I have configured a 24port PoE switch to be both my switch and my router while waiting for my dedicated router this will do.
Connected to this switch I have a Cap AX.
I have 2 VLANs that I have setup.
COMPANY_VLAN
I have not configured any Hotspot on either the switch or the cap.
The cap presents me with two wifi SSIDs. One named company and one named MGMT.
The MGMT_VLAN is set to id 99
At the moment both have the same access to internet but only MGMT has access to Winbox and neighbours.
When I connect to company wifi, I put in my key and it works.
I thought that perhaps I had made a mistake and somehow activated Hotspot so I did a reset and started over but I get the same issue.
Anybody with an idea here?
infabo
June 24, 2024, 3:54pm
2
without seeing your configuration nobody can tell
Can you also post the config of the cAP AX?
Ofcourse, how embarrassing of me
The config of the firewall:
/interface bridge
add ingress-filtering=no name=bridge vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] mac-address=48:A9:8A:C0:49:E0
/interface vlan
add interface=bridge name=COMPANY_VLAN vlan-id=10
add interface=bridge name=MGMT_VLAN vlan-id=99
/interface list
add name=COMPANY_LAN
add name=MGMT_LAN
add name=WAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/ip pool
add name=dhcp_pool0 ranges=192.168.77.50-192.168.77.254
add name=dhcp_pool1 ranges=10.20.26.2-10.20.26.254
/ip dhcp-server
add address-pool=dhcp_pool0 interface=COMPANY_VLAN name=dhcp1
add address-pool=dhcp_pool1 interface=MGMT_VLAN name=dhcp2
/port
set 0 name=serial0
/interface bridge port
add bridge=bridge frame-types=admit-only-vlan-tagged interface=ether2
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged \
interface=ether12 pvid=10
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged \
interface=ether14 pvid=10
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged \
interface=ether20 pvid=10
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged \
interface=ether22 pvid=10
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged \
interface=ether24 pvid=99
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged \
interface=ether3 pvid=10
/ip neighbor discovery-settings
set discover-interface-list=MGMT_LAN
/interface bridge vlan
add bridge=bridge tagged=bridge,ether2 untagged=ether24 vlan-ids=99
add bridge=bridge tagged=bridge,ether2 untagged=\
ether3,ether12,ether14,ether20,ether22 vlan-ids=10
/interface list member
add interface=COMPANY_VLAN list=COMPANY_LAN
add interface=MGMT_VLAN list=MGMT_LAN
add interface=ether1 list=WAN
/ip address
add address=192.168.77.1/24 interface=COMPANY_VLAN network=192.168.77.0
add address=10.20.26.1/24 interface=MGMT_VLAN network=10.20.26.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add interface=ether1
/ip dhcp-server network
add address=10.20.26.0/24 dns-server=10.20.26.1 gateway=10.20.26.1
add address=192.168.77.0/24 dns-server=192.168.77.1 gateway=192.168.77.1
/ip dns
set allow-remote-requests=yes
/ip firewall filter
add action=accept chain=input connection-state=established,related
add action=accept chain=input in-interface=ether23
add action=accept chain=input in-interface-list=MGMT_LAN
add action=accept chain=input dst-port=53 in-interface-list=COMPANY_LAN \
protocol=tcp
add action=accept chain=input dst-port=53 in-interface-list=COMPANY_LAN \
protocol=udp
add action=drop chain=input
add action=accept chain=forward connection-state=established,related
add action=accept chain=forward in-interface-list=MGMT_LAN
add action=accept chain=forward in-interface-list=COMPANY_LAN \
out-interface-list=WAN
add action=drop chain=forward
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
add action=dst-nat chain=dstnat dst-port=80 protocol=tcp to-addresses=\
192.168.77.2 to-ports=80
add action=dst-nat chain=dstnat dst-port=5510 protocol=tcp to-addresses=\
192.168.77.2 to-ports=5510
/system note
set show-at-login=no
/system routerboard settings
set boot-os=router-os
/tool mac-server
set allowed-interface-list=MGMT_LAN
/tool mac-server mac-winbox
set allowed-interface-list=MGMT_LAN
The config of the cap:
I’m a bit confused about this part of this config:
I have not enabled or set any hotspot service on either device at all but perhaps this is some default setting here
/interface bridge
add name=bridge vlan-filtering=yes
/interface wifi
set [ find default-name=wifi1 ] channel.skip-dfs-channels=all \
configuration.country="hidden" .mode=ap .ssid=MGMT5 disabled=no \
security.authentication-types=wpa2-psk,wpa3-psk .passphrase=MGMTMGMT
set [ find default-name=wifi2 ] configuration.country="hidden" .mode=ap .ssid=\
MGMT disabled=no security.authentication-types=wpa2-psk,wpa3-psk \
.passphrase=MGMTMGMT
/interface vlan
add interface=bridge name=MGMT_VLAN vlan-id=99
/interface wifi
add configuration.mode=ap .ssid=company5 disabled=no mac-address=\
4A:A9:8A:C0:3F:5A master-interface=wifi1 name=COMPANY_WIFI \
security.authentication-types=wpa2-psk,wpa3-psk .passphrase=hiddenofcourse
/interface bridge port
add bridge=bridge frame-types=admit-only-vlan-tagged interface=ether1
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged \
interface=wifi1 pvid=99
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged \
interface=wifi2 pvid=99
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged \
interface=COMPANY_WIFI pvid=10
/interface bridge vlan
add bridge=bridge tagged=bridge,ether1 untagged=wifi1 vlan-ids=99
add bridge=bridge tagged=bridge,ether1 untagged=COMPANY_WIFI vlan-ids=10
/ip dhcp-client
add interface=MGMT_VLAN
/ip hotspot service-port
set ftp disabled=yes
/system clock
set time-zone-name="hidden"
/system note
set show-at-login=no
What???
After I added the following to get my port forward to work:
/ip firewall filter
It now works. I no longer get the question to open my browser.
What is this? Perhaps have something to do with the port forward on port 80?
.
.