add authentication-types=wpa2-psk mode=dynamic-keys name=Guest
/interface wireless
# managed by CAPsMAN
# channel: 2412/20-Ce/gn(30dBm), SSID: EV_Home, local forwarding
set [ find default-name=wlan1 ] band=2ghz-b/g/n comment="Wireless ports" \
disabled=no frequency=auto mode=ap-bridge security-profile=Main ssid=\
EV_Home2 wireless-protocol=802.11
add disabled=no mac-address=D6:CA:6D:D2:3F:17 master-interface=wlan1 name=\
wlan2 security-profile=Guest ssid=EV_Guest2
/interface wireless manual-tx-power-table
# managed by CAPsMAN
# channel: 2412/20-Ce/gn(30dBm), SSID: EV_Home, local forwarding
/interface wireless nstreme
# managed by CAPsMAN
# channel: 2412/20-Ce/gn(30dBm), SSID: EV_Home, local forwarding
/ip pool
add name=ip_pool1 ranges=192.168.1.2-192.168.1.254
add name=ip_pool2 ranges=192.168.2.2-192.168.2.254
/ip dhcp-server
add address-pool=ip_pool1 disabled=no interface=Bridge_Home lease-time=3d \
name=dhcp1
add address-pool=ip_pool2 disabled=no interface=Bridge_Guest lease-time=3d \
name=dhcp2
/caps-man manager
set enabled=yes
/interface bridge port
add bridge=Bridge_Home interface=ether2
add bridge=Bridge_Home interface=wlan1
add bridge=Bridge_Guest interface=wlan2
add bridge=Bridge_Home interface=Metal_Home
add bridge=Bridge_Home interface=RB951_Home
add bridge=Bridge_Guest interface=Metal_Guest
add bridge=Bridge_Guest interface=RB951_Guest
add bridge=Bridge_Guest interface=wlan3
/interface l2tp-server server
set caller-id-type=ip-address
/interface wireless cap
#
set discovery-interfaces=Bridge_Home enabled=yes interfaces=wlan1
/ip address
add address=62.56.162.102/30 interface=ether1 network=62.56.162.100
add address=192.168.1.1/24 interface=ether2 network=192.168.1.0
add address=192.168.2.1/24 interface=Bridge_Guest network=192.168.2.0
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=192.168.1.1 domain=EV_Home gateway=\
192.168.1.1
add address=192.168.2.0/24 dns-server=208.67.222.222 domain=EV_Guest gateway=\
192.168.2.1
/ip dns
set allow-remote-requests=yes servers=208.67.222.222,208.67.222.220
/ip firewall address-list
add address=192.168.1.0/24 list=Admin
/ip firewall filter
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept established,related" \
connection-state=established,related
add action=drop chain=input comment="defconf: drop all from WAN" \
in-interface=ether1
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related" \
connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface=ether1
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1 src-address=\
192.168.1.0/24
add action=masquerade chain=srcnat out-interface=ether1 src-address=\
192.168.2.0/24
/ip route
add distance=1 gateway=62.56.162.101
/system clock
set time-zone-name=Africa/Kampala
/system ntp client
set enabled=yes primary-ntp=216.229.0.179 secondary-ntp=24.56.178.140
Here is the setup for the Metal52AC (CAP)
# may/18/2017 19:14:16 by RouterOS 6.39.1
# software id = PUHJ-BM69
#
/interface bridge
add name=bridge1
/interface wireless
# managed by CAPsMAN
# channel: 2412/20-Ce/gn(30dBm), SSID: EV_Home, local forwarding
set [ find default-name=wlan1 ] disabled=no ssid=MikroTik
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=wlan1
/interface l2tp-server server
set caller-id-type=ip-address
/interface wireless cap
#
set discovery-interfaces=ether1 enabled=yes interfaces=wlan1
/ip address
add address=192.168.1.3/24 interface=ether1 network=192.168.1.0
/ip dhcp-client
add dhcp-options=hostname,clientid interface=bridge1
/ip route
add disabled=yes distance=1 gateway=192.168.1.1
/system clock
set time-zone-name=Africa/Kampala
/system identity
set name="Metal 52ac"